Analysis Overview
SHA256
482f4d7695f48bda4cfbda875fa32859d0206b577a679fee45c42f8b2151a49d
Threat Level: Known bad
The file JaffaCakes118_accbd6960dd347c36571ba5642f84e23 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Pykspa family
Pykspa
UAC bypass
Detect Pykspa worm
Adds policy Run key to start application
Sets service image path in registry
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Checks computer location settings
Executes dropped EXE
Unexpected DNS network traffic destination
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Checks for any installed AV software in registry
Adds Run key to start application
Looks up external IP address via web service
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-11 03:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-11 03:50
Reported
2025-04-11 03:53
Platform
win10v2004-20250410-en
Max time kernel
32s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "jdxpogdvrgetmirjlpfz.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "ctkzvketmytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\clubpwipa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpizxokbwkhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\clubpwipa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldvliytjdqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "wpizxokbwkhvniqhila.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\szmwgslyjubm = "dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hlvcjsisa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wmicucltsvc\ImagePath = "C:\\Windows\\system32\\wmicuclt.exe" | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\htlapgewmcoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\bpjarkkewocupxopsma.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\htlapgewmcoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\bpjarkkewocupxopsma.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\htlapgewmcoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation | C:\Windows\alcqeurixmxmejxv.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\wmicucltsvc | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\wmicucltsvc\ = "Service" | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\wmicucltsvc | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 208.67.222.123 | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Destination IP | 205.171.3.65 | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "qdwmcutmduhyszpprk.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "htlapgewmcoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "qdwmcutmduhyszpprk.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qbmvluirekz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ytohhayroedtnkunqvmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "alcqeurixmxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "htlapgewmcoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qbmvluirekz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldvliytjdqmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "odyqicdyrkzsoxprvqfa.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "bpjarkkewocupxopsma.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qbmvluirekz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdxpogdvrgetmirjlpfz.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\htlapgewmcoexdsrs.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "htlapgewmcoexdsrs.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "wpizxokbwkhvniqhila.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vlbpkyrfxicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "alcqeurixmxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "htlapgewmcoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfuhbogtkunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vlbpkyrfxicncuzn.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctkzvketmytfvouji.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzmxpaqbqypxj = "vlbpkyrfxicncuzn.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "ldvliytjdqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\htlapgewmcoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vfvivkgwkyiwnre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldvliytjdqmzqkrhhj.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "htlapgewmcoexdsrs.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "odyqicdyrkzsoxprvqfa.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qdwmcutmduhyszpprk.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "ytohhayroedtnkunqvmhc.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afqygqhsbk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rznyjwqeqckwl = "bpjarkkewocupxopsma.exe" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sbqcocxmzmviyb = "dtpibwyuoiyspzsvawmib.exe ." | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzmxpaqbqypxj = "ytohhayroedtnkunqvmhc.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "ldvliytjdqmzqkrhhj.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtpibwyuoiyspzsvawmib.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\alcqeurixmxmejxv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odyqicdyrkzsoxprvqfa.exe" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vbnwfqiueou = "C:\\Users\\Admin\\AppData\\Local\\Temp\\alcqeurixmxmejxv.exe ." | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AntiVirService\Start = "4" | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\a2AntiMalware | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\a2AntiMalware\Start = "4" | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus\Start = "4" | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AntiVirService | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\N: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File created | C:\Windows\SysWOW64\wmicuclt.exe | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File created | C:\Windows\SysWOW64\szmwgslyjubmablfboviscohufqxiwxhbx.reo | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File created | C:\Windows\SysWOW64\fbdcbckmmmiilbajuwsutst.ddd | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmicuclt.exe | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\szmwgslyjubmablfboviscohufqxiwxhbx.reo | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File created | C:\Program Files (x86)\szmwgslyjubmablfboviscohufqxiwxhbx.reo | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File created | C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File created | C:\Windows\szmwgslyjubmablfboviscohufqxiwxhbx.reo | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\fbdcbckmmmiilbajuwsutst.ddd | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File created | C:\Windows\fbdcbckmmmiilbajuwsutst.ddd | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\szmwgslyjubmablfboviscohufqxiwxhbx.reo | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\dtpibwyuoiyspzsvawmib.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\htlapgewmcoexdsrs.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\bpjarkkewocupxopsma.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\qdwmcutmduhyszpprk.exe | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| File opened for modification | C:\Windows\alcqeurixmxmejxv.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\odyqicdyrkzsoxprvqfa.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| File opened for modification | C:\Windows\ulicwsvsnizusdxbhevsmg.exe | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ctkzvketmytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\htlapgewmcoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jdxpogdvrgetmirjlpfz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ytohhayroedtnkunqvmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bpjarkkewocupxopsma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wpizxokbwkhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\htlapgewmcoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wpizxokbwkhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\htlapgewmcoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vlbpkyrfxicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bpjarkkewocupxopsma.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\alcqeurixmxmejxv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\htlapgewmcoexdsrs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ldvliytjdqmzqkrhhj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ytohhayroedtnkunqvmhc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dtpibwyuoiyspzsvawmib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ddjmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
"C:\Windows\dtpibwyuoiyspzsvawmib.exe" /ppiftsvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
"C:\Users\Admin\AppData\Local\Temp\ddjmp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
"C:\Users\Admin\AppData\Local\Temp\ddjmp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\wpizxokbwkhvniqhila.exe
wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
"C:\Users\Admin\AppData\Local\Temp\ddjmp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\wpizxokbwkhvniqhila.exe
wpizxokbwkhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jdxpogdvrgetmirjlpfz.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\wpizxokbwkhvniqhila.exe
wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vlbpkyrfxicncuzn.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdxpogdvrgetmirjlpfz.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jdxpogdvrgetmirjlpfz.exe
jdxpogdvrgetmirjlpfz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\vlbpkyrfxicncuzn.exe
vlbpkyrfxicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe .
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\wpizxokbwkhvniqhila.exe
wpizxokbwkhvniqhila.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\wpizxokbwkhvniqhila.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vlbpkyrfxicncuzn.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Windows\vlbpkyrfxicncuzn.exe
vlbpkyrfxicncuzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\ytohhayroedtnkunqvmhc.exe
ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdxpogdvrgetmirjlpfz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\jdxpogdvrgetmirjlpfz.exe
jdxpogdvrgetmirjlpfz.exe .
C:\Windows\vlbpkyrfxicncuzn.exe
vlbpkyrfxicncuzn.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\jdxpogdvrgetmirjlpfz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe .
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jdxpogdvrgetmirjlpfz.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jdxpogdvrgetmirjlpfz.exe*."
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\bpjarkkewocupxopsma.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wpizxokbwkhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\wpizxokbwkhvniqhila.exe
wpizxokbwkhvniqhila.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe .
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ldvliytjdqmzqkrhhj.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Windows\ldvliytjdqmzqkrhhj.exe
ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Windows\ctkzvketmytfvouji.exe
ctkzvketmytfvouji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe
C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ctkzvketmytfvouji.exe*."
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ytohhayroedtnkunqvmhc.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe
C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\bpjarkkewocupxopsma.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe
