Malware Analysis Report

2025-08-10 16:32

Sample ID 250411-ed7geaypw4
Target JaffaCakes118_accbd6960dd347c36571ba5642f84e23
SHA256 482f4d7695f48bda4cfbda875fa32859d0206b577a679fee45c42f8b2151a49d
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

482f4d7695f48bda4cfbda875fa32859d0206b577a679fee45c42f8b2151a49d

Threat Level: Known bad

The file JaffaCakes118_accbd6960dd347c36571ba5642f84e23 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

Pykspa family

Pykspa

UAC bypass

Detect Pykspa worm

Adds policy Run key to start application

Sets service image path in registry

Disables RegEdit via registry modification

Impair Defenses: Safe Mode Boot

Checks computer location settings

Executes dropped EXE

Unexpected DNS network traffic destination

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Checks for any installed AV software in registry

Adds Run key to start application

Looks up external IP address via web service

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-11 03:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-11 03:50

Reported

2025-04-11 03:53

Platform

win10v2004-20250410-en

Max time kernel

32s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "jdxpogdvrgetmirjlpfz.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "ctkzvketmytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\clubpwipa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpizxokbwkhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\clubpwipa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldvliytjdqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "wpizxokbwkhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wmicucltsvc\ImagePath = "C:\\Windows\\system32\\wmicuclt.exe" C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\alcqeurixmxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\htlapgewmcoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\alcqeurixmxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\bpjarkkewocupxopsma.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\alcqeurixmxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\htlapgewmcoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\bpjarkkewocupxopsma.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\htlapgewmcoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\alcqeurixmxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\alcqeurixmxmejxv.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Windows\alcqeurixmxmejxv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
N/A N/A C:\Windows\alcqeurixmxmejxv.exe N/A
N/A N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
N/A N/A C:\Windows\bpjarkkewocupxopsma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
N/A N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
N/A N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
N/A N/A C:\Windows\alcqeurixmxmejxv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Windows\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
N/A N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
N/A N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\alcqeurixmxmejxv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\wmicucltsvc C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\wmicucltsvc\ = "Service" C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\wmicucltsvc C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 208.67.222.123 C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Destination IP 205.171.3.65 C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "qdwmcutmduhyszpprk.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "htlapgewmcoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "qdwmcutmduhyszpprk.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qbmvluirekz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ytohhayroedtnkunqvmhc.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "alcqeurixmxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "htlapgewmcoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qbmvluirekz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldvliytjdqmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "odyqicdyrkzsoxprvqfa.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "bpjarkkewocupxopsma.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qbmvluirekz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdxpogdvrgetmirjlpfz.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\htlapgewmcoexdsrs.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "htlapgewmcoexdsrs.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "wpizxokbwkhvniqhila.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vlbpkyrfxicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "alcqeurixmxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "htlapgewmcoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfuhbogtkunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vlbpkyrfxicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctkzvketmytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzmxpaqbqypxj = "vlbpkyrfxicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "ldvliytjdqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\htlapgewmcoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldvliytjdqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "htlapgewmcoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "odyqicdyrkzsoxprvqfa.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "ytohhayroedtnkunqvmhc.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "bpjarkkewocupxopsma.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "dtpibwyuoiyspzsvawmib.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzmxpaqbqypxj = "ytohhayroedtnkunqvmhc.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "ldvliytjdqmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AntiVirService\Start = "4" C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\a2AntiMalware C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\a2AntiMalware\Start = "4" C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus\Start = "4" C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AntiVirService C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\X: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\Y: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\Q: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\R: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\U: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\W: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\Z: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\P: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\I: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\K: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\O: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\S: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\T: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\E: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\H: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\L: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\V: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\B: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\G: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\J: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened (read-only) \??\M: C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File created C:\Windows\SysWOW64\wmicuclt.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File created C:\Windows\SysWOW64\szmwgslyjubmablfboviscohufqxiwxhbx.reo C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File created C:\Windows\SysWOW64\fbdcbckmmmiilbajuwsutst.ddd C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\wmicuclt.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
File opened for modification C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\szmwgslyjubmablfboviscohufqxiwxhbx.reo C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File created C:\Program Files (x86)\szmwgslyjubmablfboviscohufqxiwxhbx.reo C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File created C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File created C:\Windows\szmwgslyjubmablfboviscohufqxiwxhbx.reo C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\fbdcbckmmmiilbajuwsutst.ddd C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File created C:\Windows\fbdcbckmmmiilbajuwsutst.ddd C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\szmwgslyjubmablfboviscohufqxiwxhbx.reo C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bpjarkkewocupxopsma.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\qdwmcutmduhyszpprk.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
File opened for modification C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ulicwsvsnizusdxbhevsmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ctkzvketmytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\alcqeurixmxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\htlapgewmcoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jdxpogdvrgetmirjlpfz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ytohhayroedtnkunqvmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bpjarkkewocupxopsma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wpizxokbwkhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\htlapgewmcoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\alcqeurixmxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wpizxokbwkhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\htlapgewmcoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vlbpkyrfxicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\alcqeurixmxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bpjarkkewocupxopsma.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\alcqeurixmxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\htlapgewmcoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ldvliytjdqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ytohhayroedtnkunqvmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\alcqeurixmxmejxv.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ldvliytjdqmzqkrhhj.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\alcqeurixmxmejxv.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\wpizxokbwkhvniqhila.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\bpjarkkewocupxopsma.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ctkzvketmytfvouji.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\wpizxokbwkhvniqhila.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\alcqeurixmxmejxv.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\qdwmcutmduhyszpprk.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\alcqeurixmxmejxv.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\wpizxokbwkhvniqhila.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ytohhayroedtnkunqvmhc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\alcqeurixmxmejxv.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ytohhayroedtnkunqvmhc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ytohhayroedtnkunqvmhc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3540 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3540 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3540 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3764 wrote to memory of 4064 N/A C:\Windows\system32\cmd.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 3764 wrote to memory of 4064 N/A C:\Windows\system32\cmd.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 3764 wrote to memory of 4064 N/A C:\Windows\system32\cmd.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 4064 wrote to memory of 4668 N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 4064 wrote to memory of 4668 N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 4064 wrote to memory of 4668 N/A C:\Windows\dtpibwyuoiyspzsvawmib.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 1064 wrote to memory of 4700 N/A C:\Windows\system32\cmd.exe C:\Windows\alcqeurixmxmejxv.exe
PID 1064 wrote to memory of 4700 N/A C:\Windows\system32\cmd.exe C:\Windows\alcqeurixmxmejxv.exe
PID 1064 wrote to memory of 4700 N/A C:\Windows\system32\cmd.exe C:\Windows\alcqeurixmxmejxv.exe
PID 4700 wrote to memory of 2976 N/A C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4700 wrote to memory of 2976 N/A C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4700 wrote to memory of 2976 N/A C:\Windows\alcqeurixmxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 808 wrote to memory of 4608 N/A C:\Windows\system32\cmd.exe C:\Windows\htlapgewmcoexdsrs.exe
PID 808 wrote to memory of 4608 N/A C:\Windows\system32\cmd.exe C:\Windows\htlapgewmcoexdsrs.exe
PID 808 wrote to memory of 4608 N/A C:\Windows\system32\cmd.exe C:\Windows\htlapgewmcoexdsrs.exe
PID 3856 wrote to memory of 4604 N/A C:\Windows\system32\cmd.exe C:\Windows\odyqicdyrkzsoxprvqfa.exe
PID 3856 wrote to memory of 4604 N/A C:\Windows\system32\cmd.exe C:\Windows\odyqicdyrkzsoxprvqfa.exe
PID 3856 wrote to memory of 4604 N/A C:\Windows\system32\cmd.exe C:\Windows\odyqicdyrkzsoxprvqfa.exe
PID 1628 wrote to memory of 1644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1628 wrote to memory of 1644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1628 wrote to memory of 1644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4604 wrote to memory of 3880 N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 4604 wrote to memory of 3880 N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 4604 wrote to memory of 3880 N/A C:\Windows\odyqicdyrkzsoxprvqfa.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 4852 wrote to memory of 4928 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 4852 wrote to memory of 4928 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 4852 wrote to memory of 4928 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 552 wrote to memory of 1032 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 552 wrote to memory of 1032 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 552 wrote to memory of 1032 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
PID 4928 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4928 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4928 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3068 wrote to memory of 1688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3068 wrote to memory of 1688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3068 wrote to memory of 1688 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1688 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe C:\Windows\system32\cmd.exe
PID 1688 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe C:\Windows\system32\cmd.exe
PID 1688 wrote to memory of 3740 N/A C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe C:\Windows\system32\cmd.exe
PID 3324 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3324 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3324 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3324 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3324 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3324 wrote to memory of 4896 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3440 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\ldvliytjdqmzqkrhhj.exe
PID 3440 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\ldvliytjdqmzqkrhhj.exe
PID 3440 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\ldvliytjdqmzqkrhhj.exe
PID 4704 wrote to memory of 2024 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4704 wrote to memory of 2024 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4704 wrote to memory of 2024 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2432 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 2432 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 2432 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\dtpibwyuoiyspzsvawmib.exe
PID 2420 wrote to memory of 4048 N/A C:\Windows\system32\cmd.exe C:\Windows\wpizxokbwkhvniqhila.exe
PID 2420 wrote to memory of 4048 N/A C:\Windows\system32\cmd.exe C:\Windows\wpizxokbwkhvniqhila.exe
PID 2420 wrote to memory of 4048 N/A C:\Windows\system32\cmd.exe C:\Windows\wpizxokbwkhvniqhila.exe
PID 3324 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3324 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 3324 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
PID 1608 wrote to memory of 2268 N/A C:\Windows\system32\cmd.exe C:\Windows\bpjarkkewocupxopsma.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ddjmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

"C:\Windows\dtpibwyuoiyspzsvawmib.exe" /ppiftsvc

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\ddjmp.exe

"C:\Users\Admin\AppData\Local\Temp\ddjmp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\ddjmp.exe

"C:\Users\Admin\AppData\Local\Temp\ddjmp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\wpizxokbwkhvniqhila.exe

wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\ddjmp.exe

"C:\Users\Admin\AppData\Local\Temp\ddjmp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\wpizxokbwkhvniqhila.exe

wpizxokbwkhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jdxpogdvrgetmirjlpfz.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\wpizxokbwkhvniqhila.exe

wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vlbpkyrfxicncuzn.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdxpogdvrgetmirjlpfz.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jdxpogdvrgetmirjlpfz.exe

jdxpogdvrgetmirjlpfz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\vlbpkyrfxicncuzn.exe

vlbpkyrfxicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\wpizxokbwkhvniqhila.exe

wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vlbpkyrfxicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Windows\vlbpkyrfxicncuzn.exe

vlbpkyrfxicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdxpogdvrgetmirjlpfz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\jdxpogdvrgetmirjlpfz.exe

jdxpogdvrgetmirjlpfz.exe .

C:\Windows\vlbpkyrfxicncuzn.exe

vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jdxpogdvrgetmirjlpfz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jdxpogdvrgetmirjlpfz.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jdxpogdvrgetmirjlpfz.exe*."

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\wpizxokbwkhvniqhila.exe

wpizxokbwkhvniqhila.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe .

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ctkzvketmytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .

C:\Windows\dtpibwyuoiyspzsvawmib.exe

dtpibwyuoiyspzsvawmib.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe

C:\Windows\odyqicdyrkzsoxprvqfa.exe

odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe

C:\Windows\alcqeurixmxmejxv.exe

alcqeurixmxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."

