Analysis Overview
SHA256
cf415e21ed6dee9713e1c4687e77a6034b0792bdc8dee245b3eeb900278552b5
Threat Level: Known bad
The file JaffaCakes118_b08d498e51aef841f6c272ad42e9a028 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Pykspa
Pykspa family
Detect Pykspa worm
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Executes dropped EXE
Checks computer location settings
Impair Defenses: Safe Mode Boot
Checks whether UAC is enabled
Adds Run key to start application
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-12 00:50
Signatures
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pykspa family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-12 00:50
Reported
2025-04-12 00:53
Platform
win10v2004-20250410-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "kcbpevveappcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "kcbpevveappcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "icdtkdfqofhwbozbebey.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "xsuldxamldgwcqcfjhlgi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "xsuldxamldgwcqcfjhlgi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "bsqdrhgojxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "kcbpevveappcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "ukhtgvtauhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "kcbpevveappcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "ukhtgvtauhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "kcbpevveappcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "bsqdrhgojxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "kcbpevveappcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "icdtkdfqofhwbozbebey.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "xsuldxamldgwcqcfjhlgi.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "voodtlmwtjkycoyzbxz.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "ukhtgvtauhfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "xsuldxamldgwcqcfjhlgi.exe ." | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "bsqdrhgojxwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\zaifddmejhqmysktdhrsaxv.ewb | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File created | C:\Windows\SysWOW64\zaifddmejhqmysktdhrsaxv.ewb | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File created | C:\Windows\SysWOW64\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File created | C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File opened for modification | C:\Program Files (x86)\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File created | C:\Program Files (x86)\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\zaifddmejhqmysktdhrsaxv.ewb | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File created | C:\Windows\zaifddmejhqmysktdhrsaxv.ewb | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File opened for modification | C:\Windows\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| File created | C:\Windows\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe
"C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe" "-"
C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe
"C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe" "-"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| GB | 104.96.173.155:80 | www.ebay.com | tcp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | ymlhzszcahti.info | udp |
| US | 8.8.8.8:53 | bujvmqckpkr.org | udp |
| US | 8.8.8.8:53 | eyjuteq.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | strktn.info | udp |
| US | 8.8.8.8:53 | ssahcvvgt.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | ciiuyymq.org | udp |
| US | 8.8.8.8:53 | pubpfnxqhf.info | udp |
| US | 8.8.8.8:53 | empksj.info | udp |
| US | 8.8.8.8:53 | uuygdio.info | udp |
| US | 8.8.8.8:53 | gigioockka.org | udp |
| US | 8.8.8.8:53 | vwspeodaertl.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | acqsmaupb.info | udp |
| US | 8.8.8.8:53 | zszzrfa.org | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | prlhyjtiai.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | mioyqawqukgw.com | udp |
| US | 8.8.8.8:53 | oceevmfnm.info | udp |
| US | 8.8.8.8:53 | epwxjv.net | udp |
| US | 8.8.8.8:53 | jfetifqilzae.info | udp |
| US | 8.8.8.8:53 | umvkrgy.net | udp |
| US | 8.8.8.8:53 | xwzepijqzuk.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | nutcshcm.net | udp |
| US | 8.8.8.8:53 | kusjuiegm.net | udp |
| US | 8.8.8.8:53 | uekiaeei.org | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | hsiuljrepky.org | udp |
| US | 8.8.8.8:53 | kmttderiywt.info | udp |
| US | 8.8.8.8:53 | tyfptmtvu.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | imucqousmw.com | udp |
| US | 8.8.8.8:53 | tdrcjvvxxe.info | udp |