C:\Users\Admin\AppData\Local\Temp\alcqeurixmxmejxv.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\alcqeurixmxmejxv.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odyqicdyrkzsoxprvqfa.exe .
C:\Windows\dtpibwyuoiyspzsvawmib.exe
dtpibwyuoiyspzsvawmib.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c alcqeurixmxmejxv.exe
C:\Windows\odyqicdyrkzsoxprvqfa.exe
odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\dtpibwyuoiyspzsvawmib.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bpjarkkewocupxopsma.exe
C:\Windows\alcqeurixmxmejxv.exe
alcqeurixmxmejxv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\odyqicdyrkzsoxprvqfa.exe*."
C:\Windows\bpjarkkewocupxopsma.exe
bpjarkkewocupxopsma.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\htlapgewmcoexdsrs.exe
htlapgewmcoexdsrs.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Windows\qdwmcutmduhyszpprk.exe
qdwmcutmduhyszpprk.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\qdwmcutmduhyszpprk.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\qdwmcutmduhyszpprk.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe
C:\Users\Admin\AppData\Local\Temp\htlapgewmcoexdsrs.exe .
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe
C:\Users\Admin\AppData\Local\Temp\odyqicdyrkzsoxprvqfa.exe .
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe
C:\Users\Admin\AppData\Local\Temp\dtpibwyuoiyspzsvawmib.exe .
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\htlapgewmcoexdsrs.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\odyqicdyrkzsoxprvqfa.exe*."
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\dtpibwyuoiyspzsvawmib.exe*."
C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe
"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_accbd6960dd347c36571ba5642f84e23.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.4.4:53 | e.ppift.com | udp |
| AE | 208.67.222.123:53 | e.ppidn.net | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 205.171.3.65:53 | e.ppift.in | udp |
| US | 8.8.8.8:53 | e.ppift.in | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:80 | www.google.com | tcp |
| BG | 87.97.201.52:28404 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | cwrzzvdqbyr.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:80 | www.youtube.com | tcp |
| US | 89.117.217.105:25835 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | eplbpmhc.net | udp |
| US | 8.8.8.8:53 | pvsmvfhxkcja.info | udp |
| US | 8.8.8.8:53 | gkdzkqrsl.net | udp |
| US | 8.8.8.8:53 | yhchoaxh.info | udp |
| US | 8.8.8.8:53 | lssuvev.info | udp |
| US | 8.8.8.8:53 | aysqzyb.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | qszdrobeb.info | udp |
| US | 8.8.8.8:53 | yuyaawkeaisy.org | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | yibzpmfci.info | udp |
| US | 8.8.8.8:53 | pissjyv.com | udp |
| US | 8.8.8.8:53 | lklyyhvnlxhn.info | udp |
| US | 8.8.8.8:53 | oouwhqv.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | jjecbsecwkm.org | udp |
| US | 8.8.8.8:53 | fndkcrty.info | udp |
| US | 8.8.8.8:53 | ijwtxgqofv.net | udp |
| US | 8.8.8.8:53 | kkpcaanwb.net | udp |
| US | 8.8.8.8:53 | dqrjfkgzomp.info | udp |
| US | 8.8.8.8:53 | fjpjwbadoe.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | rnoftwap.net | udp |
| US | 8.8.8.8:53 | virpbszarz.info | udp |
| US | 8.8.8.8:53 | fjvtgzhzal.net | udp |
| US | 8.8.8.8:53 | pzlibo.info | udp |
| US | 8.8.8.8:53 | fxbbdk.info | udp |
| US | 8.8.8.8:53 | qumwwe.com | udp |
| US | 8.8.8.8:53 | wqzolaqougs.info | udp |
| US | 8.8.8.8:53 | yjlynivbzyf.net | udp |
| US | 8.8.8.8:53 | rhxkdc.net | udp |
| US | 8.8.8.8:53 | sksiowmyumoo.org | udp |
| US | 8.8.8.8:53 | vvdyauxc.net | udp |
| US | 8.8.8.8:53 | wzhbqqpc.net | udp |
| US | 8.8.8.8:53 | zybhehlxbw.net | udp |
| US | 8.8.8.8:53 | xobjdzdfo.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | mnzknelrj.info | udp |
| US | 8.8.8.8:53 | sizqilv.info | udp |
| US | 8.8.8.8:53 | sazctjtaa.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | qsyegg.com | udp |
| US | 8.8.8.8:53 | cdixtvrdmc.info | udp |
| US | 8.8.8.8:53 | udodptkz.info | udp |
| US | 8.8.8.8:53 | qspopknuu.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | szzbhwmmfx.info | udp |
| US | 8.8.8.8:53 | jonyyvvqx.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | ylhyqvmtni.net | udp |
| US | 8.8.8.8:53 | bfppbqzsznzz.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | bpzgxabi.info | udp |
| US | 8.8.8.8:53 | xorvdzbu.net | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | dqmwrr.info | udp |
| US | 8.8.8.8:53 | vcrsrrzeons.info | udp |
| US | 8.8.8.8:53 | wqkwkj.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | qmimdwiku.net | udp |
| US | 8.8.8.8:53 | yenmvmtmz.info | udp |
| US | 8.8.8.8:53 | ryriytb.com | udp |
| US | 8.8.8.8:53 | wfdtrqxufvdw.info | udp |
| US | 8.8.8.8:53 | cpdgbr.info | udp |
| US | 8.8.8.8:53 | bnhmlbznuuy.com | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | zqrcboljjcf.com | udp |
| US | 8.8.8.8:53 | wnhenlkimtav.info | udp |
| US | 8.8.8.8:53 | rmxnkwz.net | udp |
| US | 8.8.8.8:53 | ebuygyziur.info | udp |
| BG | 87.97.140.135:19345 | tcp | |
| US | 8.8.8.8:53 | rjpzvileqmr.org | udp |
| US | 8.8.8.8:53 | uomvdqlsigir.net | udp |
| US | 8.8.8.8:53 | ufkcfsxlma.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | alkdvrffcr.info | udp |
| US | 8.8.8.8:53 | notirfj.org | udp |
| US | 8.8.8.8:53 | seaxbkg.net | udp |
| US | 8.8.8.8:53 | dencjkjmr.info | udp |
| US | 8.8.8.8:53 | lvryxhnlnwhq.info | udp |
| US | 8.8.8.8:53 | iiaggud.net | udp |
| US | 8.8.8.8:53 | shqexujcldlv.net | udp |
| US | 8.8.8.8:53 | texfosn.info | udp |
| US | 8.8.8.8:53 | lhkpzjewuvu.com | udp |
| US | 8.8.8.8:53 | riighcosjav.net | udp |
| US | 8.8.8.8:53 | xjbgxio.info | udp |
| US | 8.8.8.8:53 | ngocscbyqm.net | udp |
| US | 8.8.8.8:53 | pizrhwg.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | euieoc.com | udp |
| US | 8.8.8.8:53 | zaxupg.net | udp |
| US | 8.8.8.8:53 | zgmusidpzef.org | udp |
| US | 8.8.8.8:53 | kcqmymicwo.com | udp |
| US | 8.8.8.8:53 | eiacyqweuuuo.org | udp |
| US | 8.8.8.8:53 | fytaaorgvup.com | udp |
| US | 8.8.8.8:53 | ssaqeamesm.org | udp |
| US | 8.8.8.8:53 | rrpcro.net | udp |
| US | 8.8.8.8:53 | rtzjrt.net | udp |
| US | 8.8.8.8:53 | ueryrmk.net | udp |
| CY | 213.7.97.170:17442 | tcp | |
| US | 8.8.8.8:53 | tpifpq.info | udp |
| US | 8.8.8.8:53 | miyviruj.net | udp |
| US | 8.8.8.8:53 | enfmxrmj.info | udp |
| US | 8.8.8.8:53 | zdxqgygjtii.org | udp |
| US | 8.8.8.8:53 | bobihyplp.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | mhlmvv.net | udp |
| US | 8.8.8.8:53 | apvnsvynedin.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | swgzkgzwt.net | udp |
| US | 8.8.8.8:53 | xlpmjlaes.info | udp |
| US | 8.8.8.8:53 | kpezpml.net | udp |
| US | 8.8.8.8:53 | gwqeyuouko.com | udp |
| US | 8.8.8.8:53 | bsthqs.net | udp |
| US | 8.8.8.8:53 | uoktqoeubn.info | udp |
| US | 8.8.8.8:53 | ueokven.info | udp |
| US | 8.8.8.8:53 | eewegmkwsmyc.org | udp |
| US | 8.8.8.8:53 | ydizkn.net | udp |
| US | 8.8.8.8:53 | sidkreh.info | udp |
| US | 8.8.8.8:53 | jqnivgfqb.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | tbbltm.net | udp |
| US | 8.8.8.8:53 | kqaqea.com | udp |
| US | 8.8.8.8:53 | oqzknxkgn.info | udp |
| US | 8.8.8.8:53 | qsceqo.com | udp |
| US | 8.8.8.8:53 | rynjdfkinc.net | udp |
| US | 8.8.8.8:53 | jdsbmlafkqju.info | udp |
| US | 8.8.8.8:53 | cmmkmsoe.org | udp |
| US | 8.8.8.8:53 | bjjanuzpn.com | udp |
| US | 8.8.8.8:53 | fanengnbllv.net | udp |
| US | 8.8.8.8:53 | yoiyqusc.com | udp |
| US | 8.8.8.8:53 | wahdhuksf.info | udp |
| US | 8.8.8.8:53 | gsuuxlbul.net | udp |
| US | 8.8.8.8:53 | iehcuyp.net | udp |
| US | 8.8.8.8:53 | vmrjlzqaa.org | udp |
| US | 8.8.8.8:53 | ywagkg.com | udp |
| US | 8.8.8.8:53 | vophdiqjx.com | udp |
| US | 8.8.8.8:53 | gyogmcac.com | udp |
| US | 8.8.8.8:53 | btxrhilx.net | udp |
| US | 8.8.8.8:53 | fhvvbenhoht.info | udp |
| US | 8.8.8.8:53 | ysdpjg.info | udp |
| US | 8.8.8.8:53 | rzctnntmfwfm.net | udp |
| US | 8.8.8.8:53 | syeuulcujczx.info | udp |
| US | 8.8.8.8:53 | lshetkx.info | udp |
| US | 8.8.8.8:53 | cgwezgzu.info | udp |
| US | 8.8.8.8:53 | dgnkjotsj.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | zhxzcihst.net | udp |
| US | 8.8.8.8:53 | nvedralfiztm.net | udp |
| US | 8.8.8.8:53 | errmkdgxrp.info | udp |
| US | 8.8.8.8:53 | fouwtmhkm.info | udp |
| US | 8.8.8.8:53 | ytduejgpohlq.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | dkkuhw.info | udp |
| US | 8.8.8.8:53 | djkxzrxj.net | udp |
| US | 8.8.8.8:53 | wldvhzyiooze.info | udp |
| US | 8.8.8.8:53 | qgggaiimso.com | udp |
| US | 8.8.8.8:53 | utkqjetjn.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | obsgjm.net | udp |
| US | 8.8.8.8:53 | twitzwcvvs.net | udp |
| US | 8.8.8.8:53 | blwtmlkrmdez.info | udp |
| US | 8.8.8.8:53 | acvibcnrj.net | udp |
| US | 8.8.8.8:53 | omqwswseak.com | udp |
| US | 8.8.8.8:53 | ulptcgxa.info | udp |
| US | 8.8.8.8:53 | zzsemm.net | udp |
| US | 8.8.8.8:53 | sxfdfodec.info | udp |
| US | 8.8.8.8:53 | farenlnijglm.net | udp |
| US | 8.8.8.8:53 | chgcfhcd.net | udp |
| US | 8.8.8.8:53 | lazphwgm.net | udp |
| US | 8.8.8.8:53 | pevyxorqi.net | udp |
| US | 8.8.8.8:53 | iqxyalvi.net | udp |
| MD | 77.235.107.127:35614 | tcp | |
| US | 8.8.8.8:53 | yhrfumjmtd.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | tvtnzej.net | udp |
| US | 8.8.8.8:53 | qoknggbyihyq.info | udp |
| US | 8.8.8.8:53 | gejpyyv.info | udp |
| US | 8.8.8.8:53 | xbgofmt.com | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | xjbwdcq.net | udp |
| US | 8.8.8.8:53 | ogdqxhrypz.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | gmgsicymwk.com | udp |
| US | 8.8.8.8:53 | wcdxbmzwafub.net | udp |
| US | 8.8.8.8:53 | yzwdny.net | udp |
| US | 8.8.8.8:53 | clbzpc.net | udp |
| LT | 87.247.81.223:38752 | tcp | |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | vzohtecllh.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | hjdihxmpor.net | udp |
| US | 8.8.8.8:53 | xqjhrxduat.net | udp |
| US | 8.8.8.8:53 | uqfsrgb.info | udp |
| US | 8.8.8.8:53 | ioziusi.net | udp |
| US | 8.8.8.8:53 | kiyaxsr.info | udp |
| US | 8.8.8.8:53 | azlrsd.net | udp |
| US | 8.8.8.8:53 | mpdqxgenco.net | udp |
| US | 8.8.8.8:53 | vyjrga.net | udp |
| US | 8.8.8.8:53 | yyoscsewgwuy.com | udp |
| US | 8.8.8.8:53 | vajinutygvc.info | udp |
| US | 8.8.8.8:53 | smsccmukci.com | udp |
| US | 8.8.8.8:53 | jzedlqrzxciu.net | udp |
| US | 8.8.8.8:53 | eecuwu.com | udp |
| US | 8.8.8.8:53 | oiiumaomao.org | udp |
| US | 8.8.8.8:53 | oatceuvjdvr.info | udp |
| US | 8.8.8.8:53 | tibyyraco.com | udp |
| US | 8.8.8.8:53 | ikwwiayy.com | udp |
| US | 8.8.8.8:53 | fcasxwqqu.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | dlvgjt.info | udp |
| US | 8.8.8.8:53 | eapnaxxpqaof.net | udp |
| US | 8.8.8.8:53 | yxjlpfh.info | udp |
| US | 8.8.8.8:53 | phwbzujv.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | qorczsp.info | udp |
| US | 8.8.8.8:53 | eorsrenizkf.net | udp |
| US | 8.8.8.8:53 | flpzvdoq.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | jsneokiy.info | udp |
| US | 8.8.8.8:53 | gkkclarujbd.net | udp |
| US | 8.8.8.8:53 | xvjxbqdkren.net | udp |
| US | 8.8.8.8:53 | rxscqlijx.org | udp |
| US | 8.8.8.8:53 | ommkkhxuzq.info | udp |
| US | 8.8.8.8:53 | jmxsgj.info | udp |
| US | 8.8.8.8:53 | kcbewml.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | kwqaoqoigokw.com | udp |
| US | 8.8.8.8:53 | yfuoxgdjt.info | udp |
| US | 8.8.8.8:53 | jqixvasfrf.net | udp |
| US | 8.8.8.8:53 | imyodipup.info | udp |