C:\Windows\bpjarkkewocupxopsma.exe

bpjarkkewocupxopsma.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\htlapgewmcoexdsrs.exe

htlapgewmcoexdsrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Windows\qdwmcutmduhyszpprk.exe

qdwmcutmduhyszpprk.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe

C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe

C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.4.4:53 e.ppift.com udp
AE 208.67.222.123:53 e.ppidn.net udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 205.171.3.65:53 e.ppift.in udp
US 8.8.8.8:53 e.ppift.in udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:80 www.google.com tcp
BG 87.97.201.52:28404 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 cwrzzvdqbyr.net udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:80 www.youtube.com tcp
US 89.117.217.105:25835 tcp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 eplbpmhc.net udp
US 8.8.8.8:53 pvsmvfhxkcja.info udp
US 8.8.8.8:53 gkdzkqrsl.net udp
US 8.8.8.8:53 yhchoaxh.info udp
US 8.8.8.8:53 lssuvev.info udp
US 8.8.8.8:53 aysqzyb.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 qszdrobeb.info udp
US 8.8.8.8:53 yuyaawkeaisy.org udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 yibzpmfci.info udp
US 8.8.8.8:53 pissjyv.com udp
US 8.8.8.8:53 lklyyhvnlxhn.info udp
US 8.8.8.8:53 oouwhqv.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 jjecbsecwkm.org udp
US 8.8.8.8:53 fndkcrty.info udp
US 8.8.8.8:53 ijwtxgqofv.net udp
US 8.8.8.8:53 kkpcaanwb.net udp
US 8.8.8.8:53 dqrjfkgzomp.info udp
US 8.8.8.8:53 fjpjwbadoe.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 rnoftwap.net udp
US 8.8.8.8:53 virpbszarz.info udp
US 8.8.8.8:53 fjvtgzhzal.net udp
US 8.8.8.8:53 pzlibo.info udp
US 8.8.8.8:53 fxbbdk.info udp
US 8.8.8.8:53 qumwwe.com udp
US 8.8.8.8:53 wqzolaqougs.info udp
US 8.8.8.8:53 yjlynivbzyf.net udp
US 8.8.8.8:53 rhxkdc.net udp
US 8.8.8.8:53 sksiowmyumoo.org udp
US 8.8.8.8:53 vvdyauxc.net udp
US 8.8.8.8:53 wzhbqqpc.net udp
US 8.8.8.8:53 zybhehlxbw.net udp
US 8.8.8.8:53 xobjdzdfo.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 mnzknelrj.info udp
US 8.8.8.8:53 sizqilv.info udp
US 8.8.8.8:53 sazctjtaa.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 qsyegg.com udp
US 8.8.8.8:53 cdixtvrdmc.info udp
US 8.8.8.8:53 udodptkz.info udp
US 8.8.8.8:53 qspopknuu.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 szzbhwmmfx.info udp
US 8.8.8.8:53 jonyyvvqx.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 ylhyqvmtni.net udp
US 8.8.8.8:53 bfppbqzsznzz.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 bpzgxabi.info udp
US 8.8.8.8:53 xorvdzbu.net udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 dqmwrr.info udp
US 8.8.8.8:53 vcrsrrzeons.info udp
US 8.8.8.8:53 wqkwkj.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 qmimdwiku.net udp
US 8.8.8.8:53 yenmvmtmz.info udp
US 8.8.8.8:53 ryriytb.com udp
US 8.8.8.8:53 wfdtrqxufvdw.info udp
US 8.8.8.8:53 cpdgbr.info udp
US 8.8.8.8:53 bnhmlbznuuy.com udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 zqrcboljjcf.com udp
US 8.8.8.8:53 wnhenlkimtav.info udp
US 8.8.8.8:53 rmxnkwz.net udp
US 8.8.8.8:53 ebuygyziur.info udp
BG 87.97.140.135:19345 tcp
US 8.8.8.8:53 rjpzvileqmr.org udp
US 8.8.8.8:53 uomvdqlsigir.net udp
US 8.8.8.8:53 ufkcfsxlma.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 alkdvrffcr.info udp
US 8.8.8.8:53 notirfj.org udp
US 8.8.8.8:53 seaxbkg.net udp
US 8.8.8.8:53 dencjkjmr.info udp
US 8.8.8.8:53 lvryxhnlnwhq.info udp
US 8.8.8.8:53 iiaggud.net udp
US 8.8.8.8:53 shqexujcldlv.net udp
US 8.8.8.8:53 texfosn.info udp
US 8.8.8.8:53 lhkpzjewuvu.com udp
US 8.8.8.8:53 riighcosjav.net udp
US 8.8.8.8:53 xjbgxio.info udp
US 8.8.8.8:53 ngocscbyqm.net udp
US 8.8.8.8:53 pizrhwg.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 euieoc.com udp
US 8.8.8.8:53 zaxupg.net udp
US 8.8.8.8:53 zgmusidpzef.org udp
US 8.8.8.8:53 kcqmymicwo.com udp
US 8.8.8.8:53 eiacyqweuuuo.org udp
US 8.8.8.8:53 fytaaorgvup.com udp
US 8.8.8.8:53 ssaqeamesm.org udp
US 8.8.8.8:53 rrpcro.net udp
US 8.8.8.8:53 rtzjrt.net udp
US 8.8.8.8:53 ueryrmk.net udp
CY 213.7.97.170:17442 tcp
US 8.8.8.8:53 tpifpq.info udp
US 8.8.8.8:53 miyviruj.net udp
US 8.8.8.8:53 enfmxrmj.info udp
US 8.8.8.8:53 zdxqgygjtii.org udp
US 8.8.8.8:53 bobihyplp.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 mhlmvv.net udp
US 8.8.8.8:53 apvnsvynedin.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 swgzkgzwt.net udp
US 8.8.8.8:53 xlpmjlaes.info udp
US 8.8.8.8:53 kpezpml.net udp
US 8.8.8.8:53 gwqeyuouko.com udp
US 8.8.8.8:53 bsthqs.net udp
US 8.8.8.8:53 uoktqoeubn.info udp
US 8.8.8.8:53 ueokven.info udp
US 8.8.8.8:53 eewegmkwsmyc.org udp
US 8.8.8.8:53 ydizkn.net udp
US 8.8.8.8:53 sidkreh.info udp
US 8.8.8.8:53 jqnivgfqb.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 tbbltm.net udp
US 8.8.8.8:53 kqaqea.com udp
US 8.8.8.8:53 oqzknxkgn.info udp
US 8.8.8.8:53 qsceqo.com udp
US 8.8.8.8:53 rynjdfkinc.net udp
US 8.8.8.8:53 jdsbmlafkqju.info udp
US 8.8.8.8:53 cmmkmsoe.org udp
US 8.8.8.8:53 bjjanuzpn.com udp
US 8.8.8.8:53 fanengnbllv.net udp
US 8.8.8.8:53 yoiyqusc.com udp
US 8.8.8.8:53 wahdhuksf.info udp
US 8.8.8.8:53 gsuuxlbul.net udp
US 8.8.8.8:53 iehcuyp.net udp
US 8.8.8.8:53 vmrjlzqaa.org udp
US 8.8.8.8:53 ywagkg.com udp
US 8.8.8.8:53 vophdiqjx.com udp
US 8.8.8.8:53 gyogmcac.com udp
US 8.8.8.8:53 btxrhilx.net udp
US 8.8.8.8:53 fhvvbenhoht.info udp
US 8.8.8.8:53 ysdpjg.info udp
US 8.8.8.8:53 rzctnntmfwfm.net udp
US 8.8.8.8:53 syeuulcujczx.info udp
US 8.8.8.8:53 lshetkx.info udp
US 8.8.8.8:53 cgwezgzu.info udp
US 8.8.8.8:53 dgnkjotsj.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 zhxzcihst.net udp
US 8.8.8.8:53 nvedralfiztm.net udp
US 8.8.8.8:53 errmkdgxrp.info udp
US 8.8.8.8:53 fouwtmhkm.info udp
US 8.8.8.8:53 ytduejgpohlq.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 dkkuhw.info udp
US 8.8.8.8:53 djkxzrxj.net udp
US 8.8.8.8:53 wldvhzyiooze.info udp
US 8.8.8.8:53 qgggaiimso.com udp
US 8.8.8.8:53 utkqjetjn.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 obsgjm.net udp
US 8.8.8.8:53 twitzwcvvs.net udp
US 8.8.8.8:53 blwtmlkrmdez.info udp
US 8.8.8.8:53 acvibcnrj.net udp
US 8.8.8.8:53 omqwswseak.com udp
US 8.8.8.8:53 ulptcgxa.info udp
US 8.8.8.8:53 zzsemm.net udp
US 8.8.8.8:53 sxfdfodec.info udp
US 8.8.8.8:53 farenlnijglm.net udp
US 8.8.8.8:53 chgcfhcd.net udp
US 8.8.8.8:53 lazphwgm.net udp
US 8.8.8.8:53 pevyxorqi.net udp
US 8.8.8.8:53 iqxyalvi.net udp
MD 77.235.107.127:35614 tcp
US 8.8.8.8:53 yhrfumjmtd.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 tvtnzej.net udp
US 8.8.8.8:53 qoknggbyihyq.info udp
US 8.8.8.8:53 gejpyyv.info udp
US 8.8.8.8:53 xbgofmt.com udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 xjbwdcq.net udp
US 8.8.8.8:53 ogdqxhrypz.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 gmgsicymwk.com udp
US 8.8.8.8:53 wcdxbmzwafub.net udp
US 8.8.8.8:53 yzwdny.net udp
US 8.8.8.8:53 clbzpc.net udp
LT 87.247.81.223:38752 tcp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 vzohtecllh.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 hjdihxmpor.net udp
US 8.8.8.8:53 xqjhrxduat.net udp
US 8.8.8.8:53 uqfsrgb.info udp
US 8.8.8.8:53 ioziusi.net udp
US 8.8.8.8:53 kiyaxsr.info udp
US 8.8.8.8:53 azlrsd.net udp
US 8.8.8.8:53 mpdqxgenco.net udp
US 8.8.8.8:53 vyjrga.net udp
US 8.8.8.8:53 yyoscsewgwuy.com udp
US 8.8.8.8:53 vajinutygvc.info udp
US 8.8.8.8:53 smsccmukci.com udp
US 8.8.8.8:53 jzedlqrzxciu.net udp
US 8.8.8.8:53 eecuwu.com udp
US 8.8.8.8:53 oiiumaomao.org udp
US 8.8.8.8:53 oatceuvjdvr.info udp
US 8.8.8.8:53 tibyyraco.com udp
US 8.8.8.8:53 ikwwiayy.com udp
US 8.8.8.8:53 fcasxwqqu.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 dlvgjt.info udp
US 8.8.8.8:53 eapnaxxpqaof.net udp
US 8.8.8.8:53 yxjlpfh.info udp
US 8.8.8.8:53 phwbzujv.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 qorczsp.info udp
US 8.8.8.8:53 eorsrenizkf.net udp
US 8.8.8.8:53 flpzvdoq.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 jsneokiy.info udp
US 8.8.8.8:53 gkkclarujbd.net udp
US 8.8.8.8:53 xvjxbqdkren.net udp
US 8.8.8.8:53 rxscqlijx.org udp
US 8.8.8.8:53 ommkkhxuzq.info udp
US 8.8.8.8:53 jmxsgj.info udp
US 8.8.8.8:53 kcbewml.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 kwqaoqoigokw.com udp
US 8.8.8.8:53 yfuoxgdjt.info udp
US 8.8.8.8:53 jqixvasfrf.net udp
US 8.8.8.8:53 imyodipup.info udp
US 8.8.8.8:53 hpidncomosv.com udp
US 8.8.8.8:53 kbpmle.net udp
US 8.8.8.8:53 aiouumbgoyz.info udp
US 8.8.8.8:53 cpwiymtojr.net udp
US 8.8.8.8:53 vstgqzynzr.info udp
US 8.8.8.8:53 iciwqk.com udp
US 8.8.8.8:53 keuuuwae.org udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 nayyaj.net udp
US 8.8.8.8:53 lpbmzlub.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 nquehklud.org udp
US 8.8.8.8:53 swawyc.org udp
US 8.8.8.8:53 peeyzxlszc.info udp
US 8.8.8.8:53 etpgpi.net udp
US 8.8.8.8:53 mokomobmz.info udp
US 8.8.8.8:53 smusfyn.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 mqjzvskwk.info udp
US 8.8.8.8:53 ukhydvkekdda.net udp
US 8.8.8.8:53 zvdgrqn.org udp
US 8.8.8.8:53 dhdjqpke.net udp
US 8.8.8.8:53 zjjrdef.net udp
US 8.8.8.8:53 eygweoiq.org udp
US 8.8.8.8:53 hactqnyoujbq.info udp
US 8.8.8.8:53 awrwipzbsw.net udp
US 8.8.8.8:53 nobgvvpmmmn.com udp
US 8.8.8.8:53 qqdcaij.net udp
US 8.8.8.8:53 jcvazzfuq.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 xcjddz.info udp