| US | 8.8.8.8:53 | vblbzf.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | zvwqdsg.com | udp |
| US | 8.8.8.8:53 | neskryqmfkt.net | udp |
| US | 8.8.8.8:53 | uqvzwv.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | wbrytqxqx.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | xwdcvofbdex.org | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | ajtglruabkn.net | udp |
| US | 8.8.8.8:53 | wotgtzr.net | udp |
| US | 8.8.8.8:53 | mjpsztsvn.net | udp |
| US | 8.8.8.8:53 | vcripxv.com | udp |
| US | 8.8.8.8:53 | ddvhwwpd.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | kasykc.org | udp |
| US | 8.8.8.8:53 | gmwyimaw.com | udp |
| US | 8.8.8.8:53 | hjnmif.info | udp |
| US | 8.8.8.8:53 | poxjlh.info | udp |
| US | 8.8.8.8:53 | vixridxycnr.info | udp |
| US | 8.8.8.8:53 | aunvdyxbcyzx.info | udp |
| US | 8.8.8.8:53 | sjmqitic.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | iwnqlznae.net | udp |
| US | 8.8.8.8:53 | potsrqrab.info | udp |
| US | 8.8.8.8:53 | zspepgn.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | fqldtv.info | udp |
| US | 8.8.8.8:53 | ptjwsclmvfp.info | udp |
| US | 8.8.8.8:53 | msaowecwkqak.org | udp |
| US | 8.8.8.8:53 | bfdhbjrhlz.net | udp |
| US | 8.8.8.8:53 | maifdqqczqgo.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | zxutaw.info | udp |
| US | 8.8.8.8:53 | ijfeshvsl.info | udp |
| US | 8.8.8.8:53 | onoqsami.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | dqrityq.org | udp |
| US | 8.8.8.8:53 | ihnyiwnhmi.net | udp |
| US | 8.8.8.8:53 | reydljxe.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | uuuymi.org | udp |
| US | 8.8.8.8:53 | jwlkppss.net | udp |
| US | 8.8.8.8:53 | xyckcgzcxgj.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | putxkzsdounr.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | hoygpbs.net | udp |
| US | 8.8.8.8:53 | xibwutd.info | udp |
| US | 8.8.8.8:53 | ykkqau.org | udp |
| US | 8.8.8.8:53 | qqisgqig.com | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | wsuilddiwoq.net | udp |
| US | 8.8.8.8:53 | hthvwb.info | udp |
| US | 8.8.8.8:53 | skvvhgfkh.net | udp |
| US | 8.8.8.8:53 | uwwkqaqc.org | udp |
| US | 8.8.8.8:53 | tmrapdfykgt.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | vnzmxshlzc.info | udp |
| US | 8.8.8.8:53 | huglug.info | udp |
| US | 8.8.8.8:53 | yuskuq.org | udp |
| US | 8.8.8.8:53 | wbmazxysrp.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | gauwmi.org | udp |
| US | 8.8.8.8:53 | zbvmvudht.info | udp |
| US | 8.8.8.8:53 | tejwjcqvx.net | udp |
| US | 8.8.8.8:53 | utrefuvrlpl.info | udp |
| US | 8.8.8.8:53 | ouxbxxzexkf.net | udp |
| US | 8.8.8.8:53 | qfrequju.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | nftobcovl.info | udp |
| US | 8.8.8.8:53 | juwefqs.com | udp |
| US | 8.8.8.8:53 | eycqolruptj.net | udp |
| US | 8.8.8.8:53 | aifgscmbd.net | udp |
| US | 8.8.8.8:53 | sypkrovon.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | qmwytutmwwf.net | udp |
| US | 8.8.8.8:53 | eebwblpxasjd.net | udp |
| US | 8.8.8.8:53 | akkatktshuw.info | udp |
| US | 8.8.8.8:53 | qubslmnsd.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | xjykdox.org | udp |
| US | 8.8.8.8:53 | libkzyhemgc.org | udp |
| US | 8.8.8.8:53 | odcmkej.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | xlqsfgzuf.info | udp |
| US | 8.8.8.8:53 | jghtbf.info | udp |
| US | 8.8.8.8:53 | makdcinnghj.net | udp |
| US | 8.8.8.8:53 | wsbmwn.net | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | zmhfriszd.com | udp |
| US | 8.8.8.8:53 | dybqtuv.org | udp |
| US | 8.8.8.8:53 | dzgxlmn.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | isguugwogo.com | udp |
| US | 8.8.8.8:53 | pvjfvynqjpcv.net | udp |
| US | 8.8.8.8:53 | omiuuyco.com | udp |
| US | 8.8.8.8:53 | gsaieweo.org | udp |
| US | 8.8.8.8:53 | fkdqrueqjsj.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | ivbgppuluc.net | udp |
| US | 8.8.8.8:53 | xznstfqekcl.net | udp |
| US | 8.8.8.8:53 | ogagoauymkgi.org | udp |
| US | 8.8.8.8:53 | fsdirfp.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | hrbgyd.info | udp |
| US | 8.8.8.8:53 | uxbhtgf.net | udp |
| US | 8.8.8.8:53 | dmnaxqeurug.info | udp |
| US | 8.8.8.8:53 | eiuiuqyc.com | udp |
| US | 8.8.8.8:53 | wwkomycgqk.org | udp |
| US | 8.8.8.8:53 | zgvcafvg.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | rswyleo.net | udp |
| US | 8.8.8.8:53 | yclmvrysb.info | udp |
| US | 8.8.8.8:53 | iktohktzlkp.info | udp |
| US | 8.8.8.8:53 | yxxxnh.net | udp |
| US | 8.8.8.8:53 | gdqffi.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | hsrvxsz.net | udp |
| US | 8.8.8.8:53 | usaqkiwsec.com | udp |
| US | 8.8.8.8:53 | tsnklkwun.net | udp |
