Analysis Overview
SHA256
858805f6ee17321afae6ca22e35791ac8e1391dfe77317d0c0681f4f43c08aa3
Threat Level: Known bad
The file JaffaCakes118_b838d06aa2f9970dfda79463310cf899 was found to be: Known bad.
Malicious Activity Summary
Pykspa
Pykspa family
UAC bypass
Modifies WinLogon for persistence
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Blocklisted process makes network request
Checks computer location settings
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System policy modification
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-14 15:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-14 15:31
Reported
2025-04-14 15:34
Platform
win10v2004-20250410-en
Max time kernel
42s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "tuhhaqezxocupxopsef.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\clubpwipa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctkzvketmytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "tuhhaqezxocupxopsef.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "tuhhaqezxocupxopsef.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "wpizxokbwkhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sihclient.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\sqaxnaldymxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\sqaxnaldymxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\sqaxnaldymxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\sqaxnaldymxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzmxpaqbqypxj = "ctkzvketmytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "vlbpkyrfxicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "sqaxnaldymxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "vynpkcsppiyspzsvaorgi.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "giwxrixtskzsoxprviky.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "sqaxnaldymxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "tuhhaqezxocupxopsef.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "giwxrixtskzsoxprviky.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "tuhhaqezxocupxopsef.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "zyjhymyrncoexdsrs.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "zyjhymyrncoexdsrs.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "iiutlanheuhyszpprc.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "zyjhymyrncoexdsrs.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "giwxrixtskzsoxprviky.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "zyjhymyrncoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe ." | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "sqaxnaldymxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vlbpkyrfxicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdxpogdvrgetmirjlpfz.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "iiutlanheuhyszpprc.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "ctkzvketmytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vihtyaahruuyfzcpecpoafhhoyb.fmg | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File created | C:\Windows\SysWOW64\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File created | C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Program Files (x86)\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File created | C:\Program Files (x86)\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File created | C:\Windows\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\vihtyaahruuyfzcpecpoafhhoyb.fmg | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\mqgjfypnoizusdxbhwaqtp.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\sqaxnaldymxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\zyjhymyrncoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\iiutlanheuhyszpprc.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\vynpkcsppiyspzsvaorgi.exe | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| File opened for modification | C:\Windows\giwxrixtskzsoxprviky.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\tuhhaqezxocupxopsef.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sqaxnaldymxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ytohhayroedtnkunqvmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\sqaxnaldymxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\zyjhymyrncoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tuhhaqezxocupxopsef.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\giwxrixtskzsoxprviky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\iiutlanheuhyszpprc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vynpkcsppiyspzsvaorgi.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tijxeik.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b838d06aa2f9970dfda79463310cf899.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
"C:\Users\Admin\AppData\Local\Temp\tijxeik.exe" "-C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe"
C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
"C:\Users\Admin\AppData\Local\Temp\tijxeik.exe" "-C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv GZrhVJxNwkmIOcZqG5AQqA.0.1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe .
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\vlbpkyrfxicncuzn.exe
vlbpkyrfxicncuzn.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vlbpkyrfxicncuzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vlbpkyrfxicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ctkzvketmytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .
C:\Windows\vlbpkyrfxicncuzn.exe
vlbpkyrfxicncuzn.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ctkzvketmytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe .
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\sqaxnaldymxmejxv.exe
sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\vynpkcsppiyspzsvaorgi.exe
vynpkcsppiyspzsvaorgi.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\tuhhaqezxocupxopsef.exe
tuhhaqezxocupxopsef.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe .
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ctkzvketmytfvouji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .
C:\Windows\vlbpkyrfxicncuzn.exe
vlbpkyrfxicncuzn.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe
C:\Windows\iiutlanheuhyszpprc.exe
iiutlanheuhyszpprc.exe .
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Windows\giwxrixtskzsoxprviky.exe
giwxrixtskzsoxprviky.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\zyjhymyrncoexdsrs.exe
zyjhymyrncoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 95.101.143.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 216.58.201.105:80 | www.blogger.com | tcp |
| RU | 92.126.40.142:20235 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | renhfwh.org | udp |
| US | 8.8.8.8:53 | gcwqie.com | udp |
| US | 8.8.8.8:53 | qqkako.com | udp |
| US | 8.8.8.8:53 | fnnpolag.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | qkfmdvt.net | udp |
| US | 8.8.8.8:53 | doryvejyh.com | udp |
| US | 8.8.8.8:53 | tztpzkic.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | vetoaes.info | udp |
| US | 8.8.8.8:53 | boiqbjjmx.org | udp |
| US | 8.8.8.8:53 | ovtflz.info | udp |
| LT | 82.135.243.225:36672 | tcp | |
| LT | 78.56.207.70:20507 | tcp | |
| US | 8.8.8.8:53 | nulbtv.info | udp |
| US | 8.8.8.8:53 | dyjerqv.org | udp |
| US | 8.8.8.8:53 | lwootpugn.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | yktfostvrm.info | udp |
| US | 8.8.8.8:53 | gwcdcj.net | udp |
| US | 8.8.8.8:53 | pcdbhab.com | udp |
| US | 8.8.8.8:53 | ufogng.info | udp |
| US | 8.8.8.8:53 | ackiyqwayk.com | udp |
| US | 8.8.8.8:53 | tmdfrr.net | udp |
| US | 8.8.8.8:53 | aomrjq.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | gmysmygm.com | udp |
| US | 8.8.8.8:53 | zomeng.net | udp |
| US | 8.8.8.8:53 | yieyukwg.com | udp |
| US | 8.8.8.8:53 | yidcbaicnaj.info | udp |
| US | 8.8.8.8:53 | awqgimwuag.org | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | qocqxkxux.net | udp |
| US | 8.8.8.8:53 | euywanuuj.net | udp |
| US | 8.8.8.8:53 | ttqbtshbwegd.info | udp |
| US | 8.8.8.8:53 | tkxqdfjkvqb.net | udp |
| US | 8.8.8.8:53 | ogyrbvsur.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | ezkogoqox.net | udp |
| US | 8.8.8.8:53 | qdkqli.info | udp |
| US | 8.8.8.8:53 | wecucgik.com | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | wgvcnorsxdj.net | udp |
| RU | 212.49.106.6:16958 | tcp | |
| US | 8.8.8.8:53 | bdxuugvsb.info | udp |
| US | 8.8.8.8:53 | jujstinwzue.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | ltfnaixploh.info | udp |
| US | 8.8.8.8:53 | msjobtzehasx.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | wuhsium.net | udp |
| US | 8.8.8.8:53 | iqcdjulmgtvh.info | udp |
| US | 8.8.8.8:53 | owigys.org | udp |
| US | 8.8.8.8:53 | vqtrcup.info | udp |
| US | 8.8.8.8:53 | pesevkumh.com | udp |
| US | 8.8.8.8:53 | aupgstjs.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | bxogzomepb.info | udp |
| US | 8.8.8.8:53 | aquvrewki.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | iljkjae.net | udp |
| US | 8.8.8.8:53 | uzfivdn.info | udp |
| US | 8.8.8.8:53 | dznfgdlviz.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | xloqzvsr.net | udp |
| US | 8.8.8.8:53 | mfrjumxar.net | udp |
| US | 8.8.8.8:53 | pudsnxcxfczc.info | udp |
| US | 8.8.8.8:53 | hcickohmlzh.com | udp |
| US | 8.8.8.8:53 | tinpzsvw.net | udp |
| US | 8.8.8.8:53 | tlxsqjffouk.org | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | pwncjgaxwyd.net | udp |
| US | 8.8.8.8:53 | dcjuynrml.net | udp |
| US | 8.8.8.8:53 | ybpuasn.info | udp |
| US | 8.8.8.8:53 | hyxumkmyped.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | hjnesthm.net | udp |
| US | 8.8.8.8:53 | aqanduhvxvvu.net | udp |
| US | 8.8.8.8:53 | avmgry.info | udp |
| US | 8.8.8.8:53 | rimwjgoyn.info | udp |
| RO | 89.38.13.83:19120 | tcp | |
| US | 8.8.8.8:53 | ldydsrcvbu.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | vwdifmr.org | udp |
| US | 8.8.8.8:53 | krhvxn.info | udp |
| US | 8.8.8.8:53 | hioxlty.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | flhsmpnydkp.info | udp |
| US | 8.8.8.8:53 | guhwlyjkj.net | udp |
| US | 8.8.8.8:53 | dezrbwxzequd.net | udp |
| US | 8.8.8.8:53 | ckpgeezgx.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | lkkcptqysk.info | udp |