US 8.8.8.8:53 avqtnlrlev.info udp
US 8.8.8.8:53 zmiydgnkrey.org udp
US 8.8.8.8:53 ujjiko.net udp
US 8.8.8.8:53 kilnql.info udp
US 8.8.8.8:53 jkhgkt.info udp
US 8.8.8.8:53 kiqeauaksc.org udp
US 8.8.8.8:53 rvvnptcuwaj.net udp
US 8.8.8.8:53 deyyxb.info udp
US 8.8.8.8:53 ckoiya.com udp
US 8.8.8.8:53 hibish.info udp
US 8.8.8.8:53 nmfousjwbmk.org udp
BG 93.123.123.203:15548 tcp
US 8.8.8.8:53 gkeuxox.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 ebpkdar.net udp
US 8.8.8.8:53 hqpdlxpe.net udp
US 8.8.8.8:53 kwwwacmgyk.org udp
US 8.8.8.8:53 muufhydlvb.info udp
US 8.8.8.8:53 xazwmo.net udp
US 8.8.8.8:53 ejifpvcu.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 dswsetem.info udp
US 8.8.8.8:53 neukubjm.info udp
US 8.8.8.8:53 ncbplpwlhbde.info udp
US 8.8.8.8:53 xxjeksobyg.info udp
US 8.8.8.8:53 xhdpzcmxntmm.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
BG 93.183.157.219:33734 tcp
US 8.8.8.8:53 ztgvdgwm.info udp
US 8.8.8.8:53 acrgpkzf.net udp
US 8.8.8.8:53 lvyqknzeyjcu.net udp
US 8.8.8.8:53 gwyqqg.com udp
US 8.8.8.8:53 fsdozitusuj.com udp
US 8.8.8.8:53 jenbdtgc.net udp
US 8.8.8.8:53 gwtaqst.info udp
US 8.8.8.8:53 hbpkfbjr.info udp
US 8.8.8.8:53 quikggwuqqqq.com udp
US 8.8.8.8:53 liiavxdxvye.com udp
US 8.8.8.8:53 tmvyuxtobt.net udp
US 8.8.8.8:53 opiszupon.info udp
US 8.8.8.8:53 ewakcwioak.com udp
US 8.8.8.8:53 lkrjszqtlazj.net udp
US 8.8.8.8:53 rkdwsiv.net udp
US 8.8.8.8:53 ewccfqy.net udp
US 8.8.8.8:53 cgdqruywo.net udp
US 8.8.8.8:53 ceowcmfezkb.info udp
US 8.8.8.8:53 ywsmmwcm.com udp
US 8.8.8.8:53 iecwga.org udp
US 8.8.8.8:53 lcmopkvgn.net udp
US 8.8.8.8:53 zivmzcjb.info udp
US 8.8.8.8:53 yawoyoccagak.com udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 cczyxwuhniz.net udp
US 8.8.8.8:53 vfbsqgjep.com udp
US 8.8.8.8:53 nxpcjkscsc.net udp
US 8.8.8.8:53 oopdqe.net udp
US 8.8.8.8:53 yggusuymci.com udp
US 8.8.8.8:53 ckdqwub.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 kjocaqhvzfq.net udp
US 8.8.8.8:53 nwtgfrkstpd.info udp
US 8.8.8.8:53 zpgchofk.net udp
US 8.8.8.8:53 ioxtnahca.net udp
US 8.8.8.8:53 qbhjpwzkzaf.info udp
US 8.8.8.8:53 muwammee.com udp
US 8.8.8.8:53 aeqaceyakm.org udp
US 8.8.8.8:53 kmqeauio.org udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 ugsswm.com udp
US 8.8.8.8:53 yhbidr.net udp
US 8.8.8.8:53 hevodddmls.net udp
US 8.8.8.8:53 rfsmjylrbmf.net udp
US 8.8.8.8:53 jzanvbvwnz.net udp
US 8.8.8.8:53 rppqrkmic.net udp
US 8.8.8.8:53 hoksamvkh.net udp
US 8.8.8.8:53 xzodjvwdufhp.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 hhmhgy.info udp
US 8.8.8.8:53 qaccuewo.org udp
US 8.8.8.8:53 kuqsio.org udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 mwfxxof.net udp
US 8.8.8.8:53 wwkvzwirtjoh.net udp
US 8.8.8.8:53 qqmcku.com udp
US 8.8.8.8:53 ygwoes.org udp
US 8.8.8.8:53 kcbeysq.net udp
US 8.8.8.8:53 dkmidltwt.com udp
US 8.8.8.8:53 byvfxab.info udp
US 8.8.8.8:53 xghfufmhez.info udp
US 8.8.8.8:53 lubamvacr.org udp
BG 88.203.169.80:22518 tcp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 zcigwip.net udp
US 8.8.8.8:53 ltvkfdng.net udp
US 8.8.8.8:53 zomvjmwftx.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 ffvhhfvsds.info udp
US 8.8.8.8:53 naslvc.net udp
US 8.8.8.8:53 jgbiximstdx.net udp
US 8.8.8.8:53 guzrucc.info udp
US 8.8.8.8:53 btluvracsimm.net udp
BG 188.126.11.178:42275 tcp
US 8.8.8.8:53 oirospb.net udp
US 8.8.8.8:53 lmxtgavtnema.net udp
US 8.8.8.8:53 jbvarbau.net udp
US 8.8.8.8:53 fwartf.net udp
US 8.8.8.8:53 wckcki.info udp
US 8.8.8.8:53 byvqtsu.net udp
US 8.8.8.8:53 yokaogmmeiyw.org udp
US 8.8.8.8:53 eoeogeymqm.org udp
US 8.8.8.8:53 oibkuu.net udp
US 8.8.8.8:53 uwdyicbijrh.info udp
US 8.8.8.8:53 isuaqmmkqc.com udp
US 8.8.8.8:53 lhtgtrjsvs.info udp
US 8.8.8.8:53 uawyquka.com udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 zhtsxrgi.net udp
US 8.8.8.8:53 rewrcw.net udp
US 8.8.8.8:53 ggusscsyggao.com udp
US 8.8.8.8:53 kvtbrcga.info udp
US 8.8.8.8:53 owwgqyuecwuq.com udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 gqagyc.net udp
US 8.8.8.8:53 apgmfs.info udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 vthqlvvrvpts.net udp
US 8.8.8.8:53 kqlxzmxer.net udp
US 8.8.8.8:53 ahbgvksf.info udp
US 8.8.8.8:53 vkaqidtyai.net udp
US 8.8.8.8:53 jojeyieqrq.net udp
US 8.8.8.8:53 osmelyq.net udp
US 8.8.8.8:53 kqsoicykmu.org udp
US 8.8.8.8:53 nwiujhcmj.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 kcmumfd.info udp
US 8.8.8.8:53 zgbdajhmn.org udp
US 8.8.8.8:53 euvsgg.info udp
US 8.8.8.8:53 lfrdvanqckfe.net udp
US 8.8.8.8:53 kgbfbnajxj.info udp
US 8.8.8.8:53 nldguumxocvq.net udp
US 8.8.8.8:53 newhuxeakz.info udp
US 8.8.8.8:53 zpjvjp.info udp
US 8.8.8.8:53 qkayuecwcomo.org udp
US 8.8.8.8:53 amchpkmyhcn.net udp
US 8.8.8.8:53 wuceao.org udp
US 8.8.8.8:53 giyiqiiw.com udp
US 8.8.8.8:53 xufsjgrezy.net udp
US 8.8.8.8:53 jcxwazrihou.com udp
US 8.8.8.8:53 wqxcrxzcr.info udp
US 8.8.8.8:53 tspyngown.info udp
US 8.8.8.8:53 uwbyboziows.info udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 bynoyahzkog.info udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 cumgqk.org udp
US 8.8.8.8:53 ouirumpwa.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 hsjkldnndpfb.info udp
US 8.8.8.8:53 drailcx.info udp
US 8.8.8.8:53 fhzezlljj.org udp
US 8.8.8.8:53 lpgobtk.com udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 iwpsrioaigy.info udp
US 8.8.8.8:53 zywqofn.net udp
US 8.8.8.8:53 vdnrjwbdelae.info udp
US 8.8.8.8:53 tbcntc.info udp
US 8.8.8.8:53 zapydfewqduq.info udp
US 8.8.8.8:53 hbdctkcl.net udp
US 8.8.8.8:53 plenegmh.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 lsbpydzxt.org udp
US 8.8.8.8:53 gldwzqwgpm.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 kwwygy.com udp
BG 87.97.147.206:27700 tcp
US 8.8.8.8:53 uqsgqodkekd.net udp
US 8.8.8.8:53 ifdmyxjupcb.net udp
US 8.8.8.8:53 arhmvat.info udp
US 8.8.8.8:53 adxjocxercva.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 sxqteyf.info udp
US 8.8.8.8:53 qvbcfqvet.info udp
US 8.8.8.8:53 oqrqlojqp.info udp
US 8.8.8.8:53 rgkctcjmpua.info udp
US 8.8.8.8:53 nkmifihqz.com udp
US 8.8.8.8:53 nyuqjmnmf.info udp
US 8.8.8.8:53 aisnfyh.info udp
US 8.8.8.8:53 qwelnssbgrzl.info udp
US 8.8.8.8:53 lczqmbl.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 lebhdd.net udp
US 8.8.8.8:53 pmpsvgnxtjv.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 pmhysnewy.info udp
US 84.46.167.153:42234 tcp
US 8.8.8.8:53 ejtwjlnobvp.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 pqvcbyx.info udp
US 8.8.8.8:53 zyssvtcdlfyf.info udp
US 8.8.8.8:53 ueehrrqm.net udp
US 8.8.8.8:53 tsphixlc.net udp
US 8.8.8.8:53 ikrbnohkn.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 lcpnbuav.info udp
US 8.8.8.8:53 etvqndvcut.info udp
US 8.8.8.8:53 ptjfejou.net udp
US 8.8.8.8:53 ncqoqejdr.info udp
US 8.8.8.8:53 quvevqlqfby.net udp
US 8.8.8.8:53 ikfwaj.info udp
US 8.8.8.8:53 phzmrkv.org udp
US 8.8.8.8:53 cedjrzruqhb.net udp
US 8.8.8.8:53 hipqpro.net udp
US 8.8.8.8:53 gnhdfi.info udp
US 8.8.8.8:53 ooaugaseug.com udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 zyhndh.info udp
US 8.8.8.8:53 hipyqzt.info udp
US 8.8.8.8:53 wmuhkdn.net udp
US 8.8.8.8:53 qkimoqgg.com udp
US 8.8.8.8:53 cbdxtggq.info udp
US 8.8.8.8:53 ugbtxczb.net udp
US 8.8.8.8:53 hydxuoa.org udp
US 8.8.8.8:53 lediioq.net udp
US 8.8.8.8:53 ploandloss.info udp
US 8.8.8.8:53 puawra.info udp
US 8.8.8.8:53 eokqcg.org udp
US 8.8.8.8:53 eypcxwt.info udp
US 8.8.8.8:53 idnzcxhl.net udp
US 8.8.8.8:53 ppissu.info udp
US 8.8.8.8:53 xfstzyt.net udp
US 8.8.8.8:53 vkzhgqxcj.com udp
US 8.8.8.8:53 xowvpvsj.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 moeyqymauasq.org udp
US 8.8.8.8:53 zhcpbfkxjeka.net udp
US 8.8.8.8:53 lwfkzfiesd.info udp
US 8.8.8.8:53 ykusua.org udp
US 8.8.8.8:53 uytlzfnsd.net udp
US 8.8.8.8:53 kekwaeia.com udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 rtvspii.net udp
US 8.8.8.8:53 fzntrobtejzq.info udp
US 8.8.8.8:53 zkpzpkn.com udp
US 8.8.8.8:53 alfsqou.info udp
US 8.8.8.8:53 ifiodmr.info udp
US 8.8.8.8:53 aggnzaz.info udp
US 8.8.8.8:53 pfqozwd.org udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 grfbpnbvrss.info udp
US 8.8.8.8:53 uybqbevisl.info udp
US 8.8.8.8:53 dmraaotakux.org udp
US 8.8.8.8:53 msvclizefeu.info udp
US 8.8.8.8:53 tolughv.org udp
US 8.8.8.8:53 icoiyoyoooys.org udp
US 8.8.8.8:53 gngmouxc.info udp
US 8.8.8.8:53 spbfjauz.net udp
US 8.8.8.8:53 mqjddktyd.info udp
US 8.8.8.8:53 bsdlxqfmvj.net udp
US 8.8.8.8:53 chhlzecvh.net udp
US 8.8.8.8:53 icwakoccqq.org udp
US 8.8.8.8:53 ddpqtlkbqmgu.info udp
US 8.8.8.8:53 lxybrwnwn.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 rdqttv.net udp
US 8.8.8.8:53 nzdopecej.org udp
US 8.8.8.8:53 dsjdpgsdqq.net udp
US 8.8.8.8:53 molqpbak.info udp
US 8.8.8.8:53 smkaom.org udp
US 8.8.8.8:53 saaaqkoqakis.org udp
US 8.8.8.8:53 unjevkya.net udp
US 8.8.8.8:53 uqoaeesgqysq.org udp
US 8.8.8.8:53 frjgtkw.net udp
US 8.8.8.8:53 ymjilszcrtp.info udp
US 8.8.8.8:53 hilwmivcd.com udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 mjmkjbgucigp.net udp
US 8.8.8.8:53 rcbnsyhrps.net udp
US 8.8.8.8:53 pbstzbchufek.net udp
US 8.8.8.8:53 agixzvmqgwtt.info udp
US 8.8.8.8:53 ceaiskeu.org udp
US 8.8.8.8:53 okgmeams.org udp
US 8.8.8.8:53 rjnlvexdve.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 korgbbtodbag.info udp
US 8.8.8.8:53 iislucnddzub.info udp
US 8.8.8.8:53 aoisegwm.com udp
US 8.8.8.8:53 qrylhs.info udp
US 8.8.8.8:53 eisomi.org udp
RU 178.206.219.119:22590 tcp