| US | 8.8.8.8:53 | dirmxwx.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | zedjdhur.net | udp |
| US | 8.8.8.8:53 | bgkojvy.org | udp |
| US | 8.8.8.8:53 | fubzcmrvxf.info | udp |
| US | 8.8.8.8:53 | gbdsch.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | jcrmmizktkn.com | udp |
| US | 8.8.8.8:53 | hmsmlcl.net | udp |
| US | 8.8.8.8:53 | kndawsbglp.net | udp |
| US | 8.8.8.8:53 | gxqhelneby.net | udp |
| US | 8.8.8.8:53 | rztulhfslluv.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | jgvyznb.org | udp |
| US | 8.8.8.8:53 | pivgdurieqr.org | udp |
| US | 8.8.8.8:53 | myimgstwv.net | udp |
| US | 8.8.8.8:53 | amlezawffmh.info | udp |
| US | 8.8.8.8:53 | euwqeo.org | udp |
| US | 8.8.8.8:53 | wcpsbwjqop.net | udp |
| US | 8.8.8.8:53 | lkujumvx.net | udp |
| US | 8.8.8.8:53 | lxydniqt.net | udp |
| US | 8.8.8.8:53 | zltojpow.net | udp |
| US | 8.8.8.8:53 | lltejndirap.org | udp |
| US | 8.8.8.8:53 | mmjhyrpijgl.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | nkaoghxqhtt.org | udp |
| US | 8.8.8.8:53 | aqxydtrusib.net | udp |
| US | 8.8.8.8:53 | ttgkfxtwe.info | udp |
| US | 8.8.8.8:53 | krlvfgjul.info | udp |
| US | 8.8.8.8:53 | pxqlwjpsvw.info | udp |
| US | 8.8.8.8:53 | jqxatal.org | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | maderaj.info | udp |
| US | 8.8.8.8:53 | lbigex.info | udp |
| US | 8.8.8.8:53 | uqkusqwymu.org | udp |
| US | 8.8.8.8:53 | virzfozihofs.info | udp |
| US | 8.8.8.8:53 | jncumop.info | udp |
| US | 8.8.8.8:53 | zjkvjlwdyjxn.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | mcqmyeccgq.org | udp |
| US | 8.8.8.8:53 | xyxufczgdcd.info | udp |
| US | 8.8.8.8:53 | iyzpzp.net | udp |
| US | 8.8.8.8:53 | owmdzmmd.net | udp |
| US | 8.8.8.8:53 | gseskyiegw.com | udp |
| US | 8.8.8.8:53 | dltkbekaz.info | udp |
| US | 8.8.8.8:53 | xfbpupbj.net | udp |
| US | 8.8.8.8:53 | zzyihet.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | tzpjikgmwcii.info | udp |
| US | 8.8.8.8:53 | awuarqw.info | udp |
| US | 8.8.8.8:53 | hohtpyrgno.net | udp |
| US | 8.8.8.8:53 | utwnjxrd.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | lgzyxip.net | udp |
| US | 8.8.8.8:53 | xgxyducqbua.info | udp |
| US | 8.8.8.8:53 | nythtwmk.net | udp |
| US | 8.8.8.8:53 | jmezhmh.org | udp |
| US | 8.8.8.8:53 | rorhfuxce.info | udp |
| US | 8.8.8.8:53 | nsjrws.net | udp |
| US | 8.8.8.8:53 | jymepkz.net | udp |
| US | 8.8.8.8:53 | sqiquiowwmgw.org | udp |
| US | 8.8.8.8:53 | uzllvkkywz.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | daljqkres.com | udp |
| US | 8.8.8.8:53 | sfqrnb.net | udp |
| US | 8.8.8.8:53 | wacumgsyiq.org | udp |
| US | 8.8.8.8:53 | rpojivri.info | udp |
| US | 8.8.8.8:53 | vawjwzlxhs.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | icxklimgn.info | udp |
| US | 8.8.8.8:53 | tdppde.info | udp |
| US | 8.8.8.8:53 | necvcsfv.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | rwgezch.org | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jnuqgsaxui.net | udp |
| US | 8.8.8.8:53 | iomcmimaugga.org | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | kamzji.net | udp |
| US | 8.8.8.8:53 | rakbogoo.net | udp |
| US | 8.8.8.8:53 | drfpftfy.info | udp |
| US | 8.8.8.8:53 | auakmisq.com | udp |
| US | 8.8.8.8:53 | kwdwzil.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | htzodqnpsoc.info | udp |
| US | 8.8.8.8:53 | xrcoyxgcti.net | udp |
| US | 8.8.8.8:53 | gssios.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | bxjaeyrujow.org | udp |
| US | 8.8.8.8:53 | mocoet.net | udp |
| US | 8.8.8.8:53 | iyaoks.org | udp |
| US | 8.8.8.8:53 | xcoogiyut.info | udp |
| US | 8.8.8.8:53 | ncykjbbsjis.org | udp |
| US | 8.8.8.8:53 | hjoqieb.org | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | zwfgewr.com | udp |
| US | 8.8.8.8:53 | xjhmoya.net | udp |
| US | 8.8.8.8:53 | yxkmzadvvd.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | eeyeyeucwi.com | udp |
| US | 8.8.8.8:53 | wcqcsyocuaci.com | udp |
| US | 8.8.8.8:53 | mmmiecgssuuu.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | xfdnihor.net | udp |
| US | 8.8.8.8:53 | zpfeuykdvzvu.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | wuecmu.org | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | ggxotuowijoh.net | udp |
| US | 8.8.8.8:53 | joruyszkp.net | udp |
| US | 8.8.8.8:53 | gkgafzhegffd.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | gaawicqosikk.com | udp |
| US | 8.8.8.8:53 | ncrubnfxv.org | udp |
| US | 8.8.8.8:53 | omhdgvebpnp.net | udp |
| US | 8.8.8.8:53 | ramwrw.net | udp |
| US | 8.8.8.8:53 | pyekumwryg.net | udp |
| US | 8.8.8.8:53 | lelimqma.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | plplqrxe.info | udp |
| US | 8.8.8.8:53 | pynwxvk.com | udp |
| US | 8.8.8.8:53 | iukubsb.info | udp |