| US | 8.8.8.8:53 | liuoagvdnqx.org | udp |
| US | 8.8.8.8:53 | syxwlirzawz.net | udp |
| US | 8.8.8.8:53 | hbfzssslye.net | udp |
| US | 8.8.8.8:53 | iygooeqiguqe.org | udp |
| US | 8.8.8.8:53 | cczximv.net | udp |
| US | 8.8.8.8:53 | kayvdapujb.net | udp |
| US | 8.8.8.8:53 | giyqgeiy.org | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | upbwimlmtp.net | udp |
| US | 8.8.8.8:53 | fybctbperce.com | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | akvylgd.net | udp |
| US | 8.8.8.8:53 | xivfmmntnrau.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | qepcbmgt.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | wsdmljwiqjsa.info | udp |
| US | 8.8.8.8:53 | wkozvctc.info | udp |
| US | 8.8.8.8:53 | uyrghqlsv.net | udp |
| US | 8.8.8.8:53 | kemiocawymoo.org | udp |
| US | 8.8.8.8:53 | wcnhfcro.info | udp |
| US | 8.8.8.8:53 | bzltymbylwv.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | nlhtrrgkfivs.info | udp |
| US | 8.8.8.8:53 | fifwum.net | udp |
| US | 8.8.8.8:53 | wpropoj.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | qchkqqq.info | udp |
| US | 8.8.8.8:53 | gnmtulultuna.net | udp |
| US | 8.8.8.8:53 | xokpjyxclst.net | udp |
| US | 8.8.8.8:53 | cxqezanevx.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | fxvnhu.info | udp |
| US | 8.8.8.8:53 | huqgxdybyj.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | bbvtctvcwlbd.net | udp |
| US | 8.8.8.8:53 | ttrphtdypbz.com | udp |
| US | 8.8.8.8:53 | lccjbbm.org | udp |
| US | 8.8.8.8:53 | alxbnopuv.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | iskmka.org | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | cicsomskacyc.com | udp |
| SE | 176.68.141.104:16395 | tcp | |
| US | 8.8.8.8:53 | hvzkga.net | udp |
| US | 8.8.8.8:53 | ooeckeoq.com | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | tvhmxgdeoen.org | udp |
| US | 8.8.8.8:53 | rwjywvpev.info | udp |
| US | 8.8.8.8:53 | wabjnlfo.info | udp |
| US | 8.8.8.8:53 | aznlyk.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | zitkdaa.com | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | fvrarewvqaps.net | udp |
| US | 8.8.8.8:53 | dapizwvwf.info | udp |
| US | 8.8.8.8:53 | nonmpdxkup.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | ttpqbcpkr.org | udp |
| US | 8.8.8.8:53 | nbvcxkza.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | yyfsbbnr.net | udp |
| US | 8.8.8.8:53 | utunptv.info | udp |
| US | 8.8.8.8:53 | myomqyey.com | udp |
| US | 8.8.8.8:53 | douyjgv.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | pxbijia.com | udp |
| US | 8.8.8.8:53 | vaqyti.net | udp |
| US | 8.8.8.8:53 | wwwogobx.net | udp |
| US | 8.8.8.8:53 | eygouvrtyo.info | udp |
| US | 8.8.8.8:53 | mmognctkrpt.net | udp |
| US | 8.8.8.8:53 | xskxxgnkdc.info | udp |
| US | 8.8.8.8:53 | zvlwrdybsu.net | udp |
| US | 8.8.8.8:53 | nzuvjdcw.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | eukggeai.org | udp |
| US | 8.8.8.8:53 | ahlfykmblh.net | udp |
| US | 8.8.8.8:53 | tsdinuhj.net | udp |
| US | 8.8.8.8:53 | vipwtkjs.net | udp |
| US | 8.8.8.8:53 | eooyaqqceqiw.org | udp |
| US | 8.8.8.8:53 | wmwcmirxlyc.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | sbfalrhm.net | udp |
| US | 8.8.8.8:53 | ccwauqqgqu.com | udp |
| US | 8.8.8.8:53 | kedyoyywu.net | udp |
| US | 8.8.8.8:53 | vaboruqwf.info | udp |
| US | 8.8.8.8:53 | hlluwwnbugt.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | llyahebazdw.org | udp |
| US | 8.8.8.8:53 | mwoqaaowicgq.org | udp |
| LT | 79.133.246.9:22567 | tcp | |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | ysreffll.net | udp |
| US | 8.8.8.8:53 | pqayhb.net | udp |
| US | 8.8.8.8:53 | yneqwk.net | udp |
| US | 8.8.8.8:53 | eaigoosoco.com | udp |
| US | 8.8.8.8:53 | kygawgo.net | udp |
| US | 8.8.8.8:53 | fqrpkr.net | udp |
| US | 8.8.8.8:53 | wxueevixxa.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | tuflnqxqjcb.org | udp |
| US | 8.8.8.8:53 | rsisnchsb.org | udp |
| US | 8.8.8.8:53 | umomycgomm.org | udp |
| US | 8.8.8.8:53 | gkmmai.com | udp |
| US | 8.8.8.8:53 | bhdeohtp.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | swfizrmcx.net | udp |
| US | 8.8.8.8:53 | ulzvjflg.net | udp |
| US | 8.8.8.8:53 | qyzltwh.net | udp |
| US | 8.8.8.8:53 | lisixxu.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | tzhctvhu.net | udp |
| US | 8.8.8.8:53 | hyujziq.net | udp |
| US | 8.8.8.8:53 | asbahwtul.net | udp |
| US | 8.8.8.8:53 | nijhtrzfzizp.net | udp |
| US | 8.8.8.8:53 | uipwfotwwgh.info | udp |
| US | 8.8.8.8:53 | gsucmi.com | udp |
| US | 8.8.8.8:53 | jszocat.info | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | ogaugiuums.org | udp |
| US | 8.8.8.8:53 | zhqebnwoeo.net | udp |
| US | 8.8.8.8:53 | vgmyfyuc.info | udp |
| US | 8.8.8.8:53 | qmkigzvcwgz.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | qadgrm.info | udp |
| US | 8.8.8.8:53 | tvgtimzqpz.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | eicykq.org | udp |
| US | 8.8.8.8:53 | qglmnvgk.info | udp |
| US | 8.8.8.8:53 | gzjbpr.info | udp |
| US | 8.8.8.8:53 | qdwcezjsqf.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | fzijwkb.com | udp |
