Analysis Overview
SHA256
301cd9d85ace67c1d56b5a62afe74a059deca953f17295f1a687408c6e761cd8
Threat Level: Known bad
The file JaffaCakes118_af48005ddcc2ad191061f65097eff80b was found to be: Known bad.
Malicious Activity Summary
Detect Pykspa worm
Modifies WinLogon for persistence
UAC bypass
Pykspa family
Pykspa
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-11 17:22
Signatures
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pykspa family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-11 17:22
Reported
2025-04-11 17:24
Platform
win10v2004-20250410-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "wldqfboexhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "dtmaqnbsmxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "kdzqjjaurfhwbozbebgz.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "dtmaqnbsmxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "mdxmdbqidppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "kdzqjjaurfhwbozbebgz.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "ztqicdvqodgwcqcfjhnhe.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "mdxmdbqidppcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "ztqicdvqodgwcqcfjhnhe.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "wldqfboexhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "dtmaqnbsmxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "dtmaqnbsmxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "xpkasrhawjkycoyzbxb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "wldqfboexhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "wldqfboexhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "wldqfboexhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\efjijrqsxtdaniblwboptstb.chd | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File created | C:\Windows\SysWOW64\efjijrqsxtdaniblwboptstb.chd | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File created | C:\Windows\SysWOW64\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File created | C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File created | C:\Program Files (x86)\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File created | C:\Windows\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File opened for modification | C:\Windows\efjijrqsxtdaniblwboptstb.chd | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| File created | C:\Windows\efjijrqsxtdaniblwboptstb.chd | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe
"C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe" "-"
C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe
"C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe" "-"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | qyaaujs.info | udp |
| US | 8.8.8.8:53 | qqcsoa.org | udp |
| US | 8.8.8.8:53 | gusqbmw.info | udp |
| US | 8.8.8.8:53 | qruszmh.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | sdxdrorejtsb.info | udp |
| US | 8.8.8.8:53 | gucdzytwr.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | rnoftwap.net | udp |
| US | 8.8.8.8:53 | pnzkbanfvpf.net | udp |
| US | 8.8.8.8:53 | dvlpph.net | udp |
| US | 8.8.8.8:53 | jktijyykjy.info | udp |
| US | 8.8.8.8:53 | muugkogeoyku.com | udp |
| US | 8.8.8.8:53 | ogwukisomu.com | udp |
| US | 8.8.8.8:53 | lqiflvf.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | jjecbsecwkm.org | udp |
| US | 8.8.8.8:53 | cssiaeko.org | udp |
| US | 8.8.8.8:53 | yjqdxmhpyid.net | udp |
| US | 8.8.8.8:53 | pkeytexdqgb.info | udp |
| US | 8.8.8.8:53 | sornniflhz.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | mvmeasfixjce.info | udp |
| US | 8.8.8.8:53 | gcjszfnqsui.info | udp |
| US | 8.8.8.8:53 | lgncbyr.org | udp |
| US | 8.8.8.8:53 | jcaqlgrowvf.net | udp |
| US | 8.8.8.8:53 | wyscoeiowkey.org | udp |
| US | 8.8.8.8:53 | rsxcbfhhbdv.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | gwpgueh.net | udp |
| US | 8.8.8.8:53 | uscwgeou.com | udp |
| US | 8.8.8.8:53 | qqwsgyimww.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | ilqigqffkxh.info | udp |
| US | 8.8.8.8:53 | aehuhyz.info | udp |
| US | 8.8.8.8:53 | dirrpbna.info | udp |
| US | 8.8.8.8:53 | lvryxhnlnwhq.info | udp |
| US | 8.8.8.8:53 | qsfgrlthr.net | udp |
| US | 8.8.8.8:53 | icevpgm.net | udp |
| US | 8.8.8.8:53 | ywylsuczgv.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | zgtqluuobgr.com | udp |
| US | 8.8.8.8:53 | jonyyvvqx.net | udp |
| US | 8.8.8.8:53 | aoyaiqgg.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | cesymkamsa.org | udp |
| US | 8.8.8.8:53 | oeugzae.info | udp |
| US | 8.8.8.8:53 | vkzelnmfnun.org | udp |
| US | 8.8.8.8:53 | pkmekxoaq.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | azzprcnufqx.info | udp |
| US | 8.8.8.8:53 | czygkj.net | udp |
| US | 8.8.8.8:53 | aoqrtf.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ritreafnlkn.info | udp |
| US | 8.8.8.8:53 | kywgogqeoi.org | udp |
| US | 8.8.8.8:53 | dopgdwp.com | udp |
| US | 8.8.8.8:53 | zwlulajkf.info | udp |
| US | 8.8.8.8:53 | sijotomxukd.net | udp |
| US | 8.8.8.8:53 | nhvctiuhzkm.com | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | uugaiscyss.org | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | yoiyqusc.com | udp |
| US | 8.8.8.8:53 | vsfqfqj.info | udp |
| US | 8.8.8.8:53 | byuyaylvtryx.info | udp |
| US | 8.8.8.8:53 | izfkwoh.net | udp |
| US | 8.8.8.8:53 | pqxcvbd.org | udp |
| US | 8.8.8.8:53 | mmddzsercjji.net | udp |
| US | 8.8.8.8:53 | uomvdqlsigir.net | udp |
| US | 8.8.8.8:53 | kcusiqcoomqe.org | udp |
| US | 8.8.8.8:53 | gsuuxlbul.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | uhzcladunmrj.info | udp |
| US | 8.8.8.8:53 | nynjqrlc.info | udp |
| US | 8.8.8.8:53 | hfpsnmt.com | udp |
| US | 8.8.8.8:53 | rcqwppieql.info | udp |
| US | 8.8.8.8:53 | texfosn.info | udp |
| US | 8.8.8.8:53 | ssjwtnjcx.info | udp |
