Analysis Overview
SHA256
451ba46bdd9d4d17e54a87482a117dfd99da75d4dc6d030cbceffb4885e7f507
Threat Level: Known bad
The file JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Pykspa
Pykspa family
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Adds Run key to start application
Drops autorun.inf file
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-17 22:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-17 22:48
Reported
2025-04-17 22:51
Platform
win10v2004-20250314-en
Max time kernel
2s
Max time network
150s
Command Line
Signatures
Pykspa
Pykspa family
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe"
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\zcnmr.exe
"C:\Users\Admin\AppData\Local\Temp\zcnmr.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"
C:\Users\Admin\AppData\Local\Temp\zcnmr.exe
"C:\Users\Admin\AppData\Local\Temp\zcnmr.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\zstidysvhgqhglpehongh.exe*."
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\wkgqgwljqkpbvvue.exe*."
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mcamewnnwsznjlmyyc.exe .
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Windows\mcamewnnwsznjlmyyc.exe
mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\mcamewnnwsznjlmyyc.exe*."
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\mcamewnnwsznjlmyyc.exe*."
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\dspariyxfagtoppaz.exe
dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wkgqgwljqkpbvvue.exe
C:\Windows\wkgqgwljqkpbvvue.exe
wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe .
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\kccqkexzkirhfjmacigy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe
C:\Windows\zstidysvhgqhglpehongh.exe
zstidysvhgqhglpehongh.exe .
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe
C:\Users\Admin\AppData\Local\Temp\dspariyxfagtoppaz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\zstidysvhgqhglpehongh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\dspariyxfagtoppaz.exe*."
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kccqkexzkirhfjmacigy.exe
C:\Windows\kccqkexzkirhfjmacigy.exe
kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Windows\xonatmefpmujgjlyzeb.exe
xonatmefpmujgjlyzeb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\mcamewnnwsznjlmyyc.exe
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\windows\xonatmefpmujgjlyzeb.exe*."
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe
C:\Users\Admin\AppData\Local\Temp\xonatmefpmujgjlyzeb.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\xonatmefpmujgjlyzeb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Users\Admin\AppData\Local\Temp\kccqkexzkirhfjmacigy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe
C:\Users\Admin\AppData\Local\Temp\wkgqgwljqkpbvvue.exe .
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
"C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe" "c:\users\admin\appdata\local\temp\wkgqgwljqkpbvvue.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.251.31.93:80 | www.youtube.com | tcp |
| LT | 78.59.14.109:36528 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | fwlouz.info | udp |
| US | 8.8.8.8:53 | melmtya.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | mrnioqatteki.info | udp |
| US | 8.8.8.8:53 | shzszg.info | udp |
| US | 8.8.8.8:53 | hkhydgd.org | udp |
| US | 8.8.8.8:53 | jcakxgkrpc.info | udp |
| US | 8.8.8.8:53 | zgbwzzfzd.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | znoxafxv.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | rszuzf.info | udp |
| US | 8.8.8.8:53 | fhckodmcgipu.net | udp |
| US | 8.8.8.8:53 | vbaqxadm.info | udp |
| US | 8.8.8.8:53 | ecaasowmqcgq.com | udp |
| US | 8.8.8.8:53 | arbupypqjqt.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | giaiyiskou.org | udp |
| US | 8.8.8.8:53 | atvezr.net | udp |
| US | 8.8.8.8:53 | usjbdw.net | udp |
| US | 8.8.8.8:53 | zyritwb.net | udp |
| US | 8.8.8.8:53 | lnlyfro.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | yguwihbs.net | udp |
| US | 8.8.8.8:53 | snciwx.info | udp |
| US | 8.8.8.8:53 | pekjtwz.info | udp |
| US | 8.8.8.8:53 | frkujlxv.net | udp |
| US | 8.8.8.8:53 | qtlffe.info | udp |
| US | 8.8.8.8:53 | omwwae.com | udp |
| US | 8.8.8.8:53 | vkfxrajsf.net | udp |
| US | 8.8.8.8:53 | ljnhicus.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | umuhhynxe.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | lpgnnftjlf.info | udp |
| US | 8.8.8.8:53 | awhazevhpif.net | udp |
| US | 8.8.8.8:53 | vywmfsg.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| BG | 93.155.153.12:13119 | tcp | |
| US | 8.8.8.8:53 | mkeqjhreyr.net | udp |
| US | 8.8.8.8:53 | ehirgkfvbgfz.info | udp |
| US | 8.8.8.8:53 | lyqgmjhmeabz.net | udp |
| US | 8.8.8.8:53 | gwdzpf.net | udp |
| US | 8.8.8.8:53 | yocsuosc.org | udp |
| US | 8.8.8.8:53 | tnrpfshuhz.info | udp |
| US | 8.8.8.8:53 | gqpslhwtymm.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | nqxzsepihy.info | udp |
| US | 8.8.8.8:53 | jblibyiq.info | udp |
| US | 8.8.8.8:53 | bafvbseu.net | udp |
| US | 8.8.8.8:53 | kieqeygwckwo.org | udp |
| US | 8.8.8.8:53 | akymec.org | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ywhmjli.info | udp |
| US | 8.8.8.8:53 | dlbrfthyamhk.info | udp |
| US | 8.8.8.8:53 | egieagmeog.com | udp |
| US | 8.8.8.8:53 | wdvgxmmei.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | xezhmxnr.net | udp |
| US | 8.8.8.8:53 | ogisquush.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | cfhthzfvpgof.info | udp |
| US | 8.8.8.8:53 | ipdffnqomza.info | udp |
| US | 8.8.8.8:53 | rvkkxmbeu.info | udp |
| US | 8.8.8.8:53 | uroidgr.net | udp |
| US | 8.8.8.8:53 | fvpbycbl.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | tcgpdshnlzn.info | udp |
| US | 8.8.8.8:53 | cfhwqvbpcqlp.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | swoswi.com | udp |
| US | 8.8.8.8:53 | mgmqaeaamqwq.com | udp |
| US | 8.8.8.8:53 | lesqwaxsp.org | udp |
| US | 8.8.8.8:53 | koyaoo.org | udp |
| US | 8.8.8.8:53 | cddevqxvxax.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | kieobyn.info | udp |
| US | 8.8.8.8:53 | vgqentkoi.info | udp |
| US | 8.8.8.8:53 | gentzog.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | byvubybpbyp.org | udp |
| US | 8.8.8.8:53 | wyhezmsczn.net | udp |
| US | 8.8.8.8:53 | zqtlym.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | khpgykidabpz.net | udp |
| US | 8.8.8.8:53 | qoqgssiamw.org | udp |
| US | 8.8.8.8:53 | qjeothjvpi.info | udp |
| US | 8.8.8.8:53 | dsfafoo.org | udp |
| US | 8.8.8.8:53 | tkogwcozrm.net | udp |
| US | 8.8.8.8:53 | wsbczbeargj.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | uyllfludxmds.net | udp |
| US | 8.8.8.8:53 | durctxjm.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | yotgdtu.info | udp |
| US | 8.8.8.8:53 | krvmalvz.info | udp |
| US | 8.8.8.8:53 | iwwewy.com | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | ssicoqiu.org | udp |
| US | 8.8.8.8:53 | sldlraxv.info | udp |
| US | 8.8.8.8:53 | bmxgjgdvvnc.org | udp |
| US | 8.8.8.8:53 | fbtvyn.net | udp |
| US | 8.8.8.8:53 | pakkxflvef.info | udp |
| US | 8.8.8.8:53 | iyhkujo.info | udp |
| US | 8.8.8.8:53 | spyxrh.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | mrqibpdy.info | udp |
| US | 8.8.8.8:53 | iiikcseeky.com | udp |
| US | 8.8.8.8:53 | yyrsqfjuzpfi.info | udp |
| US | 8.8.8.8:53 | awsknaors.net | udp |