US 8.8.8.8:53 fgzsruumbgz.net udp
US 8.8.8.8:53 zgrcvciqm.org udp
US 8.8.8.8:53 lzxijni.org udp
US 8.8.8.8:53 nwjrzbpye.org udp
US 8.8.8.8:53 vtpepyfgtxm.info udp
US 8.8.8.8:53 xgjyoqtkrrmx.info udp
BG 178.169.136.183:33480 tcp
US 8.8.8.8:53 oaswyiogms.org udp
US 8.8.8.8:53 kqcxvamaadc.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 nnvmeydvfhlg.info udp
US 8.8.8.8:53 eqpbrxsa.net udp
US 8.8.8.8:53 balkfyblufhy.net udp
US 8.8.8.8:53 xfmpsgninn.info udp
US 8.8.8.8:53 qqywqyse.com udp
US 8.8.8.8:53 wefmzcz.net udp
US 8.8.8.8:53 betsravkjgh.net udp
US 8.8.8.8:53 cvkyowvkd.net udp
US 8.8.8.8:53 ypdnctmcuv.info udp
US 8.8.8.8:53 bobiuycdj.info udp
US 8.8.8.8:53 quuyasr.info udp
US 8.8.8.8:53 kmyuhezg.info udp
US 8.8.8.8:53 owyqoc.org udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 gffxvjjh.info udp
US 8.8.8.8:53 qazwjcmdv.info udp
US 8.8.8.8:53 xroixsfqvwu.com udp
US 8.8.8.8:53 myhjnafc.info udp
US 8.8.8.8:53 kjacusbqhy.info udp
US 8.8.8.8:53 embncvuq.info udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 hyfokxwijr.net udp
US 8.8.8.8:53 xhpqgl.net udp
US 8.8.8.8:53 samemyquiw.com udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 sogrnifqezgr.info udp
US 8.8.8.8:53 uxbsfs.net udp
US 8.8.8.8:53 cumkaeyygk.org udp
US 8.8.8.8:53 ekjzrrn.info udp
US 8.8.8.8:53 pcdskwzcnmj.net udp
US 8.8.8.8:53 lmfkrcm.net udp
US 8.8.8.8:53 imorpjdlc.info udp
US 8.8.8.8:53 mcmkyuecmm.org udp
US 8.8.8.8:53 hkqodo.info udp
US 8.8.8.8:53 sxefnv.info udp
US 8.8.8.8:53 yuxdfy.net udp
US 8.8.8.8:53 dpdocollimda.net udp
US 8.8.8.8:53 yefswpfxiyn.net udp
US 8.8.8.8:53 hlsuth.info udp
US 8.8.8.8:53 ofebpx.net udp
US 8.8.8.8:53 jnlwfler.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 vgnndxzcf.org udp
US 8.8.8.8:53 iqsyayoe.org udp
US 8.8.8.8:53 nvuoft.net udp
US 8.8.8.8:53 xowhta.net udp
US 8.8.8.8:53 rsntnfzi.net udp
US 8.8.8.8:53 sswkwmmumymc.org udp
US 8.8.8.8:53 lmtkruyvp.info udp
US 8.8.8.8:53 ocsahsymlad.net udp
US 8.8.8.8:53 nhypgaifohrc.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 ikbejyy.net udp
US 8.8.8.8:53 nuiebdxav.com udp
US 8.8.8.8:53 zvsezh.info udp
US 8.8.8.8:53 xcvevk.info udp
US 8.8.8.8:53 oergdcmyy.info udp
US 8.8.8.8:53 rnfoquktvax.com udp
US 8.8.8.8:53 hzhpcoty.info udp
US 8.8.8.8:53 lclglmjww.net udp
US 8.8.8.8:53 mseuoausee.org udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 gmhgbqp.net udp
US 8.8.8.8:53 iaecca.com udp
US 8.8.8.8:53 xivongn.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 taoamhjtqf.info udp
US 8.8.8.8:53 xyrnbyxql.org udp
US 8.8.8.8:53 bugxlw.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 sslbkkkh.net udp
US 8.8.8.8:53 tfqdkagp.net udp
US 8.8.8.8:53 qgbpikukyem.net udp
US 8.8.8.8:53 fwlyzm.info udp
US 8.8.8.8:53 jjhvhlvy.info udp
US 8.8.8.8:53 yukyyi.com udp
US 8.8.8.8:53 wurbvv.net udp
US 8.8.8.8:53 gwxgzrg.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 ltlkruhc.net udp
US 8.8.8.8:53 wqtmmxhunct.info udp
US 8.8.8.8:53 uyfooid.info udp
US 8.8.8.8:53 nsgmjowhng.net udp
BR 89.116.58.73:14058 tcp
US 8.8.8.8:53 souikyog.com udp
US 8.8.8.8:53 qyzdqsq.info udp
US 8.8.8.8:53 pfhqjsjdzakt.net udp
US 8.8.8.8:53 zseopkzijepu.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 cummoi.com udp
US 8.8.8.8:53 ombwbfgwl.net udp
US 8.8.8.8:53 kpddkasi.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 fftkzd.net udp
US 8.8.8.8:53 krtxzqlft.net udp
US 8.8.8.8:53 afkcsf.net udp
US 8.8.8.8:53 hgnozs.net udp
US 8.8.8.8:53 fqoqlvidkq.net udp
US 8.8.8.8:53 gnupeobijcx.net udp
US 8.8.8.8:53 ziebabbepgh.org udp
US 8.8.8.8:53 wskaciyqik.org udp
US 8.8.8.8:53 qikkryn.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 momgkofg.net udp
US 8.8.8.8:53 qewudizz.net udp
US 8.8.8.8:53 nkxntfbz.info udp
US 8.8.8.8:53 lqzuhoeypvzo.net udp
US 8.8.8.8:53 tevbga.info udp
US 8.8.8.8:53 mprunzzpp.info udp
BG 87.121.13.250:32445 tcp
US 8.8.8.8:53 cktwgit.info udp
US 8.8.8.8:53 wkwqaa.com udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 zqpevgvwrwu.info udp
US 8.8.8.8:53 fzjrrv.info udp
US 8.8.8.8:53 tersuwtwjmo.net udp
US 8.8.8.8:53 nnqywodxpj.info udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 eefcqo.info udp
US 8.8.8.8:53 bimeetqsd.net udp
US 8.8.8.8:53 jgfxxnrjv.org udp
US 8.8.8.8:53 cggiewakks.com udp
US 8.8.8.8:53 yqkwgmss.org udp
US 8.8.8.8:53 pifmzezqp.org udp
US 8.8.8.8:53 nmpcdefegjf.info udp
US 8.8.8.8:53 lenaktnafcy.net udp
US 8.8.8.8:53 lghyjalwzbs.net udp
US 8.8.8.8:53 wkeazen.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 dafzfdriag.info udp
US 8.8.8.8:53 afigas.net udp
US 8.8.8.8:53 bgpaaslow.info udp
US 8.8.8.8:53 rzzokqykwof.net udp
US 8.8.8.8:53 yvhpgguzxtcz.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 meymwkoumywc.com udp
US 8.8.8.8:53 zuncvr.info udp
US 8.8.8.8:53 nncmhik.info udp
US 8.8.8.8:53 gukijsy.info udp
US 8.8.8.8:53 zyhbkzzd.info udp
US 8.8.8.8:53 eciqiaqq.com udp
US 8.8.8.8:53 kuwcbdj.net udp
US 8.8.8.8:53 unpjhm.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 osgixcjgj.info udp
US 8.8.8.8:53 emzglqg.net udp
US 8.8.8.8:53 xyefjybsiuc.net udp
US 8.8.8.8:53 yubspmmqxkx.info udp
US 8.8.8.8:53 ciiytsxnvmr.net udp
US 8.8.8.8:53 twrnjnyzef.info udp
US 8.8.8.8:53 fwunbxjlgpu.com udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 vzmrkrch.info udp
US 8.8.8.8:53 sgsyim.org udp
US 8.8.8.8:53 fwkpqrngmdmv.net udp
US 8.8.8.8:53 upyxwuydnise.net udp
US 8.8.8.8:53 fulhjjfpakl.info udp
US 8.8.8.8:53 dfxdkh.net udp
US 8.8.8.8:53 bwpirousfcv.net udp
US 8.8.8.8:53 wymguueamuga.com udp
US 8.8.8.8:53 sywslkswfyv.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 iihbbldcm.info udp
US 8.8.8.8:53 jupsvyz.info udp
US 8.8.8.8:53 swkshux.net udp
US 8.8.8.8:53 yjxqjqhw.info udp
US 8.8.8.8:53 vcdpublgdbmi.info udp
US 8.8.8.8:53 yrpgpsbvotvm.net udp
US 8.8.8.8:53 eanvnuwxlh.net udp
US 8.8.8.8:53 jgsqglhgj.info udp
US 8.8.8.8:53 zzvjjehk.info udp
US 8.8.8.8:53 isldltmqxper.net udp
US 8.8.8.8:53 djqmndtl.net udp
US 8.8.8.8:53 civqsklicg.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
BG 79.100.70.250:40905 tcp
US 8.8.8.8:53 ebiqqou.info udp
US 8.8.8.8:53 kiccoumqug.org udp
US 8.8.8.8:53 yyamwmkk.org udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 zcnpqgzgdof.com udp
US 8.8.8.8:53 vkpsptncvax.net udp
US 8.8.8.8:53 xvethy.net udp
US 8.8.8.8:53 vdbtmkvpbejb.net udp
US 8.8.8.8:53 zrkezhdblynf.net udp
US 8.8.8.8:53 kccuuqio.org udp
LT 78.158.24.6:13069 tcp
US 8.8.8.8:53 hubzxfmqpfll.info udp
US 8.8.8.8:53 qkkoemoyeyma.com udp
US 8.8.8.8:53 ucwonoocbkx.net udp
US 8.8.8.8:53 oqpctmipru.info udp
US 8.8.8.8:53 cgmcydeikq.info udp
US 8.8.8.8:53 retequxi.info udp
US 8.8.8.8:53 nluqnqbjinr.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 cvchoa.net udp
US 8.8.8.8:53 rvwvac.info udp
US 8.8.8.8:53 wgafhnbqht.net udp
US 8.8.8.8:53 gzjdldhe.info udp
US 8.8.8.8:53 okascoauis.org udp
US 8.8.8.8:53 lufwcvbsyry.net udp
US 8.8.8.8:53 imauicymus.com udp
US 8.8.8.8:53 yelknalqpwd.net udp
US 8.8.8.8:53 lwjmurpslv.net udp
US 8.8.8.8:53 bqdbyduw.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 itauzjii.info udp
US 8.8.8.8:53 pcgbzxrqrgf.net udp
US 8.8.8.8:53 ksicssssgumm.com udp
US 8.8.8.8:53 ufeddghyhery.info udp
US 8.8.8.8:53 pcrplfxkvpz.info udp
US 8.8.8.8:53 fqjonsy.net udp
US 8.8.8.8:53 sdftzo.net udp
US 8.8.8.8:53 iypdzt.net udp
US 8.8.8.8:53 zivvlw.net udp
US 8.8.8.8:53 wwusjqvpy.info udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 wixrtiy.info udp
US 8.8.8.8:53 vxfktir.com udp
US 8.8.8.8:53 woxmkqd.info udp
US 8.8.8.8:53 aauwgkioiuko.org udp
US 8.8.8.8:53 eisuwaqaqo.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 wofergfsq.info udp
US 8.8.8.8:53 xmdevubqu.net udp
US 8.8.8.8:53 cwsodvx.net udp
US 8.8.8.8:53 efqhec.info udp
US 8.8.8.8:53 cvdcfjtkb.info udp
US 8.8.8.8:53 pqxwnmcf.info udp
US 8.8.8.8:53 nqzuve.net udp
US 8.8.8.8:53 qafjxikdvmn.net udp
US 8.8.8.8:53 ddxlkfslux.info udp
US 8.8.8.8:53 ulhwfgmx.net udp
US 8.8.8.8:53 scpomul.net udp
US 8.8.8.8:53 kkawvorcosj.net udp
US 8.8.8.8:53 hsbsalhel.org udp
US 8.8.8.8:53 ocusgecy.com udp
US 8.8.8.8:53 mqgysgqeom.com udp
US 8.8.8.8:53 huyyyxcgj.net udp
US 8.8.8.8:53 bjmojknwjgz.net udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 cmamai.com udp
US 8.8.8.8:53 kxthnyuyrcz.info udp
US 8.8.8.8:53 henmovqw.net udp
US 8.8.8.8:53 gbgxxed.net udp
US 8.8.8.8:53 qctkymoht.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 pvvxoh.net udp
US 8.8.8.8:53 fhyjntoi.info udp
US 8.8.8.8:53 wsceeyse.com udp
US 8.8.8.8:53 rcamtgza.info udp
US 8.8.8.8:53 rahypyp.net udp
US 8.8.8.8:53 bgmnkgquny.info udp
US 8.8.8.8:53 pwnpjypcp.com udp
US 8.8.8.8:53 ycoccskegqma.com udp
US 8.8.8.8:53 cxdmqxkf.net udp
US 8.8.8.8:53 auospssidk.info udp
US 8.8.8.8:53 ynpyripqr.net udp
US 8.8.8.8:53 wgwiim.com udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 zjhidrzkdb.info udp
US 8.8.8.8:53 ymaomy.org udp
US 8.8.8.8:53 kkahlcepp.net udp
US 8.8.8.8:53 egxortpkm.info udp
US 8.8.8.8:53 rjeonllgnt.net udp
US 8.8.8.8:53 ogjxeorsifum.info udp
US 8.8.8.8:53 lqfslknaj.net udp
US 8.8.8.8:53 gyakauag.com udp
US 84.32.153.18:40345 tcp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 twnqzduzafnf.net udp
US 8.8.8.8:53 qqmuweyoimce.org udp
US 8.8.8.8:53 swaagffhzn.info udp
US 8.8.8.8:53 gogmckkggy.com udp
US 8.8.8.8:53 ikkmskqg.org udp
US 8.8.8.8:53 vhkhbx.net udp
US 8.8.8.8:53 hoqetwxc.info udp
US 8.8.8.8:53 atfqpmmkzbq.net udp