| US | 8.8.8.8:53 | bghdbyxu.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | jujheme.info | udp |
| US | 8.8.8.8:53 | felxihnaz.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | oaeaum.org | udp |
| US | 8.8.8.8:53 | shdwdajcix.net | udp |
| US | 8.8.8.8:53 | ysswio.org | udp |
| US | 8.8.8.8:53 | xpjlbfpuvqb.com | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | xlpmjlaes.info | udp |
| US | 8.8.8.8:53 | sakumk.com | udp |
| US | 8.8.8.8:53 | eewegmkwsmyc.org | udp |
| US | 8.8.8.8:53 | nqtkswddj.com | udp |
| US | 8.8.8.8:53 | uyvgpsrvnmq.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | qcjmpwzcfm.net | udp |
| US | 8.8.8.8:53 | rtanmxor.info | udp |
| US | 8.8.8.8:53 | nkhriakqyqz.com | udp |
| US | 8.8.8.8:53 | gzvwfmy.info | udp |
| US | 8.8.8.8:53 | bclqpnxwyg.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | lrtnfqhqq.com | udp |
| US | 8.8.8.8:53 | apnazihwyig.net | udp |
| US | 8.8.8.8:53 | rwcdaeuhbeli.net | udp |
| US | 8.8.8.8:53 | tfnccgnomu.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | vsifkssyc.info | udp |
| US | 8.8.8.8:53 | byvpijskyqj.net | udp |
| US | 8.8.8.8:53 | nobgdcncl.org | udp |
| US | 8.8.8.8:53 | okuiojpw.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | tvtnzej.net | udp |
| US | 8.8.8.8:53 | wabpmsji.net | udp |
| US | 8.8.8.8:53 | czyhlfdrj.info | udp |
| US | 8.8.8.8:53 | osywvotfh.info | udp |
| US | 8.8.8.8:53 | tsbbvt.info | udp |
| US | 8.8.8.8:53 | mnwqpbxvjvhb.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | eohwzsvxx.net | udp |
| US | 8.8.8.8:53 | twxsdo.info | udp |
| US | 8.8.8.8:53 | wgummesmme.com | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | fsoxxwrz.info | udp |
| US | 8.8.8.8:53 | qybavn.net | udp |
| US | 8.8.8.8:53 | supknxt.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | zablqdn.info | udp |
| US | 8.8.8.8:53 | gyuoqqqwooeg.org | udp |
| US | 8.8.8.8:53 | uiemocce.com | udp |
| US | 8.8.8.8:53 | oqkcogmaew.com | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | haueqyfw.info | udp |
| US | 8.8.8.8:53 | jkfqhut.com | udp |
| US | 8.8.8.8:53 | cusynxdqgqyb.net | udp |
| US | 8.8.8.8:53 | inyghyx.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | adhapux.net | udp |
| US | 8.8.8.8:53 | awfdnv.net | udp |
| US | 8.8.8.8:53 | xiiitmc.net | udp |
| US | 8.8.8.8:53 | eyauggmk.com | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | zqksvx.net | udp |
| US | 8.8.8.8:53 | ntfbhy.info | udp |
| US | 8.8.8.8:53 | cylqzlbpy.info | udp |
| US | 8.8.8.8:53 | csxiqhuugax.info | udp |
| US | 8.8.8.8:53 | xiazbofijur.com | udp |
| US | 8.8.8.8:53 | hafjdcgioqil.net | udp |
| US | 8.8.8.8:53 | jzvcfatv.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | fyfyhjtvfmx.net | udp |
| US | 8.8.8.8:53 | aexsol.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | lvyqknzeyjcu.net | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | lkrjdzdcoryu.net | udp |
| US | 8.8.8.8:53 | fcphrologwp.net | udp |
| US | 8.8.8.8:53 | etjrxoxhjf.net | udp |
| US | 8.8.8.8:53 | tqnorlloqppa.info | udp |
| US | 8.8.8.8:53 | zovofdjknz.net | udp |
| US | 8.8.8.8:53 | piswdnfieen.com | udp |
| US | 8.8.8.8:53 | djwopd.net | udp |
| US | 8.8.8.8:53 | ccnanghta.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | jyakjunrbaw.com | udp |
| US | 8.8.8.8:53 | smusfyn.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | pceeels.com | udp |
| US | 8.8.8.8:53 | xokfcfxch.com | udp |
| US | 8.8.8.8:53 | ciqiwy.org | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | jkhgkt.info | udp |
| US | 8.8.8.8:53 | bjdurzhcz.info | udp |
| US | 8.8.8.8:53 | mgeegu.com | udp |
| US | 8.8.8.8:53 | knywkbpmvqfd.net | udp |
| US | 8.8.8.8:53 | twwjbr.net | udp |
| US | 8.8.8.8:53 | iylgkms.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | wagagsqakmow.com | udp |
| US | 8.8.8.8:53 | zqrzvmhgz.net | udp |
| US | 8.8.8.8:53 | dxiydepkq.org | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | dwplnv.net | udp |
| US | 8.8.8.8:53 | ygkiayiiuksg.org | udp |
| US | 8.8.8.8:53 | xuywhelwf.org | udp |
| US | 8.8.8.8:53 | mummtmcer.info | udp |
| US | 8.8.8.8:53 | kxqemqtkfjge.net | udp |
| US | 8.8.8.8:53 | twbyjbsbsf.net | udp |
| US | 8.8.8.8:53 | kxbczkgcxcx.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | njmgmckcmbn.org | udp |
| US | 8.8.8.8:53 | chhwbqpwvtd.info | udp |
| US | 8.8.8.8:53 | fkuulgearib.info | udp |
| US | 8.8.8.8:53 | tgwbzmrqj.org | udp |
| US | 8.8.8.8:53 | kdqxkurgjt.info | udp |
| US | 8.8.8.8:53 | nkhvzixmuzdp.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | wotlvqibzuv.net | udp |
| US | 8.8.8.8:53 | ipdjfkjelpu.net | udp |
| US | 8.8.8.8:53 | pzcivm.net | udp |
| US | 8.8.8.8:53 | amseltlelvf.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | tydtdesug.net | udp |
| US | 8.8.8.8:53 | ryjuzszzh.org | udp |
| US | 8.8.8.8:53 | awugskuosuui.org | udp |
| US | 8.8.8.8:53 | aeqaceyakm.org | udp |
| US | 8.8.8.8:53 | zrhqhtpcjor.net | udp |
| US | 8.8.8.8:53 | vvjkgjqupq.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | zuixsontsv.info | udp |
| US | 8.8.8.8:53 | nkfytes.info | udp |
| US | 8.8.8.8:53 | rwuuxc.net | udp |
| US | 8.8.8.8:53 | bkrxifgm.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | zciisglkqgb.info | udp |
| US | 8.8.8.8:53 | qssfanjf.info | udp |
| US | 8.8.8.8:53 | hqnyagtydkbx.net | udp |
| US | 8.8.8.8:53 | kuucqiwkkgcq.org | udp |
| US | 8.8.8.8:53 | lblenn.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | lscerkhfson.com | udp |
| US | 8.8.8.8:53 | mawkua.com | udp |
| US | 8.8.8.8:53 | jbvarbau.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | faainemksur.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | viaveioue.org | udp |
| US | 8.8.8.8:53 | kayuku.com | udp |
| US | 8.8.8.8:53 | vmfvjan.info | udp |
| US | 8.8.8.8:53 | ntdhpqlyu.com | udp |