| US | 8.8.8.8:53 | okqcuuagcksy.com | udp |
| US | 8.8.8.8:53 | nmmlzrnclv.info | udp |
| US | 8.8.8.8:53 | badgacsmetlw.net | udp |
| US | 8.8.8.8:53 | qgmsicgi.com | udp |
| US | 8.8.8.8:53 | lbdimib.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | mgakyw.org | udp |
| US | 8.8.8.8:53 | btkcujkm.net | udp |
| US | 8.8.8.8:53 | dzvdqilw.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | xalrnllotolw.info | udp |
| MD | 92.115.169.145:37193 | tcp | |
| US | 8.8.8.8:53 | cyrssehn.info | udp |
| US | 8.8.8.8:53 | xwwuidtujxn.net | udp |
| US | 8.8.8.8:53 | ssjedoeeqlr.net | udp |
| US | 8.8.8.8:53 | lubnpqo.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | scipdil.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | aufjfmjyr.info | udp |
| US | 8.8.8.8:53 | lankjshbtwv.org | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | wwqwxgk.info | udp |
| US | 8.8.8.8:53 | bvdsbsx.com | udp |
| US | 8.8.8.8:53 | fqtifgu.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | nehxbefuj.com | udp |
| US | 8.8.8.8:53 | ocequjj.net | udp |
| US | 8.8.8.8:53 | pnkpttfqgo.info | udp |
| US | 8.8.8.8:53 | zdznrvcbgb.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | eoqguy.com | udp |
| US | 8.8.8.8:53 | vrklwox.com | udp |
| US | 8.8.8.8:53 | yekuko.org | udp |
| US | 8.8.8.8:53 | ndvcrfytflrt.info | udp |
| US | 8.8.8.8:53 | goicmseemg.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | qsgumusi.org | udp |
| US | 8.8.8.8:53 | umhixebfgiu.net | udp |
| US | 8.8.8.8:53 | rzuvgm.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | rvpqxljrne.info | udp |
| US | 8.8.8.8:53 | wmhwufbslm.net | udp |
| US | 8.8.8.8:53 | iwcklehnycce.info | udp |
| US | 8.8.8.8:53 | giuukyis.org | udp |
| US | 8.8.8.8:53 | bwxyeetax.org | udp |
| US | 8.8.8.8:53 | rgpohzrtyehd.net | udp |
| US | 8.8.8.8:53 | vgogwut.com | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | vihltadbyh.info | udp |
| US | 8.8.8.8:53 | becbto.net | udp |
| US | 8.8.8.8:53 | lplonhxr.info | udp |
| US | 8.8.8.8:53 | galpytamekb.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | lgpmtczyb.com | udp |
| US | 8.8.8.8:53 | ieflxorcxlda.info | udp |
| US | 8.8.8.8:53 | fqryfjhjchf.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | wceuyk.com | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | ymgafdp.info | udp |
| US | 8.8.8.8:53 | lrtyjgvn.info | udp |
| US | 8.8.8.8:53 | misbovk.info | udp |
| US | 8.8.8.8:53 | akzefcfstiz.info | udp |
| US | 8.8.8.8:53 | aodrnf.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | annodmpgpgt.info | udp |
| US | 8.8.8.8:53 | rijloqzcmkn.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | tgisahrweact.info | udp |
| US | 8.8.8.8:53 | wgoeqyoe.com | udp |
| GB | 84.32.152.67:27662 | tcp | |
| US | 8.8.8.8:53 | hknomekao.net | udp |
| US | 8.8.8.8:53 | tbcxdpbtviej.info | udp |
| US | 8.8.8.8:53 | akfumt.net | udp |
| US | 8.8.8.8:53 | ohxkbrxz.net | udp |
| US | 8.8.8.8:53 | ptrwzqh.com | udp |
| US | 8.8.8.8:53 | pmoccprg.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | jjszth.net | udp |
| US | 8.8.8.8:53 | nvndmion.net | udp |
| US | 8.8.8.8:53 | zsftuqqhng.net | udp |
| US | 8.8.8.8:53 | jwzozya.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | iggksimq.com | udp |
| US | 8.8.8.8:53 | xtsmvxqlvf.net | udp |
| US | 8.8.8.8:53 | bmnzkd.net | udp |
| US | 8.8.8.8:53 | dqlfzeledtff.info | udp |
| US | 8.8.8.8:53 | emzmgww.net | udp |
| US | 8.8.8.8:53 | jvkqzqh.info | udp |
| US | 8.8.8.8:53 | qzjwewdzbon.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | couocicwvov.info | udp |
| US | 8.8.8.8:53 | bcronoaebok.org | udp |
| US | 8.8.8.8:53 | guqlbeogd.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | pitanw.info | udp |
| US | 8.8.8.8:53 | rihszrhcliz.net | udp |
| US | 8.8.8.8:53 | queukt.net | udp |
| US | 8.8.8.8:53 | gciuqsamws.org | udp |
| US | 8.8.8.8:53 | mirpybofkcng.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | aieyowqu.com | udp |
| US | 8.8.8.8:53 | amtfquscgulv.net | udp |
| US | 8.8.8.8:53 | otjvbwwefeho.net | udp |
| US | 8.8.8.8:53 | jffyykbido.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | hjrdri.net | udp |
| US | 8.8.8.8:53 | akoyqswiso.com | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | zwewbhrn.net | udp |
| US | 8.8.8.8:53 | ptyedgj.org | udp |
| US | 8.8.8.8:53 | ykitxkptqqdg.info | udp |
| US | 8.8.8.8:53 | nsomhgj.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | usqioggm.org | udp |
| US | 8.8.8.8:53 | mmqywggeoass.org | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | ceolurwbxs.net | udp |
| US | 8.8.8.8:53 | cozglyhnvil.net | udp |
| US | 8.8.8.8:53 | nzibocagjwdd.info | udp |
| US | 8.8.8.8:53 | wwkusskwkaqs.com | udp |
| US | 8.8.8.8:53 | rzzcbemuzj.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | drneoclkpdv.com | udp |
| US | 8.8.8.8:53 | vmpdfhauxe.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | mcgomk.com | udp |
| US | 8.8.8.8:53 | bfnlfvbwhq.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | vsjzjaxlrunq.net | udp |
| US | 8.8.8.8:53 | ksveeullrsfq.info | udp |
| US | 8.8.8.8:53 | gczhlszbz.net | udp |
| US | 8.8.8.8:53 | dncjeqmvgi.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | otfpkctjvo.net | udp |
| US | 8.8.8.8:53 | wykuqawmiiaq.com | udp |
| US | 8.8.8.8:53 | vkxyvuqz.net | udp |
| US | 8.8.8.8:53 | gqvuegnsv.net | udp |
| US | 8.8.8.8:53 | oldzjigbxvwy.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | rwwqgjg.net | udp |
| US | 8.8.8.8:53 | ggpaakqufks.net | udp |
| US | 8.8.8.8:53 | zrzaznogvkr.org | udp |
| US | 8.8.8.8:53 | qwdmnvv.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | jxirkuko.info | udp |
| US | 8.8.8.8:53 | tgfgdpdif.org | udp |
| US | 8.8.8.8:53 | uumxhcvb.info | udp |
| US | 8.8.8.8:53 | aiwmqyoeaq.org | udp |
| US | 8.8.8.8:53 | lccspfkkb.net | udp |
| US | 8.8.8.8:53 | ekzmladcvdn.info | udp |
| US | 8.8.8.8:53 | dzrxvhpuxud.org | udp |
| US | 8.8.8.8:53 | csaydispukoh.net | udp |
| GB | 92.239.57.38:26660 | tcp | |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | qqselzcgvsd.info | udp |
| US | 8.8.8.8:53 | ilxrzxfv.net | udp |
| US | 8.8.8.8:53 | pfudfoxqxljg.info | udp |
| US | 8.8.8.8:53 | fyhcouhsdje.com | udp |
| US | 8.8.8.8:53 | eqgayqycgo.org | udp |
| US | 8.8.8.8:53 | mqgiwc.com | udp |
| US | 8.8.8.8:53 | wisasmn.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | tsxlda.net | udp |
| US | 8.8.8.8:53 | yciykeemcc.com | udp |
| US | 8.8.8.8:53 | aezvje.info | udp |
| US | 8.8.8.8:53 | puaqbshsmsu.info | udp |
| US | 8.8.8.8:53 | uqggmoww.org | udp |
| US | 8.8.8.8:53 | srfnlof.info | udp |
| US | 8.8.8.8:53 | gsdnluxwzt.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | yomyyiwkki.com | udp |
| US | 8.8.8.8:53 | dslujs.info | udp |
| US | 8.8.8.8:53 | yzxwucaklwf.info | udp |
| US | 8.8.8.8:53 | sgjcazh.info | udp |
| US | 8.8.8.8:53 | zfrceibmb.info | udp |
| US | 8.8.8.8:53 | tbtoznpjhmxz.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | kbbhdhjd.info | udp |
| US | 8.8.8.8:53 | vwsqskcuszjg.info | udp |
| US | 8.8.8.8:53 | zkzafmkv.net | udp |
| US | 8.8.8.8:53 | byvhdu.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | gynkzsbmd.info | udp |
| US | 8.8.8.8:53 | guwceesuqy.org | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | lgadpt.info | udp |
| US | 8.8.8.8:53 | vadgiflcpos.com | udp |
| US | 8.8.8.8:53 | lyvwpbhiskz.info | udp |
| US | 8.8.8.8:53 | eesglwteg.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | xkzoaxbib.net | udp |