| US | 8.8.8.8:53 | hpidncomosv.com | udp |
| US | 8.8.8.8:53 | kbpmle.net | udp |
| US | 8.8.8.8:53 | aiouumbgoyz.info | udp |
| US | 8.8.8.8:53 | cpwiymtojr.net | udp |
| US | 8.8.8.8:53 | vstgqzynzr.info | udp |
| US | 8.8.8.8:53 | iciwqk.com | udp |
| US | 8.8.8.8:53 | keuuuwae.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | nayyaj.net | udp |
| US | 8.8.8.8:53 | lpbmzlub.info | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | nquehklud.org | udp |
| US | 8.8.8.8:53 | swawyc.org | udp |
| US | 8.8.8.8:53 | peeyzxlszc.info | udp |
| US | 8.8.8.8:53 | etpgpi.net | udp |
| US | 8.8.8.8:53 | mokomobmz.info | udp |
| US | 8.8.8.8:53 | smusfyn.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | mqjzvskwk.info | udp |
| US | 8.8.8.8:53 | ukhydvkekdda.net | udp |
| US | 8.8.8.8:53 | zvdgrqn.org | udp |
| US | 8.8.8.8:53 | dhdjqpke.net | udp |
| US | 8.8.8.8:53 | zjjrdef.net | udp |
| US | 8.8.8.8:53 | eygweoiq.org | udp |
| US | 8.8.8.8:53 | hactqnyoujbq.info | udp |
| US | 8.8.8.8:53 | awrwipzbsw.net | udp |
| US | 8.8.8.8:53 | nobgvvpmmmn.com | udp |
| US | 8.8.8.8:53 | qqdcaij.net | udp |
| US | 8.8.8.8:53 | jcvazzfuq.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | xcjddz.info | udp |
| US | 8.8.8.8:53 | avqtnlrlev.info | udp |
| US | 8.8.8.8:53 | zmiydgnkrey.org | udp |
| US | 8.8.8.8:53 | ujjiko.net | udp |
| US | 8.8.8.8:53 | kilnql.info | udp |
| US | 8.8.8.8:53 | jkhgkt.info | udp |
| US | 8.8.8.8:53 | kiqeauaksc.org | udp |
| US | 8.8.8.8:53 | rvvnptcuwaj.net | udp |
| US | 8.8.8.8:53 | deyyxb.info | udp |
| US | 8.8.8.8:53 | ckoiya.com | udp |
| US | 8.8.8.8:53 | hibish.info | udp |
| US | 8.8.8.8:53 | nmfousjwbmk.org | udp |
| BG | 93.123.123.203:15548 | tcp | |
| US | 8.8.8.8:53 | gkeuxox.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | ebpkdar.net | udp |
| US | 8.8.8.8:53 | hqpdlxpe.net | udp |
| US | 8.8.8.8:53 | kwwwacmgyk.org | udp |
| US | 8.8.8.8:53 | muufhydlvb.info | udp |
| US | 8.8.8.8:53 | xazwmo.net | udp |
| US | 8.8.8.8:53 | ejifpvcu.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | dswsetem.info | udp |
| US | 8.8.8.8:53 | neukubjm.info | udp |
| US | 8.8.8.8:53 | ncbplpwlhbde.info | udp |
| US | 8.8.8.8:53 | xxjeksobyg.info | udp |
| US | 8.8.8.8:53 | xhdpzcmxntmm.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| BG | 93.183.157.219:33734 | tcp | |
| US | 8.8.8.8:53 | ztgvdgwm.info | udp |
| US | 8.8.8.8:53 | acrgpkzf.net | udp |
| US | 8.8.8.8:53 | lvyqknzeyjcu.net | udp |
| US | 8.8.8.8:53 | gwyqqg.com | udp |
| US | 8.8.8.8:53 | fsdozitusuj.com | udp |
| US | 8.8.8.8:53 | jenbdtgc.net | udp |
| US | 8.8.8.8:53 | gwtaqst.info | udp |
| US | 8.8.8.8:53 | hbpkfbjr.info | udp |
| US | 8.8.8.8:53 | quikggwuqqqq.com | udp |
| US | 8.8.8.8:53 | liiavxdxvye.com | udp |
| US | 8.8.8.8:53 | tmvyuxtobt.net | udp |
| US | 8.8.8.8:53 | opiszupon.info | udp |
| US | 8.8.8.8:53 | ewakcwioak.com | udp |
| US | 8.8.8.8:53 | lkrjszqtlazj.net | udp |
| US | 8.8.8.8:53 | rkdwsiv.net | udp |
| US | 8.8.8.8:53 | ewccfqy.net | udp |
| US | 8.8.8.8:53 | cgdqruywo.net | udp |
| US | 8.8.8.8:53 | ceowcmfezkb.info | udp |
| US | 8.8.8.8:53 | ywsmmwcm.com | udp |
| US | 8.8.8.8:53 | iecwga.org | udp |
| US | 8.8.8.8:53 | lcmopkvgn.net | udp |
| US | 8.8.8.8:53 | zivmzcjb.info | udp |
| US | 8.8.8.8:53 | yawoyoccagak.com | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | cczyxwuhniz.net | udp |
| US | 8.8.8.8:53 | vfbsqgjep.com | udp |
| US | 8.8.8.8:53 | nxpcjkscsc.net | udp |
| US | 8.8.8.8:53 | oopdqe.net | udp |
| US | 8.8.8.8:53 | yggusuymci.com | udp |
| US | 8.8.8.8:53 | ckdqwub.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | kjocaqhvzfq.net | udp |
| US | 8.8.8.8:53 | nwtgfrkstpd.info | udp |
| US | 8.8.8.8:53 | zpgchofk.net | udp |
| US | 8.8.8.8:53 | ioxtnahca.net | udp |
| US | 8.8.8.8:53 | qbhjpwzkzaf.info | udp |
| US | 8.8.8.8:53 | muwammee.com | udp |
| US | 8.8.8.8:53 | aeqaceyakm.org | udp |
| US | 8.8.8.8:53 | kmqeauio.org | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | ugsswm.com | udp |
| US | 8.8.8.8:53 | yhbidr.net | udp |
| US | 8.8.8.8:53 | hevodddmls.net | udp |
| US | 8.8.8.8:53 | rfsmjylrbmf.net | udp |
| US | 8.8.8.8:53 | jzanvbvwnz.net | udp |
| US | 8.8.8.8:53 | rppqrkmic.net | udp |
| US | 8.8.8.8:53 | hoksamvkh.net | udp |
| US | 8.8.8.8:53 | xzodjvwdufhp.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | hhmhgy.info | udp |
| US | 8.8.8.8:53 | qaccuewo.org | udp |
| US | 8.8.8.8:53 | kuqsio.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | mwfxxof.net | udp |
| US | 8.8.8.8:53 | wwkvzwirtjoh.net | udp |
| US | 8.8.8.8:53 | qqmcku.com | udp |
| US | 8.8.8.8:53 | ygwoes.org | udp |
| US | 8.8.8.8:53 | kcbeysq.net | udp |
| US | 8.8.8.8:53 | dkmidltwt.com | udp |
| US | 8.8.8.8:53 | byvfxab.info | udp |
| US | 8.8.8.8:53 | xghfufmhez.info | udp |
| US | 8.8.8.8:53 | lubamvacr.org | udp |
| BG | 88.203.169.80:22518 | tcp | |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | zcigwip.net | udp |
| US | 8.8.8.8:53 | ltvkfdng.net | udp |
| US | 8.8.8.8:53 | zomvjmwftx.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | ffvhhfvsds.info | udp |
| US | 8.8.8.8:53 | naslvc.net | udp |
| US | 8.8.8.8:53 | jgbiximstdx.net | udp |
| US | 8.8.8.8:53 | guzrucc.info | udp |
| US | 8.8.8.8:53 | btluvracsimm.net | udp |
| BG | 188.126.11.178:42275 | tcp | |
| US | 8.8.8.8:53 | oirospb.net | udp |
| US | 8.8.8.8:53 | lmxtgavtnema.net | udp |
| US | 8.8.8.8:53 | jbvarbau.net | udp |
| US | 8.8.8.8:53 | fwartf.net | udp |
| US | 8.8.8.8:53 | wckcki.info | udp |
| US | 8.8.8.8:53 | byvqtsu.net | udp |
| US | 8.8.8.8:53 | yokaogmmeiyw.org | udp |
| US | 8.8.8.8:53 | eoeogeymqm.org | udp |
| US | 8.8.8.8:53 | oibkuu.net | udp |
| US | 8.8.8.8:53 | uwdyicbijrh.info | udp |
| US | 8.8.8.8:53 | isuaqmmkqc.com | udp |
| US | 8.8.8.8:53 | lhtgtrjsvs.info | udp |
| US | 8.8.8.8:53 | uawyquka.com | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | zhtsxrgi.net | udp |
| US | 8.8.8.8:53 | rewrcw.net | udp |
| US | 8.8.8.8:53 | ggusscsyggao.com | udp |
| US | 8.8.8.8:53 | kvtbrcga.info | udp |
| US | 8.8.8.8:53 | owwgqyuecwuq.com | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | gqagyc.net | udp |
| US | 8.8.8.8:53 | apgmfs.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | vthqlvvrvpts.net | udp |
| US | 8.8.8.8:53 | kqlxzmxer.net | udp |
| US | 8.8.8.8:53 | ahbgvksf.info | udp |
| US | 8.8.8.8:53 | vkaqidtyai.net | udp |
| US | 8.8.8.8:53 | jojeyieqrq.net | udp |
| US | 8.8.8.8:53 | osmelyq.net | udp |
| US | 8.8.8.8:53 | kqsoicykmu.org | udp |
| US | 8.8.8.8:53 | nwiujhcmj.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | kcmumfd.info | udp |
| US | 8.8.8.8:53 | zgbdajhmn.org | udp |
| US | 8.8.8.8:53 | euvsgg.info | udp |
| US | 8.8.8.8:53 | lfrdvanqckfe.net | udp |
| US | 8.8.8.8:53 | kgbfbnajxj.info | udp |
| US | 8.8.8.8:53 | nldguumxocvq.net | udp |
| US | 8.8.8.8:53 | newhuxeakz.info | udp |
| US | 8.8.8.8:53 | zpjvjp.info | udp |
| US | 8.8.8.8:53 | qkayuecwcomo.org | udp |
| US | 8.8.8.8:53 | amchpkmyhcn.net | udp |
| US | 8.8.8.8:53 | wuceao.org | udp |
| US | 8.8.8.8:53 | giyiqiiw.com | udp |
| US | 8.8.8.8:53 | xufsjgrezy.net | udp |
| US | 8.8.8.8:53 | jcxwazrihou.com | udp |
| US | 8.8.8.8:53 | wqxcrxzcr.info | udp |
| US | 8.8.8.8:53 | tspyngown.info | udp |
| US | 8.8.8.8:53 | uwbyboziows.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | bynoyahzkog.info | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | cumgqk.org | udp |
| US | 8.8.8.8:53 | ouirumpwa.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | hsjkldnndpfb.info | udp |
| US | 8.8.8.8:53 | drailcx.info | udp |
| US | 8.8.8.8:53 | fhzezlljj.org | udp |
| US | 8.8.8.8:53 | lpgobtk.com | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | iwpsrioaigy.info | udp |
| US | 8.8.8.8:53 | zywqofn.net | udp |
| US | 8.8.8.8:53 | vdnrjwbdelae.info | udp |
| US | 8.8.8.8:53 | tbcntc.info | udp |
| US | 8.8.8.8:53 | zapydfewqduq.info | udp |
| US | 8.8.8.8:53 | hbdctkcl.net | udp |
| US | 8.8.8.8:53 | plenegmh.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | lsbpydzxt.org | udp |
| US | 8.8.8.8:53 | gldwzqwgpm.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | kwwygy.com | udp |
| BG | 87.97.147.206:27700 | tcp | |
| US | 8.8.8.8:53 | uqsgqodkekd.net | udp |
| US | 8.8.8.8:53 | ifdmyxjupcb.net | udp |
| US | 8.8.8.8:53 | arhmvat.info | udp |
| US | 8.8.8.8:53 | adxjocxercva.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | sxqteyf.info | udp |
| US | 8.8.8.8:53 | qvbcfqvet.info | udp |
| US | 8.8.8.8:53 | oqrqlojqp.info | udp |
| US | 8.8.8.8:53 | rgkctcjmpua.info | udp |
| US | 8.8.8.8:53 | nkmifihqz.com | udp |
| US | 8.8.8.8:53 | nyuqjmnmf.info | udp |
| US | 8.8.8.8:53 | aisnfyh.info | udp |
| US | 8.8.8.8:53 | qwelnssbgrzl.info | udp |
| US | 8.8.8.8:53 | lczqmbl.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | lebhdd.net | udp |
| US | 8.8.8.8:53 | pmpsvgnxtjv.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | pmhysnewy.info | udp |
| US | 84.46.167.153:42234 | tcp | |
| US | 8.8.8.8:53 | ejtwjlnobvp.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | pqvcbyx.info | udp |
| US | 8.8.8.8:53 | zyssvtcdlfyf.info | udp |
| US | 8.8.8.8:53 | ueehrrqm.net | udp |
| US | 8.8.8.8:53 | tsphixlc.net | udp |
| US | 8.8.8.8:53 | ikrbnohkn.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | lcpnbuav.info | udp |
| US | 8.8.8.8:53 | etvqndvcut.info | udp |
| US | 8.8.8.8:53 | ptjfejou.net | udp |
| US | 8.8.8.8:53 | ncqoqejdr.info | udp |
| US | 8.8.8.8:53 | quvevqlqfby.net | udp |
| US | 8.8.8.8:53 | ikfwaj.info | udp |
| US | 8.8.8.8:53 | phzmrkv.org | udp |
| US | 8.8.8.8:53 | cedjrzruqhb.net | udp |
| US | 8.8.8.8:53 | hipqpro.net | udp |
| US | 8.8.8.8:53 | gnhdfi.info | udp |
| US | 8.8.8.8:53 | ooaugaseug.com | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | zyhndh.info | udp |
| US | 8.8.8.8:53 | hipyqzt.info | udp |
| US | 8.8.8.8:53 | wmuhkdn.net | udp |
| US | 8.8.8.8:53 | qkimoqgg.com | udp |
| US | 8.8.8.8:53 | cbdxtggq.info | udp |
| US | 8.8.8.8:53 | ugbtxczb.net | udp |
| US | 8.8.8.8:53 | hydxuoa.org | udp |
| US | 8.8.8.8:53 | lediioq.net | udp |
| US | 8.8.8.8:53 | ploandloss.info | udp |
| US | 8.8.8.8:53 | puawra.info | udp |
| US | 8.8.8.8:53 | eokqcg.org | udp |
| US | 8.8.8.8:53 | eypcxwt.info | udp |
| US | 8.8.8.8:53 | idnzcxhl.net | udp |
| US | 8.8.8.8:53 | ppissu.info | udp |
| US | 8.8.8.8:53 | xfstzyt.net | udp |
| US | 8.8.8.8:53 | vkzhgqxcj.com | udp |
| US | 8.8.8.8:53 | xowvpvsj.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | moeyqymauasq.org | udp |
| US | 8.8.8.8:53 | zhcpbfkxjeka.net | udp |
| US | 8.8.8.8:53 | lwfkzfiesd.info | udp |
| US | 8.8.8.8:53 | ykusua.org | udp |
| US | 8.8.8.8:53 | uytlzfnsd.net | udp |
| US | 8.8.8.8:53 | kekwaeia.com | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | rtvspii.net | udp |
| US | 8.8.8.8:53 | fzntrobtejzq.info | udp |
| US | 8.8.8.8:53 | zkpzpkn.com | udp |
| US | 8.8.8.8:53 | alfsqou.info | udp |
| US | 8.8.8.8:53 | ifiodmr.info | udp |
| US | 8.8.8.8:53 | aggnzaz.info | udp |
| US | 8.8.8.8:53 | pfqozwd.org | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | grfbpnbvrss.info | udp |
| US | 8.8.8.8:53 | uybqbevisl.info | udp |
| US | 8.8.8.8:53 | dmraaotakux.org | udp |
| US | 8.8.8.8:53 | msvclizefeu.info | udp |
| US | 8.8.8.8:53 | tolughv.org | udp |
| US | 8.8.8.8:53 | icoiyoyoooys.org | udp |
| US | 8.8.8.8:53 | gngmouxc.info | udp |
| US | 8.8.8.8:53 | spbfjauz.net | udp |
| US | 8.8.8.8:53 | mqjddktyd.info | udp |
| US | 8.8.8.8:53 | bsdlxqfmvj.net | udp |