| US | 8.8.8.8:53 | yokaogmmeiyw.org | udp |
| US | 8.8.8.8:53 | bngovcghl.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | vqhkpudso.org | udp |
| US | 8.8.8.8:53 | emkqiw.com | udp |
| US | 8.8.8.8:53 | kwpizxvof.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | nfyszbdints.net | udp |
| US | 8.8.8.8:53 | lfrdvanqckfe.net | udp |
| US | 8.8.8.8:53 | hcsimwlyfoh.com | udp |
| US | 8.8.8.8:53 | pdlgjhbb.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | whqrkkzwpihg.info | udp |
| US | 8.8.8.8:53 | vmshvduq.info | udp |
| US | 8.8.8.8:53 | dhpnyhej.net | udp |
| US | 8.8.8.8:53 | jojeyieqrq.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | yrxogxigzsur.info | udp |
| US | 8.8.8.8:53 | ztrmxsunbl.info | udp |
| US | 8.8.8.8:53 | fpdopjdl.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | pfcloyglcgic.net | udp |
| US | 8.8.8.8:53 | oymmboqut.net | udp |
| US | 8.8.8.8:53 | qbshzu.net | udp |
| US | 8.8.8.8:53 | qylqhwv.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | ychymgrkk.net | udp |
| US | 8.8.8.8:53 | ppfltyadog.info | udp |
| US | 8.8.8.8:53 | honfbtl.org | udp |
| US | 8.8.8.8:53 | pfvefvxijrvf.info | udp |
| US | 8.8.8.8:53 | kmkuiwgy.com | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | tillzljmtks.com | udp |
| US | 8.8.8.8:53 | btxkgyzy.net | udp |
| US | 8.8.8.8:53 | ifdmyxjupcb.net | udp |
| US | 8.8.8.8:53 | leyqzq.info | udp |
| US | 8.8.8.8:53 | zsnunyh.org | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | cogieu.net | udp |
| US | 8.8.8.8:53 | muaozkljllr.net | udp |
| US | 8.8.8.8:53 | zmnzutmwdu.info | udp |
| US | 8.8.8.8:53 | laqgfsif.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | jglyztcdsbwb.net | udp |
| US | 8.8.8.8:53 | chhorapwjzy.net | udp |
| US | 8.8.8.8:53 | kcqaymsycksw.com | udp |
| US | 8.8.8.8:53 | jrnolhwp.info | udp |
| US | 8.8.8.8:53 | ejdfloex.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | dwophiewk.net | udp |
| US | 8.8.8.8:53 | acivhmfatmpc.info | udp |
| US | 8.8.8.8:53 | jkfqzkl.com | udp |
| US | 8.8.8.8:53 | bjlnzl.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | jdlelarezxkg.info | udp |
| US | 8.8.8.8:53 | blzyfvb.info | udp |
| US | 8.8.8.8:53 | pyqkwjzut.org | udp |
| US | 8.8.8.8:53 | tdasnpymldap.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | dksiydyxljoi.info | udp |
| US | 8.8.8.8:53 | icwakoccqq.org | udp |
| US | 8.8.8.8:53 | rqbtjmhkhj.net | udp |
| US | 8.8.8.8:53 | ubfxlrpexr.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | kgmsmqswkwwc.com | udp |
| US | 8.8.8.8:53 | kalixepwwfj.net | udp |
| US | 8.8.8.8:53 | necyyxjegy.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | lwfkzfiesd.info | udp |
| US | 8.8.8.8:53 | rmtmzes.org | udp |
| US | 8.8.8.8:53 | gkakvonjv.info | udp |
| US | 8.8.8.8:53 | azjygywymulk.info | udp |
| US | 8.8.8.8:53 | llnrnz.net | udp |
| US | 8.8.8.8:53 | bverebga.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | wyyueesi.org | udp |
| US | 8.8.8.8:53 | gtqotnsmiyp.net | udp |
| US | 8.8.8.8:53 | fazoxrp.com | udp |
| US | 8.8.8.8:53 | pattne.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | aousuc.org | udp |
| US | 8.8.8.8:53 | cwpqwmj.info | udp |
| US | 8.8.8.8:53 | tnncpktjhon.net | udp |
| US | 8.8.8.8:53 | xopmgiduyqf.info | udp |
| US | 8.8.8.8:53 | egukgcnltcn.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | cimmyawqeycc.com | udp |
| US | 8.8.8.8:53 | mkvvtuexohq.info | udp |
| US | 8.8.8.8:53 | zgzutgnczeo.info | udp |
| US | 8.8.8.8:53 | zgrcvciqm.org | udp |
| US | 8.8.8.8:53 | wmnqdofnpgp.info | udp |
| US | 8.8.8.8:53 | earxgkoqnrxv.info | udp |
| US | 8.8.8.8:53 | cwqeswaof.net | udp |
| US | 8.8.8.8:53 | ccfoxttenoyj.info | udp |
| US | 8.8.8.8:53 | viphtteqt.org | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | luvlked.net | udp |
| US | 8.8.8.8:53 | qzbuafhypfzw.info | udp |
| US | 8.8.8.8:53 | vtpepyfgtxm.info | udp |
| US | 8.8.8.8:53 | imsqog.org | udp |
| US | 8.8.8.8:53 | ogdyjgrkj.net | udp |
| US | 8.8.8.8:53 | gznyndmwzh.info | udp |
| US | 8.8.8.8:53 | gamseymuoaui.org | udp |
| US | 8.8.8.8:53 | emgesaoqysoc.org | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | aseqpyzgxun.info | udp |
| US | 8.8.8.8:53 | nooqjs.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | zazivoqaf.info | udp |
| US | 8.8.8.8:53 | xxlvfbbrfsxn.net | udp |
| US | 8.8.8.8:53 | anneeafw.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ivhsgolvlo.net | udp |
| US | 8.8.8.8:53 | hsnssuttqhlr.info | udp |
| US | 8.8.8.8:53 | gkaiegmi.org | udp |
| US | 8.8.8.8:53 | wuaqme.org | udp |
| US | 8.8.8.8:53 | jaskbbvh.info | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | kwsmoaew.org | udp |
| US | 8.8.8.8:53 | gafabcxkuun.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | hpnkrwpqkx.info | udp |
| US | 8.8.8.8:53 | hlsuth.info | udp |
| US | 8.8.8.8:53 | lkhlsiffzcb.org | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | bgjqnol.info | udp |
| US | 8.8.8.8:53 | tmcooj.info | udp |
| US | 8.8.8.8:53 | cyycai.org | udp |
| US | 8.8.8.8:53 | scimuacsow.com | udp |
| US | 8.8.8.8:53 | ukeokgms.org | udp |
| US | 8.8.8.8:53 | pzeoidsfbb.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | yozdlfjazlnk.info | udp |
| US | 8.8.8.8:53 | syoacwgmcwoa.com | udp |
| US | 8.8.8.8:53 | owunjxl.net | udp |
| US | 8.8.8.8:53 | hiondg.info | udp |
| US | 8.8.8.8:53 | xivongn.info | udp |
| US | 8.8.8.8:53 | eidpcd.info | udp |
| US | 8.8.8.8:53 | dewntkpugrdz.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | gusowcoi.org | udp |
| US | 8.8.8.8:53 | tgnsxmrvfoa.net | udp |
| US | 8.8.8.8:53 | ihdvayvc.net | udp |
| US | 8.8.8.8:53 | soqkagum.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | kzfgpvea.net | udp |
| US | 8.8.8.8:53 | vkhxair.com | udp |
| US | 8.8.8.8:53 | znnmhwiqbrd.org | udp |