| US | 8.8.8.8:53 | hpincwhqlmm.com | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | bwjjjprcd.net | udp |
| US | 8.8.8.8:53 | uvlqnavywuh.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | vmpyfstqoes.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | eepgxnp.info | udp |
| US | 8.8.8.8:53 | lytuzslnsetb.net | udp |
| US | 8.8.8.8:53 | kunwoml.net | udp |
| US | 8.8.8.8:53 | takbkggddl.info | udp |
| US | 8.8.8.8:53 | bvdhuh.info | udp |
| US | 8.8.8.8:53 | mqlsgknclc.net | udp |
| US | 8.8.8.8:53 | jlftdoty.info | udp |
| US | 8.8.8.8:53 | gaxqssrcqeu.info | udp |
| US | 8.8.8.8:53 | vndmmln.org | udp |
| US | 8.8.8.8:53 | wwfakhnen.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | fmhxaghunao.net | udp |
| US | 8.8.8.8:53 | gmkamscq.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | uimrpt.info | udp |
| US | 8.8.8.8:53 | zwxkzebevez.net | udp |
| US | 8.8.8.8:53 | vqvjjqu.info | udp |
| US | 8.8.8.8:53 | tmnqzkl.info | udp |
| US | 8.8.8.8:53 | iocoyqyiiecy.com | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | pcmdafotrwqv.net | udp |
| US | 8.8.8.8:53 | hdpeknb.com | udp |
| US | 8.8.8.8:53 | aiynpwlmk.info | udp |
| US | 8.8.8.8:53 | mfgojui.net | udp |
| US | 8.8.8.8:53 | nbfzrd.net | udp |
| US | 8.8.8.8:53 | dippnt.net | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | aixinwlydycj.net | udp |
| US | 8.8.8.8:53 | rpphlszh.net | udp |
| US | 8.8.8.8:53 | wnqinjjazv.info | udp |
| US | 8.8.8.8:53 | ztnjrdfe.info | udp |
| US | 8.8.8.8:53 | umxffeziz.net | udp |
| US | 8.8.8.8:53 | cjmcjprl.net | udp |
| US | 8.8.8.8:53 | jnbphmrj.net | udp |
| US | 8.8.8.8:53 | uumcwq.org | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | ethcdwju.net | udp |
| US | 8.8.8.8:53 | uhcbicgt.net | udp |
| US | 8.8.8.8:53 | vimmzeshb.org | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | fqlgigzanfx.net | udp |
| US | 8.8.8.8:53 | yafazxekk.net | udp |
| US | 8.8.8.8:53 | kappik.net | udp |
| US | 8.8.8.8:53 | pakkghdfnc.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | rtrjjcuqz.net | udp |
| US | 8.8.8.8:53 | nvhmjklvlutg.info | udp |
| US | 8.8.8.8:53 | sagkmevwz.info | udp |
| US | 8.8.8.8:53 | pmttdh.net | udp |
| US | 8.8.8.8:53 | ksdjjli.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | zhnodqbnkec.com | udp |
| US | 8.8.8.8:53 | rtdtrsenu.info | udp |
| US | 8.8.8.8:53 | rciepom.net | udp |
| US | 8.8.8.8:53 | xmryzbzse.com | udp |
| US | 8.8.8.8:53 | sufioiuvgjgg.net | udp |
| US | 8.8.8.8:53 | ihcdduiyigvf.info | udp |
| US | 8.8.8.8:53 | bvfebbys.info | udp |
| US | 8.8.8.8:53 | ymfqvfmari.net | udp |
| US | 8.8.8.8:53 | lgzjmbzi.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | shysnqpgx.info | udp |
| US | 8.8.8.8:53 | hvzpnczl.net | udp |
| US | 8.8.8.8:53 | dsprkx.info | udp |
| US | 8.8.8.8:53 | fgrxzs.info | udp |
| US | 8.8.8.8:53 | jkmfqu.net | udp |
| US | 8.8.8.8:53 | zhvivltg.info | udp |
| US | 8.8.8.8:53 | tqpngkjep.info | udp |
| US | 8.8.8.8:53 | kwsamm.org | udp |
| US | 8.8.8.8:53 | bqhrmpnwgpxn.info | udp |
| US | 8.8.8.8:53 | ryzirsf.com | udp |
| US | 8.8.8.8:53 | guoqcgykiy.org | udp |
| US | 8.8.8.8:53 | vyklbwhog.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | gipjjazqb.info | udp |
| US | 8.8.8.8:53 | jilcfuzqs.net | udp |
| US | 8.8.8.8:53 | ygitbvywt.net | udp |
| US | 8.8.8.8:53 | wspvxvekjjh.info | udp |
| US | 8.8.8.8:53 | zktwdudhp.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | rtfwrwfzbqdb.net | udp |
| US | 8.8.8.8:53 | auceksug.org | udp |
| US | 8.8.8.8:53 | kwkmqwumuo.org | udp |
| US | 8.8.8.8:53 | zkyybwtgxtz.com | udp |
| US | 8.8.8.8:53 | wyzbvqv.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | xypwqcn.org | udp |
| US | 8.8.8.8:53 | dbncii.net | udp |
| US | 8.8.8.8:53 | ugvutdl.info | udp |
| US | 8.8.8.8:53 | zldmqpreajyk.info | udp |
| US | 8.8.8.8:53 | ahfbsbgslo.info | udp |
| US | 8.8.8.8:53 | zbtsdqgtx.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | dwumhixse.com | udp |
| US | 8.8.8.8:53 | wsgmdwoujim.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | wqdpfqxhkj.net | udp |
| US | 8.8.8.8:53 | dvfqxnsetrop.info | udp |
| US | 8.8.8.8:53 | hipbhsd.info | udp |
| US | 8.8.8.8:53 | sckesnurnx.net | udp |
| US | 8.8.8.8:53 | xbwwqgnvlphu.net | udp |
| US | 8.8.8.8:53 | bqrybgpnh.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | djhbcajkb.com | udp |
| US | 8.8.8.8:53 | qxnwvyvxzgg.net | udp |
| US | 8.8.8.8:53 | yitkhadirsz.info | udp |
| US | 8.8.8.8:53 | ospuihkkd.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | hcfzywtjek.net | udp |
| US | 8.8.8.8:53 | zylmffrmdat.org | udp |
| US | 8.8.8.8:53 | zmvugin.com | udp |