| US | 8.8.8.8:53 | chhlzecvh.net | udp |
| US | 8.8.8.8:53 | icwakoccqq.org | udp |
| US | 8.8.8.8:53 | ddpqtlkbqmgu.info | udp |
| US | 8.8.8.8:53 | lxybrwnwn.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | rdqttv.net | udp |
| US | 8.8.8.8:53 | nzdopecej.org | udp |
| US | 8.8.8.8:53 | dsjdpgsdqq.net | udp |
| US | 8.8.8.8:53 | molqpbak.info | udp |
| US | 8.8.8.8:53 | smkaom.org | udp |
| US | 8.8.8.8:53 | saaaqkoqakis.org | udp |
| US | 8.8.8.8:53 | unjevkya.net | udp |
| US | 8.8.8.8:53 | uqoaeesgqysq.org | udp |
| US | 8.8.8.8:53 | frjgtkw.net | udp |
| US | 8.8.8.8:53 | ymjilszcrtp.info | udp |
| US | 8.8.8.8:53 | hilwmivcd.com | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | mjmkjbgucigp.net | udp |
| US | 8.8.8.8:53 | rcbnsyhrps.net | udp |
| US | 8.8.8.8:53 | pbstzbchufek.net | udp |
| US | 8.8.8.8:53 | agixzvmqgwtt.info | udp |
| US | 8.8.8.8:53 | ceaiskeu.org | udp |
| US | 8.8.8.8:53 | okgmeams.org | udp |
| US | 8.8.8.8:53 | rjnlvexdve.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | korgbbtodbag.info | udp |
| US | 8.8.8.8:53 | iislucnddzub.info | udp |
| US | 8.8.8.8:53 | aoisegwm.com | udp |
| US | 8.8.8.8:53 | qrylhs.info | udp |
| US | 8.8.8.8:53 | eisomi.org | udp |
| RU | 178.206.219.119:22590 | tcp | |
| US | 8.8.8.8:53 | fgzsruumbgz.net | udp |
| US | 8.8.8.8:53 | zgrcvciqm.org | udp |
| US | 8.8.8.8:53 | lzxijni.org | udp |
| US | 8.8.8.8:53 | nwjrzbpye.org | udp |
| US | 8.8.8.8:53 | vtpepyfgtxm.info | udp |
| US | 8.8.8.8:53 | xgjyoqtkrrmx.info | udp |
| BG | 178.169.136.183:33480 | tcp | |
| US | 8.8.8.8:53 | oaswyiogms.org | udp |
| US | 8.8.8.8:53 | kqcxvamaadc.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | nnvmeydvfhlg.info | udp |
| US | 8.8.8.8:53 | eqpbrxsa.net | udp |
| US | 8.8.8.8:53 | balkfyblufhy.net | udp |
| US | 8.8.8.8:53 | xfmpsgninn.info | udp |
| US | 8.8.8.8:53 | qqywqyse.com | udp |
| US | 8.8.8.8:53 | wefmzcz.net | udp |
| US | 8.8.8.8:53 | betsravkjgh.net | udp |
| US | 8.8.8.8:53 | cvkyowvkd.net | udp |
| US | 8.8.8.8:53 | ypdnctmcuv.info | udp |
| US | 8.8.8.8:53 | bobiuycdj.info | udp |
| US | 8.8.8.8:53 | quuyasr.info | udp |
| US | 8.8.8.8:53 | kmyuhezg.info | udp |
| US | 8.8.8.8:53 | owyqoc.org | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | gffxvjjh.info | udp |
| US | 8.8.8.8:53 | qazwjcmdv.info | udp |
| US | 8.8.8.8:53 | xroixsfqvwu.com | udp |
| US | 8.8.8.8:53 | myhjnafc.info | udp |
| US | 8.8.8.8:53 | kjacusbqhy.info | udp |
| US | 8.8.8.8:53 | embncvuq.info | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | hyfokxwijr.net | udp |
| US | 8.8.8.8:53 | xhpqgl.net | udp |
| US | 8.8.8.8:53 | samemyquiw.com | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | sogrnifqezgr.info | udp |
| US | 8.8.8.8:53 | uxbsfs.net | udp |
| US | 8.8.8.8:53 | cumkaeyygk.org | udp |
| US | 8.8.8.8:53 | ekjzrrn.info | udp |
| US | 8.8.8.8:53 | pcdskwzcnmj.net | udp |
| US | 8.8.8.8:53 | lmfkrcm.net | udp |
| US | 8.8.8.8:53 | imorpjdlc.info | udp |
| US | 8.8.8.8:53 | mcmkyuecmm.org | udp |
| US | 8.8.8.8:53 | hkqodo.info | udp |
| US | 8.8.8.8:53 | sxefnv.info | udp |
| US | 8.8.8.8:53 | yuxdfy.net | udp |
| US | 8.8.8.8:53 | dpdocollimda.net | udp |
| US | 8.8.8.8:53 | yefswpfxiyn.net | udp |
| US | 8.8.8.8:53 | hlsuth.info | udp |
| US | 8.8.8.8:53 | ofebpx.net | udp |
| US | 8.8.8.8:53 | jnlwfler.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | vgnndxzcf.org | udp |
| US | 8.8.8.8:53 | iqsyayoe.org | udp |
| US | 8.8.8.8:53 | nvuoft.net | udp |
| US | 8.8.8.8:53 | xowhta.net | udp |
| US | 8.8.8.8:53 | rsntnfzi.net | udp |
| US | 8.8.8.8:53 | sswkwmmumymc.org | udp |
| US | 8.8.8.8:53 | lmtkruyvp.info | udp |
| US | 8.8.8.8:53 | ocsahsymlad.net | udp |
| US | 8.8.8.8:53 | nhypgaifohrc.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | ikbejyy.net | udp |
| US | 8.8.8.8:53 | nuiebdxav.com | udp |
| US | 8.8.8.8:53 | zvsezh.info | udp |
| US | 8.8.8.8:53 | xcvevk.info | udp |
| US | 8.8.8.8:53 | oergdcmyy.info | udp |
| US | 8.8.8.8:53 | rnfoquktvax.com | udp |
| US | 8.8.8.8:53 | hzhpcoty.info | udp |
| US | 8.8.8.8:53 | lclglmjww.net | udp |
| US | 8.8.8.8:53 | mseuoausee.org | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | gmhgbqp.net | udp |
| US | 8.8.8.8:53 | iaecca.com | udp |
| US | 8.8.8.8:53 | xivongn.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | taoamhjtqf.info | udp |
| US | 8.8.8.8:53 | xyrnbyxql.org | udp |
| US | 8.8.8.8:53 | bugxlw.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | sslbkkkh.net | udp |
| US | 8.8.8.8:53 | tfqdkagp.net | udp |
| US | 8.8.8.8:53 | qgbpikukyem.net | udp |
| US | 8.8.8.8:53 | fwlyzm.info | udp |
| US | 8.8.8.8:53 | jjhvhlvy.info | udp |
| US | 8.8.8.8:53 | yukyyi.com | udp |
| US | 8.8.8.8:53 | wurbvv.net | udp |
| US | 8.8.8.8:53 | gwxgzrg.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | ltlkruhc.net | udp |
| US | 8.8.8.8:53 | wqtmmxhunct.info | udp |
| US | 8.8.8.8:53 | uyfooid.info | udp |
| US | 8.8.8.8:53 | nsgmjowhng.net | udp |
| BR | 89.116.58.73:14058 | tcp | |
| US | 8.8.8.8:53 | souikyog.com | udp |
| US | 8.8.8.8:53 | qyzdqsq.info | udp |
| US | 8.8.8.8:53 | pfhqjsjdzakt.net | udp |
| US | 8.8.8.8:53 | zseopkzijepu.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | cummoi.com | udp |
| US | 8.8.8.8:53 | ombwbfgwl.net | udp |
| US | 8.8.8.8:53 | kpddkasi.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | fftkzd.net | udp |
| US | 8.8.8.8:53 | krtxzqlft.net | udp |
| US | 8.8.8.8:53 | afkcsf.net | udp |
| US | 8.8.8.8:53 | hgnozs.net | udp |
| US | 8.8.8.8:53 | fqoqlvidkq.net | udp |
| US | 8.8.8.8:53 | gnupeobijcx.net | udp |
| US | 8.8.8.8:53 | ziebabbepgh.org | udp |
| US | 8.8.8.8:53 | wskaciyqik.org | udp |
| US | 8.8.8.8:53 | qikkryn.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | momgkofg.net | udp |
| US | 8.8.8.8:53 | qewudizz.net | udp |
| US | 8.8.8.8:53 | nkxntfbz.info | udp |
| US | 8.8.8.8:53 | lqzuhoeypvzo.net | udp |
| US | 8.8.8.8:53 | tevbga.info | udp |
| US | 8.8.8.8:53 | mprunzzpp.info | udp |
| BG | 87.121.13.250:32445 | tcp | |
| US | 8.8.8.8:53 | cktwgit.info | udp |
| US | 8.8.8.8:53 | wkwqaa.com | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | zqpevgvwrwu.info | udp |
| US | 8.8.8.8:53 | fzjrrv.info | udp |
| US | 8.8.8.8:53 | tersuwtwjmo.net | udp |
| US | 8.8.8.8:53 | nnqywodxpj.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | eefcqo.info | udp |
| US | 8.8.8.8:53 | bimeetqsd.net | udp |
| US | 8.8.8.8:53 | jgfxxnrjv.org | udp |
| US | 8.8.8.8:53 | cggiewakks.com | udp |
| US | 8.8.8.8:53 | yqkwgmss.org | udp |
| US | 8.8.8.8:53 | pifmzezqp.org | udp |
| US | 8.8.8.8:53 | nmpcdefegjf.info | udp |
| US | 8.8.8.8:53 | lenaktnafcy.net | udp |
| US | 8.8.8.8:53 | lghyjalwzbs.net | udp |
| US | 8.8.8.8:53 | wkeazen.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | dafzfdriag.info | udp |
| US | 8.8.8.8:53 | afigas.net | udp |
| US | 8.8.8.8:53 | bgpaaslow.info | udp |
| US | 8.8.8.8:53 | rzzokqykwof.net | udp |
| US | 8.8.8.8:53 | yvhpgguzxtcz.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | meymwkoumywc.com | udp |
| US | 8.8.8.8:53 | zuncvr.info | udp |
| US | 8.8.8.8:53 | nncmhik.info | udp |
| US | 8.8.8.8:53 | gukijsy.info | udp |
| US | 8.8.8.8:53 | zyhbkzzd.info | udp |
| US | 8.8.8.8:53 | eciqiaqq.com | udp |
| US | 8.8.8.8:53 | kuwcbdj.net | udp |
| US | 8.8.8.8:53 | unpjhm.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | osgixcjgj.info | udp |
| US | 8.8.8.8:53 | emzglqg.net | udp |
| US | 8.8.8.8:53 | xyefjybsiuc.net | udp |
| US | 8.8.8.8:53 | yubspmmqxkx.info | udp |
| US | 8.8.8.8:53 | ciiytsxnvmr.net | udp |
| US | 8.8.8.8:53 | twrnjnyzef.info | udp |
| US | 8.8.8.8:53 | fwunbxjlgpu.com | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | vzmrkrch.info | udp |
| US | 8.8.8.8:53 | sgsyim.org | udp |
| US | 8.8.8.8:53 | fwkpqrngmdmv.net | udp |
| US | 8.8.8.8:53 | upyxwuydnise.net | udp |
| US | 8.8.8.8:53 | fulhjjfpakl.info | udp |
| US | 8.8.8.8:53 | dfxdkh.net | udp |
| US | 8.8.8.8:53 | bwpirousfcv.net | udp |
| US | 8.8.8.8:53 | wymguueamuga.com | udp |
| US | 8.8.8.8:53 | sywslkswfyv.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | iihbbldcm.info | udp |
| US | 8.8.8.8:53 | jupsvyz.info | udp |
| US | 8.8.8.8:53 | swkshux.net | udp |
| US | 8.8.8.8:53 | yjxqjqhw.info | udp |
| US | 8.8.8.8:53 | vcdpublgdbmi.info | udp |
| US | 8.8.8.8:53 | yrpgpsbvotvm.net | udp |
| US | 8.8.8.8:53 | eanvnuwxlh.net | udp |
| US | 8.8.8.8:53 | jgsqglhgj.info | udp |
| US | 8.8.8.8:53 | zzvjjehk.info | udp |
| US | 8.8.8.8:53 | isldltmqxper.net | udp |
| US | 8.8.8.8:53 | djqmndtl.net | udp |
| US | 8.8.8.8:53 | civqsklicg.info | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| BG | 79.100.70.250:40905 | tcp | |
| US | 8.8.8.8:53 | ebiqqou.info | udp |
| US | 8.8.8.8:53 | kiccoumqug.org | udp |
| US | 8.8.8.8:53 | yyamwmkk.org | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | zcnpqgzgdof.com | udp |
| US | 8.8.8.8:53 | vkpsptncvax.net | udp |
| US | 8.8.8.8:53 | xvethy.net | udp |
| US | 8.8.8.8:53 | vdbtmkvpbejb.net | udp |
| US | 8.8.8.8:53 | zrkezhdblynf.net | udp |
| US | 8.8.8.8:53 | kccuuqio.org | udp |
| LT | 78.158.24.6:13069 | tcp | |
| US | 8.8.8.8:53 | hubzxfmqpfll.info | udp |
| US | 8.8.8.8:53 | qkkoemoyeyma.com | udp |
| US | 8.8.8.8:53 | ucwonoocbkx.net | udp |
| US | 8.8.8.8:53 | oqpctmipru.info | udp |
| US | 8.8.8.8:53 | cgmcydeikq.info | udp |
| US | 8.8.8.8:53 | retequxi.info | udp |
| US | 8.8.8.8:53 | nluqnqbjinr.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | cvchoa.net | udp |
| US | 8.8.8.8:53 | rvwvac.info | udp |
| US | 8.8.8.8:53 | wgafhnbqht.net | udp |
| US | 8.8.8.8:53 | gzjdldhe.info | udp |
| US | 8.8.8.8:53 | okascoauis.org | udp |
| US | 8.8.8.8:53 | lufwcvbsyry.net | udp |
| US | 8.8.8.8:53 | imauicymus.com | udp |
| US | 8.8.8.8:53 | yelknalqpwd.net | udp |
| US | 8.8.8.8:53 | lwjmurpslv.net | udp |
| US | 8.8.8.8:53 | bqdbyduw.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | itauzjii.info | udp |
| US | 8.8.8.8:53 | pcgbzxrqrgf.net | udp |
| US | 8.8.8.8:53 | ksicssssgumm.com | udp |
| US | 8.8.8.8:53 | ufeddghyhery.info | udp |
| US | 8.8.8.8:53 | pcrplfxkvpz.info | udp |
| US | 8.8.8.8:53 | fqjonsy.net | udp |
| US | 8.8.8.8:53 | sdftzo.net | udp |
| US | 8.8.8.8:53 | iypdzt.net | udp |
| US | 8.8.8.8:53 | zivvlw.net | udp |
| US | 8.8.8.8:53 | wwusjqvpy.info | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | wixrtiy.info | udp |
| US | 8.8.8.8:53 | vxfktir.com | udp |
| US | 8.8.8.8:53 | woxmkqd.info | udp |
| US | 8.8.8.8:53 | aauwgkioiuko.org | udp |
| US | 8.8.8.8:53 | eisuwaqaqo.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | wofergfsq.info | udp |
| US | 8.8.8.8:53 | xmdevubqu.net | udp |
| US | 8.8.8.8:53 | cwsodvx.net | udp |
| US | 8.8.8.8:53 | efqhec.info | udp |
| US | 8.8.8.8:53 | cvdcfjtkb.info | udp |
| US | 8.8.8.8:53 | pqxwnmcf.info | udp |
| US | 8.8.8.8:53 | nqzuve.net | udp |
| US | 8.8.8.8:53 | qafjxikdvmn.net | udp |
| US | 8.8.8.8:53 | ddxlkfslux.info | udp |
| US | 8.8.8.8:53 | ulhwfgmx.net | udp |
| US | 8.8.8.8:53 | scpomul.net | udp |
| US | 8.8.8.8:53 | kkawvorcosj.net | udp |
| US | 8.8.8.8:53 | hsbsalhel.org | udp |
| US | 8.8.8.8:53 | ocusgecy.com | udp |
| US | 8.8.8.8:53 | mqgysgqeom.com | udp |
| US | 8.8.8.8:53 | huyyyxcgj.net | udp |
| US | 8.8.8.8:53 | bjmojknwjgz.net | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | cmamai.com | udp |
| US | 8.8.8.8:53 | kxthnyuyrcz.info | udp |
| US | 8.8.8.8:53 | henmovqw.net | udp |
| US | 8.8.8.8:53 | gbgxxed.net | udp |