| US | 8.8.8.8:53 | useiamscqo.com | udp |
| US | 8.8.8.8:53 | psxqjgv.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | iidohadqv.info | udp |
| US | 8.8.8.8:53 | jqkelg.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | rebqebf.org | udp |
| US | 8.8.8.8:53 | zbngjcqhgdn.com | udp |
| US | 8.8.8.8:53 | mepiwfz.net | udp |
| RU | 178.47.1.93:27150 | tcp | |
| US | 8.8.8.8:53 | yzeygoeyc.net | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | siieawksya.org | udp |
| US | 8.8.8.8:53 | iilmfwtrt.net | udp |
| US | 8.8.8.8:53 | mqhhvqayhy.net | udp |
| US | 8.8.8.8:53 | grfgmc.info | udp |
| US | 8.8.8.8:53 | ruxwcbdq.info | udp |
| US | 8.8.8.8:53 | gswigkqoqsog.com | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | hitkmep.info | udp |
| US | 8.8.8.8:53 | pnuneofcwr.net | udp |
| US | 8.8.8.8:53 | mthmpabobth.info | udp |
| US | 8.8.8.8:53 | uuukkuiceyiq.org | udp |
| US | 8.8.8.8:53 | tvinwv.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | dikdhjsfah.info | udp |
| US | 8.8.8.8:53 | navbpoagx.info | udp |
| US | 8.8.8.8:53 | yeckikkg.org | udp |
| US | 8.8.8.8:53 | wdwhfwidohyc.net | udp |
| US | 8.8.8.8:53 | anjmtcv.info | udp |
| US | 8.8.8.8:53 | gysicwsqmw.com | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | ldngutyf.net | udp |
| US | 8.8.8.8:53 | jkjzopxpthts.info | udp |
| US | 8.8.8.8:53 | bagwplri.info | udp |
| US | 8.8.8.8:53 | iivdlqsynyv.info | udp |
| US | 8.8.8.8:53 | uyekuwcc.com | udp |
| US | 8.8.8.8:53 | vsjkbwjt.info | udp |
| US | 8.8.8.8:53 | wkjpjcx.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | vezluepbxci.net | udp |
| US | 8.8.8.8:53 | ygbqzzdkfag.info | udp |
| US | 8.8.8.8:53 | emageequss.com | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | vcfbxm.info | udp |
| BG | 158.58.233.86:16496 | tcp | |
| US | 8.8.8.8:53 | oqkcyuiy.org | udp |
| US | 8.8.8.8:53 | kwpmbjv.net | udp |
| US | 8.8.8.8:53 | izbygnxzjflx.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | mmxwhcj.net | udp |
| US | 8.8.8.8:53 | mgqwqm.org | udp |
| US | 8.8.8.8:53 | eeyxttieak.net | udp |
| US | 8.8.8.8:53 | waaysrsytn.net | udp |
| US | 8.8.8.8:53 | janivhsgv.net | udp |
| US | 8.8.8.8:53 | tynvnwp.net | udp |
| US | 8.8.8.8:53 | kuykuyqukg.org | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | auiguawmsccu.org | udp |
| US | 8.8.8.8:53 | pqxore.info | udp |
| US | 8.8.8.8:53 | mokkooz.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | mcrcqcqoqxxk.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | eaykgiywes.org | udp |
| US | 8.8.8.8:53 | geieegoe.org | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | dqdxymnhzawb.net | udp |
| US | 8.8.8.8:53 | rokaaeqs.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | ixxynua.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | kfisaor.net | udp |
| US | 8.8.8.8:53 | oymmewnct.net | udp |
| US | 8.8.8.8:53 | wncjvznndiyt.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | fafqxatmp.org | udp |
| US | 8.8.8.8:53 | gumqpiv.net | udp |
| US | 8.8.8.8:53 | osisek.org | udp |
| US | 8.8.8.8:53 | gxqvhkit.info | udp |
| US | 8.8.8.8:53 | fhxvro.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | rhbkjzcsjt.net | udp |
| US | 8.8.8.8:53 | myocawssawkq.com | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | hancevb.info | udp |
| US | 8.8.8.8:53 | tafotu.info | udp |
| US | 8.8.8.8:53 | qqjcfaygghj.net | udp |
| US | 8.8.8.8:53 | tmcyffp.info | udp |
| US | 8.8.8.8:53 | tzkgkv.net | udp |
| US | 8.8.8.8:53 | rgspovpcfh.net | udp |
| US | 8.8.8.8:53 | qaamsq.com | udp |
| US | 8.8.8.8:53 | zzsetkroa.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | olxznkh.net | udp |
| US | 8.8.8.8:53 | lqmezdzbx.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | feqluc.net | udp |
| US | 8.8.8.8:53 | fpydjofsd.net | udp |
| US | 8.8.8.8:53 | xmjqrkh.org | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ecargkkb.info | udp |
| US | 8.8.8.8:53 | qrpojktbl.info | udp |
| US | 8.8.8.8:53 | rrpjlw.net | udp |
| US | 8.8.8.8:53 | odoqzijhsjjo.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | grxmhqljxwj.net | udp |
| US | 8.8.8.8:53 | zmhbseaeio.info | udp |
| US | 8.8.8.8:53 | nlnwfqcgm.com | udp |
| US | 8.8.8.8:53 | hzpgbsphxqz.org | udp |
| US | 8.8.8.8:53 | rchkxhvp.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | rmfaknvoltdt.net | udp |
| US | 8.8.8.8:53 | unnhqz.net | udp |
| US | 8.8.8.8:53 | huzkxpugciil.info | udp |
| US | 8.8.8.8:53 | yeiggg.org | udp |
| TR | 88.235.180.29:14837 | tcp | |
| US | 8.8.8.8:53 | wqyycxopy.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | eqmccs.org | udp |
| US | 8.8.8.8:53 | iqnfdmo.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | jgtexdzwd.info | udp |
| US | 8.8.8.8:53 | gwjbpqbov.net | udp |
| US | 8.8.8.8:53 | swmsswsgqmas.org | udp |
| US | 8.8.8.8:53 | vepnxrk.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | apacpdvh.info | udp |
| US | 8.8.8.8:53 | dwtqhzztnl.net | udp |
| US | 8.8.8.8:53 | ssjiikispzr.net | udp |
| US | 8.8.8.8:53 | ybtucsbmzmj.net | udp |
| US | 8.8.8.8:53 | uxplpwev.info | udp |
