Malware Analysis Report

2025-08-10 16:33

Sample ID 250411-vxmt4sv1ft
Target JaffaCakes118_af48005ddcc2ad191061f65097eff80b
SHA256 301cd9d85ace67c1d56b5a62afe74a059deca953f17295f1a687408c6e761cd8
Tags
worm pykspa defense_evasion discovery persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

301cd9d85ace67c1d56b5a62afe74a059deca953f17295f1a687408c6e761cd8

Threat Level: Known bad

The file JaffaCakes118_af48005ddcc2ad191061f65097eff80b was found to be: Known bad.

Malicious Activity Summary

worm pykspa defense_evasion discovery persistence privilege_escalation trojan

Detect Pykspa worm

Modifies WinLogon for persistence

UAC bypass

Pykspa family

Pykspa

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Impair Defenses: Safe Mode Boot

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-11 17:22

Signatures

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A

Pykspa family

pykspa

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-11 17:22

Reported

2025-04-11 17:24

Platform

win10v2004-20250410-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xdmqwjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wfryhxeobf = "wldqfboexhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "dtmaqnbsmxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "kdzqjjaurfhwbozbebgz.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "dtmaqnbsmxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "mdxmdbqidppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "kdzqjjaurfhwbozbebgz.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "ztqicdvqodgwcqcfjhnhe.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "mdxmdbqidppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wldqfboexhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbowgxfqejc = "xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "ztqicdvqodgwcqcfjhnhe.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "wldqfboexhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "dtmaqnbsmxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "dtmaqnbsmxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "xpkasrhawjkycoyzbxb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oznwhziujpjq = "wldqfboexhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdxmdbqidppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dtmaqnbsmxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztqicdvqodgwcqcfjhnhe.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtdipdiq = "wldqfboexhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dlwckzfoa = "wldqfboexhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nzoykdnaqxsay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xpkasrhawjkycoyzbxb.exe ." C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obrcpjuizhdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdzqjjaurfhwbozbebgz.exe" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\efjijrqsxtdaniblwboptstb.chd C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File created C:\Windows\SysWOW64\efjijrqsxtdaniblwboptstb.chd C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File opened for modification C:\Windows\SysWOW64\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File created C:\Windows\SysWOW64\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File created C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File opened for modification C:\Program Files (x86)\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File created C:\Program Files (x86)\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File created C:\Windows\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File opened for modification C:\Windows\efjijrqsxtdaniblwboptstb.chd C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
File created C:\Windows\efjijrqsxtdaniblwboptstb.chd C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af48005ddcc2ad191061f65097eff80b.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe

"C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe" "-"