US 8.8.8.8:53 laosfzrfcaeh.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 bsvghtp.com udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 etumtihe.net udp
US 8.8.8.8:53 rswaqarz.net udp
US 8.8.8.8:53 shbyanthit.info udp
US 8.8.8.8:53 suwkwwms.org udp
US 8.8.8.8:53 dlljmgidqlja.info udp
US 8.8.8.8:53 aptfzieyxulf.net udp
US 8.8.8.8:53 kqfeakpot.net udp
MK 89.205.103.68:28681 tcp
US 8.8.8.8:53 ldbtrjrmi.org udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 czjslsn.info udp
US 8.8.8.8:53 cwwsuogosy.org udp
US 8.8.8.8:53 iwlpsepol.net udp
US 8.8.8.8:53 lqhdxjyip.com udp
US 8.8.8.8:53 msegow.org udp
US 8.8.8.8:53 ksuqwzst.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 mmswmc.org udp
US 8.8.8.8:53 esjupgq.info udp
US 8.8.8.8:53 qyeswud.info udp
US 8.8.8.8:53 vrsgop.info udp
US 8.8.8.8:53 mambfffsdz.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 bqzqdqfglxbn.info udp
US 8.8.8.8:53 aihwfrecau.info udp
US 8.8.8.8:53 yhaioc.net udp
US 8.8.8.8:53 zsauqe.info udp
US 8.8.8.8:53 tdghol.info udp
US 8.8.8.8:53 tufmdjmeohso.info udp
US 8.8.8.8:53 pmfijyi.net udp
US 8.8.8.8:53 hjtahoxczcv.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 znnpllba.info udp
US 8.8.8.8:53 nybelkb.org udp
US 8.8.8.8:53 ptsdtcd.info udp
US 8.8.8.8:53 xmuxbemvtd.net udp
US 8.8.8.8:53 gzblbnvd.net udp
US 8.8.8.8:53 lkqovgr.com udp
US 8.8.8.8:53 tddpwm.info udp
US 8.8.8.8:53 jvbtrnjs.net udp
US 8.8.8.8:53 ddrgvh.net udp
US 8.8.8.8:53 konublz.info udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 eqmiseokqw.org udp
US 8.8.8.8:53 pqeuemav.info udp
US 8.8.8.8:53 zgwidvp.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 drtcvurahs.info udp
US 8.8.8.8:53 lcvsfof.net udp
US 8.8.8.8:53 bvwrjp.net udp
US 8.8.8.8:53 semyscageu.org udp
US 8.8.8.8:53 lbmyvm.net udp
US 8.8.8.8:53 gfxcxu.info udp
US 8.8.8.8:53 rmezhqrpy.com udp
US 8.8.8.8:53 lajdjot.org udp
US 8.8.8.8:53 eonzydv.info udp
US 8.8.8.8:53 dixiln.info udp
US 8.8.8.8:53 jroqnyghbwp.net udp
US 8.8.8.8:53 sotstlv.net udp
US 8.8.8.8:53 fwvukprtuwt.com udp
US 8.8.8.8:53 bnbcohl.info udp
US 8.8.8.8:53 xolebnj.info udp
US 8.8.8.8:53 xysjyebngn.net udp
US 8.8.8.8:53 fnbydyyhht.info udp
US 8.8.8.8:53 tqmpgpfzgv.info udp
US 8.8.8.8:53 bqxgprd.info udp
US 8.8.8.8:53 culuhjusoyrc.net udp
US 8.8.8.8:53 ycokiqmusi.org udp
US 8.8.8.8:53 zudeyxqgd.info udp
US 8.8.8.8:53 imqhfsacxiz.net udp
US 8.8.8.8:53 nabxqn.info udp
US 8.8.8.8:53 ptpkvexch.info udp
LT 82.135.245.87:26862 tcp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 dehbdl.info udp
US 8.8.8.8:53 sxhwzh.info udp
US 8.8.8.8:53 xixszbrjhv.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 fkfidtrftwz.info udp
US 8.8.8.8:53 wkgucwmoaeus.org udp
US 8.8.8.8:53 gymcqucy.com udp
US 8.8.8.8:53 osqywkoc.org udp
US 8.8.8.8:53 nhcxbhkqwm.info udp
US 8.8.8.8:53 jrrksakfkf.info udp
US 8.8.8.8:53 dypudgpkbtx.org udp
US 8.8.8.8:53 zwkptgzyn.info udp
US 8.8.8.8:53 mwrrykhuhel.info udp
LT 78.61.147.164:44612 tcp
US 8.8.8.8:53 aktwii.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 lrpyvf.info udp
US 8.8.8.8:53 iqhmzoc.info udp
US 8.8.8.8:53 gircromkb.info udp
US 8.8.8.8:53 sqjlhbejikro.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 ryozfmp.com udp
US 8.8.8.8:53 acgcsq.org udp
US 8.8.8.8:53 uzjddv.net udp
US 8.8.8.8:53 pxjalodrs.com udp
US 8.8.8.8:53 erswifcm.info udp
US 8.8.8.8:53 hkpwxuloxlsz.info udp
US 8.8.8.8:53 ccxcndnqtn.info udp
US 8.8.8.8:53 nxxwsaegskf.org udp
US 8.8.8.8:53 ngjdngzed.com udp
US 8.8.8.8:53 dejmash.info udp
US 8.8.8.8:53 lxvghitarov.org udp
US 8.8.8.8:53 lezwptx.org udp
US 8.8.8.8:53 jkicupganotd.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 eqdovvdzn.net udp
US 8.8.8.8:53 whjkpgzne.info udp
US 8.8.8.8:53 dxnknsbgrlpr.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 copkvwwab.info udp
US 8.8.8.8:53 jrfprcmiwk.net udp
US 8.8.8.8:53 jnrshybqhgk.info udp
US 8.8.8.8:53 gwltyqt.net udp
US 8.8.8.8:53 vnxsbzyyr.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 liupxqzijlb.info udp
US 8.8.8.8:53 bxrnvq.net udp
US 8.8.8.8:53 hrpdsourve.net udp
US 8.8.8.8:53 sytblnvkyl.net udp
US 8.8.8.8:53 zlusomvfjwbj.info udp
US 8.8.8.8:53 injsplzigct.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 oahyxajgw.net udp
US 8.8.8.8:53 vrhlnt.net udp
US 8.8.8.8:53 myuxfov.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 murrlxjedonn.net udp
US 8.8.8.8:53 kowllcbil.info udp
US 8.8.8.8:53 rmmkzgx.org udp
US 8.8.8.8:53 opuihjvz.net udp
US 8.8.8.8:53 pqbmzqhal.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 iquaokmq.com udp
US 8.8.8.8:53 rhwitjprngpp.info udp
US 8.8.8.8:53 mrpiobgwiqf.net udp
US 8.8.8.8:53 uwdzbgjscqi.info udp
US 8.8.8.8:53 jdxhpunofuav.net udp
US 8.8.8.8:53 tabczshsp.info udp
US 8.8.8.8:53 iucybjvmrbpp.info udp
US 8.8.8.8:53 oeeoywoiey.org udp
US 8.8.8.8:53 drbyvspcj.org udp
US 8.8.8.8:53 aiiymeuoko.org udp
US 8.8.8.8:53 peeoxkf.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 vwtsvel.org udp
BG 88.87.9.36:43388 tcp
US 8.8.8.8:53 dmdcbhxahvhc.info udp
US 8.8.8.8:53 lhpyoxbschb.info udp
US 8.8.8.8:53 wojivwfaxsd.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 aneotaz.info udp
US 8.8.8.8:53 xbuxzw.net udp
US 8.8.8.8:53 skmgsuwiggwy.com udp
US 8.8.8.8:53 eckvrebjwiz.net udp
US 8.8.8.8:53 gsogaaca.com udp
US 8.8.8.8:53 iobqtyr.net udp
US 8.8.8.8:53 eylysj.net udp
US 8.8.8.8:53 wprhdvcr.net udp
US 8.8.8.8:53 ycewkq.org udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 amawui.info udp
US 8.8.8.8:53 gwtsftvah.info udp
US 8.8.8.8:53 kgjaicmgmo.info udp
US 8.8.8.8:53 iascsuycwi.com udp
US 8.8.8.8:53 eddhdw.net udp
US 8.8.8.8:53 npetrsvi.info udp
US 8.8.8.8:53 hctcgps.com udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 jmiczyobblzn.info udp
US 8.8.8.8:53 yabrltpf.info udp
US 8.8.8.8:53 mgxgbgihzux.net udp
US 8.8.8.8:53 fhruvyaeiqkj.net udp
US 8.8.8.8:53 lxlcfhjuv.info udp
MD 89.28.99.104:13660 tcp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 pqddpkwga.net udp
US 8.8.8.8:53 iqipsylexq.net udp
US 8.8.8.8:53 ykfutq.info udp
US 8.8.8.8:53 ejhnfd.net udp
US 8.8.8.8:53 cgdumnc.info udp
US 8.8.8.8:53 aqfuyunrdah.net udp
US 8.8.8.8:53 pgdrzr.info udp
US 8.8.8.8:53 zapinij.com udp
US 8.8.8.8:53 dqajrj.info udp
US 8.8.8.8:53 dgxgpxfkaix.com udp
US 8.8.8.8:53 ymukjrcjf.net udp
US 8.8.8.8:53 lirmuecctz.net udp
US 8.8.8.8:53 ikipjydd.info udp
US 8.8.8.8:53 jehslnh.org udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 uklghedlpql.net udp
US 8.8.8.8:53 jgjwtqh.com udp
US 8.8.8.8:53 frrytkcqaiy.net udp
US 8.8.8.8:53 ppupxkfghv.info udp
US 8.8.8.8:53 zcfbqbbrsj.net udp
US 8.8.8.8:53 gwyyhgr.info udp
US 8.8.8.8:53 ktxdugsjvv.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 wdonnrxqoqnp.net udp
US 8.8.8.8:53 jfwghujs.info udp
US 8.8.8.8:53 hafyhrzu.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 trmrbh.info udp
US 8.8.8.8:53 zrpijlymdlnn.info udp
US 8.8.8.8:53 vymycimp.info udp
US 8.8.8.8:53 lppouwi.net udp
US 8.8.8.8:53 bokovtxgp.info udp
US 8.8.8.8:53 haxzxnlwf.info udp
US 8.8.8.8:53 tmtjhjtk.net udp
US 8.8.8.8:53 hosiyohwz.com udp
US 8.8.8.8:53 fsdanuhfdw.info udp
US 8.8.8.8:53 xdoewrdvokql.info udp
US 8.8.8.8:53 okafxrcwc.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 ngdetw.net udp
US 8.8.8.8:53 rdruhlyvrx.net udp
US 8.8.8.8:53 gcjaxqt.net udp
US 8.8.8.8:53 dxnueyidwbb.org udp
US 8.8.8.8:53 vpfdjebruora.net udp
US 8.8.8.8:53 jonoxaswf.info udp
US 8.8.8.8:53 uvrugjcslv.info udp
US 8.8.8.8:53 nobwlun.info udp
US 8.8.8.8:53 vggjqltnjw.net udp
US 8.8.8.8:53 wrcahklgt.net udp
US 8.8.8.8:53 xcptuajojxyl.net udp
US 8.8.8.8:53 pvnoaiflvlp.org udp
US 8.8.8.8:53 gsegplcb.net udp
US 8.8.8.8:53 qcwpuchqn.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 dkrrhgkdx.net udp
US 8.8.8.8:53 mawycigsaumg.com udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 cgemiikseksg.org udp
US 8.8.8.8:53 hzmudyxngt.info udp
US 8.8.8.8:53 jwvaome.info udp
US 8.8.8.8:53 rgnijfj.com udp
US 8.8.8.8:53 xjwttaky.info udp
US 8.8.8.8:53 oqscaoqi.org udp
US 8.8.8.8:53 nwjggkqsjkr.com udp
US 8.8.8.8:53 oliovemyd.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 jrmueqg.net udp
US 8.8.8.8:53 fszfjh.net udp
US 8.8.8.8:53 rkepnux.net udp
US 8.8.8.8:53 wvtxryzgsgl.info udp
US 8.8.8.8:53 yacaacmism.com udp
US 8.8.8.8:53 kkreua.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 csieceiywiaq.com udp
US 8.8.8.8:53 wizcnajobyh.net udp
US 8.8.8.8:53 ropuvxfqstzm.info udp
US 8.8.8.8:53 xfsdezbnspvk.info udp
US 8.8.8.8:53 ocybky.info udp
US 8.8.8.8:53 qfstupfbdsqi.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 mkudzxr.info udp
US 8.8.8.8:53 xxetjz.net udp
US 8.8.8.8:53 ieuvbip.info udp
US 8.8.8.8:53 lkbrwg.info udp
US 8.8.8.8:53 sujksmuaqurk.info udp
US 8.8.8.8:53 fmzenmxj.net udp
US 8.8.8.8:53 fpicucvczmz.net udp
US 8.8.8.8:53 kczanu.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 dwvsmsb.com udp
US 8.8.8.8:53 xjwrkjwjaw.info udp
US 8.8.8.8:53 zwxkeuf.info udp
US 8.8.8.8:53 mpgamygkvkb.net udp
US 8.8.8.8:53 aksgbw.info udp
US 8.8.8.8:53 lfxivfowbyn.org udp
US 8.8.8.8:53 xxvytx.info udp
US 8.8.8.8:53 etcssib.net udp
US 8.8.8.8:53 tkkbdakvem.net udp
US 8.8.8.8:53 gyqcaqpoaka.net udp
US 8.8.8.8:53 jumrelvzfc.info udp
US 8.8.8.8:53 oixrtdbaryl.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 bbiokds.info udp
US 84.32.220.53:29516 tcp
US 8.8.8.8:53 pyzkbtp.com udp
US 8.8.8.8:53 cfqtemlmbgf.net udp
US 8.8.8.8:53 yacuqueq.org udp
US 8.8.8.8:53 yemkgams.com udp