| US | 8.8.8.8:53 | fhzpxfirsit.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | gywmjajfgb.info | udp |
| US | 8.8.8.8:53 | jodwziduxgq.com | udp |
| US | 8.8.8.8:53 | jyzugzxv.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | kptnte.net | udp |
| US | 8.8.8.8:53 | hvlhjwuum.info | udp |
| US | 8.8.8.8:53 | eypatmqczhp.net | udp |
| US | 8.8.8.8:53 | xofrzhyfft.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | pombeal.net | udp |
| US | 8.8.8.8:53 | swenvkzyblqc.info | udp |
| US | 8.8.8.8:53 | jjhvirdj.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | zflmnrhs.info | udp |
| US | 8.8.8.8:53 | jsbfwcnz.info | udp |
| US | 8.8.8.8:53 | iduyhkjmwjy.info | udp |
| US | 8.8.8.8:53 | eksiug.com | udp |
| US | 8.8.8.8:53 | iiagvpyro.info | udp |
| US | 8.8.8.8:53 | mwxhygjuyd.info | udp |
| US | 8.8.8.8:53 | ckvkgvusr.net | udp |
| US | 8.8.8.8:53 | gbdcoi.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | okbmfi.net | udp |
| US | 8.8.8.8:53 | nmssgabaj.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | bqpqgcyybju.com | udp |
| US | 8.8.8.8:53 | mgdyqoe.info | udp |
| US | 8.8.8.8:53 | hzugeuewnwmu.info | udp |
| US | 8.8.8.8:53 | iodunis.info | udp |
| US | 8.8.8.8:53 | qvzesytaxjr.info | udp |
| US | 8.8.8.8:53 | kpjsgqljbct.info | udp |
| US | 8.8.8.8:53 | hkzxhk.net | udp |
| US | 8.8.8.8:53 | feetqur.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | ocemciom.com | udp |
| US | 8.8.8.8:53 | cgjrlfnerz.net | udp |
| US | 8.8.8.8:53 | ohxihwzjqkrd.info | udp |
| US | 8.8.8.8:53 | aqfrzgnytcqj.info | udp |
| US | 8.8.8.8:53 | ooqoeuicqu.org | udp |
| TR | 88.249.58.175:44203 | tcp | |
| US | 8.8.8.8:53 | fanpxqb.org | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | isusqkoewgea.org | udp |
| US | 8.8.8.8:53 | zejmgkhkplyv.net | udp |
| US | 8.8.8.8:53 | kqmoyqmouw.org | udp |
| US | 8.8.8.8:53 | ecbhfm.info | udp |
| US | 8.8.8.8:53 | ytfwcb.net | udp |
| US | 8.8.8.8:53 | rxbgme.info | udp |
| US | 8.8.8.8:53 | azgprgiousra.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | fwujrjs.net | udp |
| US | 8.8.8.8:53 | zeofnl.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | bozwzxlynwl.com | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | fqoezlzah.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | cbxgfuxgj.info | udp |
| US | 8.8.8.8:53 | hvfgsxhqwz.info | udp |
| US | 8.8.8.8:53 | lxnfwmk.info | udp |
| US | 8.8.8.8:53 | yrjorw.info | udp |
| US | 8.8.8.8:53 | rfrexlxjvwx.org | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | neycaic.info | udp |
| US | 8.8.8.8:53 | gtbkqusa.net | udp |
| US | 8.8.8.8:53 | pghevml.net | udp |
| US | 8.8.8.8:53 | gensjwbir.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | xqfamqzexuu.org | udp |
| US | 8.8.8.8:53 | dpayxeir.net | udp |
| US | 8.8.8.8:53 | eiiugccisk.org | udp |
| US | 8.8.8.8:53 | virsztmqgskq.info | udp |
| US | 8.8.8.8:53 | mbbjvhhi.net | udp |
| US | 8.8.8.8:53 | fujqrswukig.org | udp |
| US | 8.8.8.8:53 | rwtwcnmjwb.info | udp |
| LT | 78.56.250.191:18381 | tcp | |
| US | 8.8.8.8:53 | cmbjpdeak.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | yztsqwrvuu.info | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | tytmksvgc.org | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | xmhtdhakz.info | udp |
| US | 8.8.8.8:53 | dikhhoggbey.org | udp |
| US | 8.8.8.8:53 | ccvjxgcf.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | abidvoyswy.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | iasmocss.com | udp |
| US | 8.8.8.8:53 | xovrzevas.net | udp |
| US | 8.8.8.8:53 | oubqwqncd.info | udp |
| US | 8.8.8.8:53 | dcxsbmpbmr.net | udp |
| US | 8.8.8.8:53 | oqbftc.info | udp |
| US | 8.8.8.8:53 | pmtcjcpdluys.info | udp |
| US | 8.8.8.8:53 | oappfh.net | udp |
| US | 8.8.8.8:53 | bcnbhr.info | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | zndcdo.net | udp |
| US | 8.8.8.8:53 | usxmitzh.info | udp |
| US | 8.8.8.8:53 | rgfupswrlsbu.info | udp |
| US | 8.8.8.8:53 | aqdhtlqcrv.info | udp |
| US | 8.8.8.8:53 | gawmooqwyi.com | udp |
| US | 8.8.8.8:53 | eyryrcl.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | lzbsrif.info | udp |
| US | 8.8.8.8:53 | vmstjeknjxbu.info | udp |
| US | 8.8.8.8:53 | eqiuuafo.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | cnemkaq.info | udp |
| US | 8.8.8.8:53 | weoaqi.com | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | ezzavlomtbfs.info | udp |
| US | 8.8.8.8:53 | frblrm.net | udp |
| US | 8.8.8.8:53 | wxdozwset.net | udp |
| US | 8.8.8.8:53 | fknwfojqjam.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | sratbjpi.net | udp |
| US | 8.8.8.8:53 | repoiapo.info | udp |
| US | 8.8.8.8:53 | tfpsmntmbj.info | udp |
| US | 8.8.8.8:53 | lfmvkkwf.info | udp |
| US | 8.8.8.8:53 | aahoten.net | udp |
| US | 8.8.8.8:53 | wzltoozyf.net | udp |
| LT | 78.61.178.150:31629 | tcp | |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | lnrruglwxf.info | udp |
| US | 8.8.8.8:53 | gttenetz.info | udp |
| US | 8.8.8.8:53 | nwpnfmrwojk.org | udp |
| US | 8.8.8.8:53 | hfzeqwnj.net | udp |
| US | 8.8.8.8:53 | zqgkhcn.org | udp |
| US | 8.8.8.8:53 | icoecs.com | udp |
| US | 8.8.8.8:53 | relxjhblxuvw.net | udp |