C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe

"C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe" "-"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xpkasrhawjkycoyzbxb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wldqfboexhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dtmaqnbsmxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztqicdvqodgwcqcfjhnhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dtmaqnbsmxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kdzqjjaurfhwbozbebgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdxmdbqidppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wldqfboexhfqrahf.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:80 www.youtube.com tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 qyaaujs.info udp
US 8.8.8.8:53 qqcsoa.org udp
US 8.8.8.8:53 gusqbmw.info udp
US 8.8.8.8:53 qruszmh.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 sdxdrorejtsb.info udp
US 8.8.8.8:53 gucdzytwr.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 rnoftwap.net udp
US 8.8.8.8:53 pnzkbanfvpf.net udp
US 8.8.8.8:53 dvlpph.net udp
US 8.8.8.8:53 jktijyykjy.info udp
US 8.8.8.8:53 muugkogeoyku.com udp
US 8.8.8.8:53 ogwukisomu.com udp
US 8.8.8.8:53 lqiflvf.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 jjecbsecwkm.org udp
US 8.8.8.8:53 cssiaeko.org udp
US 8.8.8.8:53 yjqdxmhpyid.net udp
US 8.8.8.8:53 pkeytexdqgb.info udp
US 8.8.8.8:53 sornniflhz.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 mvmeasfixjce.info udp
US 8.8.8.8:53 gcjszfnqsui.info udp
US 8.8.8.8:53 lgncbyr.org udp
US 8.8.8.8:53 jcaqlgrowvf.net udp
US 8.8.8.8:53 wyscoeiowkey.org udp
US 8.8.8.8:53 rsxcbfhhbdv.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 gwpgueh.net udp
US 8.8.8.8:53 uscwgeou.com udp
US 8.8.8.8:53 qqwsgyimww.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 ilqigqffkxh.info udp
US 8.8.8.8:53 aehuhyz.info udp
US 8.8.8.8:53 dirrpbna.info udp
US 8.8.8.8:53 lvryxhnlnwhq.info udp
US 8.8.8.8:53 qsfgrlthr.net udp
US 8.8.8.8:53 icevpgm.net udp
US 8.8.8.8:53 ywylsuczgv.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 zgtqluuobgr.com udp
US 8.8.8.8:53 jonyyvvqx.net udp
US 8.8.8.8:53 aoyaiqgg.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 cesymkamsa.org udp
US 8.8.8.8:53 oeugzae.info udp
US 8.8.8.8:53 vkzelnmfnun.org udp
US 8.8.8.8:53 pkmekxoaq.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 azzprcnufqx.info udp
US 8.8.8.8:53 czygkj.net udp
US 8.8.8.8:53 aoqrtf.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 ritreafnlkn.info udp
US 8.8.8.8:53 kywgogqeoi.org udp
US 8.8.8.8:53 dopgdwp.com udp
US 8.8.8.8:53 zwlulajkf.info udp
US 8.8.8.8:53 sijotomxukd.net udp
US 8.8.8.8:53 nhvctiuhzkm.com udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 uugaiscyss.org udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 yoiyqusc.com udp
US 8.8.8.8:53 vsfqfqj.info udp
US 8.8.8.8:53 byuyaylvtryx.info udp
US 8.8.8.8:53 izfkwoh.net udp
US 8.8.8.8:53 pqxcvbd.org udp
US 8.8.8.8:53 mmddzsercjji.net udp
US 8.8.8.8:53 uomvdqlsigir.net udp
US 8.8.8.8:53 kcusiqcoomqe.org udp
US 8.8.8.8:53 gsuuxlbul.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 uhzcladunmrj.info udp
US 8.8.8.8:53 nynjqrlc.info udp
US 8.8.8.8:53 hfpsnmt.com udp
US 8.8.8.8:53 rcqwppieql.info udp
US 8.8.8.8:53 texfosn.info udp
US 8.8.8.8:53 ssjwtnjcx.info udp
US 8.8.8.8:53 bghdbyxu.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 jujheme.info udp
US 8.8.8.8:53 felxihnaz.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 oaeaum.org udp
US 8.8.8.8:53 shdwdajcix.net udp
US 8.8.8.8:53 ysswio.org udp
US 8.8.8.8:53 xpjlbfpuvqb.com udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 xlpmjlaes.info udp
US 8.8.8.8:53 sakumk.com udp
US 8.8.8.8:53 eewegmkwsmyc.org udp
US 8.8.8.8:53 nqtkswddj.com udp
US 8.8.8.8:53 uyvgpsrvnmq.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 qcjmpwzcfm.net udp
US 8.8.8.8:53 rtanmxor.info udp
US 8.8.8.8:53 nkhriakqyqz.com udp
US 8.8.8.8:53 gzvwfmy.info udp
US 8.8.8.8:53 bclqpnxwyg.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 lrtnfqhqq.com udp
US 8.8.8.8:53 apnazihwyig.net udp
US 8.8.8.8:53 rwcdaeuhbeli.net udp
US 8.8.8.8:53 tfnccgnomu.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 vsifkssyc.info udp
US 8.8.8.8:53 byvpijskyqj.net udp
US 8.8.8.8:53 nobgdcncl.org udp
US 8.8.8.8:53 okuiojpw.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 tvtnzej.net udp
US 8.8.8.8:53 wabpmsji.net udp
US 8.8.8.8:53 czyhlfdrj.info udp
US 8.8.8.8:53 osywvotfh.info udp
US 8.8.8.8:53 tsbbvt.info udp
US 8.8.8.8:53 mnwqpbxvjvhb.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 eohwzsvxx.net udp
US 8.8.8.8:53 twxsdo.info udp
US 8.8.8.8:53 wgummesmme.com udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 fsoxxwrz.info udp
US 8.8.8.8:53 qybavn.net udp
US 8.8.8.8:53 supknxt.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 zablqdn.info udp
US 8.8.8.8:53 gyuoqqqwooeg.org udp
US 8.8.8.8:53 uiemocce.com udp
US 8.8.8.8:53 oqkcogmaew.com udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 haueqyfw.info udp
US 8.8.8.8:53 jkfqhut.com udp
US 8.8.8.8:53 cusynxdqgqyb.net udp
US 8.8.8.8:53 inyghyx.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 adhapux.net udp
US 8.8.8.8:53 awfdnv.net udp
US 8.8.8.8:53 xiiitmc.net udp
US 8.8.8.8:53 eyauggmk.com udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 zqksvx.net udp
US 8.8.8.8:53 ntfbhy.info udp
US 8.8.8.8:53 cylqzlbpy.info udp
US 8.8.8.8:53 csxiqhuugax.info udp
US 8.8.8.8:53 xiazbofijur.com udp
US 8.8.8.8:53 hafjdcgioqil.net udp
US 8.8.8.8:53 jzvcfatv.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 fyfyhjtvfmx.net udp