US 8.8.8.8:53 dsjflqpqj.net udp
US 8.8.8.8:53 zvzkhkzjymji.info udp
US 8.8.8.8:53 madbxog.info udp
US 8.8.8.8:53 tmjuhkt.org udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 mmlebaf.info udp
US 8.8.8.8:53 djmjpfpom.com udp
US 8.8.8.8:53 wfxufydbtenn.info udp
US 8.8.8.8:53 ftrxiq.info udp
US 8.8.8.8:53 ggasww.org udp
US 8.8.8.8:53 rxrwfelgr.net udp
US 8.8.8.8:53 owhhbyrcwdcz.info udp
US 8.8.8.8:53 eqyasa.org udp
US 8.8.8.8:53 hcjsvhz.info udp
US 8.8.8.8:53 lqsuve.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 ygxyjds.net udp
US 8.8.8.8:53 oxkpxo.info udp
US 8.8.8.8:53 qkrfhgxlhe.info udp
US 8.8.8.8:53 fmpjpgxawkf.info udp
US 8.8.8.8:53 fsmlav.net udp
US 8.8.8.8:53 rwkwefuonb.net udp
US 8.8.8.8:53 fsmafmvkj.org udp
US 8.8.8.8:53 mcokexpn.net udp
US 8.8.8.8:53 lifqkcirdcj.net udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 qaljtq.info udp
US 8.8.8.8:53 vkjtfoavflmx.info udp
US 8.8.8.8:53 cuaaqwxaz.info udp
US 8.8.8.8:53 sqqiksumue.com udp
US 8.8.8.8:53 qooowqqs.org udp
US 8.8.8.8:53 jztuta.net udp
US 8.8.8.8:53 eikmyq.org udp
US 8.8.8.8:53 ucftrehwp.info udp
US 8.8.8.8:53 jjownuiffcot.net udp
US 8.8.8.8:53 izptpwsprh.net udp
US 8.8.8.8:53 bcttumxokqgp.net udp
US 8.8.8.8:53 oaqkmksuwkqi.com udp
US 8.8.8.8:53 ocawszctdp.info udp
US 8.8.8.8:53 gudlmu.net udp
US 8.8.8.8:53 iulkrxmkzkx.net udp
US 8.8.8.8:53 ywcahp.net udp
US 8.8.8.8:53 hytlvzlmhxdo.net udp
US 8.8.8.8:53 nmtjdqhzrx.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 edbupqb.info udp
US 8.8.8.8:53 xchnigsnrn.info udp
US 8.8.8.8:53 hatqkse.com udp
US 8.8.8.8:53 owrbmsmgql.info udp
US 8.8.8.8:53 bviiaryqdhkt.net udp
US 8.8.8.8:53 hojcnermfz.net udp
US 8.8.8.8:53 votujqiwykv.org udp
US 8.8.8.8:53 raxotspgw.org udp
US 8.8.8.8:53 llgaldran.com udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 nnvyhpnoob.net udp
US 8.8.8.8:53 ezxqsjhsr.info udp
US 8.8.8.8:53 ydjmvke.info udp
US 8.8.8.8:53 monhruny.info udp
US 8.8.8.8:53 xubhpfjajc.net udp
US 8.8.8.8:53 oqfmkommj.info udp
US 8.8.8.8:53 rwxwsg.info udp
US 8.8.8.8:53 inqitkrihep.info udp
US 8.8.8.8:53 deihpwu.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 kcurcgl.info udp
US 8.8.8.8:53 zkolbdzh.net udp
US 8.8.8.8:53 wmqchyn.info udp
MD 178.168.35.161:20558 tcp
US 8.8.8.8:53 vjfuqseodqd.net udp
US 8.8.8.8:53 aehsxwb.info udp
US 8.8.8.8:53 ykrmzqk.info udp
US 8.8.8.8:53 jflduofbgry.net udp
US 8.8.8.8:53 qufmzhonps.net udp
US 8.8.8.8:53 kdhrkuxgj.info udp
US 8.8.8.8:53 bckeug.info udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 nowjseycb.net udp
US 8.8.8.8:53 tqpqmkafdfqp.info udp
US 8.8.8.8:53 qphsxsj.info udp
US 8.8.8.8:53 behkjbnyp.net udp
US 8.8.8.8:53 oahdulzkn.net udp
US 8.8.8.8:53 madtmiocp.info udp
US 8.8.8.8:53 gittdsvqr.info udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 kbazbgx.net udp
US 8.8.8.8:53 zsxxlwj.net udp
US 8.8.8.8:53 acxmpivbk.net udp
US 8.8.8.8:53 uomdronsgli.info udp
US 8.8.8.8:53 iojgvg.net udp
US 8.8.8.8:53 xmpizpuvzh.net udp
US 8.8.8.8:53 hwklzggewan.org udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 evbqloxgq.net udp
US 8.8.8.8:53 lwoonj.net udp
US 8.8.8.8:53 zgvpvwnndkz.net udp
US 8.8.8.8:53 nnzdyxuwlgks.net udp
US 8.8.8.8:53 xzwkrn.info udp
US 8.8.8.8:53 hptuuj.net udp
US 8.8.8.8:53 uoccoqsosmiq.com udp
US 8.8.8.8:53 zmnkbkxylob.com udp
US 8.8.8.8:53 capuzwczfyt.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 eeugaaoemg.org udp
US 8.8.8.8:53 donurspmd.com udp
US 8.8.8.8:53 wcuwco.com udp
US 8.8.8.8:53 vuxcdcfui.info udp
US 8.8.8.8:53 mmexojekpp.info udp
US 8.8.8.8:53 nhvmdhxy.net udp
US 8.8.8.8:53 vtdcrorqhllv.net udp
US 8.8.8.8:53 cspntyj.net udp
US 8.8.8.8:53 dcwzbyd.info udp
US 8.8.8.8:53 sdlehdf.info udp
US 8.8.8.8:53 hatqolssp.org udp
US 8.8.8.8:53 hxzgxsj.info udp
US 8.8.8.8:53 gwogmc.org udp
US 8.8.8.8:53 txehaqgcjt.info udp
US 8.8.8.8:53 vyhavjhqppwm.info udp
US 8.8.8.8:53 xanshun.info udp
US 8.8.8.8:53 yzkdhyphk.info udp
US 8.8.8.8:53 dkjpmomezm.info udp
US 8.8.8.8:53 dqdpnwaefrxu.info udp
US 8.8.8.8:53 mohomqrnz.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 xafqfoqhskgp.net udp
US 8.8.8.8:53 ylcxqwnxfa.net udp
US 8.8.8.8:53 mvdlhavdafj.info udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 vlumbct.info udp
US 8.8.8.8:53 gsowjojme.info udp
US 8.8.8.8:53 mbjkjh.net udp
US 8.8.8.8:53 gwuyiw.com udp
US 8.8.8.8:53 wfwahmtxeb.net udp
US 8.8.8.8:53 muiacy.com udp
US 8.8.8.8:53 tbeosdhuph.info udp
US 8.8.8.8:53 jaaqcan.org udp
US 8.8.8.8:53 yvrszzll.net udp
US 8.8.8.8:53 vxdllf.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 wixivolzl.info udp
US 8.8.8.8:53 qshdfajspgv.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 idplhikjkbhy.net udp
US 8.8.8.8:53 pzdqsrhun.net udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 qtnfidpfcjxq.info udp
US 8.8.8.8:53 xefougn.info udp
US 8.8.8.8:53 uogauwwmksse.org udp
US 8.8.8.8:53 judodbycdmm.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 lihdycvyvhpa.info udp
US 8.8.8.8:53 mgwpdwuarstq.net udp
US 8.8.8.8:53 jinlwqlfrj.net udp
US 8.8.8.8:53 ukyqquks.org udp
US 8.8.8.8:53 lpusggnwp.net udp
US 8.8.8.8:53 mkceieyml.info udp
US 8.8.8.8:53 pmrlrkfmphc.com udp
US 8.8.8.8:53 wxmitbqccxd.net udp
US 8.8.8.8:53 yodgmqwkx.info udp
US 8.8.8.8:53 dkztglep.net udp
US 8.8.8.8:53 zthldmlmz.org udp
US 8.8.8.8:53 hyknxfre.net udp
US 8.8.8.8:53 zbkqmu.info udp
US 8.8.8.8:53 nafvtho.com udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 wibujy.info udp
US 8.8.8.8:53 hypmjcghy.org udp
US 8.8.8.8:53 euoqqmssiygy.com udp
US 8.8.8.8:53 ewyvlaxjnp.net udp
US 8.8.8.8:53 xlprndohpotx.info udp
US 8.8.8.8:53 xjywzevg.net udp
US 8.8.8.8:53 yigcaawcca.org udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 ecihts.net udp
US 8.8.8.8:53 zgldgvy.com udp
US 8.8.8.8:53 tipjocjfgw.info udp
US 8.8.8.8:53 oviiloycqmb.net udp
US 8.8.8.8:53 jkuxnex.net udp
US 8.8.8.8:53 zqfyxinnz.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 zidtvktezmz.com udp
US 8.8.8.8:53 rzdpwv.net udp
US 8.8.8.8:53 jcgmglvitn.net udp
US 8.8.8.8:53 jnnoeqze.net udp
US 8.8.8.8:53 vsbosyv.net udp
LT 78.62.212.107:44919 tcp
US 8.8.8.8:53 oflutcz.info udp
US 8.8.8.8:53 hspehie.org udp
US 8.8.8.8:53 bebtuymttw.net udp
US 8.8.8.8:53 bgzupkj.org udp
US 8.8.8.8:53 jijopopmdsx.net udp
US 8.8.8.8:53 ildbim.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 qcwwupr.info udp
US 8.8.8.8:53 qnggimnnpis.info udp
US 8.8.8.8:53 mwlugctwn.net udp
US 8.8.8.8:53 nyhdtzlutr.net udp
US 8.8.8.8:53 pebdxvjr.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 oohiizyjldfv.net udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 bbcusahcgjud.info udp
US 8.8.8.8:53 ouaaqmwi.com udp
US 8.8.8.8:53 zmdzdqclk.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 tvytzcnwcd.info udp
US 8.8.8.8:53 mcwsxoxzj.info udp
US 8.8.8.8:53 ezfqddpwt.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 dqdarezitih.org udp
US 8.8.8.8:53 mzfildid.info udp
US 8.8.8.8:53 zdhycyphzd.net udp
US 8.8.8.8:53 zweckgdora.net udp
US 8.8.8.8:53 xjvtpgcopan.net udp
US 8.8.8.8:53 zksazdk.info udp
US 8.8.8.8:53 dbrubg.net udp
US 8.8.8.8:53 lbmkzqz.com udp
US 8.8.8.8:53 dwlgbkvedkf.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 hhkstgrkl.com udp
US 8.8.8.8:53 kqwegogmiq.org udp
US 8.8.8.8:53 fxnkxmzcnyx.org udp
US 8.8.8.8:53 nwswvrlb.net udp
US 8.8.8.8:53 oucgkk.com udp
US 8.8.8.8:53 cqiuay.com udp
US 8.8.8.8:53 vanklzp.net udp
US 8.8.8.8:53 usumcqgaomgo.org udp
US 8.8.8.8:53 uahewfnyc.net udp
US 8.8.8.8:53 cikfxcfsjcz.info udp
US 8.8.8.8:53 ulzgjtxy.info udp
US 8.8.8.8:53 nxrebod.com udp
US 8.8.8.8:53 vubcbax.net udp
US 8.8.8.8:53 sqkykkcsokwm.org udp
US 8.8.8.8:53 bgpwzpn.org udp
US 8.8.8.8:53 gcecmuckquis.com udp
US 8.8.8.8:53 aqhvtr.info udp
US 8.8.8.8:53 bcnghtxwjpqw.net udp
US 8.8.8.8:53 muqkmccemmmm.org udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 tjxvxb.info udp
US 8.8.8.8:53 okuefms.info udp
US 8.8.8.8:53 uaqakeesgi.org udp
US 8.8.8.8:53 rwokit.net udp
US 8.8.8.8:53 mkvloct.info udp
US 8.8.8.8:53 jfxqapiukmp.net udp
US 8.8.8.8:53 unhgzgfew.info udp
US 8.8.8.8:53 gcfhzwxddb.net udp
US 8.8.8.8:53 fwcgfeocqud.com udp
US 8.8.8.8:53 nnvyxktoagc.net udp
US 8.8.8.8:53 jlucuwucpscz.info udp
US 8.8.8.8:53 xyhivwzop.info udp
US 8.8.8.8:53 oedqzthsf.net udp
US 8.8.8.8:53 jsjozvtgfje.org udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 xmhqrchqn.com udp
US 8.8.8.8:53 oascue.net udp
US 8.8.8.8:53 ppthofmn.info udp
US 8.8.8.8:53 ngbawwoqpjz.org udp
US 8.8.8.8:53 tchodqb.net udp
US 8.8.8.8:53 mldmhp.info udp
US 8.8.8.8:53 meymaaco.org udp
US 8.8.8.8:53 vnhznheu.info udp
BG 93.155.152.35:32579 tcp
US 8.8.8.8:53 jlzrfdeudi.info udp
US 8.8.8.8:53 heconnp.com udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 zodgawzss.com udp
US 8.8.8.8:53 scoouu.org udp
US 8.8.8.8:53 wbrxbaaxkmm.net udp
US 8.8.8.8:53 unuxkbovve.net udp
US 8.8.8.8:53 mrbpazykkip.info udp
US 8.8.8.8:53 cqcueswsuo.com udp
US 8.8.8.8:53 kwguay.com udp
US 8.8.8.8:53 fcdwxk.info udp
US 8.8.8.8:53 uwgwcusiuiys.com udp
US 8.8.8.8:53 lzrmdnthzqx.org udp
US 8.8.8.8:53 wkqeusws.com udp
US 8.8.8.8:53 goookocysega.org udp
US 8.8.8.8:53 rsravixs.info udp
US 8.8.8.8:53 onbuvgh.net udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 dpjqrfrzy.com udp
US 8.8.8.8:53 hwldvx.net udp
US 8.8.8.8:53 ggyycqqw.org udp
US 8.8.8.8:53 bdpccb.net udp
US 8.8.8.8:53 peyjszhlel.info udp
US 8.8.8.8:53 dtljpvhqlm.info udp
US 8.8.8.8:53 lidvma.info udp