| US | 8.8.8.8:53 | oqgumoqc.org | udp |
| US | 8.8.8.8:53 | owhamuxacdf.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | ieeywcyqay.org | udp |
| US | 8.8.8.8:53 | uokesa.org | udp |
| US | 8.8.8.8:53 | dbxhlavdsqf.com | udp |
| US | 8.8.8.8:53 | koufluf.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | nkfcvbf.info | udp |
| US | 8.8.8.8:53 | swayiiau.com | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | iqawsq.com | udp |
| US | 8.8.8.8:53 | bieivuwxneh.com | udp |
| US | 8.8.8.8:53 | aevmhj.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | padlxwdsdov.net | udp |
| US | 8.8.8.8:53 | tvhqlzdi.info | udp |
| US | 8.8.8.8:53 | tgixue.net | udp |
| US | 8.8.8.8:53 | cismyk.org | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | lwyebctyb.org | udp |
| US | 8.8.8.8:53 | jhtall.info | udp |
| US | 8.8.8.8:53 | ytbksmdhplna.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | kkkkywyu.com | udp |
| US | 8.8.8.8:53 | ivjiej.net | udp |
| US | 8.8.8.8:53 | quropmbenyf.net | udp |
| US | 8.8.8.8:53 | ykamwkam.com | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | pglilvpurybb.net | udp |
| US | 8.8.8.8:53 | rasbssfgdqf.net | udp |
| US | 8.8.8.8:53 | fzzyegyx.info | udp |
| US | 8.8.8.8:53 | qosaaauoqc.org | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | qwueqgus.com | udp |
| US | 8.8.8.8:53 | nirieaffz.org | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | hhlidzgrpsor.info | udp |
| US | 8.8.8.8:53 | ufjpmccy.info | udp |
| IN | 117.214.11.253:32472 | tcp | |
| US | 8.8.8.8:53 | ddiylkvqrqi.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | ervkkcr.net | udp |
| US | 8.8.8.8:53 | mtpzwe.info | udp |
| US | 8.8.8.8:53 | zkdcbad.net | udp |
| US | 8.8.8.8:53 | halmimt.com | udp |
| US | 8.8.8.8:53 | dsqkcoyoiyv.com | udp |
| US | 8.8.8.8:53 | pakahvwxtmr.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | ijtppgrcld.info | udp |
| US | 8.8.8.8:53 | nppnrfsmvd.net | udp |
| US | 8.8.8.8:53 | cicsygmomici.com | udp |
| US | 8.8.8.8:53 | nptcxr.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | mmwfimqpnsib.info | udp |
| US | 8.8.8.8:53 | ylykuekuu.info | udp |
| US | 8.8.8.8:53 | irnggqntnnlp.info | udp |
| US | 8.8.8.8:53 | imlqfibah.net | udp |
| US | 8.8.8.8:53 | ztbbnybt.info | udp |
| US | 8.8.8.8:53 | qyqoscump.info | udp |
| US | 8.8.8.8:53 | etaybbxftobk.info | udp |
| US | 8.8.8.8:53 | uuycrk.info | udp |
| US | 8.8.8.8:53 | lzvbdk.net | udp |
| US | 8.8.8.8:53 | yojyjxozz.info | udp |
| US | 8.8.8.8:53 | mzkyzy.net | udp |
| US | 8.8.8.8:53 | uoimkp.net | udp |
| US | 8.8.8.8:53 | aanbggwm.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | cqkrtcyst.net | udp |
| US | 8.8.8.8:53 | xgxjwhxv.net | udp |
| US | 8.8.8.8:53 | lhvcasxzjagl.net | udp |
| RU | 92.126.7.100:14446 | tcp | |
| US | 8.8.8.8:53 | euhgfgdkek.info | udp |
| US | 8.8.8.8:53 | ysearkxwv.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | emywic.com | udp |
| US | 8.8.8.8:53 | eckcqgow.org | udp |
| US | 8.8.8.8:53 | pgqimrxa.net | udp |
| US | 8.8.8.8:53 | vuljnnfzgrkd.info | udp |
| US | 8.8.8.8:53 | geqsnwq.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | mtgwkmxauhpb.net | udp |
| US | 8.8.8.8:53 | nbamphiygl.net | udp |
| US | 8.8.8.8:53 | xwbtzuy.net | udp |
| US | 8.8.8.8:53 | ogvjblhkft.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | itxjomza.net | udp |
| US | 8.8.8.8:53 | rcfbls.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | qmvxqytwv.info | udp |
| US | 8.8.8.8:53 | bahsuddek.net | udp |
| US | 8.8.8.8:53 | uyeueosmof.net | udp |
| US | 8.8.8.8:53 | rendhgjruhhx.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | gsuavor.net | udp |
| US | 8.8.8.8:53 | zzxmsglb.info | udp |
| US | 8.8.8.8:53 | ncvqhgppakvp.info | udp |
| US | 8.8.8.8:53 | bsuoxqjwlmr.org | udp |
| US | 8.8.8.8:53 | fcrqzgywp.net | udp |
| US | 8.8.8.8:53 | jnsbxnme.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | ozvbsx.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | ubxjltph.info | udp |
| US | 8.8.8.8:53 | nbridirib.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | jfmtvpxois.info | udp |
| US | 8.8.8.8:53 | gkfagmip.info | udp |
| US | 8.8.8.8:53 | wuyamjhrhyuw.info | udp |
| US | 8.8.8.8:53 | yynqmc.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | skbjlhzdmrg.info | udp |
| US | 8.8.8.8:53 | tjagypmeal.info | udp |
| US | 8.8.8.8:53 | vulmlyh.info | udp |
| US | 8.8.8.8:53 | ogfexnj.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | ncljswth.info | udp |
| US | 8.8.8.8:53 | hwedwcd.org | udp |
| US | 8.8.8.8:53 | ducftd.info | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | fcbmnmaglku.info | udp |
| US | 8.8.8.8:53 | gkigeuwoas.org | udp |
| US | 8.8.8.8:53 | utprwysejlvs.net | udp |
| US | 8.8.8.8:53 | gukhocvihudn.net | udp |
| US | 8.8.8.8:53 | woeggw.com | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | caacgmga.com | udp |
| US | 8.8.8.8:53 | ymvvtoemz.info | udp |
| US | 8.8.8.8:53 | bgdyrqjl.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| TR | 88.236.1.71:45401 | tcp | |