US 8.8.8.8:53 aexsol.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 lvyqknzeyjcu.net udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 lkrjdzdcoryu.net udp
US 8.8.8.8:53 fcphrologwp.net udp
US 8.8.8.8:53 etjrxoxhjf.net udp
US 8.8.8.8:53 tqnorlloqppa.info udp
US 8.8.8.8:53 zovofdjknz.net udp
US 8.8.8.8:53 piswdnfieen.com udp
US 8.8.8.8:53 djwopd.net udp
US 8.8.8.8:53 ccnanghta.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 jyakjunrbaw.com udp
US 8.8.8.8:53 smusfyn.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 pceeels.com udp
US 8.8.8.8:53 xokfcfxch.com udp
US 8.8.8.8:53 ciqiwy.org udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 jkhgkt.info udp
US 8.8.8.8:53 bjdurzhcz.info udp
US 8.8.8.8:53 mgeegu.com udp
US 8.8.8.8:53 knywkbpmvqfd.net udp
US 8.8.8.8:53 twwjbr.net udp
US 8.8.8.8:53 iylgkms.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 wagagsqakmow.com udp
US 8.8.8.8:53 zqrzvmhgz.net udp
US 8.8.8.8:53 dxiydepkq.org udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 dwplnv.net udp
US 8.8.8.8:53 ygkiayiiuksg.org udp
US 8.8.8.8:53 xuywhelwf.org udp
US 8.8.8.8:53 mummtmcer.info udp
US 8.8.8.8:53 kxqemqtkfjge.net udp
US 8.8.8.8:53 twbyjbsbsf.net udp
US 8.8.8.8:53 kxbczkgcxcx.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 njmgmckcmbn.org udp
US 8.8.8.8:53 chhwbqpwvtd.info udp
US 8.8.8.8:53 fkuulgearib.info udp
US 8.8.8.8:53 tgwbzmrqj.org udp
US 8.8.8.8:53 kdqxkurgjt.info udp
US 8.8.8.8:53 nkhvzixmuzdp.info udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 wotlvqibzuv.net udp
US 8.8.8.8:53 ipdjfkjelpu.net udp
US 8.8.8.8:53 pzcivm.net udp
US 8.8.8.8:53 amseltlelvf.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 tydtdesug.net udp
US 8.8.8.8:53 ryjuzszzh.org udp
US 8.8.8.8:53 awugskuosuui.org udp
US 8.8.8.8:53 aeqaceyakm.org udp
US 8.8.8.8:53 zrhqhtpcjor.net udp
US 8.8.8.8:53 vvjkgjqupq.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 zuixsontsv.info udp
US 8.8.8.8:53 nkfytes.info udp
US 8.8.8.8:53 rwuuxc.net udp
US 8.8.8.8:53 bkrxifgm.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 zciisglkqgb.info udp
US 8.8.8.8:53 qssfanjf.info udp
US 8.8.8.8:53 hqnyagtydkbx.net udp
US 8.8.8.8:53 kuucqiwkkgcq.org udp
US 8.8.8.8:53 lblenn.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 lscerkhfson.com udp
US 8.8.8.8:53 mawkua.com udp
US 8.8.8.8:53 jbvarbau.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 faainemksur.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 viaveioue.org udp
US 8.8.8.8:53 kayuku.com udp
US 8.8.8.8:53 vmfvjan.info udp
US 8.8.8.8:53 ntdhpqlyu.com udp
US 8.8.8.8:53 yokaogmmeiyw.org udp
US 8.8.8.8:53 bngovcghl.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 vqhkpudso.org udp
US 8.8.8.8:53 emkqiw.com udp
US 8.8.8.8:53 kwpizxvof.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 nfyszbdints.net udp
US 8.8.8.8:53 lfrdvanqckfe.net udp
US 8.8.8.8:53 hcsimwlyfoh.com udp
US 8.8.8.8:53 pdlgjhbb.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 whqrkkzwpihg.info udp
US 8.8.8.8:53 vmshvduq.info udp
US 8.8.8.8:53 dhpnyhej.net udp
US 8.8.8.8:53 jojeyieqrq.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 yrxogxigzsur.info udp
US 8.8.8.8:53 ztrmxsunbl.info udp
US 8.8.8.8:53 fpdopjdl.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 pfcloyglcgic.net udp
US 8.8.8.8:53 oymmboqut.net udp
US 8.8.8.8:53 qbshzu.net udp
US 8.8.8.8:53 qylqhwv.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 ychymgrkk.net udp
US 8.8.8.8:53 ppfltyadog.info udp
US 8.8.8.8:53 honfbtl.org udp
US 8.8.8.8:53 pfvefvxijrvf.info udp
US 8.8.8.8:53 kmkuiwgy.com udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 tillzljmtks.com udp
US 8.8.8.8:53 btxkgyzy.net udp
US 8.8.8.8:53 ifdmyxjupcb.net udp
US 8.8.8.8:53 leyqzq.info udp
US 8.8.8.8:53 zsnunyh.org udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 cogieu.net udp
US 8.8.8.8:53 muaozkljllr.net udp
US 8.8.8.8:53 zmnzutmwdu.info udp
US 8.8.8.8:53 laqgfsif.net udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 jglyztcdsbwb.net udp
US 8.8.8.8:53 chhorapwjzy.net udp
US 8.8.8.8:53 kcqaymsycksw.com udp
US 8.8.8.8:53 jrnolhwp.info udp
US 8.8.8.8:53 ejdfloex.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 dwophiewk.net udp
US 8.8.8.8:53 acivhmfatmpc.info udp
US 8.8.8.8:53 jkfqzkl.com udp
US 8.8.8.8:53 bjlnzl.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 jdlelarezxkg.info udp
US 8.8.8.8:53 blzyfvb.info udp
US 8.8.8.8:53 pyqkwjzut.org udp
US 8.8.8.8:53 tdasnpymldap.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 dksiydyxljoi.info udp
US 8.8.8.8:53 icwakoccqq.org udp
US 8.8.8.8:53 rqbtjmhkhj.net udp
US 8.8.8.8:53 ubfxlrpexr.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 kgmsmqswkwwc.com udp
US 8.8.8.8:53 kalixepwwfj.net udp
US 8.8.8.8:53 necyyxjegy.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 lwfkzfiesd.info udp
US 8.8.8.8:53 rmtmzes.org udp
US 8.8.8.8:53 gkakvonjv.info udp
US 8.8.8.8:53 azjygywymulk.info udp
US 8.8.8.8:53 llnrnz.net udp
US 8.8.8.8:53 bverebga.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 wyyueesi.org udp
US 8.8.8.8:53 gtqotnsmiyp.net udp
US 8.8.8.8:53 fazoxrp.com udp
US 8.8.8.8:53 pattne.net udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 aousuc.org udp
US 8.8.8.8:53 cwpqwmj.info udp
US 8.8.8.8:53 tnncpktjhon.net udp
US 8.8.8.8:53 xopmgiduyqf.info udp
US 8.8.8.8:53 egukgcnltcn.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 cimmyawqeycc.com udp
US 8.8.8.8:53 mkvvtuexohq.info udp
US 8.8.8.8:53 zgzutgnczeo.info udp
US 8.8.8.8:53 zgrcvciqm.org udp
US 8.8.8.8:53 wmnqdofnpgp.info udp
US 8.8.8.8:53 earxgkoqnrxv.info udp
US 8.8.8.8:53 cwqeswaof.net udp
US 8.8.8.8:53 ccfoxttenoyj.info udp
US 8.8.8.8:53 viphtteqt.org udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 luvlked.net udp
US 8.8.8.8:53 qzbuafhypfzw.info udp