| US | 8.8.8.8:53 | hdaebkvpdwk.org | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | hdrojetcplwk.info | udp |
| US | 8.8.8.8:53 | bexfen.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | lefpjxvjpvr.com | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | qmftox.info | udp |
| US | 8.8.8.8:53 | foacxwmuoml.info | udp |
| US | 8.8.8.8:53 | yepaieofj.net | udp |
| US | 8.8.8.8:53 | thkabe.info | udp |
| US | 8.8.8.8:53 | goqaeowege.org | udp |
| US | 8.8.8.8:53 | kitylpegl.net | udp |
| US | 8.8.8.8:53 | ggpiffpcumw.net | udp |
| US | 8.8.8.8:53 | gxfwdoe.info | udp |
| US | 8.8.8.8:53 | euygxsc.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | feridkhfoih.org | udp |
| US | 8.8.8.8:53 | hdpsznys.info | udp |
| US | 8.8.8.8:53 | lyzwthn.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | dgzajkfsr.info | udp |
| US | 8.8.8.8:53 | fvvwcddmqyj.net | udp |
| US | 8.8.8.8:53 | sytsclb.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | vvxgtshojhx.net | udp |
| US | 8.8.8.8:53 | fgkkjen.info | udp |
| US | 8.8.8.8:53 | ayjmlsuzef.net | udp |
| US | 8.8.8.8:53 | ukhuermxbb.net | udp |
| US | 8.8.8.8:53 | kyuiyoiawmek.com | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | edzsvokhac.info | udp |
| US | 8.8.8.8:53 | ugnihavkgwj.net | udp |
| US | 8.8.8.8:53 | ibeiytuc.net | udp |
| US | 8.8.8.8:53 | hwevpubxalhk.info | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | yiagwq.com | udp |
| US | 8.8.8.8:53 | qhnodlabsasc.net | udp |
| US | 8.8.8.8:53 | ygsgosao.org | udp |
| US | 8.8.8.8:53 | odtczrbvx.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | kfgwxdbc.info | udp |
| US | 8.8.8.8:53 | jenldzvesrjm.net | udp |
| US | 8.8.8.8:53 | dwilkmnoblgi.info | udp |
| US | 8.8.8.8:53 | wdlkzmx.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | impwlr.info | udp |
| US | 8.8.8.8:53 | gfajewxxuap.net | udp |
| US | 8.8.8.8:53 | xlhsxpal.net | udp |
| US | 8.8.8.8:53 | dqvykb.info | udp |
| US | 8.8.8.8:53 | lialgp.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | vfvhvg.info | udp |
| US | 8.8.8.8:53 | yygsguye.com | udp |
| US | 8.8.8.8:53 | qeimekic.org | udp |
| US | 8.8.8.8:53 | rkmmvddznczu.info | udp |
| US | 8.8.8.8:53 | dobbnleh.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | vejaxyfaj.com | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | gprdmknfpwtu.info | udp |
| US | 8.8.8.8:53 | qjlryr.net | udp |
| US | 8.8.8.8:53 | axcseai.info | udp |
| US | 8.8.8.8:53 | pmvgutd.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | ltfveargiv.info | udp |
| US | 8.8.8.8:53 | socvcyhix.net | udp |
| US | 8.8.8.8:53 | vkxrfsjadnv.info | udp |
| US | 8.8.8.8:53 | sftofvwx.info | udp |
| US | 8.8.8.8:53 | yyckugqcea.org | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | ogaqgozel.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | gcqehga.info | udp |
| US | 8.8.8.8:53 | gfjrwlnhoy.net | udp |
| US | 8.8.8.8:53 | zjbkbnv.net | udp |
| US | 8.8.8.8:53 | siznmshylop.info | udp |
| US | 8.8.8.8:53 | uounvcvyiikp.info | udp |
| US | 8.8.8.8:53 | gylxwrhfxw.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | sivcusbjayt.net | udp |
| US | 8.8.8.8:53 | ctekjre.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | lcggjepfhgj.com | udp |
| US | 8.8.8.8:53 | iqhyyqiwog.info | udp |
| US | 8.8.8.8:53 | zsrzjs.info | udp |
| US | 8.8.8.8:53 | icewqc.org | udp |
| US | 8.8.8.8:53 | tofuanbxf.com | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | roxkjgncp.com | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | ignheigjhf.info | udp |
| US | 8.8.8.8:53 | dupygjtzh.com | udp |
| US | 8.8.8.8:53 | agvalyxwb.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | zisocq.net | udp |
| US | 8.8.8.8:53 | yuforee.net | udp |
| US | 8.8.8.8:53 | mkcmqy.org | udp |
| US | 8.8.8.8:53 | xjjvwyumcfjs.info | udp |
| US | 8.8.8.8:53 | yzxkjxsriqss.info | udp |
| US | 8.8.8.8:53 | xklsrjorvup.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | jybklt.net | udp |
| US | 8.8.8.8:53 | htexdvwy.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | gfbghhhmko.net | udp |
| US | 8.8.8.8:53 | xojplj.net | udp |
| US | 8.8.8.8:53 | kuquss.org | udp |
| US | 8.8.8.8:53 | iysmousi.org | udp |
| US | 8.8.8.8:53 | ceogfzpu.info | udp |
| US | 8.8.8.8:53 | cwbcbnfze.net | udp |
| US | 8.8.8.8:53 | vsvbneh.org | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | xcjnhzbpzts.com | udp |
| US | 8.8.8.8:53 | qwtsxoh.net | udp |
| US | 8.8.8.8:53 | mkgsaosgakqw.com | udp |
| US | 8.8.8.8:53 | oszfxvfnoeuz.info | udp |
| US | 8.8.8.8:53 | euuemsma.com | udp |
| US | 8.8.8.8:53 | fqsvtxyl.info | udp |
| US | 8.8.8.8:53 | ioqkekkemcua.org | udp |
| US | 8.8.8.8:53 | ydygzbgv.info | udp |
| US | 8.8.8.8:53 | xlhmbzthuobp.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | hbzvslsl.info | udp |