| US | 8.8.8.8:53 | yacyomiumq.com | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | lunwhbofvcfk.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | rgudezwetm.info | udp |
| US | 8.8.8.8:53 | aqtwifkdfzjn.info | udp |
| US | 8.8.8.8:53 | jswymbuckd.info | udp |
| US | 8.8.8.8:53 | bhhsxnc.com | udp |
| US | 8.8.8.8:53 | hwznycnavgh.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | zjughu.info | udp |
| US | 8.8.8.8:53 | kbbxjldzahjm.net | udp |
| US | 8.8.8.8:53 | kscmqsmeicqy.org | udp |
| US | 8.8.8.8:53 | rzzelz.net | udp |
| US | 8.8.8.8:53 | czjszdnkppld.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | nmptmyjd.info | udp |
| US | 8.8.8.8:53 | yyeeuo.org | udp |
| US | 8.8.8.8:53 | nvqwprdveuhe.info | udp |
| US | 8.8.8.8:53 | clyrpnxjeazg.net | udp |
| US | 8.8.8.8:53 | qogswa.com | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | lyvwhmh.net | udp |
| US | 8.8.8.8:53 | tenwwnvt.net | udp |
| US | 8.8.8.8:53 | gcidve.info | udp |
| US | 8.8.8.8:53 | kwkeoe.org | udp |
| US | 8.8.8.8:53 | pyauferjo.info | udp |
| US | 8.8.8.8:53 | geoaded.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | fcbmcknil.info | udp |
| US | 8.8.8.8:53 | cqtgrcdp.info | udp |
| US | 8.8.8.8:53 | xyvgagcaatx.com | udp |
| US | 8.8.8.8:53 | rahjdfquyme.org | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | wbpsctjc.net | udp |
| US | 8.8.8.8:53 | ksawma.com | udp |
| US | 8.8.8.8:53 | fufjrkgmlb.info | udp |
| US | 8.8.8.8:53 | gknhxjyx.net | udp |
| US | 8.8.8.8:53 | osyahxu.net | udp |
| US | 8.8.8.8:53 | yvuwnugif.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| CH | 92.39.51.117:28655 | tcp | |
| US | 8.8.8.8:53 | aqibav.net | udp |
| US | 8.8.8.8:53 | gcnbvfoqnu.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | kormoefmtsp.net | udp |
| US | 8.8.8.8:53 | idgcxmyycul.net | udp |
| US | 8.8.8.8:53 | xojwyklpqx.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | cmkaasceay.com | udp |
| US | 8.8.8.8:53 | wibcfahow.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | fheczbxom.info | udp |
| US | 8.8.8.8:53 | ushsjfrbtr.info | udp |
| US | 8.8.8.8:53 | rlgzsbuk.info | udp |
| US | 8.8.8.8:53 | fygywqiq.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | wmmexwf.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | aycslmxgr.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | uwsincw.info | udp |
| US | 8.8.8.8:53 | uwmkmqyy.com | udp |
| US | 8.8.8.8:53 | qoherwd.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | jibufsdsc.info | udp |
| US | 8.8.8.8:53 | fuzlal.net | udp |
| US | 8.8.8.8:53 | sgxzfijx.info | udp |
| US | 8.8.8.8:53 | ztliloruryb.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | rmxzfhpjlefv.info | udp |
| US | 8.8.8.8:53 | jbacuchohmfp.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | jppqvnfr.info | udp |
| US | 8.8.8.8:53 | frcoljzv.info | udp |
| US | 8.8.8.8:53 | rwzraylwn.org | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | dpvimqjjdvos.info | udp |
| US | 8.8.8.8:53 | dgkcuesv.net | udp |
| US | 8.8.8.8:53 | jukjryxudtc.org | udp |
| US | 8.8.8.8:53 | pqfejma.info | udp |
| US | 8.8.8.8:53 | khatprlscnrf.info | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | sgiawqmc.com | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | boiedsbxvhp.info | udp |
| US | 8.8.8.8:53 | vmvpicjstyv.info | udp |
| US | 8.8.8.8:53 | xxsktka.org | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | sqoeowiuqk.org | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | nvggymzidkd.info | udp |
| US | 8.8.8.8:53 | xkiojneciyw.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | wicmay.com | udp |
| US | 8.8.8.8:53 | yiikouuo.com | udp |
| LT | 78.60.92.16:41579 | tcp | |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | ebqxxu.net | udp |
| US | 8.8.8.8:53 | xuligpjoy.net | udp |
| US | 8.8.8.8:53 | wqoqukau.com | udp |
| US | 8.8.8.8:53 | ugbqxdmcrgz.net | udp |
| US | 8.8.8.8:53 | cmxudugbc.info | udp |
| US | 8.8.8.8:53 | rcxilf.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | xbpezstkdcv.org | udp |
| US | 8.8.8.8:53 | rnidmzlw.net | udp |
| US | 8.8.8.8:53 | hbjxvxgftwlq.net | udp |
| US | 8.8.8.8:53 | fetbfovssw.net | udp |
| US | 8.8.8.8:53 | uaayecok.org | udp |
| US | 8.8.8.8:53 | hymkjkbbgdh.org | udp |
| US | 8.8.8.8:53 | lubuhqmqdq.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | zzzsqqkg.net | udp |
| US | 8.8.8.8:53 | bxwcswcudh.net | udp |
| US | 8.8.8.8:53 | ngvpjuoyq.info | udp |
| US | 8.8.8.8:53 | xulwjsruf.org | udp |
| US | 8.8.8.8:53 | cfudlmuf.info | udp |
| US | 8.8.8.8:53 | egdaflyekul.net | udp |
| US | 8.8.8.8:53 | ouisjnngcx.net | udp |
| US | 8.8.8.8:53 | bvdzfyumyc.net | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | pwxaddov.info | udp |
| US | 8.8.8.8:53 | wswyiisuso.org | udp |
| US | 8.8.8.8:53 | lqquoxre.info | udp |
| US | 8.8.8.8:53 | zotrcj.info | udp |
| US | 8.8.8.8:53 | zznyjs.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | gsaaoioeuq.org | udp |
| US | 8.8.8.8:53 | xwiewdpnjys.info | udp |
| US | 8.8.8.8:53 | qbyvhkkfras.net | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | cqlovot.net | udp |
| US | 8.8.8.8:53 | pwbqteaqp.net | udp |
| US | 8.8.8.8:53 | vmrzybdk.net | udp |