US 8.8.8.8:53 vtpepyfgtxm.info udp
US 8.8.8.8:53 imsqog.org udp
US 8.8.8.8:53 ogdyjgrkj.net udp
US 8.8.8.8:53 gznyndmwzh.info udp
US 8.8.8.8:53 gamseymuoaui.org udp
US 8.8.8.8:53 emgesaoqysoc.org udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 aseqpyzgxun.info udp
US 8.8.8.8:53 nooqjs.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 zazivoqaf.info udp
US 8.8.8.8:53 xxlvfbbrfsxn.net udp
US 8.8.8.8:53 anneeafw.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ivhsgolvlo.net udp
US 8.8.8.8:53 hsnssuttqhlr.info udp
US 8.8.8.8:53 gkaiegmi.org udp
US 8.8.8.8:53 wuaqme.org udp
US 8.8.8.8:53 jaskbbvh.info udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 kwsmoaew.org udp
US 8.8.8.8:53 gafabcxkuun.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 hpnkrwpqkx.info udp
US 8.8.8.8:53 hlsuth.info udp
US 8.8.8.8:53 lkhlsiffzcb.org udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 bgjqnol.info udp
US 8.8.8.8:53 tmcooj.info udp
US 8.8.8.8:53 cyycai.org udp
US 8.8.8.8:53 scimuacsow.com udp
US 8.8.8.8:53 ukeokgms.org udp
US 8.8.8.8:53 pzeoidsfbb.net udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 yozdlfjazlnk.info udp
US 8.8.8.8:53 syoacwgmcwoa.com udp
US 8.8.8.8:53 owunjxl.net udp
US 8.8.8.8:53 hiondg.info udp
US 8.8.8.8:53 xivongn.info udp
US 8.8.8.8:53 eidpcd.info udp
US 8.8.8.8:53 dewntkpugrdz.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 gusowcoi.org udp
US 8.8.8.8:53 tgnsxmrvfoa.net udp
US 8.8.8.8:53 ihdvayvc.net udp
US 8.8.8.8:53 soqkagum.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 kzfgpvea.net udp
US 8.8.8.8:53 vkhxair.com udp
US 8.8.8.8:53 znnmhwiqbrd.org udp
US 8.8.8.8:53 aewppd.info udp
US 8.8.8.8:53 venxlrcp.info udp
US 8.8.8.8:53 vfkgpi.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 wihanwuat.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 bjspblwyfzzy.net udp
US 8.8.8.8:53 fceaihpjhlj.org udp
US 8.8.8.8:53 akwpzipcp.net udp
US 8.8.8.8:53 qsuyia.org udp
US 8.8.8.8:53 vdgxjcdgzx.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 swqdouim.net udp
US 8.8.8.8:53 rtilbz.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 wedzolwkvim.net udp
US 8.8.8.8:53 duuwgwx.com udp
US 8.8.8.8:53 gdukthalrchx.info udp
US 8.8.8.8:53 gyweoeso.org udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 nnqywodxpj.info udp
US 8.8.8.8:53 codlfcvwrid.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 tueowbh.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 pmpzribgjfgd.info udp
US 8.8.8.8:53 wetcpuh.net udp
US 8.8.8.8:53 nhniiebqn.org udp
US 8.8.8.8:53 smgxhumfeo.net udp
US 8.8.8.8:53 ukcbawn.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 gendycry.net udp
US 8.8.8.8:53 tcpdgsf.com udp
US 8.8.8.8:53 znlmvoiozyd.info udp
US 8.8.8.8:53 laqxfyvr.net udp
US 8.8.8.8:53 zqdypgbqpjf.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 fuqfwkhaoduv.net udp
US 8.8.8.8:53 yucmii.org udp
US 8.8.8.8:53 arawth.info udp
US 8.8.8.8:53 ijylbxrfgz.info udp
US 8.8.8.8:53 milchztkfit.info udp
US 8.8.8.8:53 swkshux.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 tkgfosmzbpcs.info udp
US 8.8.8.8:53 lhwmidzflqmr.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 qsccfelzn.net udp
US 8.8.8.8:53 sqxqlv.info udp
US 8.8.8.8:53 xynrpqvsjquo.net udp
US 8.8.8.8:53 sqrygjiijlm.net udp
US 8.8.8.8:53 jgsqglhgj.info udp
US 8.8.8.8:53 rlvyfaxvs.org udp
US 8.8.8.8:53 ozmgattuemuv.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 gikasccswe.com udp
US 8.8.8.8:53 seuiwgqe.com udp
US 8.8.8.8:53 akegcwmsgi.org udp
US 8.8.8.8:53 gycgce.com udp
US 8.8.8.8:53 aubejuu.net udp
US 8.8.8.8:53 ltxgldrwttqh.info udp
US 8.8.8.8:53 bgnidmx.com udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 ltbdih.net udp
US 8.8.8.8:53 zccfykdktej.info udp
US 8.8.8.8:53 lngidoh.net udp
US 8.8.8.8:53 gmlgfegpmqbw.info udp
US 8.8.8.8:53 motkuqfwtvt.net udp
US 8.8.8.8:53 uawimo.com udp
US 8.8.8.8:53 oqzehlvy.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 oppfwkrqclal.net udp
US 8.8.8.8:53 qkkoemoyeyma.com udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 laqlkorp.net udp
US 8.8.8.8:53 kcskfiv.info udp
US 8.8.8.8:53 amsfnkbqvky.info udp
US 8.8.8.8:53 zhboncxz.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 vgcabmsts.org udp
US 8.8.8.8:53 mkabozfdic.info udp
US 8.8.8.8:53 kccuuqio.org udp
US 8.8.8.8:53 qcpuzjhlagv.info udp
US 8.8.8.8:53 wjnymtdandwl.net udp
US 8.8.8.8:53 asgzoc.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 eiltvpnw.info udp
US 8.8.8.8:53 uysquyscuu.org udp
US 8.8.8.8:53 tatsdjzzp.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ywhirxdsz.net udp
US 8.8.8.8:53 qufxwvkqw.info udp
US 8.8.8.8:53 howmloa.info udp
US 8.8.8.8:53 rilkicq.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 waqiag.com udp
US 8.8.8.8:53 ixzebsvsrg.info udp
US 8.8.8.8:53 prtavdudhwx.com udp
US 8.8.8.8:53 gkgsagqmckwi.org udp
US 8.8.8.8:53 pmvvgrvstsdy.info udp
US 8.8.8.8:53 ceeymiyeeuec.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 qxhinydr.info udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 henmovqw.net udp
US 8.8.8.8:53 mimggqkmkw.com udp
US 8.8.8.8:53 hyxsupza.info udp
US 8.8.8.8:53 kcppvvoing.info udp
US 8.8.8.8:53 laasjh.info udp
US 8.8.8.8:53 ekvhlejobgx.net udp
US 8.8.8.8:53 umfyqiaar.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 lyfdfijey.org udp
US 8.8.8.8:53 logyujoxglft.info udp
US 8.8.8.8:53 reqytml.info udp
US 8.8.8.8:53 maccqgmu.com udp
US 8.8.8.8:53 fylndcpwx.info udp
US 8.8.8.8:53 zjhidrzkdb.info udp
US 8.8.8.8:53 iecuiowa.org udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 vmbirbogoj.info udp
US 8.8.8.8:53 cwffjfbykplz.info udp
US 8.8.8.8:53 rimkcqoes.org udp
US 8.8.8.8:53 vrebqf.info udp
US 8.8.8.8:53 uyuavnfqnilt.net udp