| US | 8.8.8.8:53 | vsrstvnlx.net | udp |
| US | 8.8.8.8:53 | rvnnsqkqly.net | udp |
| US | 8.8.8.8:53 | imfgfyu.net | udp |
| US | 8.8.8.8:53 | bcfgpkiwn.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | tgrytityr.com | udp |
| US | 8.8.8.8:53 | bqcunepoz.info | udp |
| US | 8.8.8.8:53 | oqlzsgswz.info | udp |
| US | 8.8.8.8:53 | zqimythgyo.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | bifnoqjdd.net | udp |
| US | 8.8.8.8:53 | vvgssb.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | gmfshgs.net | udp |
| US | 8.8.8.8:53 | saeumw.com | udp |
| US | 8.8.8.8:53 | ckshfdip.net | udp |
| US | 8.8.8.8:53 | gbfkdhf.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | ewsycoj.info | udp |
| US | 8.8.8.8:53 | volqoklyi.info | udp |
| US | 8.8.8.8:53 | mtisryt.info | udp |
| US | 8.8.8.8:53 | wnyxkvmzcc.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | fubimgtbdmgj.net | udp |
| US | 8.8.8.8:53 | jgfgjwd.com | udp |
| US | 8.8.8.8:53 | vlzzdlei.net | udp |
| US | 8.8.8.8:53 | dqdviah.net | udp |
| US | 8.8.8.8:53 | hfjpblwdys.info | udp |
| US | 8.8.8.8:53 | oqwvlyxqzvr.info | udp |
| US | 8.8.8.8:53 | zcpgclt.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | dewwytpgb.net | udp |
| US | 8.8.8.8:53 | yumdhsjidtv.info | udp |
| US | 8.8.8.8:53 | kvnwwkoxhm.net | udp |
| US | 8.8.8.8:53 | goqicc.com | udp |
| US | 8.8.8.8:53 | larkffu.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | linlpmzk.info | udp |
| US | 8.8.8.8:53 | dheayz.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | cmvglfrue.info | udp |
| US | 8.8.8.8:53 | cgsgwbkbmgsd.info | udp |
| US | 8.8.8.8:53 | dnztafukzpmz.net | udp |
| US | 8.8.8.8:53 | xcnuub.net | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | bdhsmhhs.net | udp |
| US | 8.8.8.8:53 | nmuaui.info | udp |
| US | 8.8.8.8:53 | ooumtoudhlt.net | udp |
| US | 8.8.8.8:53 | ekpjtgbmfac.info | udp |
| US | 8.8.8.8:53 | gnrccz.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | yukvtu.info | udp |
| US | 8.8.8.8:53 | pjppqydg.net | udp |
| US | 8.8.8.8:53 | qexqldltxfpp.info | udp |
| US | 8.8.8.8:53 | jihkrmtrg.net | udp |
| US | 8.8.8.8:53 | aoumsmcuys.com | udp |
| US | 8.8.8.8:53 | xeggrtbl.info | udp |
| US | 8.8.8.8:53 | kplgrynocgv.net | udp |
| US | 8.8.8.8:53 | fwhhgqvzmz.net | udp |
| US | 8.8.8.8:53 | ewkwqikasi.com | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | gobasmmwa.net | udp |
| US | 8.8.8.8:53 | yolytmybtaf.info | udp |
| US | 8.8.8.8:53 | pcghcks.org | udp |
| US | 8.8.8.8:53 | narkjclkaqy.net | udp |
| US | 8.8.8.8:53 | wfvjvaboxnet.info | udp |
| US | 8.8.8.8:53 | lszfrmupqm.info | udp |
| US | 8.8.8.8:53 | ggspdezvi.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | xindncv.org | udp |
| US | 8.8.8.8:53 | uugcwc.org | udp |
| US | 8.8.8.8:53 | knqcknzye.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | fkpqxkmkdyrp.net | udp |
| US | 8.8.8.8:53 | ulrpvguioqtz.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | cgazfnpshka.net | udp |
| US | 8.8.8.8:53 | pwtbad.net | udp |
| US | 8.8.8.8:53 | esxsncqymcz.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | vyyvzox.org | udp |
| US | 8.8.8.8:53 | vwehltdiagi.org | udp |
| US | 8.8.8.8:53 | cgaaqprr.net | udp |
| US | 8.8.8.8:53 | ztdwmeuasv.net | udp |
| US | 8.8.8.8:53 | mipwylhuryd.info | udp |
| US | 8.8.8.8:53 | jmdefiz.com | udp |
| US | 8.8.8.8:53 | ibguwzrpsr.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | cqgmwwmasmwk.com | udp |
| US | 8.8.8.8:53 | omccemsemi.com | udp |
| US | 8.8.8.8:53 | myaseqsgqi.com | udp |
| US | 8.8.8.8:53 | kgecci.com | udp |
| US | 8.8.8.8:53 | aknkduksh.net | udp |
| US | 8.8.8.8:53 | koedfzaojfhy.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | iylnzffs.net | udp |
| US | 8.8.8.8:53 | egpvqkpep.net | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | aaugcoassaqa.com | udp |
| US | 8.8.8.8:53 | tyloyuiqxkb.com | udp |
| US | 8.8.8.8:53 | rlwziqfimw.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | wmwyeq.org | udp |
| US | 8.8.8.8:53 | vitqolnkres.com | udp |
| US | 8.8.8.8:53 | ookquaom.com | udp |
| US | 8.8.8.8:53 | gklfnpw.net | udp |
| US | 8.8.8.8:53 | ehcdlynnyhk.net | udp |
| US | 8.8.8.8:53 | wmuycycs.com | udp |
| US | 8.8.8.8:53 | rmwfbdlzewlx.info | udp |
| US | 8.8.8.8:53 | zbnbjkhx.net | udp |
| US | 8.8.8.8:53 | fcrjoetqcmdc.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | poruwgfmxon.com | udp |
| US | 8.8.8.8:53 | teqpobkeoo.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | ciemaqyamg.com | udp |
| US | 8.8.8.8:53 | mqgwcvpojezz.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | tuwwlppqpfxy.info | udp |