| US | 8.8.8.8:53 | qeewkw.org | udp |
| US | 8.8.8.8:53 | njpceyjx.info | udp |
| US | 8.8.8.8:53 | gnpehfhydgxr.net | udp |
| US | 8.8.8.8:53 | exptpipsborm.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | eoagac.org | udp |
| US | 8.8.8.8:53 | uooilgh.info | udp |
| US | 8.8.8.8:53 | sybytxtvafti.net | udp |
| US | 8.8.8.8:53 | ompfouleb.net | udp |
| US | 8.8.8.8:53 | tgwilupeu.com | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | pivydfve.net | udp |
| BG | 158.58.242.30:24386 | tcp | |
| US | 8.8.8.8:53 | lckmzwphk.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | qvgtiyvc.net | udp |
| US | 8.8.8.8:53 | qkfehqykx.info | udp |
| US | 8.8.8.8:53 | jwdlwsql.net | udp |
| US | 8.8.8.8:53 | krujhbbfveal.info | udp |
| US | 8.8.8.8:53 | nahljkd.info | udp |
| US | 8.8.8.8:53 | lhhiwibqzegt.info | udp |
| US | 8.8.8.8:53 | pcrmus.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | iabusbmsvdn.net | udp |
| US | 8.8.8.8:53 | iiouuw.org | udp |
| US | 8.8.8.8:53 | hyjinqputdn.com | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | xgbopdx.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
| MD5 | 5203b6ea0901877fbf2d8d6f6d8d338e |
| SHA1 | c803e92561921b38abe13239c1fd85605b570936 |
| SHA256 | 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060 |
| SHA512 | d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471 |
C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe
| MD5 | b838d06aa2f9970dfda79463310cf899 |
| SHA1 | 7cb1355674415ed0f529a2917ab16e7c69dfaca2 |
| SHA256 | 858805f6ee17321afae6ca22e35791ac8e1391dfe77317d0c0681f4f43c08aa3 |
| SHA512 | 9ebe4450eb441af897555d3a59d723b8accf24fc1409948841d3adf238f88151ef06982db2befd7dc8bc153d35189a2c71941a02ccb9631c4c27932e84a6389d |
C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
| MD5 | 8840ba8ead77c46006f18f0a5e621636 |
| SHA1 | b64a649634f2c991cac7db7713ce2968c42d64ad |
| SHA256 | dc2854fb1f06e1587b948478d33199b455887610a9e77cfe31457ab1764efad0 |
| SHA512 | 5a2355c2e2a5fcf481027b3f1668111183c9331f4491f7674e59f905da5a810eb7455df631783cb5dfff6170d15a1e2621596acb5bef305688e110279814bcd8 |
C:\Users\Admin\AppData\Local\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb
| MD5 | 7b8d41b7ed0766f975fabefec473277f |
| SHA1 | 04fcb18c13302d9f9456b15f6ffe208263dd2d47 |
| SHA256 | 7e5cf680f11154d70a9e4f13f11f7e40d973aa63742dd9726dbbddc7653378fe |
| SHA512 | 3e0357611be96e2bfe0c9d59185bff0eb762dfb4bce236fb0225795a1245cadb57606cd16a9eea85ac958d985afdfbedd1aa24a478d1fd0180ac0e34124c3d4d |
C:\Users\Admin\AppData\Local\vihtyaahruuyfzcpecpoafhhoyb.fmg
| MD5 | 3465052c4c305148869e16796fdacdd5 |
| SHA1 | fcfe6b53a8d257a7e02a2104693b920fb95b66da |
| SHA256 | 1578e20e3f6f4b7d75d11ece2d20cd9e6e65fa81e33fe91acc029df28ee5d1e9 |
| SHA512 | 207ccbfee4728e1edc4b3a78c71a1e18e8de92d7e5c498796ca1137b225c4827baab76e9c3a50186e669e7ecd578c7702a4b86d1130457ba91b75a63857335d4 |
C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg
| MD5 | 513fa0ec9ff0dceb0e002b11f589efb0 |
| SHA1 | 066e59698b6c3c2b4e4fd45fc1a3561935afe2f2 |
| SHA256 | 7aee850b06d581e5ea28a1164589a8d40c8de7daeb1d259e3d126bded48625e8 |
| SHA512 | 12713d287de5798af1588abe27e7c37f325032e4e025bd2f613bd14bf4625186b3a1bf0ca77ae9aba8d81e35e3ca0e2e9399352cd26e885986866bb356b89e3b |
C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg
| MD5 | 587c65595cc02c87229a6551fcbac505 |
| SHA1 | 07e9f79488a5ace5d0c8894c9086cc8d22055798 |
| SHA256 | fde674ddd5e1889be58e4a38dd320b02a312a22031f64526ae33d21a1bf2713e |
| SHA512 | ebf1f236270b6c355ceb8dc2c8be1f2fe7981ae56eaf43d7c63eb2590afed8053b3cd94b7e02e468a1d4c3029072a067babfd2c2601cdf7007218e4bcc97deac |
C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg
| MD5 | d3346d69f6ab696b031b3cf265f4ba98 |
| SHA1 | 9ddf01ddf76222900d77b7aa4ac3ee45c7577d32 |
| SHA256 | 5a4d041a5d2142689c70b06e831a6ed6280ba85f7245521028c86fa3f7775e97 |
| SHA512 | 8b3545698872f88350c60fc1b75641226fc0d085d0a2e58e82a541a5196e17543f22e50aafa2ba9c15b27fbb73aa1cad43c9d4d5da533da12d372c624675d39a |
C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg
| MD5 | 165c148bca3bc8bf179b68659aad1943 |
| SHA1 | f19d70349ec4c6fc23f92928bf30956ac91a5de2 |
| SHA256 | e8c7c78301ef51591207b034d9e7da31638340f5365c0a3556056fd4c19d6ab6 |
| SHA512 | 86433da1da720f2aa0e3b0bbcf7ecfc1e783972c32ddcfc2775cd63373654b9fbc0ddfae7104ac81603ba36433d1ebef333003cc84eb6b0b659dd9f140928e83 |
C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg
| MD5 | 1129fba3678e3ca624e19f174518bf09 |
| SHA1 | 5c2cadf22167c9fd7190b8036f9d7ad9de2b971e |
| SHA256 | ebb4b50e45878716173eaf54f7dc2c9335d9225fd556ebd003714cad8d857242 |
| SHA512 | 0c88d9b62656ce9628dda940659a3f6bb5f5035f82e554efd11ad7e61debebb9bfb8bd83a1d60d2b0111d03ce8e841cfe9512c99d9cd91f64c3c68c64c4f4e4d |
C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg
| MD5 | 96599ffb7bf25e79ec64f7de3698d53c |
| SHA1 | a6cbe037146aedec302910c8b6cc9e6e4cb901b0 |
| SHA256 | 658359549a9bd39cd6fb1ed83c36b8ce2fe3837a1482112a7873643050592640 |
| SHA512 | 830eee2ca7a3601d7373f62d2eb842045bce84192c53f433be078f9094e81e1230460a35fd84ee0268e3794d185d321f1a56609f13fe7a6ba6907da71f0502e6 |