| US | 8.8.8.8:53 | aewppd.info | udp |
| US | 8.8.8.8:53 | venxlrcp.info | udp |
| US | 8.8.8.8:53 | vfkgpi.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | wihanwuat.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | bjspblwyfzzy.net | udp |
| US | 8.8.8.8:53 | fceaihpjhlj.org | udp |
| US | 8.8.8.8:53 | akwpzipcp.net | udp |
| US | 8.8.8.8:53 | qsuyia.org | udp |
| US | 8.8.8.8:53 | vdgxjcdgzx.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | swqdouim.net | udp |
| US | 8.8.8.8:53 | rtilbz.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | wedzolwkvim.net | udp |
| US | 8.8.8.8:53 | duuwgwx.com | udp |
| US | 8.8.8.8:53 | gdukthalrchx.info | udp |
| US | 8.8.8.8:53 | gyweoeso.org | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | nnqywodxpj.info | udp |
| US | 8.8.8.8:53 | codlfcvwrid.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | tueowbh.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | pmpzribgjfgd.info | udp |
| US | 8.8.8.8:53 | wetcpuh.net | udp |
| US | 8.8.8.8:53 | nhniiebqn.org | udp |
| US | 8.8.8.8:53 | smgxhumfeo.net | udp |
| US | 8.8.8.8:53 | ukcbawn.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | gendycry.net | udp |
| US | 8.8.8.8:53 | tcpdgsf.com | udp |
| US | 8.8.8.8:53 | znlmvoiozyd.info | udp |
| US | 8.8.8.8:53 | laqxfyvr.net | udp |
| US | 8.8.8.8:53 | zqdypgbqpjf.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | fuqfwkhaoduv.net | udp |
| US | 8.8.8.8:53 | yucmii.org | udp |
| US | 8.8.8.8:53 | arawth.info | udp |
| US | 8.8.8.8:53 | ijylbxrfgz.info | udp |
| US | 8.8.8.8:53 | milchztkfit.info | udp |
| US | 8.8.8.8:53 | swkshux.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | tkgfosmzbpcs.info | udp |
| US | 8.8.8.8:53 | lhwmidzflqmr.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | qsccfelzn.net | udp |
| US | 8.8.8.8:53 | sqxqlv.info | udp |
| US | 8.8.8.8:53 | xynrpqvsjquo.net | udp |
| US | 8.8.8.8:53 | sqrygjiijlm.net | udp |
| US | 8.8.8.8:53 | jgsqglhgj.info | udp |
| US | 8.8.8.8:53 | rlvyfaxvs.org | udp |
| US | 8.8.8.8:53 | ozmgattuemuv.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | gikasccswe.com | udp |
| US | 8.8.8.8:53 | seuiwgqe.com | udp |
| US | 8.8.8.8:53 | akegcwmsgi.org | udp |
| US | 8.8.8.8:53 | gycgce.com | udp |
| US | 8.8.8.8:53 | aubejuu.net | udp |
| US | 8.8.8.8:53 | ltxgldrwttqh.info | udp |
| US | 8.8.8.8:53 | bgnidmx.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | ltbdih.net | udp |
| US | 8.8.8.8:53 | zccfykdktej.info | udp |
| US | 8.8.8.8:53 | lngidoh.net | udp |
| US | 8.8.8.8:53 | gmlgfegpmqbw.info | udp |
| US | 8.8.8.8:53 | motkuqfwtvt.net | udp |
| US | 8.8.8.8:53 | uawimo.com | udp |
| US | 8.8.8.8:53 | oqzehlvy.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | oppfwkrqclal.net | udp |
| US | 8.8.8.8:53 | qkkoemoyeyma.com | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | laqlkorp.net | udp |
| US | 8.8.8.8:53 | kcskfiv.info | udp |
| US | 8.8.8.8:53 | amsfnkbqvky.info | udp |
| US | 8.8.8.8:53 | zhboncxz.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | vgcabmsts.org | udp |
| US | 8.8.8.8:53 | mkabozfdic.info | udp |
| US | 8.8.8.8:53 | kccuuqio.org | udp |
| US | 8.8.8.8:53 | qcpuzjhlagv.info | udp |
| US | 8.8.8.8:53 | wjnymtdandwl.net | udp |
| US | 8.8.8.8:53 | asgzoc.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | eiltvpnw.info | udp |
| US | 8.8.8.8:53 | uysquyscuu.org | udp |
| US | 8.8.8.8:53 | tatsdjzzp.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | ywhirxdsz.net | udp |
| US | 8.8.8.8:53 | qufxwvkqw.info | udp |
| US | 8.8.8.8:53 | howmloa.info | udp |
| US | 8.8.8.8:53 | rilkicq.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | waqiag.com | udp |
| US | 8.8.8.8:53 | ixzebsvsrg.info | udp |
| US | 8.8.8.8:53 | prtavdudhwx.com | udp |
| US | 8.8.8.8:53 | gkgsagqmckwi.org | udp |
| US | 8.8.8.8:53 | pmvvgrvstsdy.info | udp |
| US | 8.8.8.8:53 | ceeymiyeeuec.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | qxhinydr.info | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | henmovqw.net | udp |
| US | 8.8.8.8:53 | mimggqkmkw.com | udp |
| US | 8.8.8.8:53 | hyxsupza.info | udp |
| US | 8.8.8.8:53 | kcppvvoing.info | udp |
| US | 8.8.8.8:53 | laasjh.info | udp |
| US | 8.8.8.8:53 | ekvhlejobgx.net | udp |
| US | 8.8.8.8:53 | umfyqiaar.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | lyfdfijey.org | udp |
| US | 8.8.8.8:53 | logyujoxglft.info | udp |
| US | 8.8.8.8:53 | reqytml.info | udp |
| US | 8.8.8.8:53 | maccqgmu.com | udp |
| US | 8.8.8.8:53 | fylndcpwx.info | udp |
| US | 8.8.8.8:53 | zjhidrzkdb.info | udp |
| US | 8.8.8.8:53 | iecuiowa.org | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | vmbirbogoj.info | udp |
| US | 8.8.8.8:53 | cwffjfbykplz.info | udp |
| US | 8.8.8.8:53 | rimkcqoes.org | udp |
| US | 8.8.8.8:53 | vrebqf.info | udp |
| US | 8.8.8.8:53 | uyuavnfqnilt.net | udp |
| US | 8.8.8.8:53 | mfvshaxx.info | udp |
| US | 8.8.8.8:53 | lrznrbldqnfw.net | udp |
| US | 8.8.8.8:53 | zsyqlyceqk.net | udp |
| US | 8.8.8.8:53 | vesegk.net | udp |
| US | 8.8.8.8:53 | aijnymr.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | fuvgvkaar.com | udp |
| US | 8.8.8.8:53 | psanlgbwr.info | udp |
| US | 8.8.8.8:53 | cgjkdpgnb.info | udp |
| US | 8.8.8.8:53 | bethfdxssd.net | udp |
| US | 8.8.8.8:53 | zgelnoodmqbr.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | ltiaozsdb.org | udp |
| US | 8.8.8.8:53 | wiqims.org | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | zolekt.info | udp |
| US | 8.8.8.8:53 | hsnlhmjnrq.info | udp |
| US | 8.8.8.8:53 | jbzebu.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | cwraxf.net | udp |
| US | 8.8.8.8:53 | locxpumei.net | udp |
| US | 8.8.8.8:53 | nhfsyh.net | udp |
| US | 8.8.8.8:53 | ckxgjkzvp.info | udp |