| US | 8.8.8.8:53 | xsafaxjp.net | udp |
| US | 8.8.8.8:53 | owcuomak.com | udp |
| US | 8.8.8.8:53 | zqbmewe.org | udp |
| US | 8.8.8.8:53 | ryqvqrpiajqn.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | tudgihlrvori.info | udp |
| US | 8.8.8.8:53 | miauwzsl.info | udp |
| US | 8.8.8.8:53 | ifkfdbxyjz.info | udp |
| US | 8.8.8.8:53 | fgrwpoj.com | udp |
| US | 8.8.8.8:53 | zpgnvb.info | udp |
| US | 8.8.8.8:53 | cwpklvuul.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | oeaipvjwnsb.net | udp |
| US | 8.8.8.8:53 | tpqqzfsz.net | udp |
| US | 8.8.8.8:53 | qnjiwrbvrau.info | udp |
| US | 8.8.8.8:53 | neteddft.net | udp |
| US | 8.8.8.8:53 | uyyeguiyiyea.org | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | kkmmya.com | udp |
| US | 8.8.8.8:53 | iivezkiyr.net | udp |
| US | 8.8.8.8:53 | kxdxnojehx.info | udp |
| US | 8.8.8.8:53 | jrdrptnueg.info | udp |
| US | 8.8.8.8:53 | bvfilanwe.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | wofmlar.net | udp |
| US | 8.8.8.8:53 | ynrlhm.info | udp |
| US | 8.8.8.8:53 | pgfsxw.info | udp |
| US | 8.8.8.8:53 | prmyteuwqsn.com | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | pnvcfylbkw.net | udp |
| US | 8.8.8.8:53 | jkorfkfeb.net | udp |
| US | 8.8.8.8:53 | jusmkidql.com | udp |
| US | 8.8.8.8:53 | gwmseywyyuyk.com | udp |
| US | 8.8.8.8:53 | qbhezq.net | udp |
| US | 8.8.8.8:53 | swwsieka.com | udp |
| US | 8.8.8.8:53 | xqmlxlnjsxbw.net | udp |
| US | 8.8.8.8:53 | tajwfki.com | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | qiousyqmesog.org | udp |
| US | 8.8.8.8:53 | mmtypydkbwn.info | udp |
| US | 8.8.8.8:53 | kfjhty.net | udp |
| US | 8.8.8.8:53 | mmiwmyca.com | udp |
| US | 8.8.8.8:53 | iglullxcx.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | esqyaqqqwe.com | udp |
| US | 8.8.8.8:53 | kgcfdgjazrul.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | vrxcaymsrmid.info | udp |
| US | 8.8.8.8:53 | ecgkeuyquywq.org | udp |
| US | 8.8.8.8:53 | aqimac.org | udp |
| US | 8.8.8.8:53 | fbnqdjdf.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | pmkwkvnzjk.info | udp |
| US | 8.8.8.8:53 | ocbgbcx.net | udp |
| US | 8.8.8.8:53 | zgggqf.net | udp |
| US | 8.8.8.8:53 | ovadnsaktt.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | hanwvuw.org | udp |
| US | 8.8.8.8:53 | tmznvhdlhock.net | udp |
| US | 8.8.8.8:53 | wadcuzzlrlnh.net | udp |
| US | 8.8.8.8:53 | jgjnfepmnsbz.info | udp |
| US | 8.8.8.8:53 | wwplfeegvje.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | ugiajytsfaj.net | udp |
| US | 8.8.8.8:53 | egkkce.org | udp |
| US | 8.8.8.8:53 | mzvcrcpfysow.info | udp |
| US | 8.8.8.8:53 | hosibojkdyn.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | jkopiwze.info | udp |
| US | 8.8.8.8:53 | naxzukxq.net | udp |
| US | 8.8.8.8:53 | nrariqcgjta.info | udp |
| US | 8.8.8.8:53 | aokkogqo.org | udp |
| US | 8.8.8.8:53 | npishzbx.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | kmkmwoaq.com | udp |
| US | 8.8.8.8:53 | mfyenffynq.info | udp |
| US | 8.8.8.8:53 | gwrfpgfxi.net | udp |
| US | 8.8.8.8:53 | nsizcof.info | udp |
| US | 8.8.8.8:53 | golqbrj.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | lwlfzopaljug.info | udp |
| US | 8.8.8.8:53 | fqhzlxwrjxpo.net | udp |
| US | 8.8.8.8:53 | kuyemauc.com | udp |
| US | 8.8.8.8:53 | ejyuoio.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | sghudtqjlv.net | udp |
| US | 8.8.8.8:53 | tzloywfjrin.com | udp |
| US | 8.8.8.8:53 | hopthipoubk.com | udp |
| US | 8.8.8.8:53 | youuysyqaaue.com | udp |
| US | 8.8.8.8:53 | ojnmuzmvwodg.info | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | zcknzirosxd.com | udp |
| US | 8.8.8.8:53 | cuqegy.org | udp |
| US | 8.8.8.8:53 | byfmqulsvex.net | udp |
| US | 8.8.8.8:53 | rqrsfmd.com | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | jghqrzqzgfmj.net | udp |
| US | 8.8.8.8:53 | ypfqzcdit.net | udp |
| US | 8.8.8.8:53 | tldskzwhqe.info | udp |
| US | 8.8.8.8:53 | sgrusmfficrp.net | udp |
| US | 8.8.8.8:53 | axbcqfblepsi.info | udp |
| US | 8.8.8.8:53 | tmqpoehu.info | udp |
| US | 8.8.8.8:53 | yyokws.com | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | cbzmpaj.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | wrqreqgvcd.info | udp |
| US | 8.8.8.8:53 | eiuoqogk.com | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | lodebaz.org | udp |
| US | 8.8.8.8:53 | spokeyxsl.info | udp |
| US | 8.8.8.8:53 | syiaju.net | udp |
| US | 8.8.8.8:53 | kexohiehytn.info | udp |
| US | 8.8.8.8:53 | uqfculqlf.net | udp |
| US | 8.8.8.8:53 | ukcyris.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | cbptey.info | udp |
| US | 8.8.8.8:53 | pqqgdx.net | udp |
| US | 8.8.8.8:53 | whzqbusjf.net | udp |