| US | 8.8.8.8:53 | ruahvqxcl.net | udp |
| US | 8.8.8.8:53 | pojjqbzo.info | udp |
| US | 8.8.8.8:53 | qgomaygc.org | udp |
| US | 8.8.8.8:53 | iipkjjdjvgb.net | udp |
| US | 8.8.8.8:53 | oaekwkce.org | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | knfnznfnkl.info | udp |
| US | 8.8.8.8:53 | xapkdxonfld.org | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| LT | 78.61.156.19:24870 | tcp | |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | nxvgtjdslq.net | udp |
| US | 8.8.8.8:53 | xhrszvxh.net | udp |
| US | 8.8.8.8:53 | ptrykvyaqjqt.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | qpttpgigjh.net | udp |
| US | 8.8.8.8:53 | kafddbmzbuzy.info | udp |
| US | 8.8.8.8:53 | rwduxta.com | udp |
| US | 8.8.8.8:53 | wwwfmtzs.net | udp |
| US | 8.8.8.8:53 | ztxulci.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | esnqcwxotkv.net | udp |
| US | 8.8.8.8:53 | iifsaepfow.info | udp |
| US | 8.8.8.8:53 | eciiic.com | udp |
| US | 8.8.8.8:53 | burujihmd.net | udp |
| US | 8.8.8.8:53 | mvnwmorrhis.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | jxrczth.info | udp |
| US | 8.8.8.8:53 | rdgexeeagi.info | udp |
| BG | 130.204.114.238:43084 | tcp | |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ocpgzseum.info | udp |
| US | 8.8.8.8:53 | debnfmugeyt.com | udp |
| US | 8.8.8.8:53 | lzflsbcxfg.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | pgnetnpcfsb.info | udp |
| US | 8.8.8.8:53 | oksywseq.com | udp |
| US | 8.8.8.8:53 | wuwubg.info | udp |
| US | 8.8.8.8:53 | qmwiiamrr.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | ffdjwawu.net | udp |
| US | 8.8.8.8:53 | ahdyzodyeqv.net | udp |
| US | 8.8.8.8:53 | zlgdxenbxtzm.net | udp |
| US | 8.8.8.8:53 | pqhafmk.com | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | welguhqyhnzh.info | udp |
| US | 8.8.8.8:53 | rlvduq.info | udp |
| US | 8.8.8.8:53 | fwudyrfm.net | udp |
| US | 8.8.8.8:53 | pnduxwbytf.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | iofsluo.info | udp |
| US | 8.8.8.8:53 | aewwjno.net | udp |
| US | 8.8.8.8:53 | tmseowr.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | pozrfqhqrtpr.info | udp |
| US | 8.8.8.8:53 | dofimwq.com | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | eccvfi.info | udp |
| US | 8.8.8.8:53 | iuhiiqj.info | udp |
| US | 8.8.8.8:53 | uogegscemuce.org | udp |
| US | 8.8.8.8:53 | mrjglvov.net | udp |
| US | 8.8.8.8:53 | rrzqrwok.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | tmhmyuj.com | udp |
| US | 8.8.8.8:53 | znwrfey.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | njgctdffsq.info | udp |
| US | 8.8.8.8:53 | kvgpdclfzhpq.net | udp |
| US | 8.8.8.8:53 | ztdytrxxvn.net | udp |
| US | 8.8.8.8:53 | vexalitlx.info | udp |
| US | 8.8.8.8:53 | gkkuoq.org | udp |
| US | 8.8.8.8:53 | mecscwvz.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | setxymr.net | udp |
| US | 8.8.8.8:53 | liqqfylx.info | udp |
| US | 8.8.8.8:53 | ryxxlquuljd.com | udp |
| LT | 78.61.6.14:39988 | tcp | |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | nkyibzo.org | udp |
| US | 8.8.8.8:53 | otbpxdpeowh.net | udp |
| US | 8.8.8.8:53 | seaocw.com | udp |
| US | 8.8.8.8:53 | osokcmiauc.org | udp |
| US | 8.8.8.8:53 | fqxkrvo.org | udp |
| US | 8.8.8.8:53 | dvbqcjrwwfcd.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | phluvrn.org | udp |
| US | 8.8.8.8:53 | xflarnfdul.net | udp |
| US | 8.8.8.8:53 | syttdyd.info | udp |
| US | 8.8.8.8:53 | ltngsnxbab.net | udp |
| US | 8.8.8.8:53 | noindzl.org | udp |
| US | 8.8.8.8:53 | smtqreeepww.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | fydmiec.org | udp |
| US | 8.8.8.8:53 | uulwzmj.net | udp |
| US | 8.8.8.8:53 | wzdvhxji.net | udp |
| US | 8.8.8.8:53 | fibyjggit.net | udp |
| US | 8.8.8.8:53 | dmkuxlfn.info | udp |
| US | 8.8.8.8:53 | joftqc.info | udp |
| US | 8.8.8.8:53 | jxnptwzwnajk.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | kgpkbzw.net | udp |
| US | 8.8.8.8:53 | ittcboxupld.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | uyptprxt.info | udp |
| US | 8.8.8.8:53 | slgiqnnv.net | udp |
| US | 8.8.8.8:53 | vaiglvvkyiww.info | udp |
| US | 8.8.8.8:53 | jcyuxwh.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | trxoladdd.info | udp |
| US | 8.8.8.8:53 | vwdseqljtth.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | vunmjdlt.net | udp |
| US | 8.8.8.8:53 | qfegmephx.net | udp |
| US | 8.8.8.8:53 | mawewikkaego.com | udp |
| US | 8.8.8.8:53 | oggayy.com | udp |
| US | 8.8.8.8:53 | igomaqsauamy.com | udp |
| US | 8.8.8.8:53 | optslvlo.net | udp |
| US | 8.8.8.8:53 | uoikoagiku.com | udp |
| US | 8.8.8.8:53 | eqyseaes.org | udp |
| US | 8.8.8.8:53 | wqgcqaomcy.com | udp |
| US | 8.8.8.8:53 | nkqefkp.com | udp |
| US | 8.8.8.8:53 | riiirttt.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | myqgceuuqk.org | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | pazpei.net | udp |
| US | 8.8.8.8:53 | yetkblzey.net | udp |
| US | 8.8.8.8:53 | hstrgqs.info | udp |
| US | 8.8.8.8:53 | fkydnhdcw.info | udp |
| US | 8.8.8.8:53 | teybpyfil.net | udp |
| US | 8.8.8.8:53 | kxbknpwwosul.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | mmdvjshaz.info | udp |
| US | 8.8.8.8:53 | nynenfa.org | udp |
| US | 8.8.8.8:53 | ozlitmt.net | udp |
| US | 8.8.8.8:53 | qlwldqmeww.net | udp |
| US | 8.8.8.8:53 | jwjsty.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | jnsvmuutaxol.info | udp |
| US | 8.8.8.8:53 | fagpxnfauqo.org | udp |
| RU | 46.191.253.73:25244 | tcp | |
| US | 8.8.8.8:53 | zelwzqz.info | udp |
| US | 8.8.8.8:53 | rrdqoqfgz.net | udp |
| US | 8.8.8.8:53 | yiqkwokiqy.org | udp |
| US | 8.8.8.8:53 | cociowyums.org | udp |
| US | 8.8.8.8:53 | ldywpjnjkf.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | jyfcueac.net | udp |
| US | 8.8.8.8:53 | uznfgsam.info | udp |
| US | 8.8.8.8:53 | dpnohpmfpf.info | udp |
| US | 8.8.8.8:53 | ptfsvoaa.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | zsmywgvdz.net | udp |
| US | 8.8.8.8:53 | rrhwihgg.net | udp |
| US | 8.8.8.8:53 | rqlnnmv.net | udp |
| US | 8.8.8.8:53 | zoowfil.com | udp |
| US | 8.8.8.8:53 | abtceupkeiq.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | benarp.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | fidrorzmcl.info | udp |
| US | 8.8.8.8:53 | dgqardlcbo.net | udp |
| US | 8.8.8.8:53 | cfjwneuxwsh.info | udp |
| US | 8.8.8.8:53 | ugfkkkksuqmy.net | udp |
| US | 8.8.8.8:53 | rftrgq.info | udp |
| US | 8.8.8.8:53 | umhonoudh.info | udp |
| US | 8.8.8.8:53 | esysqy.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | jgtmqhvriv.info | udp |
| US | 8.8.8.8:53 | rvlfxjnuvwlp.info | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | vlvmpwndg.org | udp |
| US | 8.8.8.8:53 | edowkfce.net | udp |
| US | 8.8.8.8:53 | usyuuocmd.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | ajawzvbcv.net | udp |
| US | 8.8.8.8:53 | depodej.info | udp |
| US | 8.8.8.8:53 | lvkoldjobjy.org | udp |
| US | 8.8.8.8:53 | xursjar.net | udp |
| US | 8.8.8.8:53 | wgnivuffxwhk.info | udp |
| US | 8.8.8.8:53 | firlacfl.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| BG | 46.47.122.190:36359 | tcp | |
| US | 8.8.8.8:53 | pfhbvh.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | xuzzqzqsla.info | udp |
| US | 8.8.8.8:53 | uwtipwlmx.info | udp |
| US | 8.8.8.8:53 | oktezkuh.net | udp |
| US | 8.8.8.8:53 | zidinet.org | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | lmgeww.info | udp |