| US | 8.8.8.8:53 | qctkymoht.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | pvvxoh.net | udp |
| US | 8.8.8.8:53 | fhyjntoi.info | udp |
| US | 8.8.8.8:53 | wsceeyse.com | udp |
| US | 8.8.8.8:53 | rcamtgza.info | udp |
| US | 8.8.8.8:53 | rahypyp.net | udp |
| US | 8.8.8.8:53 | bgmnkgquny.info | udp |
| US | 8.8.8.8:53 | pwnpjypcp.com | udp |
| US | 8.8.8.8:53 | ycoccskegqma.com | udp |
| US | 8.8.8.8:53 | cxdmqxkf.net | udp |
| US | 8.8.8.8:53 | auospssidk.info | udp |
| US | 8.8.8.8:53 | ynpyripqr.net | udp |
| US | 8.8.8.8:53 | wgwiim.com | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | zjhidrzkdb.info | udp |
| US | 8.8.8.8:53 | ymaomy.org | udp |
| US | 8.8.8.8:53 | kkahlcepp.net | udp |
| US | 8.8.8.8:53 | egxortpkm.info | udp |
| US | 8.8.8.8:53 | rjeonllgnt.net | udp |
| US | 8.8.8.8:53 | ogjxeorsifum.info | udp |
| US | 8.8.8.8:53 | lqfslknaj.net | udp |
| US | 8.8.8.8:53 | gyakauag.com | udp |
| US | 84.32.153.18:40345 | tcp | |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | twnqzduzafnf.net | udp |
| US | 8.8.8.8:53 | qqmuweyoimce.org | udp |
| US | 8.8.8.8:53 | swaagffhzn.info | udp |
| US | 8.8.8.8:53 | gogmckkggy.com | udp |
| US | 8.8.8.8:53 | ikkmskqg.org | udp |
| US | 8.8.8.8:53 | vhkhbx.net | udp |
| US | 8.8.8.8:53 | hoqetwxc.info | udp |
| US | 8.8.8.8:53 | atfqpmmkzbq.net | udp |
| US | 8.8.8.8:53 | laosfzrfcaeh.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | bsvghtp.com | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | etumtihe.net | udp |
| US | 8.8.8.8:53 | rswaqarz.net | udp |
| US | 8.8.8.8:53 | shbyanthit.info | udp |
| US | 8.8.8.8:53 | suwkwwms.org | udp |
| US | 8.8.8.8:53 | dlljmgidqlja.info | udp |
| US | 8.8.8.8:53 | aptfzieyxulf.net | udp |
| US | 8.8.8.8:53 | kqfeakpot.net | udp |
| MK | 89.205.103.68:28681 | tcp | |
| US | 8.8.8.8:53 | ldbtrjrmi.org | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | czjslsn.info | udp |
| US | 8.8.8.8:53 | cwwsuogosy.org | udp |
| US | 8.8.8.8:53 | iwlpsepol.net | udp |
| US | 8.8.8.8:53 | lqhdxjyip.com | udp |
| US | 8.8.8.8:53 | msegow.org | udp |
| US | 8.8.8.8:53 | ksuqwzst.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | mmswmc.org | udp |
| US | 8.8.8.8:53 | esjupgq.info | udp |
| US | 8.8.8.8:53 | qyeswud.info | udp |
| US | 8.8.8.8:53 | vrsgop.info | udp |
| US | 8.8.8.8:53 | mambfffsdz.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | bqzqdqfglxbn.info | udp |
| US | 8.8.8.8:53 | aihwfrecau.info | udp |
| US | 8.8.8.8:53 | yhaioc.net | udp |
| US | 8.8.8.8:53 | zsauqe.info | udp |
| US | 8.8.8.8:53 | tdghol.info | udp |
| US | 8.8.8.8:53 | tufmdjmeohso.info | udp |
| US | 8.8.8.8:53 | pmfijyi.net | udp |
| US | 8.8.8.8:53 | hjtahoxczcv.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | znnpllba.info | udp |
| US | 8.8.8.8:53 | nybelkb.org | udp |
| US | 8.8.8.8:53 | ptsdtcd.info | udp |
| US | 8.8.8.8:53 | xmuxbemvtd.net | udp |
| US | 8.8.8.8:53 | gzblbnvd.net | udp |
| US | 8.8.8.8:53 | lkqovgr.com | udp |
| US | 8.8.8.8:53 | tddpwm.info | udp |
| US | 8.8.8.8:53 | jvbtrnjs.net | udp |
| US | 8.8.8.8:53 | ddrgvh.net | udp |
| US | 8.8.8.8:53 | konublz.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | eqmiseokqw.org | udp |
| US | 8.8.8.8:53 | pqeuemav.info | udp |
| US | 8.8.8.8:53 | zgwidvp.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | drtcvurahs.info | udp |
| US | 8.8.8.8:53 | lcvsfof.net | udp |
| US | 8.8.8.8:53 | bvwrjp.net | udp |
| US | 8.8.8.8:53 | semyscageu.org | udp |
| US | 8.8.8.8:53 | lbmyvm.net | udp |
| US | 8.8.8.8:53 | gfxcxu.info | udp |
| US | 8.8.8.8:53 | rmezhqrpy.com | udp |
| US | 8.8.8.8:53 | lajdjot.org | udp |
| US | 8.8.8.8:53 | eonzydv.info | udp |
| US | 8.8.8.8:53 | dixiln.info | udp |
| US | 8.8.8.8:53 | jroqnyghbwp.net | udp |
| US | 8.8.8.8:53 | sotstlv.net | udp |
| US | 8.8.8.8:53 | fwvukprtuwt.com | udp |
| US | 8.8.8.8:53 | bnbcohl.info | udp |
| US | 8.8.8.8:53 | xolebnj.info | udp |
| US | 8.8.8.8:53 | xysjyebngn.net | udp |
| US | 8.8.8.8:53 | fnbydyyhht.info | udp |
| US | 8.8.8.8:53 | tqmpgpfzgv.info | udp |
| US | 8.8.8.8:53 | bqxgprd.info | udp |
| US | 8.8.8.8:53 | culuhjusoyrc.net | udp |
| US | 8.8.8.8:53 | ycokiqmusi.org | udp |
| US | 8.8.8.8:53 | zudeyxqgd.info | udp |
| US | 8.8.8.8:53 | imqhfsacxiz.net | udp |
| US | 8.8.8.8:53 | nabxqn.info | udp |
| US | 8.8.8.8:53 | ptpkvexch.info | udp |
| LT | 82.135.245.87:26862 | tcp | |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | dehbdl.info | udp |
| US | 8.8.8.8:53 | sxhwzh.info | udp |
| US | 8.8.8.8:53 | xixszbrjhv.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | fkfidtrftwz.info | udp |
| US | 8.8.8.8:53 | wkgucwmoaeus.org | udp |
| US | 8.8.8.8:53 | gymcqucy.com | udp |
| US | 8.8.8.8:53 | osqywkoc.org | udp |
| US | 8.8.8.8:53 | nhcxbhkqwm.info | udp |
| US | 8.8.8.8:53 | jrrksakfkf.info | udp |
| US | 8.8.8.8:53 | dypudgpkbtx.org | udp |
| US | 8.8.8.8:53 | zwkptgzyn.info | udp |
| US | 8.8.8.8:53 | mwrrykhuhel.info | udp |
| LT | 78.61.147.164:44612 | tcp | |
| US | 8.8.8.8:53 | aktwii.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | lrpyvf.info | udp |
| US | 8.8.8.8:53 | iqhmzoc.info | udp |
| US | 8.8.8.8:53 | gircromkb.info | udp |
| US | 8.8.8.8:53 | sqjlhbejikro.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | ryozfmp.com | udp |
| US | 8.8.8.8:53 | acgcsq.org | udp |
| US | 8.8.8.8:53 | uzjddv.net | udp |
| US | 8.8.8.8:53 | pxjalodrs.com | udp |
| US | 8.8.8.8:53 | erswifcm.info | udp |
| US | 8.8.8.8:53 | hkpwxuloxlsz.info | udp |
| US | 8.8.8.8:53 | ccxcndnqtn.info | udp |
| US | 8.8.8.8:53 | nxxwsaegskf.org | udp |
| US | 8.8.8.8:53 | ngjdngzed.com | udp |
| US | 8.8.8.8:53 | dejmash.info | udp |
| US | 8.8.8.8:53 | lxvghitarov.org | udp |
| US | 8.8.8.8:53 | lezwptx.org | udp |
| US | 8.8.8.8:53 | jkicupganotd.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | eqdovvdzn.net | udp |
| US | 8.8.8.8:53 | whjkpgzne.info | udp |
| US | 8.8.8.8:53 | dxnknsbgrlpr.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | copkvwwab.info | udp |
| US | 8.8.8.8:53 | jrfprcmiwk.net | udp |
| US | 8.8.8.8:53 | jnrshybqhgk.info | udp |
| US | 8.8.8.8:53 | gwltyqt.net | udp |
| US | 8.8.8.8:53 | vnxsbzyyr.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | liupxqzijlb.info | udp |
| US | 8.8.8.8:53 | bxrnvq.net | udp |
| US | 8.8.8.8:53 | hrpdsourve.net | udp |
| US | 8.8.8.8:53 | sytblnvkyl.net | udp |
| US | 8.8.8.8:53 | zlusomvfjwbj.info | udp |
| US | 8.8.8.8:53 | injsplzigct.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | oahyxajgw.net | udp |
| US | 8.8.8.8:53 | vrhlnt.net | udp |
| US | 8.8.8.8:53 | myuxfov.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | murrlxjedonn.net | udp |
| US | 8.8.8.8:53 | kowllcbil.info | udp |
| US | 8.8.8.8:53 | rmmkzgx.org | udp |
| US | 8.8.8.8:53 | opuihjvz.net | udp |
| US | 8.8.8.8:53 | pqbmzqhal.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | iquaokmq.com | udp |
| US | 8.8.8.8:53 | rhwitjprngpp.info | udp |
| US | 8.8.8.8:53 | mrpiobgwiqf.net | udp |
| US | 8.8.8.8:53 | uwdzbgjscqi.info | udp |
| US | 8.8.8.8:53 | jdxhpunofuav.net | udp |
| US | 8.8.8.8:53 | tabczshsp.info | udp |
| US | 8.8.8.8:53 | iucybjvmrbpp.info | udp |
| US | 8.8.8.8:53 | oeeoywoiey.org | udp |
| US | 8.8.8.8:53 | drbyvspcj.org | udp |
| US | 8.8.8.8:53 | aiiymeuoko.org | udp |
| US | 8.8.8.8:53 | peeoxkf.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | vwtsvel.org | udp |
| BG | 88.87.9.36:43388 | tcp | |
| US | 8.8.8.8:53 | dmdcbhxahvhc.info | udp |
| US | 8.8.8.8:53 | lhpyoxbschb.info | udp |
| US | 8.8.8.8:53 | wojivwfaxsd.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | aneotaz.info | udp |
| US | 8.8.8.8:53 | xbuxzw.net | udp |
| US | 8.8.8.8:53 | skmgsuwiggwy.com | udp |
| US | 8.8.8.8:53 | eckvrebjwiz.net | udp |
| US | 8.8.8.8:53 | gsogaaca.com | udp |
| US | 8.8.8.8:53 | iobqtyr.net | udp |
| US | 8.8.8.8:53 | eylysj.net | udp |
| US | 8.8.8.8:53 | wprhdvcr.net | udp |
| US | 8.8.8.8:53 | ycewkq.org | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | amawui.info | udp |
| US | 8.8.8.8:53 | gwtsftvah.info | udp |
| US | 8.8.8.8:53 | kgjaicmgmo.info | udp |
| US | 8.8.8.8:53 | iascsuycwi.com | udp |
| US | 8.8.8.8:53 | eddhdw.net | udp |
| US | 8.8.8.8:53 | npetrsvi.info | udp |
| US | 8.8.8.8:53 | hctcgps.com | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | jmiczyobblzn.info | udp |
| US | 8.8.8.8:53 | yabrltpf.info | udp |
| US | 8.8.8.8:53 | mgxgbgihzux.net | udp |
| US | 8.8.8.8:53 | fhruvyaeiqkj.net | udp |
| US | 8.8.8.8:53 | lxlcfhjuv.info | udp |
| MD | 89.28.99.104:13660 | tcp | |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | pqddpkwga.net | udp |
| US | 8.8.8.8:53 | iqipsylexq.net | udp |
| US | 8.8.8.8:53 | ykfutq.info | udp |
| US | 8.8.8.8:53 | ejhnfd.net | udp |
| US | 8.8.8.8:53 | cgdumnc.info | udp |
| US | 8.8.8.8:53 | aqfuyunrdah.net | udp |
| US | 8.8.8.8:53 | pgdrzr.info | udp |
| US | 8.8.8.8:53 | zapinij.com | udp |
| US | 8.8.8.8:53 | dqajrj.info | udp |
| US | 8.8.8.8:53 | dgxgpxfkaix.com | udp |
| US | 8.8.8.8:53 | ymukjrcjf.net | udp |
| US | 8.8.8.8:53 | lirmuecctz.net | udp |
| US | 8.8.8.8:53 | ikipjydd.info | udp |
| US | 8.8.8.8:53 | jehslnh.org | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | uklghedlpql.net | udp |
| US | 8.8.8.8:53 | jgjwtqh.com | udp |
| US | 8.8.8.8:53 | frrytkcqaiy.net | udp |
| US | 8.8.8.8:53 | ppupxkfghv.info | udp |
| US | 8.8.8.8:53 | zcfbqbbrsj.net | udp |
| US | 8.8.8.8:53 | gwyyhgr.info | udp |
| US | 8.8.8.8:53 | ktxdugsjvv.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | wdonnrxqoqnp.net | udp |
| US | 8.8.8.8:53 | jfwghujs.info | udp |
| US | 8.8.8.8:53 | hafyhrzu.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | trmrbh.info | udp |
| US | 8.8.8.8:53 | zrpijlymdlnn.info | udp |
| US | 8.8.8.8:53 | vymycimp.info | udp |
| US | 8.8.8.8:53 | lppouwi.net | udp |
| US | 8.8.8.8:53 | bokovtxgp.info | udp |
| US | 8.8.8.8:53 | haxzxnlwf.info | udp |
| US | 8.8.8.8:53 | tmtjhjtk.net | udp |
| US | 8.8.8.8:53 | hosiyohwz.com | udp |
| US | 8.8.8.8:53 | fsdanuhfdw.info | udp |
| US | 8.8.8.8:53 | xdoewrdvokql.info | udp |
| US | 8.8.8.8:53 | okafxrcwc.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | ngdetw.net | udp |
| US | 8.8.8.8:53 | rdruhlyvrx.net | udp |
| US | 8.8.8.8:53 | gcjaxqt.net | udp |
| US | 8.8.8.8:53 | dxnueyidwbb.org | udp |
| US | 8.8.8.8:53 | vpfdjebruora.net | udp |
| US | 8.8.8.8:53 | jonoxaswf.info | udp |
| US | 8.8.8.8:53 | uvrugjcslv.info | udp |
| US | 8.8.8.8:53 | nobwlun.info | udp |
| US | 8.8.8.8:53 | vggjqltnjw.net | udp |
| US | 8.8.8.8:53 | wrcahklgt.net | udp |
| US | 8.8.8.8:53 | xcptuajojxyl.net | udp |
| US | 8.8.8.8:53 | pvnoaiflvlp.org | udp |
| US | 8.8.8.8:53 | gsegplcb.net | udp |
| US | 8.8.8.8:53 | qcwpuchqn.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | dkrrhgkdx.net | udp |
| US | 8.8.8.8:53 | mawycigsaumg.com | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | cgemiikseksg.org | udp |
| US | 8.8.8.8:53 | hzmudyxngt.info | udp |
| US | 8.8.8.8:53 | jwvaome.info | udp |
| US | 8.8.8.8:53 | rgnijfj.com | udp |
| US | 8.8.8.8:53 | xjwttaky.info | udp |
| US | 8.8.8.8:53 | oqscaoqi.org | udp |
| US | 8.8.8.8:53 | nwjggkqsjkr.com | udp |
| US | 8.8.8.8:53 | oliovemyd.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | jrmueqg.net | udp |
| US | 8.8.8.8:53 | fszfjh.net | udp |
| US | 8.8.8.8:53 | rkepnux.net | udp |
| US | 8.8.8.8:53 | wvtxryzgsgl.info | udp |
| US | 8.8.8.8:53 | yacaacmism.com | udp |
| US | 8.8.8.8:53 | kkreua.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | csieceiywiaq.com | udp |