| US | 8.8.8.8:53 | phtwlnygijah.net | udp |
| US | 8.8.8.8:53 | wbqgwoo.info | udp |
| US | 8.8.8.8:53 | mskmammm.info | udp |
| US | 8.8.8.8:53 | wyazqmbluh.info | udp |
| US | 8.8.8.8:53 | lgnazaphpyg.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | hyfclmjolcl.com | udp |
| US | 8.8.8.8:53 | ishpgfqrtc.info | udp |
| US | 8.8.8.8:53 | hjtahoxczcv.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | tsgghmnbqd.net | udp |
| US | 8.8.8.8:53 | bqzqdqfglxbn.info | udp |
| US | 8.8.8.8:53 | acdpgmbxry.info | udp |
| US | 8.8.8.8:53 | mkrgnntencd.net | udp |
| US | 8.8.8.8:53 | rafitlvef.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | csrghkfof.info | udp |
| US | 8.8.8.8:53 | zcvsrkrst.net | udp |
| US | 8.8.8.8:53 | kkxwahccz.info | udp |
| US | 8.8.8.8:53 | ywegysswwaue.org | udp |
| US | 8.8.8.8:53 | twpgnbrg.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | cocmew.org | udp |
| US | 8.8.8.8:53 | ihajfybmk.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | gkhkymhphok.net | udp |
| US | 8.8.8.8:53 | nsbrveiw.net | udp |
| US | 8.8.8.8:53 | ycokiqmusi.org | udp |
| US | 8.8.8.8:53 | nfvsfikqgelb.net | udp |
| US | 8.8.8.8:53 | bdwdbk.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | nmhctlemna.info | udp |
| US | 8.8.8.8:53 | kszohuh.net | udp |
| US | 8.8.8.8:53 | fcuekciz.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | qgualyfbn.info | udp |
| US | 8.8.8.8:53 | zmronf.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | surijqnwe.info | udp |
| US | 8.8.8.8:53 | ncrexxzyr.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | uvjmcnzjlg.info | udp |
| US | 8.8.8.8:53 | ufvqqyo.info | udp |
| US | 8.8.8.8:53 | ohhtkuhrjk.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | gnxsxuzgfsf.net | udp |
| US | 8.8.8.8:53 | inhccfss.net | udp |
| US | 8.8.8.8:53 | pozyua.net | udp |
| US | 8.8.8.8:53 | sodemahohvh.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | wonyagz.net | udp |
| US | 8.8.8.8:53 | oycgqskc.org | udp |
| US | 8.8.8.8:53 | emhuxzgnlw.info | udp |
| US | 8.8.8.8:53 | nxxwsaegskf.org | udp |
| US | 8.8.8.8:53 | fhzsyr.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | henyxjlwsj.info | udp |
| US | 8.8.8.8:53 | derhagersoh.org | udp |
| US | 8.8.8.8:53 | ultahi.net | udp |
| US | 8.8.8.8:53 | kgxnver.info | udp |
| US | 8.8.8.8:53 | klsgmldiwvhp.info | udp |
| US | 8.8.8.8:53 | izznyywldjft.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | kjxgzmcsx.info | udp |
| US | 8.8.8.8:53 | jsawkcwcy.net | udp |
| US | 8.8.8.8:53 | klwurspw.net | udp |
| US | 8.8.8.8:53 | wstpldiozz.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | jxbfxai.com | udp |
| US | 8.8.8.8:53 | hrpdsourve.net | udp |
| US | 8.8.8.8:53 | vpenygdd.net | udp |
| US | 8.8.8.8:53 | pcdwltcwd.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | hgvgcdtwxwxn.info | udp |
| US | 8.8.8.8:53 | hlvtossgqi.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | swiuoo.com | udp |
| US | 8.8.8.8:53 | aiiymeuoko.org | udp |
| US | 8.8.8.8:53 | tzfofyitrc.info | udp |
| US | 8.8.8.8:53 | agqkoqs.net | udp |
| US | 8.8.8.8:53 | zgbaezq.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | cuwouiaoma.org | udp |
| US | 8.8.8.8:53 | twwjmidgeg.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | dirajgd.info | udp |
| US | 8.8.8.8:53 | esrrxwnn.info | udp |
| US | 8.8.8.8:53 | vtpkmhxmzxtr.net | udp |
| US | 8.8.8.8:53 | cbzyuvh.net | udp |
| US | 8.8.8.8:53 | pipvjsigt.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | lklxnf.info | udp |
| US | 8.8.8.8:53 | iktqzeuv.net | udp |
| US | 8.8.8.8:53 | strxtbakk.info | udp |
| US | 8.8.8.8:53 | yqpgkwtdx.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | qyzswdfsnh.info | udp |
| US | 8.8.8.8:53 | tyiyiap.org | udp |
| US | 8.8.8.8:53 | wiokuy.com | udp |
| US | 8.8.8.8:53 | qjtaqmtnldl.net | udp |
| US | 8.8.8.8:53 | blxujvj.org | udp |
| US | 8.8.8.8:53 | wjvolvgmmv.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | scygcmkcuqac.com | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | rkgqbo.info | udp |
| US | 8.8.8.8:53 | uqdzztvyk.net | udp |
| US | 8.8.8.8:53 | xchgbjubpqx.com | udp |
| US | 8.8.8.8:53 | tujsjmm.com | udp |
| US | 8.8.8.8:53 | zgfufkdavtn.info | udp |
| US | 8.8.8.8:53 | dlxgjdxepf.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | uwfkiynohxt.net | udp |
| US | 8.8.8.8:53 | mocklwp.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | lmxeyfyfoe.net | udp |
| US | 8.8.8.8:53 | tajxylfsfjb.net | udp |
| US | 8.8.8.8:53 | tmlhex.net | udp |
| US | 8.8.8.8:53 | berfwwcwhl.info | udp |
| US | 8.8.8.8:53 | tgpmlwylu.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | zrpijlymdlnn.info | udp |
| US | 8.8.8.8:53 | xyffjwj.org | udp |
| US | 8.8.8.8:53 | wafkrhr.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | ayurdu.net | udp |
| US | 8.8.8.8:53 | zchajf.net | udp |
| US | 8.8.8.8:53 | crlowsh.info | udp |
| US | 8.8.8.8:53 | vumibdra.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | ryvzwszvx.org | udp |
| US | 8.8.8.8:53 | pvnoaiflvlp.org | udp |
| US | 8.8.8.8:53 | yigemwky.com | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | lotqmiqsbyj.net | udp |
| US | 8.8.8.8:53 | vyhykekriyve.net | udp |
| US | 8.8.8.8:53 | clwizmhe.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | qphqruhcadu.info | udp |
| US | 8.8.8.8:53 | zjvmfa.info | udp |
| US | 8.8.8.8:53 | jwlegtty.net | udp |
| US | 8.8.8.8:53 | voxcihhgsi.info | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | gckijkpfpked.net | udp |
| US | 8.8.8.8:53 | yiykycyuuimk.com | udp |
| US | 8.8.8.8:53 | bnnfwq.net | udp |
| US | 8.8.8.8:53 | dpcbfwbuep.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | wnegshs.net | udp |
| US | 8.8.8.8:53 | wmgxjivyi.net | udp |
| US | 8.8.8.8:53 | lygzbym.com | udp |