US 8.8.8.8:53 mfvshaxx.info udp
US 8.8.8.8:53 lrznrbldqnfw.net udp
US 8.8.8.8:53 zsyqlyceqk.net udp
US 8.8.8.8:53 vesegk.net udp
US 8.8.8.8:53 aijnymr.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 fuvgvkaar.com udp
US 8.8.8.8:53 psanlgbwr.info udp
US 8.8.8.8:53 cgjkdpgnb.info udp
US 8.8.8.8:53 bethfdxssd.net udp
US 8.8.8.8:53 zgelnoodmqbr.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 ltiaozsdb.org udp
US 8.8.8.8:53 wiqims.org udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 zolekt.info udp
US 8.8.8.8:53 hsnlhmjnrq.info udp
US 8.8.8.8:53 jbzebu.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 cwraxf.net udp
US 8.8.8.8:53 locxpumei.net udp
US 8.8.8.8:53 nhfsyh.net udp
US 8.8.8.8:53 ckxgjkzvp.info udp
US 8.8.8.8:53 phtwlnygijah.net udp
US 8.8.8.8:53 wbqgwoo.info udp
US 8.8.8.8:53 mskmammm.info udp
US 8.8.8.8:53 wyazqmbluh.info udp
US 8.8.8.8:53 lgnazaphpyg.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 hyfclmjolcl.com udp
US 8.8.8.8:53 ishpgfqrtc.info udp
US 8.8.8.8:53 hjtahoxczcv.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 tsgghmnbqd.net udp
US 8.8.8.8:53 bqzqdqfglxbn.info udp
US 8.8.8.8:53 acdpgmbxry.info udp
US 8.8.8.8:53 mkrgnntencd.net udp
US 8.8.8.8:53 rafitlvef.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 csrghkfof.info udp
US 8.8.8.8:53 zcvsrkrst.net udp
US 8.8.8.8:53 kkxwahccz.info udp
US 8.8.8.8:53 ywegysswwaue.org udp
US 8.8.8.8:53 twpgnbrg.info udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 cocmew.org udp
US 8.8.8.8:53 ihajfybmk.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 gkhkymhphok.net udp
US 8.8.8.8:53 nsbrveiw.net udp
US 8.8.8.8:53 ycokiqmusi.org udp
US 8.8.8.8:53 nfvsfikqgelb.net udp
US 8.8.8.8:53 bdwdbk.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 nmhctlemna.info udp
US 8.8.8.8:53 kszohuh.net udp
US 8.8.8.8:53 fcuekciz.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 qgualyfbn.info udp
US 8.8.8.8:53 zmronf.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 surijqnwe.info udp
US 8.8.8.8:53 ncrexxzyr.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 uvjmcnzjlg.info udp
US 8.8.8.8:53 ufvqqyo.info udp
US 8.8.8.8:53 ohhtkuhrjk.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 gnxsxuzgfsf.net udp
US 8.8.8.8:53 inhccfss.net udp
US 8.8.8.8:53 pozyua.net udp
US 8.8.8.8:53 sodemahohvh.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 wonyagz.net udp
US 8.8.8.8:53 oycgqskc.org udp
US 8.8.8.8:53 emhuxzgnlw.info udp
US 8.8.8.8:53 nxxwsaegskf.org udp
US 8.8.8.8:53 fhzsyr.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 henyxjlwsj.info udp
US 8.8.8.8:53 derhagersoh.org udp
US 8.8.8.8:53 ultahi.net udp
US 8.8.8.8:53 kgxnver.info udp
US 8.8.8.8:53 klsgmldiwvhp.info udp
US 8.8.8.8:53 izznyywldjft.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 kjxgzmcsx.info udp
US 8.8.8.8:53 jsawkcwcy.net udp
US 8.8.8.8:53 klwurspw.net udp
US 8.8.8.8:53 wstpldiozz.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 jxbfxai.com udp
US 8.8.8.8:53 hrpdsourve.net udp
US 8.8.8.8:53 vpenygdd.net udp
US 8.8.8.8:53 pcdwltcwd.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 hgvgcdtwxwxn.info udp
US 8.8.8.8:53 hlvtossgqi.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 swiuoo.com udp
US 8.8.8.8:53 aiiymeuoko.org udp
US 8.8.8.8:53 tzfofyitrc.info udp
US 8.8.8.8:53 agqkoqs.net udp
US 8.8.8.8:53 zgbaezq.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 cuwouiaoma.org udp
US 8.8.8.8:53 twwjmidgeg.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 dirajgd.info udp
US 8.8.8.8:53 esrrxwnn.info udp
US 8.8.8.8:53 vtpkmhxmzxtr.net udp
US 8.8.8.8:53 cbzyuvh.net udp
US 8.8.8.8:53 pipvjsigt.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 lklxnf.info udp
US 8.8.8.8:53 iktqzeuv.net udp
US 8.8.8.8:53 strxtbakk.info udp
US 8.8.8.8:53 yqpgkwtdx.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 qyzswdfsnh.info udp
US 8.8.8.8:53 tyiyiap.org udp
US 8.8.8.8:53 wiokuy.com udp
US 8.8.8.8:53 qjtaqmtnldl.net udp
US 8.8.8.8:53 blxujvj.org udp
US 8.8.8.8:53 wjvolvgmmv.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 scygcmkcuqac.com udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 rkgqbo.info udp
US 8.8.8.8:53 uqdzztvyk.net udp
US 8.8.8.8:53 xchgbjubpqx.com udp
US 8.8.8.8:53 tujsjmm.com udp
US 8.8.8.8:53 zgfufkdavtn.info udp
US 8.8.8.8:53 dlxgjdxepf.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 uwfkiynohxt.net udp
US 8.8.8.8:53 mocklwp.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 lmxeyfyfoe.net udp
US 8.8.8.8:53 tajxylfsfjb.net udp
US 8.8.8.8:53 tmlhex.net udp
US 8.8.8.8:53 berfwwcwhl.info udp
US 8.8.8.8:53 tgpmlwylu.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 zrpijlymdlnn.info udp
US 8.8.8.8:53 xyffjwj.org udp
US 8.8.8.8:53 wafkrhr.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 ayurdu.net udp
US 8.8.8.8:53 zchajf.net udp
US 8.8.8.8:53 crlowsh.info udp
US 8.8.8.8:53 vumibdra.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 ryvzwszvx.org udp
US 8.8.8.8:53 pvnoaiflvlp.org udp
US 8.8.8.8:53 yigemwky.com udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 lotqmiqsbyj.net udp
US 8.8.8.8:53 vyhykekriyve.net udp
US 8.8.8.8:53 clwizmhe.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 qphqruhcadu.info udp
US 8.8.8.8:53 zjvmfa.info udp
US 8.8.8.8:53 jwlegtty.net udp
US 8.8.8.8:53 voxcihhgsi.info udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 gckijkpfpked.net udp
US 8.8.8.8:53 yiykycyuuimk.com udp
US 8.8.8.8:53 bnnfwq.net udp
US 8.8.8.8:53 dpcbfwbuep.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 wnegshs.net udp
US 8.8.8.8:53 wmgxjivyi.net udp
US 8.8.8.8:53 lygzbym.com udp
US 8.8.8.8:53 wigqoksuksek.com udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 npdmrustdqtw.info udp