| US | 8.8.8.8:53 | wizcnajobyh.net | udp |
| US | 8.8.8.8:53 | ropuvxfqstzm.info | udp |
| US | 8.8.8.8:53 | xfsdezbnspvk.info | udp |
| US | 8.8.8.8:53 | ocybky.info | udp |
| US | 8.8.8.8:53 | qfstupfbdsqi.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | mkudzxr.info | udp |
| US | 8.8.8.8:53 | xxetjz.net | udp |
| US | 8.8.8.8:53 | ieuvbip.info | udp |
| US | 8.8.8.8:53 | lkbrwg.info | udp |
| US | 8.8.8.8:53 | sujksmuaqurk.info | udp |
| US | 8.8.8.8:53 | fmzenmxj.net | udp |
| US | 8.8.8.8:53 | fpicucvczmz.net | udp |
| US | 8.8.8.8:53 | kczanu.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | dwvsmsb.com | udp |
| US | 8.8.8.8:53 | xjwrkjwjaw.info | udp |
| US | 8.8.8.8:53 | zwxkeuf.info | udp |
| US | 8.8.8.8:53 | mpgamygkvkb.net | udp |
| US | 8.8.8.8:53 | aksgbw.info | udp |
| US | 8.8.8.8:53 | lfxivfowbyn.org | udp |
| US | 8.8.8.8:53 | xxvytx.info | udp |
| US | 8.8.8.8:53 | etcssib.net | udp |
| US | 8.8.8.8:53 | tkkbdakvem.net | udp |
| US | 8.8.8.8:53 | gyqcaqpoaka.net | udp |
| US | 8.8.8.8:53 | jumrelvzfc.info | udp |
| US | 8.8.8.8:53 | oixrtdbaryl.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | bbiokds.info | udp |
| US | 84.32.220.53:29516 | tcp | |
| US | 8.8.8.8:53 | pyzkbtp.com | udp |
| US | 8.8.8.8:53 | cfqtemlmbgf.net | udp |
| US | 8.8.8.8:53 | yacuqueq.org | udp |
| US | 8.8.8.8:53 | yemkgams.com | udp |
| US | 8.8.8.8:53 | dsjflqpqj.net | udp |
| US | 8.8.8.8:53 | zvzkhkzjymji.info | udp |
| US | 8.8.8.8:53 | madbxog.info | udp |
| US | 8.8.8.8:53 | tmjuhkt.org | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | mmlebaf.info | udp |
| US | 8.8.8.8:53 | djmjpfpom.com | udp |
| US | 8.8.8.8:53 | wfxufydbtenn.info | udp |
| US | 8.8.8.8:53 | ftrxiq.info | udp |
| US | 8.8.8.8:53 | ggasww.org | udp |
| US | 8.8.8.8:53 | rxrwfelgr.net | udp |
| US | 8.8.8.8:53 | owhhbyrcwdcz.info | udp |
| US | 8.8.8.8:53 | eqyasa.org | udp |
| US | 8.8.8.8:53 | hcjsvhz.info | udp |
| US | 8.8.8.8:53 | lqsuve.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | ygxyjds.net | udp |
| US | 8.8.8.8:53 | oxkpxo.info | udp |
| US | 8.8.8.8:53 | qkrfhgxlhe.info | udp |
| US | 8.8.8.8:53 | fmpjpgxawkf.info | udp |
| US | 8.8.8.8:53 | fsmlav.net | udp |
| US | 8.8.8.8:53 | rwkwefuonb.net | udp |
| US | 8.8.8.8:53 | fsmafmvkj.org | udp |
| US | 8.8.8.8:53 | mcokexpn.net | udp |
| US | 8.8.8.8:53 | lifqkcirdcj.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | qaljtq.info | udp |
| US | 8.8.8.8:53 | vkjtfoavflmx.info | udp |
| US | 8.8.8.8:53 | cuaaqwxaz.info | udp |
| US | 8.8.8.8:53 | sqqiksumue.com | udp |
| US | 8.8.8.8:53 | qooowqqs.org | udp |
| US | 8.8.8.8:53 | jztuta.net | udp |
| US | 8.8.8.8:53 | eikmyq.org | udp |
| US | 8.8.8.8:53 | ucftrehwp.info | udp |
| US | 8.8.8.8:53 | jjownuiffcot.net | udp |
| US | 8.8.8.8:53 | izptpwsprh.net | udp |
| US | 8.8.8.8:53 | bcttumxokqgp.net | udp |
| US | 8.8.8.8:53 | oaqkmksuwkqi.com | udp |
| US | 8.8.8.8:53 | ocawszctdp.info | udp |
| US | 8.8.8.8:53 | gudlmu.net | udp |
| US | 8.8.8.8:53 | iulkrxmkzkx.net | udp |
| US | 8.8.8.8:53 | ywcahp.net | udp |
| US | 8.8.8.8:53 | hytlvzlmhxdo.net | udp |
| US | 8.8.8.8:53 | nmtjdqhzrx.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | edbupqb.info | udp |
| US | 8.8.8.8:53 | xchnigsnrn.info | udp |
| US | 8.8.8.8:53 | hatqkse.com | udp |
| US | 8.8.8.8:53 | owrbmsmgql.info | udp |
| US | 8.8.8.8:53 | bviiaryqdhkt.net | udp |
| US | 8.8.8.8:53 | hojcnermfz.net | udp |
| US | 8.8.8.8:53 | votujqiwykv.org | udp |
| US | 8.8.8.8:53 | raxotspgw.org | udp |
| US | 8.8.8.8:53 | llgaldran.com | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | nnvyhpnoob.net | udp |
| US | 8.8.8.8:53 | ezxqsjhsr.info | udp |
| US | 8.8.8.8:53 | ydjmvke.info | udp |
| US | 8.8.8.8:53 | monhruny.info | udp |
| US | 8.8.8.8:53 | xubhpfjajc.net | udp |
| US | 8.8.8.8:53 | oqfmkommj.info | udp |
| US | 8.8.8.8:53 | rwxwsg.info | udp |
| US | 8.8.8.8:53 | inqitkrihep.info | udp |
| US | 8.8.8.8:53 | deihpwu.info | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | kcurcgl.info | udp |
| US | 8.8.8.8:53 | zkolbdzh.net | udp |
| US | 8.8.8.8:53 | wmqchyn.info | udp |
| MD | 178.168.35.161:20558 | tcp | |
| US | 8.8.8.8:53 | vjfuqseodqd.net | udp |
| US | 8.8.8.8:53 | aehsxwb.info | udp |
| US | 8.8.8.8:53 | ykrmzqk.info | udp |
| US | 8.8.8.8:53 | jflduofbgry.net | udp |
| US | 8.8.8.8:53 | qufmzhonps.net | udp |
| US | 8.8.8.8:53 | kdhrkuxgj.info | udp |
| US | 8.8.8.8:53 | bckeug.info | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | nowjseycb.net | udp |
| US | 8.8.8.8:53 | tqpqmkafdfqp.info | udp |
| US | 8.8.8.8:53 | qphsxsj.info | udp |
| US | 8.8.8.8:53 | behkjbnyp.net | udp |
| US | 8.8.8.8:53 | oahdulzkn.net | udp |
| US | 8.8.8.8:53 | madtmiocp.info | udp |
| US | 8.8.8.8:53 | gittdsvqr.info | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | kbazbgx.net | udp |
| US | 8.8.8.8:53 | zsxxlwj.net | udp |
| US | 8.8.8.8:53 | acxmpivbk.net | udp |
| US | 8.8.8.8:53 | uomdronsgli.info | udp |
| US | 8.8.8.8:53 | iojgvg.net | udp |
| US | 8.8.8.8:53 | xmpizpuvzh.net | udp |
| US | 8.8.8.8:53 | hwklzggewan.org | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | evbqloxgq.net | udp |
| US | 8.8.8.8:53 | lwoonj.net | udp |
| US | 8.8.8.8:53 | zgvpvwnndkz.net | udp |
| US | 8.8.8.8:53 | nnzdyxuwlgks.net | udp |
| US | 8.8.8.8:53 | xzwkrn.info | udp |
| US | 8.8.8.8:53 | hptuuj.net | udp |
| US | 8.8.8.8:53 | uoccoqsosmiq.com | udp |
| US | 8.8.8.8:53 | zmnkbkxylob.com | udp |
| US | 8.8.8.8:53 | capuzwczfyt.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | eeugaaoemg.org | udp |
| US | 8.8.8.8:53 | donurspmd.com | udp |
| US | 8.8.8.8:53 | wcuwco.com | udp |
| US | 8.8.8.8:53 | vuxcdcfui.info | udp |
| US | 8.8.8.8:53 | mmexojekpp.info | udp |
| US | 8.8.8.8:53 | nhvmdhxy.net | udp |
| US | 8.8.8.8:53 | vtdcrorqhllv.net | udp |
| US | 8.8.8.8:53 | cspntyj.net | udp |
| US | 8.8.8.8:53 | dcwzbyd.info | udp |
| US | 8.8.8.8:53 | sdlehdf.info | udp |
| US | 8.8.8.8:53 | hatqolssp.org | udp |
| US | 8.8.8.8:53 | hxzgxsj.info | udp |
| US | 8.8.8.8:53 | gwogmc.org | udp |
| US | 8.8.8.8:53 | txehaqgcjt.info | udp |
| US | 8.8.8.8:53 | vyhavjhqppwm.info | udp |
| US | 8.8.8.8:53 | xanshun.info | udp |
| US | 8.8.8.8:53 | yzkdhyphk.info | udp |
| US | 8.8.8.8:53 | dkjpmomezm.info | udp |
| US | 8.8.8.8:53 | dqdpnwaefrxu.info | udp |
| US | 8.8.8.8:53 | mohomqrnz.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | xafqfoqhskgp.net | udp |
| US | 8.8.8.8:53 | ylcxqwnxfa.net | udp |
| US | 8.8.8.8:53 | mvdlhavdafj.info | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | vlumbct.info | udp |
| US | 8.8.8.8:53 | gsowjojme.info | udp |
| US | 8.8.8.8:53 | mbjkjh.net | udp |
| US | 8.8.8.8:53 | gwuyiw.com | udp |
| US | 8.8.8.8:53 | wfwahmtxeb.net | udp |
| US | 8.8.8.8:53 | muiacy.com | udp |
| US | 8.8.8.8:53 | tbeosdhuph.info | udp |
| US | 8.8.8.8:53 | jaaqcan.org | udp |
| US | 8.8.8.8:53 | yvrszzll.net | udp |
| US | 8.8.8.8:53 | vxdllf.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | wixivolzl.info | udp |
| US | 8.8.8.8:53 | qshdfajspgv.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | idplhikjkbhy.net | udp |
| US | 8.8.8.8:53 | pzdqsrhun.net | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | qtnfidpfcjxq.info | udp |
| US | 8.8.8.8:53 | xefougn.info | udp |
| US | 8.8.8.8:53 | uogauwwmksse.org | udp |
| US | 8.8.8.8:53 | judodbycdmm.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | lihdycvyvhpa.info | udp |
| US | 8.8.8.8:53 | mgwpdwuarstq.net | udp |
| US | 8.8.8.8:53 | jinlwqlfrj.net | udp |
| US | 8.8.8.8:53 | ukyqquks.org | udp |
| US | 8.8.8.8:53 | lpusggnwp.net | udp |
| US | 8.8.8.8:53 | mkceieyml.info | udp |
| US | 8.8.8.8:53 | pmrlrkfmphc.com | udp |
| US | 8.8.8.8:53 | wxmitbqccxd.net | udp |
| US | 8.8.8.8:53 | yodgmqwkx.info | udp |
| US | 8.8.8.8:53 | dkztglep.net | udp |
| US | 8.8.8.8:53 | zthldmlmz.org | udp |
| US | 8.8.8.8:53 | hyknxfre.net | udp |
| US | 8.8.8.8:53 | zbkqmu.info | udp |
| US | 8.8.8.8:53 | nafvtho.com | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | wibujy.info | udp |
| US | 8.8.8.8:53 | hypmjcghy.org | udp |
| US | 8.8.8.8:53 | euoqqmssiygy.com | udp |
| US | 8.8.8.8:53 | ewyvlaxjnp.net | udp |
| US | 8.8.8.8:53 | xlprndohpotx.info | udp |
| US | 8.8.8.8:53 | xjywzevg.net | udp |
| US | 8.8.8.8:53 | yigcaawcca.org | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | ecihts.net | udp |
| US | 8.8.8.8:53 | zgldgvy.com | udp |
| US | 8.8.8.8:53 | tipjocjfgw.info | udp |
| US | 8.8.8.8:53 | oviiloycqmb.net | udp |
| US | 8.8.8.8:53 | jkuxnex.net | udp |
| US | 8.8.8.8:53 | zqfyxinnz.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | zidtvktezmz.com | udp |
| US | 8.8.8.8:53 | rzdpwv.net | udp |
| US | 8.8.8.8:53 | jcgmglvitn.net | udp |
| US | 8.8.8.8:53 | jnnoeqze.net | udp |
| US | 8.8.8.8:53 | vsbosyv.net | udp |
| LT | 78.62.212.107:44919 | tcp | |
| US | 8.8.8.8:53 | oflutcz.info | udp |
| US | 8.8.8.8:53 | hspehie.org | udp |
| US | 8.8.8.8:53 | bebtuymttw.net | udp |
| US | 8.8.8.8:53 | bgzupkj.org | udp |
| US | 8.8.8.8:53 | jijopopmdsx.net | udp |
| US | 8.8.8.8:53 | ildbim.info | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | qcwwupr.info | udp |
| US | 8.8.8.8:53 | qnggimnnpis.info | udp |
| US | 8.8.8.8:53 | mwlugctwn.net | udp |
| US | 8.8.8.8:53 | nyhdtzlutr.net | udp |
| US | 8.8.8.8:53 | pebdxvjr.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | oohiizyjldfv.net | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | bbcusahcgjud.info | udp |
| US | 8.8.8.8:53 | ouaaqmwi.com | udp |
| US | 8.8.8.8:53 | zmdzdqclk.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | tvytzcnwcd.info | udp |
| US | 8.8.8.8:53 | mcwsxoxzj.info | udp |
| US | 8.8.8.8:53 | ezfqddpwt.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | dqdarezitih.org | udp |
| US | 8.8.8.8:53 | mzfildid.info | udp |
| US | 8.8.8.8:53 | zdhycyphzd.net | udp |
| US | 8.8.8.8:53 | zweckgdora.net | udp |
| US | 8.8.8.8:53 | xjvtpgcopan.net | udp |
| US | 8.8.8.8:53 | zksazdk.info | udp |
| US | 8.8.8.8:53 | dbrubg.net | udp |
| US | 8.8.8.8:53 | lbmkzqz.com | udp |
| US | 8.8.8.8:53 | dwlgbkvedkf.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | hhkstgrkl.com | udp |
| US | 8.8.8.8:53 | kqwegogmiq.org | udp |
| US | 8.8.8.8:53 | fxnkxmzcnyx.org | udp |
| US | 8.8.8.8:53 | nwswvrlb.net | udp |
| US | 8.8.8.8:53 | oucgkk.com | udp |
| US | 8.8.8.8:53 | cqiuay.com | udp |
| US | 8.8.8.8:53 | vanklzp.net | udp |
| US | 8.8.8.8:53 | usumcqgaomgo.org | udp |
| US | 8.8.8.8:53 | uahewfnyc.net | udp |
| US | 8.8.8.8:53 | cikfxcfsjcz.info | udp |
| US | 8.8.8.8:53 | ulzgjtxy.info | udp |
| US | 8.8.8.8:53 | nxrebod.com | udp |
| US | 8.8.8.8:53 | vubcbax.net | udp |
| US | 8.8.8.8:53 | sqkykkcsokwm.org | udp |
| US | 8.8.8.8:53 | bgpwzpn.org | udp |
| US | 8.8.8.8:53 | gcecmuckquis.com | udp |
| US | 8.8.8.8:53 | aqhvtr.info | udp |
| US | 8.8.8.8:53 | bcnghtxwjpqw.net | udp |
| US | 8.8.8.8:53 | muqkmccemmmm.org | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | tjxvxb.info | udp |
| US | 8.8.8.8:53 | okuefms.info | udp |
| US | 8.8.8.8:53 | uaqakeesgi.org | udp |
| US | 8.8.8.8:53 | rwokit.net | udp |
| US | 8.8.8.8:53 | mkvloct.info | udp |
| US | 8.8.8.8:53 | jfxqapiukmp.net | udp |
| US | 8.8.8.8:53 | unhgzgfew.info | udp |
| US | 8.8.8.8:53 | gcfhzwxddb.net | udp |
| US | 8.8.8.8:53 | fwcgfeocqud.com | udp |
| US | 8.8.8.8:53 | nnvyxktoagc.net | udp |
| US | 8.8.8.8:53 | jlucuwucpscz.info | udp |
| US | 8.8.8.8:53 | xyhivwzop.info | udp |
| US | 8.8.8.8:53 | oedqzthsf.net | udp |