| US | 8.8.8.8:53 | wigqoksuksek.com | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | npdmrustdqtw.info | udp |
| US | 8.8.8.8:53 | luzockpiu.info | udp |
| US | 8.8.8.8:53 | cmyeoougai.org | udp |
| US | 8.8.8.8:53 | doffhgp.info | udp |
| US | 8.8.8.8:53 | etdepqpvwqt.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | ptryvcysx.com | udp |
| US | 8.8.8.8:53 | ckbzmidepp.info | udp |
| US | 8.8.8.8:53 | tirglqi.net | udp |
| US | 8.8.8.8:53 | yaxzlywmf.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | fqytft.info | udp |
| US | 8.8.8.8:53 | yacuqueq.org | udp |
| US | 8.8.8.8:53 | rwzjdujlijpi.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | lpsgux.info | udp |
| US | 8.8.8.8:53 | eezoxuzlc.net | udp |
| US | 8.8.8.8:53 | vlpqzgw.org | udp |
| US | 8.8.8.8:53 | webbfs.net | udp |
| US | 8.8.8.8:53 | eukwriw.net | udp |
| US | 8.8.8.8:53 | pmzlbqrwiol.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | jyabhmbhjk.net | udp |
| US | 8.8.8.8:53 | ehdsiwj.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | ucftrehwp.info | udp |
| US | 8.8.8.8:53 | rhjtpexizm.info | udp |
| US | 8.8.8.8:53 | wrhfimavjh.net | udp |
| US | 8.8.8.8:53 | maxqzdnkjnn.net | udp |
| US | 8.8.8.8:53 | xyzwysknpyt.com | udp |
| US | 8.8.8.8:53 | vqpcdowgs.info | udp |
| US | 8.8.8.8:53 | sewqugdcyrfz.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | muyueeywkk.org | udp |
| US | 8.8.8.8:53 | mwguzuqcgul.net | udp |
| US | 8.8.8.8:53 | mouwukiigm.org | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | llvezdf.net | udp |
| US | 8.8.8.8:53 | hnmyekhwuyj.com | udp |
| US | 8.8.8.8:53 | qamyxgpynwr.net | udp |
| US | 8.8.8.8:53 | tjwtpt.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | usifvsrk.net | udp |
| US | 8.8.8.8:53 | qspzbarxwlw.net | udp |
| US | 8.8.8.8:53 | zofojaw.net | udp |
| US | 8.8.8.8:53 | dpppfrzl.net | udp |
| US | 8.8.8.8:53 | vezccqr.org | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | ufmawy.net | udp |
| US | 8.8.8.8:53 | bpzshggkxhxh.info | udp |
| US | 8.8.8.8:53 | iyykycgk.com | udp |
| US | 8.8.8.8:53 | uslkvmlqfet.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | bjtkyqpb.net | udp |
| US | 8.8.8.8:53 | wtwavsvhjpy.info | udp |
| US | 8.8.8.8:53 | kumsuemkos.org | udp |
| US | 8.8.8.8:53 | tijohrtrjfd.com | udp |
| US | 8.8.8.8:53 | buhuzwdkt.net | udp |
| US | 8.8.8.8:53 | leruauzon.com | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | znzmkmf.org | udp |
| US | 8.8.8.8:53 | ayfetvh.net | udp |
| US | 8.8.8.8:53 | wdqinmbbck.net | udp |
| US | 8.8.8.8:53 | jpjfzc.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | rzsmmtmqna.info | udp |
| US | 8.8.8.8:53 | qphsxsj.info | udp |
| US | 8.8.8.8:53 | qfedvcigxk.net | udp |
| US | 8.8.8.8:53 | kkyyoeqm.org | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | iygkaima.com | udp |
| US | 8.8.8.8:53 | ctpefdrrty.net | udp |
| US | 8.8.8.8:53 | sdlehdf.info | udp |
| US | 8.8.8.8:53 | jzxmdyfyr.org | udp |
| US | 8.8.8.8:53 | yjvpxxbdjult.info | udp |
| US | 8.8.8.8:53 | gwkigqiqgoos.org | udp |
| US | 8.8.8.8:53 | mwasnadctu.info | udp |
| US | 8.8.8.8:53 | hwklzggewan.org | udp |
| US | 8.8.8.8:53 | jlksxd.info | udp |
| US | 8.8.8.8:53 | yoouoemu.com | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | ndxmbuzl.info | udp |
| US | 8.8.8.8:53 | gsowjojme.info | udp |
| US | 8.8.8.8:53 | mbjkjh.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | fghohmh.org | udp |
| US | 8.8.8.8:53 | rabyjhee.info | udp |
| US | 8.8.8.8:53 | xuvqtdzvazju.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | xitbtenmj.info | udp |
| US | 8.8.8.8:53 | hxvbqgt.info | udp |
| US | 8.8.8.8:53 | shkiykf.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | nutsvgf.org | udp |
| US | 8.8.8.8:53 | susanbbsj.info | udp |
| US | 8.8.8.8:53 | rcfupwzkz.info | udp |
| US | 8.8.8.8:53 | otdyaaaax.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | judgfij.info | udp |
| US | 8.8.8.8:53 | ciuauuaa.com | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | lkbizclms.info | udp |
| US | 8.8.8.8:53 | eyzqou.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | dacicqlmj.net | udp |
| US | 8.8.8.8:53 | cbbatop.info | udp |
| US | 8.8.8.8:53 | aodgdoh.net | udp |
| US | 8.8.8.8:53 | dmbgjvl.com | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | jcdyzg.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | oscekgmc.com | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | pqvsxwrpp.net | udp |
| US | 8.8.8.8:53 | xlprndohpotx.info | udp |
| US | 8.8.8.8:53 | jeevdma.info | udp |
| US | 8.8.8.8:53 | gkwsicsi.com | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | rfvgufhnlcrt.net | udp |
| US | 8.8.8.8:53 | ztuvfk.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | fhfijppwgbze.net | udp |
| US | 8.8.8.8:53 | ayjdrtvmpg.net | udp |
| US | 8.8.8.8:53 | tezmnvarugmg.net | udp |
| US | 8.8.8.8:53 | zevaliu.org | udp |
| US | 8.8.8.8:53 | mciccwoit.info | udp |
| US | 8.8.8.8:53 | bkkkwzbepi.info | udp |
| US | 8.8.8.8:53 | dizbtp.net | udp |
| US | 8.8.8.8:53 | rxvhqofjkwj.com | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | lbihfb.net | udp |
| US | 8.8.8.8:53 | coxlxol.net | udp |
| US | 8.8.8.8:53 | qmxyphfyxiv.info | udp |
| US | 8.8.8.8:53 | uglsdetd.net | udp |
| US | 8.8.8.8:53 | tylbyepellr.org | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | hwcysaqkbkr.com | udp |
| US | 8.8.8.8:53 | lgcndxdj.info | udp |
| US | 8.8.8.8:53 | jkhnjbkcxsmv.net | udp |
| US | 8.8.8.8:53 | ukvudaz.info | udp |
| US | 8.8.8.8:53 | qwemikke.org | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | ahlxuqtibn.net | udp |
| US | 8.8.8.8:53 | baaiwejiy.info | udp |
| US | 8.8.8.8:53 | usumcqgaomgo.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | ubdutyv.net | udp |
| US | 8.8.8.8:53 | wmimuc.com | udp |