| US | 8.8.8.8:53 | ocshhlmo.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | xlnzhnzp.info | udp |
| US | 8.8.8.8:53 | xubuhszij.net | udp |
| US | 8.8.8.8:53 | uupoqaquygl.info | udp |
| US | 8.8.8.8:53 | fupuhgphvwt.net | udp |
| US | 8.8.8.8:53 | akqoyugk.com | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | mqkxcmiiwo.info | udp |
| US | 8.8.8.8:53 | dabnivgxwmvq.net | udp |
| US | 8.8.8.8:53 | sbdcxyrt.info | udp |
| US | 8.8.8.8:53 | usuuoaqwmogs.com | udp |
| US | 8.8.8.8:53 | soiquuco.com | udp |
| US | 8.8.8.8:53 | rvazsyttv.org | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | pcdktuccd.org | udp |
| US | 8.8.8.8:53 | ityfkkll.net | udp |
| US | 8.8.8.8:53 | umteqyv.info | udp |
| US | 8.8.8.8:53 | rdvxbx.info | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | rirrxb.net | udp |
| US | 8.8.8.8:53 | irviec.net | udp |
| US | 8.8.8.8:53 | igkkoaigowgq.com | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | gpzctxjd.info | udp |
| US | 8.8.8.8:53 | flrcluhcrhlb.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe
| MD5 | 01a2a904d402f5b4e604bf16bf06c0f6 |
| SHA1 | 8aac8a223064dc6385dbdf037ee25c273d52e10d |
| SHA256 | 486ed7fb3cdc250cfbdbcd1ec6b41164c2c378f441a53824007fd6e56ae11c0a |
| SHA512 | 76317a835951d1a9d064a4e0b53fc0928df4415ddb8e93fd9d8578b001dbf208adbaae4ea4a69d0011d7cb461d2a48372aa666a2be9280985d7ca14384714ed8 |
C:\Users\Admin\AppData\Local\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | e9e3881bb492144d951a5bd904ff7b26 |
| SHA1 | d5456713c1e8101e31a7852cdc52bbcd1347c116 |
| SHA256 | 3744f46a78fdba958405b21b5bd7694049fe845579908c06a8b7c301693baa85 |
| SHA512 | bb75139b59523b889ce66aa703e0fd597e152a4ccb0f4c882bc205e55089ef5b3b9293be3d6e6ea7f73d84f4f0069d492013caebbb9afa3b9d8f24ce3c14e89e |
C:\Users\Admin\AppData\Local\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco
| MD5 | 6fc24ee2d1a8b8f9fc2bbb8f841addde |
| SHA1 | 03985648cab5f11e24e9c0b7c1431fde5674fdc9 |
| SHA256 | a941a85fb31eb8b5d8931942fd2877b3131cfda028515ce3f86f3c42e0034e5f |
| SHA512 | 83f60fafab1e2f68f918466b00460740fcc9e4b41f5e41d69f36886743ec664351980a11d1e341e6347f8991d584a989413530ac3baef68d1f93e47ccf09beda |
C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | a1bf25baeb5904dc2188d224b2b959f7 |
| SHA1 | 6844041f2b85d76e2da8b8f24e99ae0bc660496c |
| SHA256 | ef4b3b44ff1cb5d337b4fd6c70c3a72f2b187914a0f6a29184908bbb7d28cd8c |
| SHA512 | 590520408973e52e86482c35a704adbc2c6a28098a1e412783656e8fe8077f697f26f748072a6b2a2f15d75d85771608e9e529fe075120247547587561d8b488 |
C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | d2597ad953a76469d6557a9708bd2423 |
| SHA1 | ba8a7b90db325c22fe9507d03a9c227044fe3283 |
| SHA256 | 732bb11f2a645e8f94e63d56b64e659b3d16aff7da240a9973887678893de5b7 |
| SHA512 | 2b34a7bce079711847a62de3ef3d6c7ea4ac79719a4087ca382dce8174871781abc77b9d17693ce5bb780575db334ce2a9043808d2b0228c1c6fada1ccb8da3c |
C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | bea61c38bfa7979e53fd677aef8f7c8a |
| SHA1 | 4dcbe954af3b00f5ec2fd70f8fc839c0d72a5ddd |
| SHA256 | e6dc0b4f7f1d7b93347adbbbad54664e764f12ab7dd26c86cb73e48f7f53e06c |
| SHA512 | 0b52105fb7dceccc3ff9a7b4cf6f9d4dc2abad694ecf95ffb2e2b97b1ebd5bf84cc97a25ecb14a46f4aeebabdc283a5c43634a9853c57c4849cab7e462955809 |
C:\Users\Admin\AppData\Local\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | 280df886c0f2e32828a1ecbb47509894 |
| SHA1 | 97292103905ff68dc23dae3289b410ec3c858444 |
| SHA256 | 221b47fe360a400f4e897f86eb9e6c14a19173e44650d6e8ea60953952a7b6f7 |
| SHA512 | 4af1406e6e66fbf1800466492ccc9529685abfa69f7fed4fe811a9f6f62b7940242be495bc73b0e485aea508535d24a021f9f88cf8d96ea7164fe081041a6fa9 |
C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | 7874a1a7af170ccc796ffed2fd42a9e3 |
| SHA1 | 88f06da247fe2fbe8227e97a6e98413430066c9c |
| SHA256 | 236aebd67be3cd23c0ae2444a97080265fbe624774ec83eaacb959899232ffa5 |
| SHA512 | 0ee80eca10c22bdbb521ea038b6164054ff77a295dab739c10854b3a2a49e06872ed6aacd04ef111eeae71022a1270de83a9f8d546a584bcd6fad7da8c1aac70 |
C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | 8efb6bde9b5b8df1ce03c8dd5d7afe4f |
| SHA1 | 4bf9cf6eb453785e31b30d11b1f3791d325d982f |
| SHA256 | d043c20f9f53bf82fa8867742c0037038f479824657ca495afa7174f65c0c8a4 |
| SHA512 | 57439df05adeb4bc759f66c9be7973abe2d2e9e8053f650368aa66bbd76b688a5e00ab47fe102077a624212a92e6e5d7bc31a876ae64930c3d29e3d6d9cf933d |
C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb
| MD5 | 2421d5ca5dc3356bf89178d2ff77100e |
| SHA1 | de93fa10c0ef21e81e3db52dad391950e810d933 |
| SHA256 | 6543372712a82721a45aa6ae564586b87818f28db3947428214d6707cf845883 |
| SHA512 | f05c09c5f9bc24cce627114383fa522eb26da1abe808d39073285a5bbbb03356c817abf0b75eca9a30cbbdfb045e2c7746bad960ecb4d0c1068a192b091c687f |