| US | 8.8.8.8:53 | hvnqbem.net | udp |
| US | 8.8.8.8:53 | zrxvxjalmajx.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | sobgugfypmlb.info | udp |
| US | 8.8.8.8:53 | kyasiy.com | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | lhoftufunlfu.info | udp |
| US | 8.8.8.8:53 | ilapywrkz.net | udp |
| US | 8.8.8.8:53 | wjpsivcdqjl.net | udp |
| US | 8.8.8.8:53 | blfbbmnb.info | udp |
| US | 8.8.8.8:53 | tfzdkcntvm.info | udp |
| US | 8.8.8.8:53 | xxhmjzjs.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | vcmpopgzvpzd.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | zuxwxedwiz.net | udp |
| US | 8.8.8.8:53 | tmrvcj.net | udp |
| US | 8.8.8.8:53 | gunqgkdcvtj.net | udp |
| US | 8.8.8.8:53 | aowaiiga.org | udp |
| US | 8.8.8.8:53 | fqtubgj.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | bgemkmngpwr.net | udp |
| US | 8.8.8.8:53 | qiiasasuksyw.com | udp |
| US | 8.8.8.8:53 | tkqwxun.com | udp |
| US | 8.8.8.8:53 | jsgohkzasel.org | udp |
| US | 8.8.8.8:53 | cczpqcrx.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | mtujjmvsrpfa.info | udp |
| US | 8.8.8.8:53 | immpxad.net | udp |
| US | 8.8.8.8:53 | tshjxb.net | udp |
| US | 8.8.8.8:53 | medcnzqfno.net | udp |
| US | 8.8.8.8:53 | oaykua.org | udp |
| US | 8.8.8.8:53 | yfnidcr.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | guaiewqaic.com | udp |
| US | 8.8.8.8:53 | pgfaobt.net | udp |
| US | 8.8.8.8:53 | tngambyjl.com | udp |
| US | 8.8.8.8:53 | gqumweaqoa.org | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | bnwlbwfvcp.net | udp |
| US | 8.8.8.8:53 | whzthq.net | udp |
| US | 8.8.8.8:53 | jdfytdpyq.org | udp |
| US | 8.8.8.8:53 | dklsgqjqdqbx.net | udp |
| LT | 78.61.128.123:45110 | tcp | |
| US | 8.8.8.8:53 | pjzuwaz.info | udp |
| US | 8.8.8.8:53 | jxahhv.info | udp |
| US | 8.8.8.8:53 | alzrawhh.net | udp |
| US | 8.8.8.8:53 | zazmfaswv.com | udp |
| US | 8.8.8.8:53 | gmfcidtailmh.net | udp |
| US | 8.8.8.8:53 | pzotphqq.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | tajqpe.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | bboobexk.net | udp |
| US | 8.8.8.8:53 | ultklfdowrss.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | hpozvx.info | udp |
| US | 8.8.8.8:53 | egueqeco.com | udp |
| US | 8.8.8.8:53 | ykccouqq.com | udp |
| US | 8.8.8.8:53 | xolxmhlk.net | udp |
| US | 8.8.8.8:53 | jyhwxqvrj.com | udp |
| US | 8.8.8.8:53 | audajqxwn.info | udp |
| US | 8.8.8.8:53 | gafizml.net | udp |
| US | 8.8.8.8:53 | oigagiemis.com | udp |
| US | 8.8.8.8:53 | yquaague.com | udp |
| US | 8.8.8.8:53 | owsgykqmiqyq.com | udp |
| US | 8.8.8.8:53 | qgvvvu.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | fkamle.info | udp |
| US | 8.8.8.8:53 | pzpihktq.net | udp |
| US | 8.8.8.8:53 | cygqsguc.com | udp |
| US | 8.8.8.8:53 | ielwtwggm.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | mokwqm.net | udp |
| US | 8.8.8.8:53 | dapakzwisk.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | qywoaooq.com | udp |
| US | 8.8.8.8:53 | wmboxjsww.net | udp |
| US | 8.8.8.8:53 | bsleikf.com | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | jjiomhcb.net | udp |
| US | 8.8.8.8:53 | komdnvwjqn.info | udp |
| US | 8.8.8.8:53 | dsccrtldjjf.com | udp |
| US | 8.8.8.8:53 | oomqwqouecmg.org | udp |
| US | 8.8.8.8:53 | zrbuqcn.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | nfsccsgppeci.info | udp |
| US | 8.8.8.8:53 | fvtkip.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | judunau.net | udp |
| US | 8.8.8.8:53 | helorazwwgy.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | fhoyxnbagftb.info | udp |
| US | 8.8.8.8:53 | agsjsap.info | udp |
| US | 8.8.8.8:53 | glbgeolrbevq.net | udp |
| US | 8.8.8.8:53 | npfczz.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | ezdsbychcfg.net | udp |
| US | 8.8.8.8:53 | meqqwq.com | udp |
| US | 8.8.8.8:53 | seiuoaj.info | udp |
| US | 8.8.8.8:53 | fbbvzf.net | udp |
| US | 8.8.8.8:53 | gogmtfv.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | yiosqu.com | udp |
| US | 8.8.8.8:53 | olfesuhylcp.net | udp |
| US | 8.8.8.8:53 | whccxxnmdz.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | qkimmsqs.com | udp |
| US | 8.8.8.8:53 | nynlnerqxef.net | udp |
| US | 8.8.8.8:53 | dukthdxgfg.net | udp |
| US | 8.8.8.8:53 | igkqoqic.com | udp |
| US | 8.8.8.8:53 | tyxyrwrwi.net | udp |
| US | 8.8.8.8:53 | tixnvb.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | wqvsjyqcn.info | udp |
| US | 8.8.8.8:53 | xgrcgvngnbz.info | udp |
| BG | 93.123.1.71:29811 | tcp | |
| US | 8.8.8.8:53 | ywzgrqx.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | zspszstud.net | udp |
| US | 8.8.8.8:53 | jghirkmdrmp.org | udp |
| US | 8.8.8.8:53 | dcswpcf.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | ayiyqwcace.com | udp |
| US | 8.8.8.8:53 | xztwajucrjiw.info | udp |
| US | 8.8.8.8:53 | vsegoqnezap.com | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | xxahko.info | udp |
| US | 8.8.8.8:53 | omxkxzrami.net | udp |
| US | 8.8.8.8:53 | wrrcoalnkkym.net | udp |
| US | 8.8.8.8:53 | latmbcagbpk.info | udp |
| US | 8.8.8.8:53 | kgqoiq.com | udp |
| US | 8.8.8.8:53 | anjzvod.net | udp |
| US | 8.8.8.8:53 | uyukuwko.com | udp |
| US | 8.8.8.8:53 | dompeqf.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | vopfdszyyab.info | udp |
| US | 8.8.8.8:53 | fabonsz.net | udp |
| US | 8.8.8.8:53 | sogmqqjgyhcr.info | udp |
| US | 8.8.8.8:53 | pkgmqxnpqn.info | udp |
| US | 8.8.8.8:53 | dlzyullobs.info | udp |
| US | 8.8.8.8:53 | xmhczghybyp.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | yescie.com | udp |
| US | 8.8.8.8:53 | iilappnwa.info | udp |
| US | 8.8.8.8:53 | aazjaeqqkun.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | nqpysovwbou.org | udp |
| US | 8.8.8.8:53 | xnjjrootdn.net | udp |
| US | 8.8.8.8:53 | kmqccsucqq.com | udp |
| US | 8.8.8.8:53 | jxnulkw.com | udp |
| US | 8.8.8.8:53 | iclvcqqy.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | ckdwpsdkrta.info | udp |
| US | 8.8.8.8:53 | bkwjld.info | udp |
| US | 8.8.8.8:53 | qfbhwtvnae.info | udp |
| BG | 95.43.42.86:37703 | tcp | |
| US | 8.8.8.8:53 | ewwmgousuc.org | udp |
| US | 8.8.8.8:53 | ptxgyjbq.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | jhhuolgcsjys.net | udp |
| US | 8.8.8.8:53 | msfzcjaq.info | udp |
| US | 8.8.8.8:53 | wcgmwieiis.com | udp |
| US | 8.8.8.8:53 | acwwmswigqae.com | udp |
| US | 8.8.8.8:53 | yetmxkxqh.net | udp |
| US | 8.8.8.8:53 | lmsify.info | udp |
| US | 8.8.8.8:53 | kwpeowv.net | udp |
| US | 8.8.8.8:53 | yjvexwl.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | ubvgoyepqh.net | udp |
| US | 8.8.8.8:53 | gmdadabtnlc.net | udp |
| US | 8.8.8.8:53 | frekpcluugu.info | udp |
| US | 8.8.8.8:53 | awsaacuoqk.org | udp |
| US | 8.8.8.8:53 | dsvcxwf.com | udp |
| US | 8.8.8.8:53 | rczejcwys.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | ogqkogcc.org | udp |
| US | 8.8.8.8:53 | phqpnrfm.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | fgxvgof.net | udp |
| US | 8.8.8.8:53 | gcupdklq.net | udp |
| US | 8.8.8.8:53 | vabszugwd.com | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | tkfknd.net | udp |
| US | 8.8.8.8:53 | fozuagjtx.net | udp |
| US | 8.8.8.8:53 | oxtxfipdgwcd.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | syygamceaoqa.com | udp |
| US | 8.8.8.8:53 | almsoawtsyzf.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | eoqlbv.info | udp |
| US | 8.8.8.8:53 | baqbqsvecz.net | udp |