| US | 8.8.8.8:53 | njjyzefaivg.net | udp |
| US | 8.8.8.8:53 | jusoog.net | udp |
| US | 8.8.8.8:53 | qsxmfkb.info | udp |
| US | 8.8.8.8:53 | esbizt.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | uoketanuxb.info | udp |
| US | 8.8.8.8:53 | xwpynm.info | udp |
| US | 8.8.8.8:53 | mcwsxoxzj.info | udp |
| US | 8.8.8.8:53 | fmcbbggmhyj.info | udp |
| US | 8.8.8.8:53 | gcfhzwxddb.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | hkbwvsvwv.com | udp |
| US | 8.8.8.8:53 | zksazdk.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | nidptyzgp.info | udp |
| US | 8.8.8.8:53 | gtmtztzelt.info | udp |
| US | 8.8.8.8:53 | sugamewuyssu.com | udp |
| US | 8.8.8.8:53 | mvaqna.net | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | gqwdjkufd.info | udp |
| US | 8.8.8.8:53 | rdnuvsx.net | udp |
| US | 8.8.8.8:53 | typwvkujxes.net | udp |
| US | 8.8.8.8:53 | tqzarfbipgmg.net | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | ymhwmdjnkdeh.net | udp |
| US | 8.8.8.8:53 | rbqtivmrjc.net | udp |
| US | 8.8.8.8:53 | hricvyaet.com | udp |
| US | 8.8.8.8:53 | jqdggjfw.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | kwptdejopif.info | udp |
| US | 8.8.8.8:53 | zkunjlxqmaa.net | udp |
| US | 8.8.8.8:53 | kbxufkuoxlk.info | udp |
| US | 8.8.8.8:53 | pmkigvmwfbyb.net | udp |
| US | 8.8.8.8:53 | icuuagqieios.org | udp |
| US | 8.8.8.8:53 | jerdxvcm.net | udp |
| US | 8.8.8.8:53 | pjvomxggdvdl.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | zkswqgyt.info | udp |
| US | 8.8.8.8:53 | kiokao.com | udp |
| US | 162.241.85.41:80 | kiokao.com | tcp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | fnrlzh.info | udp |
| US | 8.8.8.8:53 | gsisycnwv.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | fzmdpi.net | udp |
| US | 8.8.8.8:53 | qagnlsblg.info | udp |
| US | 8.8.8.8:53 | larrrpgp.net | udp |
| US | 8.8.8.8:53 | sorudflnhn.net | udp |
| US | 8.8.8.8:53 | snoahhpa.net | udp |
| US | 8.8.8.8:53 | ukokkciise.com | udp |
| US | 8.8.8.8:53 | dhjexuqder.net | udp |
| US | 8.8.8.8:53 | zmeenitml.org | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | fyhorir.info | udp |
| US | 8.8.8.8:53 | qsoueoscwq.com | udp |
| US | 8.8.8.8:53 | dqjlooikxxw.org | udp |
| US | 8.8.8.8:53 | vulwtmegj.net | udp |
| US | 8.8.8.8:53 | puruhrq.net | udp |
| US | 8.8.8.8:53 | yiovihvjrlvy.info | udp |
| US | 8.8.8.8:53 | fgdpeaoo.net | udp |
| US | 8.8.8.8:53 | wgbnmnls.info | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | yojrsbcrkgyn.net | udp |
| US | 8.8.8.8:53 | jarved.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | rcnxfrj.net | udp |
| US | 8.8.8.8:53 | hgkyxjckij.info | udp |
| US | 8.8.8.8:53 | rgvphamy.info | udp |
| US | 8.8.8.8:53 | rkbdpaqf.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | arhmfsdbpji.info | udp |
| US | 8.8.8.8:53 | vhmsqsqiin.net | udp |
| US | 8.8.8.8:53 | sytmeqd.info | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | vwhqfvofqtix.info | udp |
| US | 8.8.8.8:53 | zalxgbjsgsvd.net | udp |
| US | 8.8.8.8:53 | znmgxkvg.info | udp |
| US | 8.8.8.8:53 | smzipug.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | asdenvj.info | udp |
| US | 8.8.8.8:53 | ylwarkd.info | udp |
| US | 8.8.8.8:53 | kdgqni.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | atumjqk.net | udp |
| US | 8.8.8.8:53 | lgrqqcjot.net | udp |
| US | 8.8.8.8:53 | flxyhoefov.info | udp |
| US | 8.8.8.8:53 | guowqmpolrse.info | udp |
| US | 8.8.8.8:53 | uwecycuqywki.org | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | puaaxjfdb.net | udp |
| US | 8.8.8.8:53 | debtvhzzxkz.com | udp |
| US | 8.8.8.8:53 | lkuedezks.org | udp |
| US | 8.8.8.8:53 | egvpza.info | udp |
| US | 8.8.8.8:53 | helmqixex.net | udp |
| US | 8.8.8.8:53 | ffjhfhbhqk.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | gazodshaf.info | udp |
| US | 8.8.8.8:53 | merajoxyh.net | udp |
| US | 8.8.8.8:53 | xmdkuaomc.org | udp |
| US | 8.8.8.8:53 | dursvucgtcg.org | udp |
| US | 8.8.8.8:53 | cywamuqimmuo.org | udp |
| US | 8.8.8.8:53 | cysyaiao.org | udp |
| US | 8.8.8.8:53 | swfahyx.net | udp |
| US | 8.8.8.8:53 | lpbfvsrqhj.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | syjbdesgqrq.net | udp |
| US | 8.8.8.8:53 | wqlaevn.info | udp |
| US | 8.8.8.8:53 | dhgwkhjg.info | udp |
| US | 8.8.8.8:53 | soncgbzr.info | udp |
| US | 8.8.8.8:53 | leqdjgrwpceb.net | udp |
| US | 8.8.8.8:53 | embxdkzqnen.info | udp |
| US | 8.8.8.8:53 | napcpapskyl.info | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | uugsiawo.com | udp |
| US | 8.8.8.8:53 | yarauipsowh.net | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | iqfbvuh.info | udp |
| US | 8.8.8.8:53 | iaaghin.net | udp |
| US | 8.8.8.8:53 | txhfmdxvsd.net | udp |
| US | 8.8.8.8:53 | biucjt.info | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | vgjshao.org | udp |
| US | 8.8.8.8:53 | odunbz.info | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | scoaxqbu.info | udp |
| US | 8.8.8.8:53 | mbvrhyjpdw.net | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | nyszbqhih.net | udp |
| US | 8.8.8.8:53 | ndvjhoqodvhy.net | udp |
| US | 8.8.8.8:53 | uhityu.net | udp |
| US | 8.8.8.8:53 | burcpjiq.info | udp |
| US | 8.8.8.8:53 | dyouvwpvls.info | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | sionsnhp.net | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | guimqywuoy.com | udp |
| US | 8.8.8.8:53 | smasbopli.net | udp |
| US | 8.8.8.8:53 | waiaouymj.net | udp |
| US | 8.8.8.8:53 | aroxkg.info | udp |
| US | 8.8.8.8:53 | wgyakusmkoec.org | udp |
| US | 8.8.8.8:53 | xwpyygfcqcq.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | zpqftryc.info | udp |
| US | 8.8.8.8:53 | geeeweiymw.com | udp |
| US | 8.8.8.8:53 | vgszvazkrus.org | udp |
| US | 8.8.8.8:53 | fewlwre.info | udp |
| US | 8.8.8.8:53 | xovotulav.info | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | jmxwgeuqq.info | udp |