US 8.8.8.8:53 sorudflnhn.net udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 bjvfqizizf.info udp
US 8.8.8.8:53 dhjexuqder.net udp
US 8.8.8.8:53 tqalxcv.info udp
BG 77.71.17.154:43744 tcp
US 8.8.8.8:53 obqvekn.net udp
US 8.8.8.8:53 ukoaqi.com udp
US 8.8.8.8:53 gkwqsmmy.org udp
US 8.8.8.8:53 bwdjbvgsmi.info udp
US 8.8.8.8:53 ikograssx.net udp
US 8.8.8.8:53 sedqxyqm.net udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 bejmzh.info udp
US 8.8.8.8:53 tcyejnduqxy.info udp
US 8.8.8.8:53 suuqtrp.net udp
US 8.8.8.8:53 vmxgrimem.net udp
US 8.8.8.8:53 euhitululga.info udp
US 8.8.8.8:53 fgdpeaoo.net udp
US 8.8.8.8:53 khwazrqn.net udp
US 8.8.8.8:53 qntamsuu.net udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 nhkiinm.net udp
US 8.8.8.8:53 jxfprs.info udp
US 8.8.8.8:53 dqzmbkm.com udp
US 8.8.8.8:53 hxhsoubqn.org udp
US 8.8.8.8:53 qoxoaqlty.info udp
US 8.8.8.8:53 bqlhqet.com udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 cqhdrwocfik.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 amnrcdgh.info udp
US 8.8.8.8:53 ngzorhnyuil.info udp
US 8.8.8.8:53 pnlazflwm.info udp
US 8.8.8.8:53 pnmmnkod.info udp
US 8.8.8.8:53 fmtpeu.net udp
US 8.8.8.8:53 wynczijgovh.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 dbdjtgl.net udp
US 8.8.8.8:53 moggtsofi.net udp
US 8.8.8.8:53 wnprmlpccb.info udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 kdgqni.info udp
US 8.8.8.8:53 ashgthnbhe.net udp
US 8.8.8.8:53 xoqztobmjpz.org udp
US 8.8.8.8:53 tzxodsw.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 upwvaz.net udp
US 8.8.8.8:53 atumjqk.net udp
US 8.8.8.8:53 bmewsoehhqxt.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 imnhiw.net udp
US 8.8.8.8:53 lhlmzy.info udp
US 8.8.8.8:53 hrsmfmkwlicf.net udp
US 8.8.8.8:53 oaaauklc.info udp
US 8.8.8.8:53 agikyosy.org udp
US 8.8.8.8:53 fctxarpipykl.net udp
US 8.8.8.8:53 bhxffhkrvx.info udp
US 8.8.8.8:53 mkciog.com udp
US 8.8.8.8:53 lazqonjm.info udp
US 8.8.8.8:53 zavbtlka.info udp
US 8.8.8.8:53 bgjsaz.info udp
US 8.8.8.8:53 iiycqsqk.org udp
US 8.8.8.8:53 vwhqfvofqtix.info udp
US 8.8.8.8:53 iqcsqw.com udp
US 8.8.8.8:53 zxjahme.info udp
US 8.8.8.8:53 xxpqrp.info udp
US 8.8.8.8:53 crflnb.info udp
BG 88.87.9.36:43388 tcp
US 8.8.8.8:53 seyimwmicu.org udp
US 8.8.8.8:53 vhngmeza.info udp
US 8.8.8.8:53 gqnedqh.info udp
US 8.8.8.8:53 rzvujuzfhvze.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 qlhezk.info udp
US 8.8.8.8:53 cysyaiao.org udp
US 8.8.8.8:53 fsadzftqx.com udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 ylsptizfjq.net udp
US 8.8.8.8:53 kbpmdbdxswd.info udp
US 8.8.8.8:53 auhgtpebse.net udp
US 8.8.8.8:53 usqbjwi.net udp
US 8.8.8.8:53 rbyjdnz.info udp
US 8.8.8.8:53 umdzxof.info udp
US 8.8.8.8:53 livwsitk.net udp
US 8.8.8.8:53 eqyoykeaog.com udp
US 8.8.8.8:53 nvcwvcli.net udp
US 8.8.8.8:53 xrgrniqcbkpq.info udp
US 8.8.8.8:53 evfcefv.info udp
US 8.8.8.8:53 jmfdgmosmnnd.info udp
US 8.8.8.8:53 tuzajvmr.net udp
US 8.8.8.8:53 sceejekz.net udp
US 8.8.8.8:53 lwccsozgdq.info udp
US 8.8.8.8:53 qniftitkb.info udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 fgndjerx.net udp
US 8.8.8.8:53 iudvtso.net udp
BG 89.215.99.34:31636 tcp
US 8.8.8.8:53 idajxrseyx.net udp
US 8.8.8.8:53 iucooeecqigu.com udp
US 8.8.8.8:53 qgqsqkgcmmmi.org udp
US 8.8.8.8:53 gynbrtzxdrrp.net udp
US 8.8.8.8:53 wcmbtlyxx.net udp
US 8.8.8.8:53 tmjcnxgpxyfl.info udp
US 8.8.8.8:53 jcjipnzzfkrz.net udp
US 8.8.8.8:53 yybccspip.info udp
US 8.8.8.8:53 sisvplfm.info udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 htqavmvsdzh.net udp
US 8.8.8.8:53 sdoiphul.info udp
US 8.8.8.8:53 ekakcuuqmuqs.org udp
US 8.8.8.8:53 dqjolpjzrul.org udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 xfoslvtbbwpz.net udp
US 8.8.8.8:53 fguxbynah.net udp
US 8.8.8.8:53 ywbsled.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 audsvlhsoui.info udp
US 8.8.8.8:53 ntblwycgt.info udp
US 8.8.8.8:53 sszfdxdsvbx.info udp
US 8.8.8.8:53 wmogouwakk.com udp
US 8.8.8.8:53 ocsmov.info udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 khbswjfovxae.info udp
US 8.8.8.8:53 iixeyx.info udp
US 8.8.8.8:53 qrydyfzk.net udp
US 8.8.8.8:53 urfytvxwnjz.info udp
US 8.8.8.8:53 aaanjxwoh.info udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 xqcurk.net udp
US 8.8.8.8:53 muwmkamomckm.com udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 gemlcgnlgfsy.info udp
US 8.8.8.8:53 oskqkaqcgsii.org udp
US 8.8.8.8:53 xxxwjtswgyyj.net udp
US 8.8.8.8:53 twannplxca.net udp
US 8.8.8.8:53 rvrzhplftbob.net udp
US 8.8.8.8:53 nccwzcq.net udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 fwqiln.info udp
US 8.8.8.8:53 rntblj.net udp
US 8.8.8.8:53 wiyqyucewcik.org udp
US 8.8.8.8:53 xflrdxdu.net udp
US 8.8.8.8:53 xmdkps.net udp
US 8.8.8.8:53 bidgbltpenf.org udp
US 8.8.8.8:53 larfbmilzgby.net udp
US 8.8.8.8:53 xenqfgocvcfe.net udp
US 8.8.8.8:53 dlzkabpondgr.info udp
US 8.8.8.8:53 djnaddpwog.info udp
US 8.8.8.8:53 qyypzcjukyx.net udp
US 8.8.8.8:53 saaioeyqiiwc.org udp
US 8.8.8.8:53 bvdanttqcr.net udp
US 8.8.8.8:53 tvapdwq.com udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 peterwtczetr.net udp
US 8.8.8.8:53 uqmamo.com udp
US 8.8.8.8:53 xqfyvgb.com udp
US 8.8.8.8:53 zegwpumih.com udp
US 8.8.8.8:53 wcqsegoumywo.org udp
US 8.8.8.8:53 ammeyswc.com udp
US 8.8.8.8:53 lepjvghck.com udp
US 8.8.8.8:53 uddwefjmvkx.net udp
US 8.8.8.8:53 osegfarke.info udp
US 8.8.8.8:53 fefslikmrpv.com udp
US 8.8.8.8:53 idgobdcieim.net udp
US 8.8.8.8:53 puylzg.net udp
US 8.8.8.8:53 kcrygmizwct.net udp
US 8.8.8.8:53 rlbiwqrmmq.net udp
US 8.8.8.8:53 nnevzkjiwsam.net udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 yeoisyimcc.com udp
US 8.8.8.8:53 palekxvoy.info udp
US 8.8.8.8:53 sfhapagfxuj.info udp
US 8.8.8.8:53 vxuyfa.info udp
US 8.8.8.8:53 ewwqoikawacw.com udp
US 8.8.8.8:53 nplnnuadjc.net udp
US 8.8.8.8:53 zinrzrtxfk.net udp
US 8.8.8.8:53 notasgl.org udp
US 8.8.8.8:53 bcbebwyaqmx.net udp
US 8.8.8.8:53 nrpqjt.info udp
BG 109.160.73.92:21029 tcp
US 8.8.8.8:53 hvxqeprdpi.info udp
US 8.8.8.8:53 qqqewsoa.org udp
US 8.8.8.8:53 xsulxuawpyk.com udp
US 8.8.8.8:53 rjrivqjfx.info udp
US 8.8.8.8:53 imesooqg.org udp
US 8.8.8.8:53 owsyeecuiq.org udp
US 8.8.8.8:53 secbxwdrern.info udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 uoogcqgy.com udp
US 8.8.8.8:53 eqtgptpqlsd.info udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 qiaeaemkssau.org udp
US 8.8.8.8:53 osqoecaw.com udp
US 8.8.8.8:53 pgbwjquvyfv.com udp
US 8.8.8.8:53 xfyvtabutabv.info udp
US 8.8.8.8:53 stozqspk.info udp
US 8.8.8.8:53 lpntkecl.info udp
US 8.8.8.8:53 asosokoq.com udp
US 8.8.8.8:53 fwputybuh.com udp
US 8.8.8.8:53 klqzvz.net udp
US 8.8.8.8:53 ajkyawztbic.net udp
US 8.8.8.8:53 xbfhtyff.info udp
US 8.8.8.8:53 lixmqwl.com udp
US 8.8.8.8:53 fgkvzjn.info udp
US 8.8.8.8:53 wwyioqku.org udp
US 8.8.8.8:53 buivcyogvmu.info udp
US 8.8.8.8:53 cdijcznhxx.info udp
US 8.8.8.8:53 cwsfhcybexjf.net udp
US 8.8.8.8:53 tqhqzoh.info udp
US 8.8.8.8:53 epzkppkirk.net udp
US 8.8.8.8:53 useghyhdxb.net udp
US 8.8.8.8:53 yjnvpcqr.info udp
US 8.8.8.8:53 yozofsbyb.net udp
US 8.8.8.8:53 vsswekgnat.info udp
US 8.8.8.8:53 ouoqqesiog.com udp
US 8.8.8.8:53 geniokl.info udp
US 8.8.8.8:53 vghsaki.info udp
US 8.8.8.8:53 xmamzlrwt.com udp
US 8.8.8.8:53 ijfcdqd.info udp
US 8.8.8.8:53 osojfikuzcy.net udp
US 8.8.8.8:53 oalijtwldnkg.net udp
US 8.8.8.8:53 jvcdxstnrs.info udp
US 8.8.8.8:53 pnpjwt.net udp
US 8.8.8.8:53 wypjuzsv.info udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 pegcbkx.info udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 cbofhgthgtub.info udp
US 8.8.8.8:53 egfrbbts.net udp
US 8.8.8.8:53 riqzhklh.net udp
US 8.8.8.8:53 vetopchub.org udp
US 8.8.8.8:53 huqcwyrjhz.net udp
US 8.8.8.8:53 cwrzzvdqbyr.net udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 dhnwpkw.com udp
US 8.8.8.8:53 ugqemuko.org udp
US 8.8.8.8:53 pvsmvfhxkcja.info udp
US 8.8.8.8:53 fybuspcnicwd.net udp
US 8.8.8.8:53 xisrei.net udp
US 8.8.8.8:53 gurktewovbx.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 ndzrecoyjokg.info udp
US 8.8.8.8:53 tmvivghingj.net udp
US 8.8.8.8:53 zjwqtndtcndd.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 fenhmby.net udp
US 8.8.8.8:53 dgfxos.net udp
US 8.8.8.8:53 ycdlbibexsj.info udp
US 8.8.8.8:53 mxaxvivt.net udp
US 8.8.8.8:53 dvlpph.net udp
US 8.8.8.8:53 tuxisqnrnl.net udp
US 8.8.8.8:53 ysoiqgci.com udp
US 8.8.8.8:53 zixfzbf.info udp
US 8.8.8.8:53 qwcgxxbuqu.net udp
US 8.8.8.8:53 uwbcjytcs.net udp
US 8.8.8.8:53 lklyyhvnlxhn.info udp
US 8.8.8.8:53 rrnoawqfxb.net udp
US 8.8.8.8:53 zbaaiwhypcz.com udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 qwikeiauwg.com udp
US 8.8.8.8:53 zczvxvbonlh.org udp
US 8.8.8.8:53 dqrjfkgzomp.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 brieejmybcvy.net udp
US 8.8.8.8:53 amyorgwot.net udp
US 8.8.8.8:53 jcaqlgrowvf.net udp
US 8.8.8.8:53 pxxqfqtjjhvy.net udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 lgncbyr.org udp
US 8.8.8.8:53 jjmbhifbsyfb.net udp
US 8.8.8.8:53 gwvikmumxmj.info udp
US 8.8.8.8:53 wfdtrqxufvdw.info udp
US 8.8.8.8:53 sigpjgzafyi.info udp
US 8.8.8.8:53 ackgaoqgma.com udp
US 8.8.8.8:53 uscwgeou.com udp
US 8.8.8.8:53 ymyflprt.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 ufkcfsxlma.info udp
US 8.8.8.8:53 qpnqvqwql.net udp
US 8.8.8.8:53 akqkfmnwc.info udp
US 8.8.8.8:53 amnctwrcvix.info udp
US 8.8.8.8:53 vijoqz.net udp
US 104.156.155.94:80 cydlrge.info tcp