US 8.8.8.8:53 luzockpiu.info udp
US 8.8.8.8:53 cmyeoougai.org udp
US 8.8.8.8:53 doffhgp.info udp
US 8.8.8.8:53 etdepqpvwqt.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 ptryvcysx.com udp
US 8.8.8.8:53 ckbzmidepp.info udp
US 8.8.8.8:53 tirglqi.net udp
US 8.8.8.8:53 yaxzlywmf.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 fqytft.info udp
US 8.8.8.8:53 yacuqueq.org udp
US 8.8.8.8:53 rwzjdujlijpi.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 lpsgux.info udp
US 8.8.8.8:53 eezoxuzlc.net udp
US 8.8.8.8:53 vlpqzgw.org udp
US 8.8.8.8:53 webbfs.net udp
US 8.8.8.8:53 eukwriw.net udp
US 8.8.8.8:53 pmzlbqrwiol.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 jyabhmbhjk.net udp
US 8.8.8.8:53 ehdsiwj.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 ucftrehwp.info udp
US 8.8.8.8:53 rhjtpexizm.info udp
US 8.8.8.8:53 wrhfimavjh.net udp
US 8.8.8.8:53 maxqzdnkjnn.net udp
US 8.8.8.8:53 xyzwysknpyt.com udp
US 8.8.8.8:53 vqpcdowgs.info udp
US 8.8.8.8:53 sewqugdcyrfz.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 muyueeywkk.org udp
US 8.8.8.8:53 mwguzuqcgul.net udp
US 8.8.8.8:53 mouwukiigm.org udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 llvezdf.net udp
US 8.8.8.8:53 hnmyekhwuyj.com udp
US 8.8.8.8:53 qamyxgpynwr.net udp
US 8.8.8.8:53 tjwtpt.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 usifvsrk.net udp
US 8.8.8.8:53 qspzbarxwlw.net udp
US 8.8.8.8:53 zofojaw.net udp
US 8.8.8.8:53 dpppfrzl.net udp
US 8.8.8.8:53 vezccqr.org udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 ufmawy.net udp
US 8.8.8.8:53 bpzshggkxhxh.info udp
US 8.8.8.8:53 iyykycgk.com udp
US 8.8.8.8:53 uslkvmlqfet.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 bjtkyqpb.net udp
US 8.8.8.8:53 wtwavsvhjpy.info udp
US 8.8.8.8:53 kumsuemkos.org udp
US 8.8.8.8:53 tijohrtrjfd.com udp
US 8.8.8.8:53 buhuzwdkt.net udp
US 8.8.8.8:53 leruauzon.com udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 znzmkmf.org udp
US 8.8.8.8:53 ayfetvh.net udp
US 8.8.8.8:53 wdqinmbbck.net udp
US 8.8.8.8:53 jpjfzc.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 rzsmmtmqna.info udp
US 8.8.8.8:53 qphsxsj.info udp
US 8.8.8.8:53 qfedvcigxk.net udp
US 8.8.8.8:53 kkyyoeqm.org udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 iygkaima.com udp
US 8.8.8.8:53 ctpefdrrty.net udp
US 8.8.8.8:53 sdlehdf.info udp
US 8.8.8.8:53 jzxmdyfyr.org udp
US 8.8.8.8:53 yjvpxxbdjult.info udp
US 8.8.8.8:53 gwkigqiqgoos.org udp
US 8.8.8.8:53 mwasnadctu.info udp
US 8.8.8.8:53 hwklzggewan.org udp
US 8.8.8.8:53 jlksxd.info udp
US 8.8.8.8:53 yoouoemu.com udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 ndxmbuzl.info udp
US 8.8.8.8:53 gsowjojme.info udp
US 8.8.8.8:53 mbjkjh.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 fghohmh.org udp
US 8.8.8.8:53 rabyjhee.info udp
US 8.8.8.8:53 xuvqtdzvazju.net udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 xitbtenmj.info udp
US 8.8.8.8:53 hxvbqgt.info udp
US 8.8.8.8:53 shkiykf.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 nutsvgf.org udp
US 8.8.8.8:53 susanbbsj.info udp
US 8.8.8.8:53 rcfupwzkz.info udp
US 8.8.8.8:53 otdyaaaax.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 judgfij.info udp
US 8.8.8.8:53 ciuauuaa.com udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 lkbizclms.info udp
US 8.8.8.8:53 eyzqou.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 dacicqlmj.net udp
US 8.8.8.8:53 cbbatop.info udp
US 8.8.8.8:53 aodgdoh.net udp
US 8.8.8.8:53 dmbgjvl.com udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 jcdyzg.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 oscekgmc.com udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 pqvsxwrpp.net udp
US 8.8.8.8:53 xlprndohpotx.info udp
US 8.8.8.8:53 jeevdma.info udp
US 8.8.8.8:53 gkwsicsi.com udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 rfvgufhnlcrt.net udp
US 8.8.8.8:53 ztuvfk.info udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 fhfijppwgbze.net udp
US 8.8.8.8:53 ayjdrtvmpg.net udp
US 8.8.8.8:53 tezmnvarugmg.net udp
US 8.8.8.8:53 zevaliu.org udp
US 8.8.8.8:53 mciccwoit.info udp
US 8.8.8.8:53 bkkkwzbepi.info udp
US 8.8.8.8:53 dizbtp.net udp
US 8.8.8.8:53 rxvhqofjkwj.com udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 lbihfb.net udp
US 8.8.8.8:53 coxlxol.net udp
US 8.8.8.8:53 qmxyphfyxiv.info udp
US 8.8.8.8:53 uglsdetd.net udp
US 8.8.8.8:53 tylbyepellr.org udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 hwcysaqkbkr.com udp
US 8.8.8.8:53 lgcndxdj.info udp
US 8.8.8.8:53 jkhnjbkcxsmv.net udp
US 8.8.8.8:53 ukvudaz.info udp
US 8.8.8.8:53 qwemikke.org udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 ahlxuqtibn.net udp
US 8.8.8.8:53 baaiwejiy.info udp
US 8.8.8.8:53 usumcqgaomgo.org udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 ubdutyv.net udp
US 8.8.8.8:53 wmimuc.com udp
US 8.8.8.8:53 njjyzefaivg.net udp
US 8.8.8.8:53 jusoog.net udp
US 8.8.8.8:53 qsxmfkb.info udp
US 8.8.8.8:53 esbizt.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 uoketanuxb.info udp
US 8.8.8.8:53 xwpynm.info udp
US 8.8.8.8:53 mcwsxoxzj.info udp
US 8.8.8.8:53 fmcbbggmhyj.info udp
US 8.8.8.8:53 gcfhzwxddb.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 hkbwvsvwv.com udp
US 8.8.8.8:53 zksazdk.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 nidptyzgp.info udp
US 8.8.8.8:53 gtmtztzelt.info udp
US 8.8.8.8:53 sugamewuyssu.com udp
US 8.8.8.8:53 mvaqna.net udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 gqwdjkufd.info udp
US 8.8.8.8:53 rdnuvsx.net udp
US 8.8.8.8:53 typwvkujxes.net udp
US 8.8.8.8:53 tqzarfbipgmg.net udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 ymhwmdjnkdeh.net udp
US 8.8.8.8:53 rbqtivmrjc.net udp
US 8.8.8.8:53 hricvyaet.com udp