| US | 8.8.8.8:53 | xjtulmeqqwbo.info | udp |
| US | 8.8.8.8:53 | bfmwqzjvbnam.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | smswjvw.net | udp |
| US | 8.8.8.8:53 | ewhkqaj.net | udp |
| US | 8.8.8.8:53 | xnufpvzjjilp.info | udp |
| US | 8.8.8.8:53 | wynahdj.info | udp |
| US | 8.8.8.8:53 | ksrydraoogck.info | udp |
| US | 8.8.8.8:53 | vcmwlyrgs.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | hfzmnwlt.info | udp |
| US | 8.8.8.8:53 | mczetsb.info | udp |
| US | 8.8.8.8:53 | fsnscgbuz.info | udp |
| US | 8.8.8.8:53 | gydgnilaj.net | udp |
| US | 8.8.8.8:53 | lmkgjchaw.info | udp |
| US | 8.8.8.8:53 | adrodghwk.net | udp |
| US | 8.8.8.8:53 | jddbwmasireg.info | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | dqmufwlyj.info | udp |
| US | 8.8.8.8:53 | huqybxxw.info | udp |
| US | 8.8.8.8:53 | nshnimt.com | udp |
| US | 8.8.8.8:53 | majwriukhey.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | pclnivmleanr.net | udp |
| US | 8.8.8.8:53 | mcqwzprylyw.info | udp |
| BG | 178.254.202.250:33366 | tcp | |
| US | 8.8.8.8:53 | zibptcpol.info | udp |
| US | 8.8.8.8:53 | qunwna.net | udp |
| US | 8.8.8.8:53 | osscnehf.net | udp |
| US | 8.8.8.8:53 | skkapax.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | gloqvgv.net | udp |
| US | 8.8.8.8:53 | uheeramihch.net | udp |
| US | 8.8.8.8:53 | pkqzppsdbq.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | ejlwnib.info | udp |
| US | 8.8.8.8:53 | kurwtjrhz.net | udp |
| US | 8.8.8.8:53 | kqcaicgeiwcc.org | udp |
| US | 8.8.8.8:53 | ktpxxrb.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | zfsvtfurne.info | udp |
| US | 8.8.8.8:53 | moxomenufg.net | udp |
| US | 8.8.8.8:53 | vyfchpmpij.net | udp |
| US | 8.8.8.8:53 | suywkyik.org | udp |
| US | 8.8.8.8:53 | gkvgertyped.net | udp |
| US | 8.8.8.8:53 | satzju.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | yeqwouwywkmo.com | udp |
| US | 8.8.8.8:53 | yrxibl.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | itvkjnv.net | udp |
| US | 8.8.8.8:53 | dybvvsp.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | hghkxqlasxav.info | udp |
| US | 8.8.8.8:53 | vkmwsbaixgs.net | udp |
| US | 8.8.8.8:53 | rczuidojvlgk.net | udp |
| US | 8.8.8.8:53 | xunydmfkvhl.com | udp |
| US | 8.8.8.8:53 | nciyeoco.net | udp |
| US | 8.8.8.8:53 | trncdrl.org | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | cpreiqobse.net | udp |
| US | 8.8.8.8:53 | tbjaahxfcc.info | udp |
| US | 8.8.8.8:53 | mijmzatxleyp.info | udp |
| US | 8.8.8.8:53 | leislgv.org | udp |
| US | 8.8.8.8:53 | auzihebch.info | udp |
| US | 8.8.8.8:53 | jsljco.info | udp |
| US | 8.8.8.8:53 | fdilxi.info | udp |
| US | 8.8.8.8:53 | njvkzdps.info | udp |
| UA | 46.37.204.21:30056 | tcp | |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | lyjuztfmdtty.net | udp |
| US | 8.8.8.8:53 | gmhupavwtqu.net | udp |
| US | 8.8.8.8:53 | womasauiui.com | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | ugkoic.com | udp |
| US | 8.8.8.8:53 | xudgycfwxwf.org | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | tsryoib.info | udp |
| US | 8.8.8.8:53 | fyuyxtrfslgy.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | msoywmwkcqwq.org | udp |
| US | 8.8.8.8:53 | vkfahct.com | udp |
| US | 8.8.8.8:53 | nheynk.info | udp |
| US | 8.8.8.8:53 | rvttphel.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | wdhsjprg.info | udp |
| US | 8.8.8.8:53 | dcynemlvinhx.net | udp |
| US | 8.8.8.8:53 | lmronacfmgr.info | udp |
| US | 8.8.8.8:53 | aqkseiquiq.org | udp |
| US | 8.8.8.8:53 | vqlooipad.org | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | bepoeogq.net | udp |
| US | 8.8.8.8:53 | nriupm.net | udp |
| US | 8.8.8.8:53 | mdtjpgp.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | segyoeok.org | udp |
| US | 8.8.8.8:53 | cseikcgaukiw.org | udp |
| US | 8.8.8.8:53 | nixslgcqg.info | udp |
| US | 8.8.8.8:53 | fwwelj.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | rsnxkiczuebx.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | qcmsmztto.net | udp |
| US | 8.8.8.8:53 | zijgxyrpvn.info | udp |
| US | 8.8.8.8:53 | htwifthxbq.net | udp |
| US | 8.8.8.8:53 | lkbirba.net | udp |
| US | 8.8.8.8:53 | vxvbct.net | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | waowfcnmxti.info | udp |
| US | 8.8.8.8:53 | ofbalqv.info | udp |
| US | 8.8.8.8:53 | iaiakhfbn.info | udp |
| US | 8.8.8.8:53 | thwnljrnke.info | udp |
| US | 8.8.8.8:53 | iqfcnvl.net | udp |
| BG | 46.10.95.96:14864 | tcp | |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | dekregufdk.net | udp |
| US | 8.8.8.8:53 | rcoamwf.info | udp |
| US | 8.8.8.8:53 | jebrhqpenldc.info | udp |
| US | 8.8.8.8:53 | soaaym.com | udp |
| US | 8.8.8.8:53 | hwxdacz.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | coicwumoaeee.org | udp |
| US | 8.8.8.8:53 | rrvimikb.info | udp |
| US | 8.8.8.8:53 | wdmsjudezq.net | udp |
| US | 8.8.8.8:53 | hbkuxqak.info | udp |
| US | 8.8.8.8:53 | ydqknzh.net | udp |
| US | 8.8.8.8:53 | xqrbhijt.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | earmhyjihls.net | udp |
| US | 8.8.8.8:53 | lbnwdymmltbc.info | udp |
| US | 8.8.8.8:53 | ndojtrzhbmb.net | udp |
| US | 8.8.8.8:53 | fujtauvg.info | udp |
| US | 8.8.8.8:53 | nhzkdwifgmsu.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | bkxzwir.net | udp |
| US | 8.8.8.8:53 | xtuitkrup.net | udp |
| US | 8.8.8.8:53 | irrqijtoz.net | udp |
| US | 8.8.8.8:53 | wookoecouc.com | udp |
| US | 8.8.8.8:53 | giillkzmhfq.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | kwoikcckguam.org | udp |
| US | 8.8.8.8:53 | liibuumnyo.net | udp |
| US | 8.8.8.8:53 | hidwpmc.info | udp |
| US | 8.8.8.8:53 | weogaayc.com | udp |
| US | 8.8.8.8:53 | ozkuhgd.info | udp |
| US | 8.8.8.8:53 | ppbzuvzlnehj.net | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | cbpclmmdp.net | udp |
| US | 8.8.8.8:53 | dtqunwvojyv.net | udp |
| US | 8.8.8.8:53 | jyfntip.info | udp |
| US | 8.8.8.8:53 | bteqlenbm.info | udp |
| US | 8.8.8.8:53 | xdthqmcqbzd.com | udp |
| US | 8.8.8.8:53 | cayouy.com | udp |
| US | 8.8.8.8:53 | iahztym.net | udp |
| US | 8.8.8.8:53 | hxgxslifyv.info | udp |
| US | 8.8.8.8:53 | cqtgekplkq.net | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | ewauegicso.com | udp |
| US | 8.8.8.8:53 | tqbcfvq.net | udp |
| US | 8.8.8.8:53 | kkeyouckesuo.org | udp |
| US | 8.8.8.8:53 | iuokqmqqee.com | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | qiuiggsa.com | udp |
| US | 8.8.8.8:53 | pvrlhgzrud.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | jexjcnnwd.com | udp |
| US | 8.8.8.8:53 | huvgpix.org | udp |
| US | 8.8.8.8:53 | faanjekngo.info | udp |
| US | 8.8.8.8:53 | pyvlryuwh.info | udp |
| US | 8.8.8.8:53 | pnrfhucphn.net | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | cxopqw.info | udp |
| US | 8.8.8.8:53 | seealaoo.net | udp |
| US | 8.8.8.8:53 | xmdsbzj.org | udp |
| BG | 94.236.159.199:30755 | tcp | |
| US | 8.8.8.8:53 | icaumiseao.org | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | ftnljkl.net | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | ouoyuaeqsy.org | udp |
| US | 8.8.8.8:53 | jnuedcaa.info | udp |
| US | 8.8.8.8:53 | nyohypntnfbb.info | udp |
| US | 8.8.8.8:53 | nuxmfrvbv.com | udp |
| US | 8.8.8.8:53 | hsxfpvuu.info | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | aemkrixfm.net | udp |
| US | 8.8.8.8:53 | gebytlt.info | udp |
| US | 8.8.8.8:53 | pbpcbfrwrx.info | udp |