| US | 8.8.8.8:53 | jsjozvtgfje.org | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | xmhqrchqn.com | udp |
| US | 8.8.8.8:53 | oascue.net | udp |
| US | 8.8.8.8:53 | ppthofmn.info | udp |
| US | 8.8.8.8:53 | ngbawwoqpjz.org | udp |
| US | 8.8.8.8:53 | tchodqb.net | udp |
| US | 8.8.8.8:53 | mldmhp.info | udp |
| US | 8.8.8.8:53 | meymaaco.org | udp |
| US | 8.8.8.8:53 | vnhznheu.info | udp |
| BG | 93.155.152.35:32579 | tcp | |
| US | 8.8.8.8:53 | jlzrfdeudi.info | udp |
| US | 8.8.8.8:53 | heconnp.com | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | zodgawzss.com | udp |
| US | 8.8.8.8:53 | scoouu.org | udp |
| US | 8.8.8.8:53 | wbrxbaaxkmm.net | udp |
| US | 8.8.8.8:53 | unuxkbovve.net | udp |
| US | 8.8.8.8:53 | mrbpazykkip.info | udp |
| US | 8.8.8.8:53 | cqcueswsuo.com | udp |
| US | 8.8.8.8:53 | kwguay.com | udp |
| US | 8.8.8.8:53 | fcdwxk.info | udp |
| US | 8.8.8.8:53 | uwgwcusiuiys.com | udp |
| US | 8.8.8.8:53 | lzrmdnthzqx.org | udp |
| US | 8.8.8.8:53 | wkqeusws.com | udp |
| US | 8.8.8.8:53 | goookocysega.org | udp |
| US | 8.8.8.8:53 | rsravixs.info | udp |
| US | 8.8.8.8:53 | onbuvgh.net | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | dpjqrfrzy.com | udp |
| US | 8.8.8.8:53 | hwldvx.net | udp |
| US | 8.8.8.8:53 | ggyycqqw.org | udp |
| US | 8.8.8.8:53 | bdpccb.net | udp |
| US | 8.8.8.8:53 | peyjszhlel.info | udp |
| US | 8.8.8.8:53 | dtljpvhqlm.info | udp |
| US | 8.8.8.8:53 | lidvma.info | udp |
| US | 8.8.8.8:53 | sorudflnhn.net | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | bjvfqizizf.info | udp |
| US | 8.8.8.8:53 | dhjexuqder.net | udp |
| US | 8.8.8.8:53 | tqalxcv.info | udp |
| BG | 77.71.17.154:43744 | tcp | |
| US | 8.8.8.8:53 | obqvekn.net | udp |
| US | 8.8.8.8:53 | ukoaqi.com | udp |
| US | 8.8.8.8:53 | gkwqsmmy.org | udp |
| US | 8.8.8.8:53 | bwdjbvgsmi.info | udp |
| US | 8.8.8.8:53 | ikograssx.net | udp |
| US | 8.8.8.8:53 | sedqxyqm.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | bejmzh.info | udp |
| US | 8.8.8.8:53 | tcyejnduqxy.info | udp |
| US | 8.8.8.8:53 | suuqtrp.net | udp |
| US | 8.8.8.8:53 | vmxgrimem.net | udp |
| US | 8.8.8.8:53 | euhitululga.info | udp |
| US | 8.8.8.8:53 | fgdpeaoo.net | udp |
| US | 8.8.8.8:53 | khwazrqn.net | udp |
| US | 8.8.8.8:53 | qntamsuu.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | nhkiinm.net | udp |
| US | 8.8.8.8:53 | jxfprs.info | udp |
| US | 8.8.8.8:53 | dqzmbkm.com | udp |
| US | 8.8.8.8:53 | hxhsoubqn.org | udp |
| US | 8.8.8.8:53 | qoxoaqlty.info | udp |
| US | 8.8.8.8:53 | bqlhqet.com | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | cqhdrwocfik.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | amnrcdgh.info | udp |
| US | 8.8.8.8:53 | ngzorhnyuil.info | udp |
| US | 8.8.8.8:53 | pnlazflwm.info | udp |
| US | 8.8.8.8:53 | pnmmnkod.info | udp |
| US | 8.8.8.8:53 | fmtpeu.net | udp |
| US | 8.8.8.8:53 | wynczijgovh.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | dbdjtgl.net | udp |
| US | 8.8.8.8:53 | moggtsofi.net | udp |
| US | 8.8.8.8:53 | wnprmlpccb.info | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | kdgqni.info | udp |
| US | 8.8.8.8:53 | ashgthnbhe.net | udp |
| US | 8.8.8.8:53 | xoqztobmjpz.org | udp |
| US | 8.8.8.8:53 | tzxodsw.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | upwvaz.net | udp |
| US | 8.8.8.8:53 | atumjqk.net | udp |
| US | 8.8.8.8:53 | bmewsoehhqxt.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | imnhiw.net | udp |
| US | 8.8.8.8:53 | lhlmzy.info | udp |
| US | 8.8.8.8:53 | hrsmfmkwlicf.net | udp |
| US | 8.8.8.8:53 | oaaauklc.info | udp |
| US | 8.8.8.8:53 | agikyosy.org | udp |
| US | 8.8.8.8:53 | fctxarpipykl.net | udp |
| US | 8.8.8.8:53 | bhxffhkrvx.info | udp |
| US | 8.8.8.8:53 | mkciog.com | udp |
| US | 8.8.8.8:53 | lazqonjm.info | udp |
| US | 8.8.8.8:53 | zavbtlka.info | udp |
| US | 8.8.8.8:53 | bgjsaz.info | udp |
| US | 8.8.8.8:53 | iiycqsqk.org | udp |
| US | 8.8.8.8:53 | vwhqfvofqtix.info | udp |
| US | 8.8.8.8:53 | iqcsqw.com | udp |
| US | 8.8.8.8:53 | zxjahme.info | udp |
| US | 8.8.8.8:53 | xxpqrp.info | udp |
| US | 8.8.8.8:53 | crflnb.info | udp |
| BG | 88.87.9.36:43388 | tcp | |
| US | 8.8.8.8:53 | seyimwmicu.org | udp |
| US | 8.8.8.8:53 | vhngmeza.info | udp |
| US | 8.8.8.8:53 | gqnedqh.info | udp |
| US | 8.8.8.8:53 | rzvujuzfhvze.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | qlhezk.info | udp |
| US | 8.8.8.8:53 | cysyaiao.org | udp |
| US | 8.8.8.8:53 | fsadzftqx.com | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | ylsptizfjq.net | udp |
| US | 8.8.8.8:53 | kbpmdbdxswd.info | udp |
| US | 8.8.8.8:53 | auhgtpebse.net | udp |
| US | 8.8.8.8:53 | usqbjwi.net | udp |
| US | 8.8.8.8:53 | rbyjdnz.info | udp |
| US | 8.8.8.8:53 | umdzxof.info | udp |
| US | 8.8.8.8:53 | livwsitk.net | udp |
| US | 8.8.8.8:53 | eqyoykeaog.com | udp |
| US | 8.8.8.8:53 | nvcwvcli.net | udp |
| US | 8.8.8.8:53 | xrgrniqcbkpq.info | udp |
| US | 8.8.8.8:53 | evfcefv.info | udp |
| US | 8.8.8.8:53 | jmfdgmosmnnd.info | udp |
| US | 8.8.8.8:53 | tuzajvmr.net | udp |
| US | 8.8.8.8:53 | sceejekz.net | udp |
| US | 8.8.8.8:53 | lwccsozgdq.info | udp |
| US | 8.8.8.8:53 | qniftitkb.info | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | fgndjerx.net | udp |
| US | 8.8.8.8:53 | iudvtso.net | udp |
| BG | 89.215.99.34:31636 | tcp | |
| US | 8.8.8.8:53 | idajxrseyx.net | udp |
| US | 8.8.8.8:53 | iucooeecqigu.com | udp |
| US | 8.8.8.8:53 | qgqsqkgcmmmi.org | udp |
| US | 8.8.8.8:53 | gynbrtzxdrrp.net | udp |
| US | 8.8.8.8:53 | wcmbtlyxx.net | udp |
| US | 8.8.8.8:53 | tmjcnxgpxyfl.info | udp |
| US | 8.8.8.8:53 | jcjipnzzfkrz.net | udp |
| US | 8.8.8.8:53 | yybccspip.info | udp |
| US | 8.8.8.8:53 | sisvplfm.info | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | htqavmvsdzh.net | udp |
| US | 8.8.8.8:53 | sdoiphul.info | udp |
| US | 8.8.8.8:53 | ekakcuuqmuqs.org | udp |
| US | 8.8.8.8:53 | dqjolpjzrul.org | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | xfoslvtbbwpz.net | udp |
| US | 8.8.8.8:53 | fguxbynah.net | udp |
| US | 8.8.8.8:53 | ywbsled.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | audsvlhsoui.info | udp |
| US | 8.8.8.8:53 | ntblwycgt.info | udp |
| US | 8.8.8.8:53 | sszfdxdsvbx.info | udp |
| US | 8.8.8.8:53 | wmogouwakk.com | udp |
| US | 8.8.8.8:53 | ocsmov.info | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | khbswjfovxae.info | udp |
| US | 8.8.8.8:53 | iixeyx.info | udp |
| US | 8.8.8.8:53 | qrydyfzk.net | udp |
| US | 8.8.8.8:53 | urfytvxwnjz.info | udp |
| US | 8.8.8.8:53 | aaanjxwoh.info | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | xqcurk.net | udp |
| US | 8.8.8.8:53 | muwmkamomckm.com | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | gemlcgnlgfsy.info | udp |
| US | 8.8.8.8:53 | oskqkaqcgsii.org | udp |
| US | 8.8.8.8:53 | xxxwjtswgyyj.net | udp |
| US | 8.8.8.8:53 | twannplxca.net | udp |
| US | 8.8.8.8:53 | rvrzhplftbob.net | udp |
| US | 8.8.8.8:53 | nccwzcq.net | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | fwqiln.info | udp |
| US | 8.8.8.8:53 | rntblj.net | udp |
| US | 8.8.8.8:53 | wiyqyucewcik.org | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | xmdkps.net | udp |
| US | 8.8.8.8:53 | bidgbltpenf.org | udp |
| US | 8.8.8.8:53 | larfbmilzgby.net | udp |
| US | 8.8.8.8:53 | xenqfgocvcfe.net | udp |
| US | 8.8.8.8:53 | dlzkabpondgr.info | udp |
| US | 8.8.8.8:53 | djnaddpwog.info | udp |
| US | 8.8.8.8:53 | qyypzcjukyx.net | udp |
| US | 8.8.8.8:53 | saaioeyqiiwc.org | udp |
| US | 8.8.8.8:53 | bvdanttqcr.net | udp |
| US | 8.8.8.8:53 | tvapdwq.com | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | peterwtczetr.net | udp |
| US | 8.8.8.8:53 | uqmamo.com | udp |
| US | 8.8.8.8:53 | xqfyvgb.com | udp |
| US | 8.8.8.8:53 | zegwpumih.com | udp |
| US | 8.8.8.8:53 | wcqsegoumywo.org | udp |
| US | 8.8.8.8:53 | ammeyswc.com | udp |
| US | 8.8.8.8:53 | lepjvghck.com | udp |
| US | 8.8.8.8:53 | uddwefjmvkx.net | udp |
| US | 8.8.8.8:53 | osegfarke.info | udp |
| US | 8.8.8.8:53 | fefslikmrpv.com | udp |
| US | 8.8.8.8:53 | idgobdcieim.net | udp |
| US | 8.8.8.8:53 | puylzg.net | udp |
| US | 8.8.8.8:53 | kcrygmizwct.net | udp |
| US | 8.8.8.8:53 | rlbiwqrmmq.net | udp |
| US | 8.8.8.8:53 | nnevzkjiwsam.net | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | yeoisyimcc.com | udp |
| US | 8.8.8.8:53 | palekxvoy.info | udp |
| US | 8.8.8.8:53 | sfhapagfxuj.info | udp |
| US | 8.8.8.8:53 | vxuyfa.info | udp |
| US | 8.8.8.8:53 | ewwqoikawacw.com | udp |
| US | 8.8.8.8:53 | nplnnuadjc.net | udp |
| US | 8.8.8.8:53 | zinrzrtxfk.net | udp |
| US | 8.8.8.8:53 | notasgl.org | udp |
| US | 8.8.8.8:53 | bcbebwyaqmx.net | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| BG | 109.160.73.92:21029 | tcp | |
| US | 8.8.8.8:53 | hvxqeprdpi.info | udp |
| US | 8.8.8.8:53 | qqqewsoa.org | udp |
| US | 8.8.8.8:53 | xsulxuawpyk.com | udp |
| US | 8.8.8.8:53 | rjrivqjfx.info | udp |
| US | 8.8.8.8:53 | imesooqg.org | udp |
| US | 8.8.8.8:53 | owsyeecuiq.org | udp |
| US | 8.8.8.8:53 | secbxwdrern.info | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | uoogcqgy.com | udp |
| US | 8.8.8.8:53 | eqtgptpqlsd.info | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | qiaeaemkssau.org | udp |
| US | 8.8.8.8:53 | osqoecaw.com | udp |
| US | 8.8.8.8:53 | pgbwjquvyfv.com | udp |
| US | 8.8.8.8:53 | xfyvtabutabv.info | udp |
| US | 8.8.8.8:53 | stozqspk.info | udp |
| US | 8.8.8.8:53 | lpntkecl.info | udp |
| US | 8.8.8.8:53 | asosokoq.com | udp |
| US | 8.8.8.8:53 | fwputybuh.com | udp |
| US | 8.8.8.8:53 | klqzvz.net | udp |
| US | 8.8.8.8:53 | ajkyawztbic.net | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | lixmqwl.com | udp |
| US | 8.8.8.8:53 | fgkvzjn.info | udp |
| US | 8.8.8.8:53 | wwyioqku.org | udp |
| US | 8.8.8.8:53 | buivcyogvmu.info | udp |
| US | 8.8.8.8:53 | cdijcznhxx.info | udp |
| US | 8.8.8.8:53 | cwsfhcybexjf.net | udp |
| US | 8.8.8.8:53 | tqhqzoh.info | udp |
| US | 8.8.8.8:53 | epzkppkirk.net | udp |
| US | 8.8.8.8:53 | useghyhdxb.net | udp |
| US | 8.8.8.8:53 | yjnvpcqr.info | udp |
| US | 8.8.8.8:53 | yozofsbyb.net | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | ouoqqesiog.com | udp |
| US | 8.8.8.8:53 | geniokl.info | udp |
| US | 8.8.8.8:53 | vghsaki.info | udp |
| US | 8.8.8.8:53 | xmamzlrwt.com | udp |
| US | 8.8.8.8:53 | ijfcdqd.info | udp |
| US | 8.8.8.8:53 | osojfikuzcy.net | udp |
| US | 8.8.8.8:53 | oalijtwldnkg.net | udp |
| US | 8.8.8.8:53 | jvcdxstnrs.info | udp |
| US | 8.8.8.8:53 | pnpjwt.net | udp |
| US | 8.8.8.8:53 | wypjuzsv.info | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | pegcbkx.info | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | cbofhgthgtub.info | udp |
| US | 8.8.8.8:53 | egfrbbts.net | udp |
| US | 8.8.8.8:53 | riqzhklh.net | udp |
| US | 8.8.8.8:53 | vetopchub.org | udp |
| US | 8.8.8.8:53 | huqcwyrjhz.net | udp |
| US | 8.8.8.8:53 | cwrzzvdqbyr.net | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | dhnwpkw.com | udp |
| US | 8.8.8.8:53 | ugqemuko.org | udp |
| US | 8.8.8.8:53 | pvsmvfhxkcja.info | udp |
| US | 8.8.8.8:53 | fybuspcnicwd.net | udp |
| US | 8.8.8.8:53 | xisrei.net | udp |
| US | 8.8.8.8:53 | gurktewovbx.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | ndzrecoyjokg.info | udp |
| US | 8.8.8.8:53 | tmvivghingj.net | udp |
| US | 8.8.8.8:53 | zjwqtndtcndd.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | fenhmby.net | udp |
| US | 8.8.8.8:53 | dgfxos.net | udp |
| US | 8.8.8.8:53 | ycdlbibexsj.info | udp |
| US | 8.8.8.8:53 | mxaxvivt.net | udp |