US 8.8.8.8:53 jqdggjfw.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 kwptdejopif.info udp
US 8.8.8.8:53 zkunjlxqmaa.net udp
US 8.8.8.8:53 kbxufkuoxlk.info udp
US 8.8.8.8:53 pmkigvmwfbyb.net udp
US 8.8.8.8:53 icuuagqieios.org udp
US 8.8.8.8:53 jerdxvcm.net udp
US 8.8.8.8:53 pjvomxggdvdl.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 zkswqgyt.info udp
US 8.8.8.8:53 kiokao.com udp
US 162.241.85.41:80 kiokao.com tcp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 fnrlzh.info udp
US 8.8.8.8:53 gsisycnwv.info udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 fzmdpi.net udp
US 8.8.8.8:53 qagnlsblg.info udp
US 8.8.8.8:53 larrrpgp.net udp
US 8.8.8.8:53 sorudflnhn.net udp
US 8.8.8.8:53 snoahhpa.net udp
US 8.8.8.8:53 ukokkciise.com udp
US 8.8.8.8:53 dhjexuqder.net udp
US 8.8.8.8:53 zmeenitml.org udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 fyhorir.info udp
US 8.8.8.8:53 qsoueoscwq.com udp
US 8.8.8.8:53 dqjlooikxxw.org udp
US 8.8.8.8:53 vulwtmegj.net udp
US 8.8.8.8:53 puruhrq.net udp
US 8.8.8.8:53 yiovihvjrlvy.info udp
US 8.8.8.8:53 fgdpeaoo.net udp
US 8.8.8.8:53 wgbnmnls.info udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 yojrsbcrkgyn.net udp
US 8.8.8.8:53 jarved.info udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 rcnxfrj.net udp
US 8.8.8.8:53 hgkyxjckij.info udp
US 8.8.8.8:53 rgvphamy.info udp
US 8.8.8.8:53 rkbdpaqf.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 arhmfsdbpji.info udp
US 8.8.8.8:53 vhmsqsqiin.net udp
US 8.8.8.8:53 sytmeqd.info udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 vwhqfvofqtix.info udp
US 8.8.8.8:53 zalxgbjsgsvd.net udp
US 8.8.8.8:53 znmgxkvg.info udp
US 8.8.8.8:53 smzipug.net udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 asdenvj.info udp
US 8.8.8.8:53 ylwarkd.info udp
US 8.8.8.8:53 kdgqni.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 atumjqk.net udp
US 8.8.8.8:53 lgrqqcjot.net udp
US 8.8.8.8:53 flxyhoefov.info udp
US 8.8.8.8:53 guowqmpolrse.info udp
US 8.8.8.8:53 uwecycuqywki.org udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 puaaxjfdb.net udp
US 8.8.8.8:53 debtvhzzxkz.com udp
US 8.8.8.8:53 lkuedezks.org udp
US 8.8.8.8:53 egvpza.info udp
US 8.8.8.8:53 helmqixex.net udp
US 8.8.8.8:53 ffjhfhbhqk.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 gazodshaf.info udp
US 8.8.8.8:53 merajoxyh.net udp
US 8.8.8.8:53 xmdkuaomc.org udp
US 8.8.8.8:53 dursvucgtcg.org udp
US 8.8.8.8:53 cywamuqimmuo.org udp
US 8.8.8.8:53 cysyaiao.org udp
US 8.8.8.8:53 swfahyx.net udp
US 8.8.8.8:53 lpbfvsrqhj.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 syjbdesgqrq.net udp
US 8.8.8.8:53 wqlaevn.info udp
US 8.8.8.8:53 dhgwkhjg.info udp
US 8.8.8.8:53 soncgbzr.info udp
US 8.8.8.8:53 leqdjgrwpceb.net udp
US 8.8.8.8:53 embxdkzqnen.info udp
US 8.8.8.8:53 napcpapskyl.info udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 uugsiawo.com udp
US 8.8.8.8:53 yarauipsowh.net udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 iqfbvuh.info udp
US 8.8.8.8:53 iaaghin.net udp
US 8.8.8.8:53 txhfmdxvsd.net udp
US 8.8.8.8:53 biucjt.info udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 vgjshao.org udp
US 8.8.8.8:53 odunbz.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 scoaxqbu.info udp
US 8.8.8.8:53 mbvrhyjpdw.net udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 nyszbqhih.net udp
US 8.8.8.8:53 ndvjhoqodvhy.net udp
US 8.8.8.8:53 uhityu.net udp
US 8.8.8.8:53 burcpjiq.info udp
US 8.8.8.8:53 dyouvwpvls.info udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 sionsnhp.net udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 guimqywuoy.com udp
US 8.8.8.8:53 smasbopli.net udp
US 8.8.8.8:53 waiaouymj.net udp
US 8.8.8.8:53 aroxkg.info udp
US 8.8.8.8:53 wgyakusmkoec.org udp
US 8.8.8.8:53 xwpyygfcqcq.net udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 zpqftryc.info udp
US 8.8.8.8:53 geeeweiymw.com udp
US 8.8.8.8:53 vgszvazkrus.org udp
US 8.8.8.8:53 fewlwre.info udp
US 8.8.8.8:53 xovotulav.info udp
US 8.8.8.8:53 ssgqsckw.com udp
US 8.8.8.8:53 jmxwgeuqq.info udp
US 8.8.8.8:53 sehaelg.net udp
US 8.8.8.8:53 nkbyvif.net udp
US 8.8.8.8:53 jqwkpyvjuovw.info udp
US 8.8.8.8:53 hmlqxwl.net udp
US 8.8.8.8:53 padkmtxif.info udp
US 8.8.8.8:53 hkaebxvuqw.info udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 pglapch.org udp
US 8.8.8.8:53 wevgofoip.info udp
US 8.8.8.8:53 rdmjautsgtwq.info udp
US 8.8.8.8:53 xflrdxdu.net udp
US 8.8.8.8:53 larfbmilzgby.net udp
US 8.8.8.8:53 uyoogiowkuua.com udp
US 8.8.8.8:53 zilfottx.info udp
US 8.8.8.8:53 lgvqjyultcxq.info udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 wiraajn.info udp
US 8.8.8.8:53 acoubbl.info udp
US 8.8.8.8:53 japerud.org udp
US 8.8.8.8:53 jyblnmfkx.org udp
US 8.8.8.8:53 eqnjcsv.info udp
US 8.8.8.8:53 cgyyga.com udp
US 8.8.8.8:53 iukauoco.com udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 xbrxqkuelr.info udp
US 8.8.8.8:53 sivrymhwl.info udp
US 8.8.8.8:53 asxybdlyrqh.net udp
US 8.8.8.8:53 bkdyuirwk.net udp
US 8.8.8.8:53 mwkukqei.com udp
US 8.8.8.8:53 rqanfwm.org udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 akkoyyqqsegs.org udp
US 8.8.8.8:53 ihlguh.info udp
US 8.8.8.8:53 qqfmpylkz.info udp
US 8.8.8.8:53 okmursq.info udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 novwjqz.com udp
US 8.8.8.8:53 qovcrmfen.net udp
US 8.8.8.8:53 jgreafpgbza.org udp
US 8.8.8.8:53 aubtfc.info udp
US 8.8.8.8:53 xbfhtyff.info udp
US 8.8.8.8:53 vcqmjcvvvp.net udp
US 8.8.8.8:53 gwqwtivu.info udp
US 8.8.8.8:53 pnpjwt.net udp
US 8.8.8.8:53 tbzuvepvnqy.net udp
US 8.8.8.8:53 vsswekgnat.info udp
US 8.8.8.8:53 tctpzszlh.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 qyaaujs.info udp
US 8.8.8.8:53 iarbxh.net udp
US 8.8.8.8:53 cwrzzvdqbyr.net udp
SG 18.142.91.111:80 unxfuild.info tcp