| US | 8.8.8.8:53 | txhgemny.info | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | tobtqsniy.net | udp |
| US | 8.8.8.8:53 | aaigsa.com | udp |
| US | 8.8.8.8:53 | kwqmky.org | udp |
| US | 8.8.8.8:53 | qljededovek.net | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | daanugmbbw.net | udp |
| US | 8.8.8.8:53 | nchxuckysn.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | acgkiq.com | udp |
| US | 8.8.8.8:53 | cbvrvu.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | hyuank.info | udp |
| US | 8.8.8.8:53 | ovwxlzxc.net | udp |
| US | 8.8.8.8:53 | oiwrgbffggbj.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | qbxzxk.info | udp |
| US | 8.8.8.8:53 | celgffqrvzjo.info | udp |
| US | 8.8.8.8:53 | syiqhkjsfko.info | udp |
| US | 8.8.8.8:53 | wrrvjjqlxt.net | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | xtktbomhox.info | udp |
| US | 8.8.8.8:53 | uwsqceeu.org | udp |
| US | 8.8.8.8:53 | cysobkfmj.info | udp |
| US | 8.8.8.8:53 | eyggge.com | udp |
| US | 8.8.8.8:53 | xoucduojh.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | hgqlifuw.net | udp |
| US | 8.8.8.8:53 | aqaaee.org | udp |
| US | 8.8.8.8:53 | npfvrlecidoc.net | udp |
| US | 8.8.8.8:53 | ukhsdoako.info | udp |
| US | 8.8.8.8:53 | jcrkdat.info | udp |
| US | 8.8.8.8:53 | xmjmnczctgb.org | udp |
| US | 8.8.8.8:53 | yvtvfdpteo.net | udp |
| US | 8.8.8.8:53 | lsvmdsys.net | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | dmihiuv.net | udp |
| US | 8.8.8.8:53 | dluuvi.net | udp |
| US | 8.8.8.8:53 | yeawnajjie.net | udp |
| US | 8.8.8.8:53 | lygszpckg.net | udp |
| US | 8.8.8.8:53 | xpikbtn.info | udp |
| US | 8.8.8.8:53 | ydqkvuogbk.info | udp |
| US | 8.8.8.8:53 | efarzxr.info | udp |
| LT | 78.60.193.91:37497 | tcp | |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | nexpeysylcvc.info | udp |
| US | 8.8.8.8:53 | rlicxq.info | udp |
| US | 8.8.8.8:53 | grypnovbake.net | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | ueityqhuv.info | udp |
| US | 8.8.8.8:53 | ckjdtgxwx.info | udp |
| US | 8.8.8.8:53 | uyqlrsnms.info | udp |
| US | 8.8.8.8:53 | uupugslvv.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | ntndewudzrrr.info | udp |
| US | 8.8.8.8:53 | hfsrzaxbzo.net | udp |
| US | 8.8.8.8:53 | jztwbdywxzfe.net | udp |
| US | 8.8.8.8:53 | wttfgd.info | udp |
| US | 8.8.8.8:53 | jstqbweijw.net | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | gsmaescuau.org | udp |
| US | 8.8.8.8:53 | dqqtzkc.com | udp |
| US | 8.8.8.8:53 | cmyimaeq.org | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | pksofel.org | udp |
| US | 8.8.8.8:53 | bnpajzm.org | udp |
| US | 8.8.8.8:53 | txmasvkvutxh.info | udp |
| US | 8.8.8.8:53 | agiygo.com | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | ftxnwausya.net | udp |
| US | 8.8.8.8:53 | ajsniupbvk.info | udp |
| US | 8.8.8.8:53 | tqlnlofg.net | udp |
| US | 8.8.8.8:53 | rufpuo.info | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | zygrnzv.info | udp |
| US | 8.8.8.8:53 | xqfmlzbgrod.com | udp |
| US | 8.8.8.8:53 | hkcullcgp.info | udp |
| US | 8.8.8.8:53 | equuiqcccm.com | udp |
| US | 8.8.8.8:53 | rwfwkrntdwbv.info | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | mewxyqsr.net | udp |
| US | 8.8.8.8:53 | gyfmptq.net | udp |
| US | 8.8.8.8:53 | bchyjigxk.com | udp |
| US | 8.8.8.8:53 | qkqeeseoaa.org | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | iixpwpzsf.info | udp |
| US | 8.8.8.8:53 | saussuvlb.info | udp |
| US | 8.8.8.8:53 | qagowawgkc.com | udp |
| US | 8.8.8.8:53 | tkxmminfz.info | udp |
| US | 8.8.8.8:53 | lglnychgr.net | udp |
| US | 8.8.8.8:53 | bedecqpii.net | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | aetyon.net | udp |
| US | 8.8.8.8:53 | osdinhpwmyj.net | udp |
| US | 8.8.8.8:53 | trlqlwf.com | udp |
| US | 8.8.8.8:53 | pbafdqh.net | udp |
| US | 8.8.8.8:53 | kkynfvpezu.info | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | bdjfurnnx.org | udp |
| US | 8.8.8.8:53 | rqzhac.info | udp |
| US | 8.8.8.8:53 | ayaygmbq.net | udp |
| US | 8.8.8.8:53 | ecjjlwours.info | udp |
| US | 8.8.8.8:53 | weecgysm.org | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | tzxvodwwie.net | udp |
| US | 8.8.8.8:53 | wmykawscmi.com | udp |
| US | 8.8.8.8:53 | sqcowwkqii.com | udp |
| US | 8.8.8.8:53 | kepytiviiab.net | udp |
| US | 8.8.8.8:53 | zhhejrdmjdd.net | udp |
| US | 8.8.8.8:53 | ypruyv.info | udp |
| US | 8.8.8.8:53 | fsqamdgmg.info | udp |
| US | 8.8.8.8:53 | xpkyfirnd.info | udp |
| US | 8.8.8.8:53 | msfmncaznmd.net | udp |
| US | 8.8.8.8:53 | iwescltqq.net | udp |
| US | 8.8.8.8:53 | sxdzkp.net | udp |
| US | 8.8.8.8:53 | pljdvsqmqip.net | udp |
| US | 8.8.8.8:53 | togcvuzpixrc.net | udp |
| US | 8.8.8.8:53 | zodavc.net | udp |
| US | 8.8.8.8:53 | bkmnyoi.info | udp |
| US | 8.8.8.8:53 | kuvpbd.net | udp |
| US | 8.8.8.8:53 | cetgjyxxi.net | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | surabpt.net | udp |
| US | 8.8.8.8:53 | gcmiakww.com | udp |
| US | 8.8.8.8:53 | idlnlhi.net | udp |
| US | 8.8.8.8:53 | wfxcwb.info | udp |
| LT | 78.62.81.7:35448 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\gncxrwpmqxm.exe
| MD5 | 9704c5a70b5eaeedd55f68d9fc5400f5 |
| SHA1 | 6c53b0fd9c10eb1b1f971725a224c43f448cb88e |
| SHA256 | 2b2e0b348195a08d23dac6c872bb1ea7e05ab373ea84ba4ef45ede8ea4114ab3 |
| SHA512 | a43f1fb9e6ed9234b8d3f282df6b848b252542dc550d39f1c3bbb03a4ec12524d7694327354b02acbf6f5aad7163c0b7e3755876afdb01fa2a0db6ee4f76d361 |
C:\Windows\SysWOW64\mcamewnnwsznjlmyyc.exe
| MD5 | bb7873a096a7ddd06706314a91eb4e66 |
| SHA1 | 45bde370d8c23151d85e7c7e05cd26c05342d7bc |
| SHA256 | 451ba46bdd9d4d17e54a87482a117dfd99da75d4dc6d030cbceffb4885e7f507 |
| SHA512 | 8af08029a8d90586aa634eab2a06b19a112bc6b2c21cc0ec1117ce89965c7209af4c452a3306394606a46f478cf7e1628ddfc732f5d3efae758e090436f68131 |
C:\Users\Admin\AppData\Local\Temp\zcnmr.exe
| MD5 | 34f2912d5e582f2d0f1e8ae5426f8c39 |
| SHA1 | 347bbba0200399e4d259317971968c9e69ab8e98 |
| SHA256 | 3169380906cc09d16a54f1f9514ba0d3602e85b59c556ce96bd018486bd91eb7 |
| SHA512 | 346277bbffaaaa8ff35b5df24114f0fc793dd1817c6f386d5cbfc3a87cccffe9b419769dcc131843e430f974fdaa994a2f3fcf683f89917e1efc5e542b31bdce |
C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca
| MD5 | 938c9ff310d76b2f850b855a38c2bbaf |
| SHA1 | 7c25f5ea3264108902805cc7af20bf315b8e4edd |
| SHA256 | 78d4dbbf0221b539576e6a99f012732ac4423da1aada5c4c7e356a5664f4b734 |
| SHA512 | e781d70a53a436371f07028014d90f28a89047b914a12a9b1598fde25719301d9d83f3ee5ce504d6bff1c93c486808ca59c64e2ce4f71e74d6e5f246180b0dcf |
C:\Users\Admin\AppData\Local\weuyisbtuihnbvoskgucswgqzrsgflzt.qie
| MD5 | 0b464e3ae7d16596824d19084b8d1e6d |
| SHA1 | 891cab9065b018b60a4c2c718e9589bfea2ea3bb |
| SHA256 | 48c3f6473b5b8ccf7bab5de0658e3284d9d0231c31567db0777210d5b61a7cb7 |
| SHA512 | 7fa06fa6a427c4d97aea6e1800cbf09b15108130aea016112d74292f2512fe0957cc6954e1f4511bc1e84ea69398fc8f2d417e72c48f9c9cfdabd0990e73fda8 |
C:\Program Files (x86)\bydwvuszpsgbenvovgjgl.dca
| MD5 | 212e1dd701e569803862598d00f3981b |
| SHA1 | 5005c22debd9ca230bb458718a8120b40eeedfa8 |
| SHA256 | 5a9ff286de8e4801bd727dff41c139a57f0118aaf1846c9a37cb395573e65b84 |
| SHA512 | 3bc5e04f4a429838e0a0030975ed0834fb0df124b067c811b8395d2432d51c8bd6d50c966d560244baf4a8231b45e00b3d246489c6973f65180abeefe66d7109 |
C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca
| MD5 | cc318deddd75e04664fa35173c90ba6b |
| SHA1 | d42dbd31dbf16475d033fdeb97ca6baf02a8c886 |
| SHA256 | 602a5465c782a6efc691e836ab2b77f8a2fcdd7f363f46689036d79584afaade |