| US | 8.8.8.8:53 | dvlpph.net | udp |
| US | 8.8.8.8:53 | tuxisqnrnl.net | udp |
| US | 8.8.8.8:53 | ysoiqgci.com | udp |
| US | 8.8.8.8:53 | zixfzbf.info | udp |
| US | 8.8.8.8:53 | qwcgxxbuqu.net | udp |
| US | 8.8.8.8:53 | uwbcjytcs.net | udp |
| US | 8.8.8.8:53 | lklyyhvnlxhn.info | udp |
| US | 8.8.8.8:53 | rrnoawqfxb.net | udp |
| US | 8.8.8.8:53 | zbaaiwhypcz.com | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | qwikeiauwg.com | udp |
| US | 8.8.8.8:53 | zczvxvbonlh.org | udp |
| US | 8.8.8.8:53 | dqrjfkgzomp.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | brieejmybcvy.net | udp |
| US | 8.8.8.8:53 | amyorgwot.net | udp |
| US | 8.8.8.8:53 | jcaqlgrowvf.net | udp |
| US | 8.8.8.8:53 | pxxqfqtjjhvy.net | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | lgncbyr.org | udp |
| US | 8.8.8.8:53 | jjmbhifbsyfb.net | udp |
| US | 8.8.8.8:53 | gwvikmumxmj.info | udp |
| US | 8.8.8.8:53 | wfdtrqxufvdw.info | udp |
| US | 8.8.8.8:53 | sigpjgzafyi.info | udp |
| US | 8.8.8.8:53 | ackgaoqgma.com | udp |
| US | 8.8.8.8:53 | uscwgeou.com | udp |
| US | 8.8.8.8:53 | ymyflprt.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | ufkcfsxlma.info | udp |
| US | 8.8.8.8:53 | qpnqvqwql.net | udp |
| US | 8.8.8.8:53 | akqkfmnwc.info | udp |
| US | 8.8.8.8:53 | amnctwrcvix.info | udp |
| US | 8.8.8.8:53 | vijoqz.net | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
Files
memory/3540-0-0x0000000000400000-0x00000000004FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
| MD5 | 2957c503826ce4d16bd75bf96b74d0d1 |
| SHA1 | 767cc2e71da9d6c6b3b3e5b9311c075405d98f4b |
| SHA256 | 8d95669dc11c82c766b4e909ba7549df850e5f9b4be4b0927ca0027cfe31d53d |
| SHA512 | 9869fa5e8376e168e06bbee7f9096375a140f02ce963f9b53df4383561e80e298da270feb52d5b61c8d4b33ef1136448bb05dea0449f1c06416d67cd758e9156 |
C:\Windows\SysWOW64\qdwmcutmduhyszpprk.exe
| MD5 | accbd6960dd347c36571ba5642f84e23 |
| SHA1 | 5b7c416ada72814560922010b317e8669003b3e5 |
| SHA256 | 482f4d7695f48bda4cfbda875fa32859d0206b577a679fee45c42f8b2151a49d |
| SHA512 | af2d46582af45ea98dc208306e9302b646f3102a30e7fe72dadebc8ed735ff4447e84dc0799ef9d0693e5d5b4c5223bba6e6cf2dd0b7c2f7102d8a0198dc301a |
memory/4668-55-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4064-56-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4608-67-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4700-63-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4608-68-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4604-72-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1644-76-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4604-79-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4928-81-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1644-78-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4928-105-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3540-93-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1032-110-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1688-120-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1688-122-0x0000000000400000-0x00000000004FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ddjmp.exe
| MD5 | 140b4dd8817a24d153f34c58aba90e9d |
| SHA1 | 353665192ea40878c2197808de1f79133b31a8f2 |
| SHA256 | 28b47f2bb735214234c54f70d09155aebcfc2711108dd1cea0c928564ecb31b5 |
| SHA512 | ae5e9a951813cbe3476bca89e7458e1658f6564ddde7d85bbcec364b711fb9da90bc753981cc4515b5f0936bfce769ca2da9378de3a00ea20c2e45c0591bbfef |
memory/4668-165-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4228-166-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4228-167-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2024-170-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2024-171-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4048-173-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2268-178-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4048-180-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4632-182-0x0000000000400000-0x00000000004FE000-memory.dmp
C:\Users\Admin\AppData\Local\fbdcbckmmmiilbajuwsutst.ddd
| MD5 | 5b703739bef763f53658efe8002a482a |
| SHA1 | 302a6916de227d6dfdfeb126cf086482e9b63770 |
| SHA256 | 82dca3453ac17887bfb12fadafa3bc22e81bc34267e60f718aac6cf70b319d64 |
| SHA512 | bd8905209b0bf9f5d4fa8e3704a743075d17351555e7c2898cd15ffe3542b808e1332c3b3cd60e028a535b16e61b215ce42a35e2443762a8932c12cb5fcdd8d8 |
C:\Users\Admin\AppData\Local\szmwgslyjubmablfboviscohufqxiwxhbx.reo
| MD5 | 3652bee6c98975a78814ca88c668b204 |
| SHA1 | 02f12577b111087b2a3dc206d1590257fe1dc514 |
| SHA256 | 72f22d981f8cc244b929e90d5affe72452d3a2d14c27f37a1429240e56a90cf0 |
| SHA512 | 05866ab51648a38010c92961b66ba2c653f30150b45aa9c678a6d3c3306dc1045173ac40cf478c841aed2633e48e645f6a060c0a7ed9ebd1bcde30e7767df394 |
memory/1512-227-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3456-195-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4708-229-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1504-231-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3240-233-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1512-235-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1316-243-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4468-244-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2184-246-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2568-245-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2192-237-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4588-240-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2652-257-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1220-260-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4376-256-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2008-263-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3324-264-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4756-262-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2008-261-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2568-265-0x0000000000400000-0x00000000004FE000-memory.dmp
C:\Windows\SysWOW64\wmicuclt.exe
| MD5 | f52cebc7dec157c7c6a65f2720bfc26d |
| SHA1 | f2ee2bf37b38be0821d990043f68878a9b9b093b |
| SHA256 | 057bbbea6faa46add5d7e65d6a053b6e55047afbece3e1f4caecc1dd7a46a9ad |
| SHA512 | a0a051ecf4f56104d61a0e1df002ec22d4330a4e27efcc79d3a812e311a6b5837c168cfb2b9569a55cf0658e3ab9bf9ba11b0b8bd9d006bd749ec9ee70190fa9 |
memory/1220-278-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4156-277-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2652-273-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1976-272-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3816-271-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4020-270-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2540-269-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2296-268-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2712-267-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2536-280-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1976-281-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2296-283-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3324-285-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2712-284-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4756-282-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3448-279-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2488-286-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4932-287-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3000-288-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3880-289-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/736-290-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2488-292-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3880-291-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2684-294-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/736-296-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4932-295-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4556-297-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2552-310-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2956-309-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2932-314-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3940-313-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2560-312-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3000-320-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2956-321-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4236-318-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2180-317-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/724-319-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2180-316-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2552-322-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3384-323-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2932-325-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/724-326-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/3384-328-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/704-327-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2432-324-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2180-330-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/1612-337-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/4408-335-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2812-334-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/5084-333-0x0000000000400000-0x00000000004FE000-memory.dmp
memory/2392-332-0x0000000000400000-0x00000000004FE000-memory.dmp
C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd
| MD5 | fbbb1edb679f3013c69cd30e91671d44 |
| SHA1 | 8fc393a62817f6e380810b5d2347c957f680f9a4 |
| SHA256 | 2d4af5a72dbb571b083fdc7ed305c6d9671e54562203126321d7608f89357af4 |
| SHA512 | a0034159dac9ba08b9337fb29763fbfff7bad3a3de8a91727b7e3ff16b15bf92ee12089a2c19af4114bb11bea3a70894ff9110b3458ae02815041ce569e6633e |
memory/4896-548-0x0000000003A00000-0x0000000003A48000-memory.dmp
memory/4896-556-0x0000000003A00000-0x0000000003A18000-memory.dmp
memory/4896-554-0x0000000003A00000-0x0000000003A24000-memory.dmp
C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd
| MD5 | ae92887f5fa9ee898a36824263b13e2a |
| SHA1 | 4c23012a8775a883d729073298207ef1344b5c3d |
| SHA256 | e86474c3d985d69a802ad89bed42833e428ade4c362a908034a54eb40b0ffbea |
| SHA512 | 8247836537ebb0781ae0a85f39fee91aa90c422c2082e31df7529815261d555c6c3807b78d9e06fe1466a74dd53c30b457b0cc4c6071b4d63037918f720f0b2b |
C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd
| MD5 | 91aae462af5abc6f7f9a24cda4d61d95 |
| SHA1 | 8e65766065fae4ddc978663b4cf50e8b146b3f48 |
| SHA256 | 70bc0b514e2c74696d8eb6915a2f63cda0f0a1770b718a6cebc12c5f73444121 |
| SHA512 | 7f76bf4360fdf98b9d5ce41b897be9a8cdf1eedb816cf2aa826cc3bcf3bda1c670d80e2e1615f02f7e00352d8b534b6adfe5dd28304cf7e674d1ff7aa8974028 |
C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd
| MD5 | 824e81cfed595f7bbd5bab63e5381f23 |
| SHA1 | 5057e8e57ecda1a05314ae5a566e61af6b77bf28 |
| SHA256 | f4a3df4c1d78b42ad2d6ce99b57b4f015ca59d15ca64db6b1c765d3c56dadf4b |
| SHA512 | 66d657543f57727ee67be1080da48ce518669aef28ecddfeaba603adfa74027a4a743463eb002cc76e5d6976dcb4e3ab0ce4c3532bbd65cbf904b372f9341489 |
C:\Program Files (x86)\fbdcbckmmmiilbajuwsutst.ddd
| MD5 | 720672794981dd5ba2ee62529c643d04 |
| SHA1 | b8412bfcfc468103830aea1f0ccb1f15465a3e33 |
| SHA256 | cf434b5176353da5f968ff7d7ae4e7f2e6bf83fb28da3980f07c65b720bf89f0 |
| SHA512 | 186f37143ef39245f9af646a1d278f5bb540fe5d385a75e71fb61f8c81dd5e9e7fb9739fddd9ad3bf10505e6682e0c046535d834760777a2f107a2bdd6026224 |