Files

memory/3540-0-0x0000000000400000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

MD5 2957c503826ce4d16bd75bf96b74d0d1
SHA1 767cc2e71da9d6c6b3b3e5b9311c075405d98f4b
SHA256 8d95669dc11c82c766b4e909ba7549df850e5f9b4be4b0927ca0027cfe31d53d
SHA512 9869fa5e8376e168e06bbee7f9096375a140f02ce963f9b53df4383561e80e298da270feb52d5b61c8d4b33ef1136448bb05dea0449f1c06416d67cd758e9156

C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe

MD5 accbd6960dd347c36571ba5642f84e23
SHA1 5b7c416ada72814560922010b317e8669003b3e5
SHA256 482f4d7695f48bda4cfbda875fa32859d0206b577a679fee45c42f8b2151a49d
SHA512 af2d46582af45ea98dc208306e9302b646f3102a30e7fe72dadebc8ed735ff4447e84dc0799ef9d0693e5d5b4c5223bba6e6cf2dd0b7c2f7102d8a0198dc301a

memory/4668-55-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4064-56-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4608-67-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4700-63-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4608-68-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4604-72-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1644-76-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4604-79-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4928-81-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1644-78-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4928-105-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3540-93-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1032-110-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1688-120-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1688-122-0x0000000000400000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ddjmp.exe

MD5 140b4dd8817a24d153f34c58aba90e9d
SHA1 353665192ea40878c2197808de1f79133b31a8f2
SHA256 28b47f2bb735214234c54f70d09155aebcfc2711108dd1cea0c928564ecb31b5
SHA512 ae5e9a951813cbe3476bca89e7458e1658f6564ddde7d85bbcec364b711fb9da90bc753981cc4515b5f0936bfce769ca2da9378de3a00ea20c2e45c0591bbfef

memory/4668-165-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4228-166-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4228-167-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2024-170-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2024-171-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4048-173-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2268-178-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4048-180-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4632-182-0x0000000000400000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\fbdcbckmmmiilbajuwsutst.ddd

MD5 5b703739bef763f53658efe8002a482a
SHA1 302a6916de227d6dfdfeb126cf086482e9b63770
SHA256 82dca3453ac17887bfb12fadafa3bc22e81bc34267e60f718aac6cf70b319d64
SHA512 bd8905209b0bf9f5d4fa8e3704a743075d17351555e7c2898cd15ffe3542b808e1332c3b3cd60e028a535b16e61b215ce42a35e2443762a8932c12cb5fcdd8d8

C:\Users\Admin\AppData\Local\szmwgslyjubmablfboviscohufqxiwxhbx.reo

MD5 3652bee6c98975a78814ca88c668b204
SHA1 02f12577b111087b2a3dc206d1590257fe1dc514
SHA256 72f22d981f8cc244b929e90d5affe72452d3a2d14c27f37a1429240e56a90cf0
SHA512 05866ab51648a38010c92961b66ba2c653f30150b45aa9c678a6d3c3306dc1045173ac40cf478c841aed2633e48e645f6a060c0a7ed9ebd1bcde30e7767df394

memory/1512-227-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3456-195-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4708-229-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1504-231-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3240-233-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1512-235-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1316-243-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4468-244-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2184-246-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2568-245-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2192-237-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4588-240-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2652-257-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1220-260-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4376-256-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2008-263-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3324-264-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4756-262-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2008-261-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2568-265-0x0000000000400000-0x00000000004FE000-memory.dmp

C:\Windows\SysWOW64\wmicuclt.exe

MD5 f52cebc7dec157c7c6a65f2720bfc26d
SHA1 f2ee2bf37b38be0821d990043f68878a9b9b093b
SHA256 057bbbea6faa46add5d7e65d6a053b6e55047afbece3e1f4caecc1dd7a46a9ad
SHA512 a0a051ecf4f56104d61a0e1df002ec22d4330a4e27efcc79d3a812e311a6b5837c168cfb2b9569a55cf0658e3ab9bf9ba11b0b8bd9d006bd749ec9ee70190fa9

memory/1220-278-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4156-277-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2652-273-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1976-272-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3816-271-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4020-270-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2540-269-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2296-268-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2712-267-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2536-280-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1976-281-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2296-283-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3324-285-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2712-284-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4756-282-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3448-279-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2488-286-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4932-287-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3000-288-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3880-289-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/736-290-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2488-292-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3880-291-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2684-294-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/736-296-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4932-295-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4556-297-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2552-310-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2956-309-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2932-314-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3940-313-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2560-312-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3000-320-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2956-321-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4236-318-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2180-317-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/724-319-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2180-316-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2552-322-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3384-323-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2932-325-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/724-326-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/3384-328-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/704-327-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2432-324-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2180-330-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/1612-337-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/4408-335-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2812-334-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/5084-333-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/2392-332-0x0000000000400000-0x00000000004FE000-memory.dmp

C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd

MD5 fbbb1edb679f3013c69cd30e91671d44
SHA1 8fc393a62817f6e380810b5d2347c957f680f9a4
SHA256 2d4af5a72dbb571b083fdc7ed305c6d9671e54562203126321d7608f89357af4
SHA512 a0034159dac9ba08b9337fb29763fbfff7bad3a3de8a91727b7e3ff16b15bf92ee12089a2c19af4114bb11bea3a70894ff9110b3458ae02815041ce569e6633e

memory/4896-548-0x0000000003A00000-0x0000000003A48000-memory.dmp

memory/4896-556-0x0000000003A00000-0x0000000003A18000-memory.dmp

memory/4896-554-0x0000000003A00000-0x0000000003A24000-memory.dmp

C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd

MD5 ae92887f5fa9ee898a36824263b13e2a
SHA1 4c23012a8775a883d729073298207ef1344b5c3d
SHA256 e86474c3d985d69a802ad89bed42833e428ade4c362a908034a54eb40b0ffbea
SHA512 8247836537ebb0781ae0a85f39fee91aa90c422c2082e31df7529815261d555c6c3807b78d9e06fe1466a74dd53c30b457b0cc4c6071b4d63037918f720f0b2b

C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd

MD5 91aae462af5abc6f7f9a24cda4d61d95
SHA1 8e65766065fae4ddc978663b4cf50e8b146b3f48
SHA256 70bc0b514e2c74696d8eb6915a2f63cda0f0a1770b718a6cebc12c5f73444121
SHA512 7f76bf4360fdf98b9d5ce41b897be9a8cdf1eedb816cf2aa826cc3bcf3bda1c670d80e2e1615f02f7e00352d8b534b6adfe5dd28304cf7e674d1ff7aa8974028

C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd

MD5 824e81cfed595f7bbd5bab63e5381f23
SHA1 5057e8e57ecda1a05314ae5a566e61af6b77bf28
SHA256 f4a3df4c1d78b42ad2d6ce99b57b4f015ca59d15ca64db6b1c765d3c56dadf4b
SHA512 66d657543f57727ee67be1080da48ce518669aef28ecddfeaba603adfa74027a4a743463eb002cc76e5d6976dcb4e3ab0ce4c3532bbd65cbf904b372f9341489

C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd

MD5 720672794981dd5ba2ee62529c643d04
SHA1 b8412bfcfc468103830aea1f0ccb1f15465a3e33
SHA256 cf434b5176353da5f968ff7d7ae4e7f2e6bf83fb28da3980f07c65b720bf89f0
SHA512 186f37143ef39245f9af646a1d278f5bb540fe5d385a75e71fb61f8c81dd5e9e7fb9739fddd9ad3bf10505e6682e0c046535d834760777a2f107a2bdd6026224