| SHA512 | b86b71132152fe6db15afa5e565190a34007fb1a2e4191bb3410564a837c863d49b1c4f262438de9c7c74bba25fe34da7ca7ab08852f3d7dfaa38050e81fce51 |
C:\Program Files (x86)\bydwvuszpsgbenvovgjgl.dca
| MD5 | b160d0797d1c41c267d770153f94f11f |
| SHA1 | 4c263a024f2cee3b51e34f9ad11183b5d7fce643 |
| SHA256 | 9d4a4650bff1d004f9d1e6b3c2e81c8560aa07852bda278f451ddd7bdf150889 |
| SHA512 | c97a3f80bc34443bab68cef27de6d7c54fcaedf189e4f843cbb3f9a23f143e23c9773e87a72722b7a36da64d19a722843cf40387149eaa237a1b98327e5a4be6 |
C:\Program Files (x86)\bydwvuszpsgbenvovgjgl.dca
| MD5 | ffa86686375e3acdd625f6c66a7250e6 |
| SHA1 | cd810b7ddabb5f7049f8a3191ef068e0e428a107 |
| SHA256 | 3ac996abb749f71f314f2575e8166a143c80b727b4db941090e3a0360abdd897 |
| SHA512 | 776622da3ce0719b6de6a4bfbb865b1dc0f6ff5564ecc4a33d91376d2af7708225e929e721db5089f7b9cc292eec1d77784b2c154b01ee47cc0a031e37ab2a6b |
C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca
| MD5 | 5745d2c58fccf84bbe96920f79c4ba63 |
| SHA1 | 098140f473c350292c7868f06bedb422a6da9231 |
| SHA256 | 1ba88326504c14e742cbb7225542f64e1780407fe608df18175a413f90e14779 |
| SHA512 | cd81e15ce5e7c7039a1194edc1894c521c22a1a49fee9c3500d2ef347e6802f4c4841e743289b379e3780977c096d71441c8da391614273a540f7407521814c3 |
C:\Users\Admin\AppData\Local\bydwvuszpsgbenvovgjgl.dca
| MD5 | 1484e2eb207372c94ff9a24e0024f7f4 |
| SHA1 | 06059c7bff7106d0fc131d5b4b94310447c14a41 |
| SHA256 | 9930a38d419193a4c71f9e1323b6abe691e7f3008268019f5cfa519e0e9873e4 |
| SHA512 | cdc41cbfd2456248cac3da84dde88d96f365efb3ec8fac59d3b2968051f57fe9e75cc6701165fca501ae5d64394512040c119c5053b5d36885934ce34bcc9ade |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-17 22:48
Reported
2025-04-17 22:51
Platform
win11-20250410-en
Max time kernel
60s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nyvh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uiixahq = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "wympgbymkdftezhzyzkma.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "uughwpkwsjjvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "uughwpkwsjjvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "wympgbymkdftezhzyzkma.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "ayihuleoixvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "ayihuleoixvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "uughwpkwsjjvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "tqzxjzrathentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "jitthztezpozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "ayihuleoixvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe ." | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "wympgbymkdftezhzyzkma.exe ." | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wigtu = "hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\aqsjoxikw = "wympgbymkdftezhzyzkma.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "wympgbymkdftezhzyzkma.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\huthjp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hivxnhdqnfgtdxevttde.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jyzptblm = "hivxnhdqnfgtdxevttde.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jitthztezpozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\wigtu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ayihuleoixvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ogkdkvimajb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uughwpkwsjjvexdtqpy.exe" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tknflvhkxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tqzxjzrathentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File created | C:\Windows\SysWOW64\wigtuzgempbzuzrtcniusfglsqy.nlg | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wigtuzgempbzuzrtcniusfglsqy.nlg | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File created | C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\tqzxjzrathentjmztpvsbzlbtcvjgpvlobvrxu.bnd | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File created | C:\Program Files (x86)\tqzxjzrathentjmztpvsbzlbtcvjgpvlobvrxu.bnd | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\uughwpkwsjjvexdtqpy.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\ayihuleoixvfmdhvq.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\hivxnhdqnfgtdxevttde.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\tqzxjzrathentjmz.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\wympgbymkdftezhzyzkma.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\nqfjbxvkjdgvhdmffhtwlp.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| File opened for modification | C:\Windows\jitthztezpozhzetpn.exe | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ayihuleoixvfmdhvq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\huthjp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb7873a096a7ddd06706314a91eb4e66.exe"
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\huthjp.exe
"C:\Users\Admin\AppData\Local\Temp\huthjp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"
C:\Users\Admin\AppData\Local\Temp\huthjp.exe
"C:\Users\Admin\AppData\Local\Temp\huthjp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_bb7873a096a7ddd06706314a91eb4e66.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jitthztezpozhzetpn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe .
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wympgbymkdftezhzyzkma.exe*."
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\jitthztezpozhzetpn.exe
jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jitthztezpozhzetpn.exe*."
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe
C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\ayihuleoixvfmdhvq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ayihuleoixvfmdhvq.exe .
C:\Windows\ayihuleoixvfmdhvq.exe
ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\ayihuleoixvfmdhvq.exe*."
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wympgbymkdftezhzyzkma.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\wympgbymkdftezhzyzkma.exe
wympgbymkdftezhzyzkma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe .
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe
C:\Users\Admin\AppData\Local\Temp\wympgbymkdftezhzyzkma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c uughwpkwsjjvexdtqpy.exe
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\uughwpkwsjjvexdtqpy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hivxnhdqnfgtdxevttde.exe .
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wympgbymkdftezhzyzkma.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\uughwpkwsjjvexdtqpy.exe
uughwpkwsjjvexdtqpy.exe
C:\Windows\hivxnhdqnfgtdxevttde.exe
hivxnhdqnfgtdxevttde.exe .
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tqzxjzrathentjmz.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\jitthztezpozhzetpn.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe
C:\Users\Admin\AppData\Local\Temp\hivxnhdqnfgtdxevttde.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tqzxjzrathentjmz.exe*."
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\hivxnhdqnfgtdxevttde.exe*."
C:\Windows\tqzxjzrathentjmz.exe
tqzxjzrathentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jitthztezpozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ayihuleoixvfmdhvq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\hivxnhdqnfgtdxevttde.exe*."