Files

C:\Users\Admin\AppData\Local\Temp\xdmqwjn.exe

MD5 b5b49d49bff690fe7c68493ee278d0a5
SHA1 4b9d169804c5195158fbf7207d1111d900c309ae
SHA256 423ac788da79008753b7aa7d8d6c7e726e94186caf69f36266d2304862ae677a
SHA512 b4bbb4e13c7d38fcf6cf20444f5de560df37ef9929bb7973bc4bd65f0f16b88a229549985302bf9532f39dc2d8da1fcb574899de26a5dcadbb4cfd1ce0ee39ab

C:\Users\Admin\AppData\Local\nzoykdnaqxsayeidzpnzoykdnaqxsayeidz.nzo

MD5 2e4d1822735e56a5a17633f70503ad44
SHA1 7410a4a931d7cdc9284d6114e60e3f09a3440291
SHA256 5ef5e01163bccb42baec5078bfbecefdb0036ad756123d10f91e7b03efd3dda7
SHA512 46a2cb7941d39983439a21df45bd903dc38b6960dcf7de6174a550b10db51dfb7104e7b2e126c169d08e38e8f2487482ba36ff476775e02d0b531dc4aa65b456

C:\Users\Admin\AppData\Local\efjijrqsxtdaniblwboptstb.chd

MD5 3509762183ce1608d5a53a9dc0fab7f7
SHA1 f21e281fae1aef4bb103b3206177a9e22873873d
SHA256 5817a256791d707df5b8a06138f21ff5dac24918322286ec83c31a474429cd3f
SHA512 d9719e5bc85046c9b4a7dba40cc104ce951f0c422059d1bd5a6c5fbd73ccc82b46424f1593324a2b95da351e049a269461c1b0ef312538a496222c310cb42318

C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd

MD5 e8e9ddf61af47cc8437fb035c13341ae
SHA1 aae8f4719e14e2da823ecf904e92bf3ab9b219ee
SHA256 fe35504180e69ab28218d70c6e343dfa31c974c95233eb45c8521204d75079a8
SHA512 881e8eb464e3bd6bac23f57653250c2ee94563deaf1387d218d73e695d66431a690b766d23061f0efc7fc9c2cfd7f916ecbb0c974aee824989073bc266eca29f

C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd

MD5 c7bf79307be3f4c0f51ea554ec376e30
SHA1 d3a2c67183b00522c847690c6d916c2ae2634fdb
SHA256 72776db7dc24a89d84ce435921ed20980b33da49f4182018c4f2c22f8452779f
SHA512 170c356487a829a32bc52f3c2fb93ecc682200d066432e8dc91b2cd22d230644133e50b8f38d0b172ed93a646dc36726d7d338df7162b3e07326487211479b29

C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd

MD5 31ca338090fecaa26088a1177df80ea6
SHA1 deb8058b521b0c151d0a5abd20e48413aee1da92
SHA256 cccba2bc40c40ce691d0c7087a081c46104b68cab5b8825290d6e278ba64879a
SHA512 8bbd9ca02adf72b70ca00e4afcd4d19531d7a3fcb734f132b25e2f405edc58102f00c32aff8c16c9166da09b6dbc57aef9e90e63679f21c389ac348757f56cd4

C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd

MD5 0172a958cccea9d7fabb21d505e05c96
SHA1 8fb3775ad0ee489fc2d81baaf3a460d8d781ff96
SHA256 ba96f9d2306ad89df01165403f9ad6361812a4d25e3f6f5e90b55c693485eba3
SHA512 b83794fad99d4a8c41e1fc840c1957e2c0850fa97eb70a6af1fa417ffb798d39227b8b988dc6f2b1de7b478dbbb8beff87a45aba03d4f1165c3f916acdd6bb45

C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd

MD5 ddff2b8bcb7a13a19ef6fc4be509c057
SHA1 3ae3c9e2b4bb41e2bc89c9e8003dd8b111f9d76f
SHA256 58bd6de0d736c4d9683544678836be003224a994b37b54c6e7aa9e7863d71002
SHA512 ec6b9a2ed13ea000a9e0af7933646c2d7ee45d6a225d61e59c27dbe11a03af99d33b0228dacf1401837e5b679325ef49d39e9c0ba97bf5b01c74d602678e736d

C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd

MD5 740461c68e6d187d5908fc8eb7c4e646
SHA1 dbca15144bb7145721ed630086d1088ad4bac4e8
SHA256 19ee10daa4731d90cbfa2fe8d0e93708fab64d03aceef42500c70bded7ebabdd
SHA512 2f8225771cee1ab5e2d2962db2057b7e301247dded887bc8489fff12a2e18ec298dcf2c720e305b5736fcb71b491ab6d6b6d145f99eae4fb46693602abca9b40

C:\Program Files (x86)\efjijrqsxtdaniblwboptstb.chd

MD5 17414509c61f3b35f8987a1531947e29
SHA1 150c29fb876e7afd6f65083c970499a666bffbef
SHA256 527277459bf5e7c125c7767b278354a98a40dff67f651e438e013e324174770c
SHA512 fb000b1487ca333478307e4990ff2e70e17edea681748db805b2896a1ac4c6d9ac36c16d850b123972b155a017c40d671c2a2a38cf71c0a615dd370834b10e70