| US | 8.8.8.8:53 | sehaelg.net | udp |
| US | 8.8.8.8:53 | nkbyvif.net | udp |
| US | 8.8.8.8:53 | jqwkpyvjuovw.info | udp |
| US | 8.8.8.8:53 | hmlqxwl.net | udp |
| US | 8.8.8.8:53 | padkmtxif.info | udp |
| US | 8.8.8.8:53 | hkaebxvuqw.info | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | pglapch.org | udp |
| US | 8.8.8.8:53 | wevgofoip.info | udp |
| US | 8.8.8.8:53 | rdmjautsgtwq.info | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | larfbmilzgby.net | udp |
| US | 8.8.8.8:53 | uyoogiowkuua.com | udp |
| US | 8.8.8.8:53 | zilfottx.info | udp |
| US | 8.8.8.8:53 | lgvqjyultcxq.info | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | wiraajn.info | udp |
| US | 8.8.8.8:53 | acoubbl.info | udp |
| US | 8.8.8.8:53 | japerud.org | udp |
| US | 8.8.8.8:53 | jyblnmfkx.org | udp |
| US | 8.8.8.8:53 | eqnjcsv.info | udp |
| US | 8.8.8.8:53 | cgyyga.com | udp |
| US | 8.8.8.8:53 | iukauoco.com | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | xbrxqkuelr.info | udp |
| US | 8.8.8.8:53 | sivrymhwl.info | udp |
| US | 8.8.8.8:53 | asxybdlyrqh.net | udp |
| US | 8.8.8.8:53 | bkdyuirwk.net | udp |
| US | 8.8.8.8:53 | mwkukqei.com | udp |
| US | 8.8.8.8:53 | rqanfwm.org | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | akkoyyqqsegs.org | udp |
| US | 8.8.8.8:53 | ihlguh.info | udp |
| US | 8.8.8.8:53 | qqfmpylkz.info | udp |
| US | 8.8.8.8:53 | okmursq.info | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | novwjqz.com | udp |
| US | 8.8.8.8:53 | qovcrmfen.net | udp |
| US | 8.8.8.8:53 | jgreafpgbza.org | udp |
| US | 8.8.8.8:53 | aubtfc.info | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | vcqmjcvvvp.net | udp |
| US | 8.8.8.8:53 | gwqwtivu.info | udp |
| US | 8.8.8.8:53 | pnpjwt.net | udp |
| US | 8.8.8.8:53 | tbzuvepvnqy.net | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | tctpzszlh.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | qyaaujs.info | udp |
| US | 8.8.8.8:53 | iarbxh.net | udp |
| US | 8.8.8.8:53 | cwrzzvdqbyr.net | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe
| MD5 | b5b49d49bff690fe7c68493ee278d0a5 |
| SHA1 | 4b9d169804c5195158fbf7207d1111d900c309ae |
| SHA256 | 423ac788da79008753b7aa7d8d6c7e726e94186caf69f36266d2304862ae677a |
| SHA512 | b4bbb4e13c7d38fcf6cf20444f5de560df37ef9929bb7973bc4bd65f0f16b88a229549985302bf9532f39dc2d8da1fcb574899de26a5dcadbb4cfd1ce0ee39ab |
C:\Users\Admin\AppData\Local\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo
| MD5 | 2e4d1822735e56a5a17633f70503ad44 |
| SHA1 | 7410a4a931d7cdc9284d6114e60e3f09a3440291 |
| SHA256 | 5ef5e01163bccb42baec5078bfbecefdb0036ad756123d10f91e7b03efd3dda7 |
| SHA512 | 46a2cb7941d39983439a21df45bd903dc38b6960dcf7de6174a550b10db51dfb7104e7b2e126c169d08e38e8f2487482ba36ff476775e02d0b531dc4aa65b456 |
C:\Users\Admin\AppData\Local\efjijrqsxtdaniblwboptstb.chd
| MD5 | 3509762183ce1608d5a53a9dc0fab7f7 |
| SHA1 | f21e281fae1aef4bb103b3206177a9e22873873d |
| SHA256 | 5817a256791d707df5b8a06138f21ff5dac24918322286ec83c31a474429cd3f |
| SHA512 | d9719e5bc85046c9b4a7dba40cc104ce951f0c422059d1bd5a6c5fbd73ccc82b46424f1593324a2b95da351e049a269461c1b0ef312538a496222c310cb42318 |
C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd
| MD5 | e8e9ddf61af47cc8437fb035c13341ae |
| SHA1 | aae8f4719e14e2da823ecf904e92bf3ab9b219ee |
| SHA256 | fe35504180e69ab28218d70c6e343dfa31c974c95233eb45c8521204d75079a8 |
| SHA512 | 881e8eb464e3bd6bac23f57653250c2ee94563deaf1387d218d73e695d66431a690b766d23061f0efc7fc9c2cfd7f916ecbb0c974aee824989073bc266eca29f |
C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd
| MD5 | c7bf79307be3f4c0f51ea554ec376e30 |
| SHA1 | d3a2c67183b00522c847690c6d916c2ae2634fdb |
| SHA256 | 72776db7dc24a89d84ce435921ed20980b33da49f4182018c4f2c22f8452779f |
| SHA512 | 170c356487a829a32bc52f3c2fb93ecc682200d066432e8dc91b2cd22d230644133e50b8f38d0b172ed93a646dc36726d7d338df7162b3e07326487211479b29 |
C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd
| MD5 | 31ca338090fecaa26088a1177df80ea6 |
| SHA1 | deb8058b521b0c151d0a5abd20e48413aee1da92 |
| SHA256 | cccba2bc40c40ce691d0c7087a081c46104b68cab5b8825290d6e278ba64879a |
| SHA512 | 8bbd9ca02adf72b70ca00e4afcd4d19531d7a3fcb734f132b25e2f405edc58102f00c32aff8c16c9166da09b6dbc57aef9e90e63679f21c389ac348757f56cd4 |
C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd
| MD5 | 0172a958cccea9d7fabb21d505e05c96 |
| SHA1 | 8fb3775ad0ee489fc2d81baaf3a460d8d781ff96 |
| SHA256 | ba96f9d2306ad89df01165403f9ad6361812a4d25e3f6f5e90b55c693485eba3 |
| SHA512 | b83794fad99d4a8c41e1fc840c1957e2c0850fa97eb70a6af1fa417ffb798d39227b8b988dc6f2b1de7b478dbbb8beff87a45aba03d4f1165c3f916acdd6bb45 |
C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd
| MD5 | ddff2b8bcb7a13a19ef6fc4be509c057 |
| SHA1 | 3ae3c9e2b4bb41e2bc89c9e8003dd8b111f9d76f |
| SHA256 | 58bd6de0d736c4d9683544678836be003224a994b37b54c6e7aa9e7863d71002 |
| SHA512 | ec6b9a2ed13ea000a9e0af7933646c2d7ee45d6a225d61e59c27dbe11a03af99d33b0228dacf1401837e5b679325ef49d39e9c0ba97bf5b01c74d602678e736d |
C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd
| MD5 | 740461c68e6d187d5908fc8eb7c4e646 |
| SHA1 | dbca15144bb7145721ed630086d1088ad4bac4e8 |
| SHA256 | 19ee10daa4731d90cbfa2fe8d0e93708fab64d03aceef42500c70bded7ebabdd |
| SHA512 | 2f8225771cee1ab5e2d2962db2057b7e301247dded887bc8489fff12a2e18ec298dcf2c720e305b5736fcb71b491ab6d6b6d145f99eae4fb46693602abca9b40 |
C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd
| MD5 | 17414509c61f3b35f8987a1531947e29 |
| SHA1 | 150c29fb876e7afd6f65083c970499a666bffbef |
| SHA256 | 527277459bf5e7c125c7767b278354a98a40dff67f651e438e013e324174770c |
| SHA512 | fb000b1487ca333478307e4990ff2e70e17edea681748db805b2896a1ac4c6d9ac36c16d850b123972b155a017c40d671c2a2a38cf71c0a615dd370834b10e70 |