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
C:\Users\Admin\AppData\Local\Temp\uughwpkwsjjvexdtqpy.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| RU | 109.184.117.43:22447 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| LT | 78.60.92.16:19240 | tcp | |
| US | 8.8.8.8:53 | hwxqimckn.info | udp |
| US | 8.8.8.8:53 | zxxnbwf.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | zsnttap.info | udp |
| MD | 93.116.123.213:14781 | tcp | |
| US | 8.8.8.8:53 | mikkmycyqaiu.com | udp |
| US | 8.8.8.8:53 | uiqakyukogic.com | udp |
| LT | 78.57.144.167:13000 | tcp | |
| US | 8.8.8.8:53 | lcyohmj.org | udp |
| US | 8.8.8.8:53 | iptiub.info | udp |
| US | 8.8.8.8:53 | bjhitbaa.info | udp |
| MD | 92.114.193.204:14798 | tcp | |
| US | 8.8.8.8:53 | labmjrngf.net | udp |
| US | 8.8.8.8:53 | kehrxvcu.info | udp |
| MD | 95.65.120.58:37856 | tcp | |
| US | 8.8.8.8:53 | grxrpnva.info | udp |
| US | 8.8.8.8:53 | barsitbvs.info | udp |
| US | 8.8.8.8:53 | cqauuouycyyw.com | udp |
| MD | 86.106.240.78:23914 | tcp | |
| US | 8.8.8.8:53 | eabetgh.net | udp |
| US | 8.8.8.8:53 | suokioug.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | dtekaeokif.info | udp |
| BG | 88.80.105.159:37887 | tcp | |
| US | 8.8.8.8:53 | urjbzmd.net | udp |
| US | 8.8.8.8:53 | iwuussokwqek.org | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | dxrttzgl.net | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | asmbjrxynfrj.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | dwnnlstiod.net | udp |
| BG | 46.10.95.96:14864 | tcp | |
| US | 8.8.8.8:53 | kjzsyiahgip.net | udp |
| US | 8.8.8.8:53 | ekeogaid.info | udp |
| US | 8.8.8.8:53 | wkbcyhjl.info | udp |
| BG | 62.176.104.158:25356 | tcp | |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | kutjbotdz.info | udp |
| US | 8.8.8.8:53 | cmgusqiciaau.org | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | eegeaqom.org | udp |
| US | 8.8.8.8:53 | gzvhzbbjrh.net | udp |
| MD | 92.115.152.251:18893 | tcp | |
| US | 8.8.8.8:53 | wnshzwuykgpn.net | udp |
| US | 8.8.8.8:53 | sogsiswe.org | udp |
| LT | 87.247.101.231:28704 | tcp | |
| US | 8.8.8.8:53 | zcryzuvmz.org | udp |
| US | 8.8.8.8:53 | bgpkrzxpid.net | udp |
| US | 8.8.8.8:53 | rhszwdmgfi.net | udp |
| BG | 77.76.184.2:30947 | tcp | |
| US | 8.8.8.8:53 | cedczqhe.net | udp |
| US | 8.8.8.8:53 | adhbxhqebajw.info | udp |
| LT | 212.117.9.69:34498 | tcp | |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
| MD5 | ed03843d368f0412deba722b41e7fe49 |
| SHA1 | 249ca2dd1490cac8e488e80cbb576a4268dd46f6 |
| SHA256 | 63ba6674c4620464eada56a6a89802de975ea52e90d00905beffc60b874e256b |
| SHA512 | 5aca5382eb4c9f536d73a6aede989e89223a2f14224ad220aa17af4ec28cfe21c780254de54a01c439dd261cdee639635e83010e007e2a26224c5de946656632 |
C:\Windows\SysWOW64\jitthztezpozhzetpn.exe
| MD5 | bb7873a096a7ddd06706314a91eb4e66 |
| SHA1 | 45bde370d8c23151d85e7c7e05cd26c05342d7bc |
| SHA256 | 451ba46bdd9d4d17e54a87482a117dfd99da75d4dc6d030cbceffb4885e7f507 |
| SHA512 | 8af08029a8d90586aa634eab2a06b19a112bc6b2c21cc0ec1117ce89965c7209af4c452a3306394606a46f478cf7e1628ddfc732f5d3efae758e090436f68131 |
C:\Users\Admin\AppData\Local\Temp\huthjp.exe
| MD5 | ee6a9bf3087971bf55b5dfc7a09cb21b |
| SHA1 | 505e435a412e2aaad91520b4d57e7094d1d8dcd8 |
| SHA256 | 75a14b8857e63fcbcc336701b729065f3f2e90410ec4b23403daf3b841ea355e |
| SHA512 | dea3757210f0d364844f66492c787c3564886b3fe534a6fe72400b77e2c49874701f84bdfd43831521cd42ab6ec9ea89f3be073b251e03010312e40ae1825331 |
C:\Users\Admin\AppData\Local\wigtuzgempbzuzrtcniusfglsqy.nlg
| MD5 | 5bd4ff55e720ab1e1773ade24cc1d732 |
| SHA1 | 38b57f26da58c7ec5770d72ec278b9f013e67b4c |
| SHA256 | 5c62a1b9f201207fc254cdcca7b66ad7256e8ba5401eaeef959f8eb16cb61955 |
| SHA512 | 24bbddaae63e68df7f1e7439ea0487ab7dd2aaeeb404af2c51483b3dfea186199088ffffc5c626d68889e60b3a2252aa4187a87e462be7ab3db42c4169807fc2 |
C:\Users\Admin\AppData\Local\tqzxjzrathentjmztpvsbzlbtcvjgpvlobvrxu.bnd
| MD5 | 74102bf20757178eb42a61ad8afc3f4a |
| SHA1 | ea92207cb4b4f890e2d2d038bf16da1efeb6d5cf |
| SHA256 | 24fa2639b9ff2011c989321d310c704dd8e71f53e7798e99145477f4b637c01e |
| SHA512 | 82c245ddc85d4e1a2e9602b6de861a874011616ad23426c2493c2dfdb26667716c521849ee2cd4e4e2b4d49195109e9869921d1b4ff34071e89c31b8a912653b |
C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg
| MD5 | 832102acdb4f92efbacb0a3977b64a8f |
| SHA1 | 7cc556e34640c432fa8a86f5e228189bbbbe4a8d |
| SHA256 | a58ebe11f08e10fd9a3bed5269124b688adfbb2267e08b51fc166f0083f9c03e |
| SHA512 | 8c0174ec883c8c9ea4bd6b621c2e6732d7ac83f409a22a477837a86e9bd8ffa74e6a6f37237655b4e9fe2f1847f402b0301ebc0b5e4e087c199e134579313667 |
C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg
| MD5 | 043227db03b967bb68e22cedc0c3d404 |
| SHA1 | 301bb7bd55d8a3f621a9807f50699f82e27c74bb |
| SHA256 | f9f307060407f67b5be0235b10d307961b68788f1e8a945307eb47f595f7bb64 |
| SHA512 | 23074cdb8da85a9881df3766264e3b47a0bd178108ec4f4398aa2527a94c59ed3a71f75ab5e1e19d10c3f0baa223da8bc29e6a0c6f4c6865bd1be23a72f5151b |
C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg
| MD5 | 88d2c503d2434437a36bf54240e1dbd6 |
| SHA1 | f22d2c77591cac4214a702ca41c9ee506ace6365 |
| SHA256 | 97d0f8d01b842bbdcbdf47006dd105f6d4940b67d93aa3551cade69198c95af7 |
| SHA512 | dea08487bfadd08a1c0fd9294260bf697729fe8d28689b5c3feedf724fd7b60da133c01ef64aaf1a26feec373cc33cc4afb11e1420a53c5760110ba2d5ff0bf5 |
C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg
| MD5 | fa81a8afa7d64e3d95687ef4fece9f98 |
| SHA1 | 9ae81db42f4e05a7c1f448c44298a68bd16d14eb |
| SHA256 | a2cc2286d1a3841ba48cad48060849fd1d84176154fe1f0e6d64b29c26d50af7 |
| SHA512 | 173ee233397b1f06e79dc4f9d5bdf3d5333712f75f68925fe7be7f44d0c0fa7276e13c11229770759de0573b2f07b35ceffbfb912995dc0e7a49c7b10656da61 |
C:\Program Files (x86)\wigtuzgempbzuzrtcniusfglsqy.nlg
| MD5 | 02edf6210a1594c73b4d9a9c686e63e6 |
| SHA1 | a9ca54144785f611504546044aa2e65a10bb5af7 |
| SHA256 | cc56a714231b5fcbfd5c07c1e193d15e2a62801091a311713c550b5c470cd9c4 |
| SHA512 | f389d5db4c82d0cf796eeead92c7bbedb45dbfbf7219b29a70d3b9435f4c88065e9a7456ca1a7db86496e5a0b7cebffc9f7f171a2f2e7200605292e456adcb6c |