Malware Analysis Report

2025-08-10 16:32

Sample ID 250412-a7dnzatsfw
Target JaffaCakes118_b08d498e51aef841f6c272ad42e9a028
SHA256 cf415e21ed6dee9713e1c4687e77a6034b0792bdc8dee245b3eeb900278552b5
Tags
worm pykspa defense_evasion discovery persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cf415e21ed6dee9713e1c4687e77a6034b0792bdc8dee245b3eeb900278552b5

Threat Level: Known bad

The file JaffaCakes118_b08d498e51aef841f6c272ad42e9a028 was found to be: Known bad.

Malicious Activity Summary

worm pykspa defense_evasion discovery persistence privilege_escalation trojan

UAC bypass

Modifies WinLogon for persistence

Pykspa

Pykspa family

Detect Pykspa worm

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Executes dropped EXE

Checks computer location settings

Impair Defenses: Safe Mode Boot

Checks whether UAC is enabled

Adds Run key to start application

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-12 00:50

Signatures

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A

Pykspa family

pykspa

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-12 00:50

Reported

2025-04-12 00:53

Platform

win10v2004-20250410-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "kcbpevveappcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "kcbpevveappcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkafltkkx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myrzitnqgpjq = "ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "icdtkdfqofhwbozbebey.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "xsuldxamldgwcqcfjhlgi.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "xsuldxamldgwcqcfjhlgi.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "bsqdrhgojxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "kcbpevveappcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "ukhtgvtauhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "kcbpevveappcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "ukhtgvtauhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "kcbpevveappcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "bsqdrhgojxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "kcbpevveappcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "icdtkdfqofhwbozbebey.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "xsuldxamldgwcqcfjhlgi.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "voodtlmwtjkycoyzbxz.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukhtgvtauhfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "ukhtgvtauhfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lysblxswnxsay = "bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcbpevveappcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\paszhrkmbjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsuldxamldgwcqcfjhlgi.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\voodtlmwtjkycoyzbxz.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pealxliohtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mavfqdzewhdmls = "xsuldxamldgwcqcfjhlgi.exe ." C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icdtkdfqofhwbozbebey.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukhtgvtauhfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uevbirjkyf = "bsqdrhgojxwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\zaifddmejhqmysktdhrsaxv.ewb C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File created C:\Windows\SysWOW64\zaifddmejhqmysktdhrsaxv.ewb C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File opened for modification C:\Windows\SysWOW64\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File created C:\Windows\SysWOW64\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File created C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File opened for modification C:\Program Files (x86)\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File created C:\Program Files (x86)\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\zaifddmejhqmysktdhrsaxv.ewb C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File created C:\Windows\zaifddmejhqmysktdhrsaxv.ewb C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File opened for modification C:\Windows\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
File created C:\Windows\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b08d498e51aef841f6c272ad42e9a028.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe

"C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe" "-"

C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe

"C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe" "-"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukhtgvtauhfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icdtkdfqofhwbozbebey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c voodtlmwtjkycoyzbxz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukhtgvtauhfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsqdrhgojxwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcbpevveappcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsuldxamldgwcqcfjhlgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\voodtlmwtjkycoyzbxz.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.ebay.com udp
GB 104.96.173.155:80 www.ebay.com tcp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 ymlhzszcahti.info udp
US 8.8.8.8:53 bujvmqckpkr.org udp
US 8.8.8.8:53 eyjuteq.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 strktn.info udp
US 8.8.8.8:53 ssahcvvgt.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 ciiuyymq.org udp
US 8.8.8.8:53 pubpfnxqhf.info udp
US 8.8.8.8:53 empksj.info udp
US 8.8.8.8:53 uuygdio.info udp
US 8.8.8.8:53 gigioockka.org udp
US 8.8.8.8:53 vwspeodaertl.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 acqsmaupb.info udp
US 8.8.8.8:53 zszzrfa.org udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 prlhyjtiai.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 mioyqawqukgw.com udp
US 8.8.8.8:53 oceevmfnm.info udp
US 8.8.8.8:53 epwxjv.net udp
US 8.8.8.8:53 jfetifqilzae.info udp
US 8.8.8.8:53 umvkrgy.net udp
US 8.8.8.8:53 xwzepijqzuk.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 nutcshcm.net udp
US 8.8.8.8:53 kusjuiegm.net udp
US 8.8.8.8:53 uekiaeei.org udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 hsiuljrepky.org udp
US 8.8.8.8:53 kmttderiywt.info udp
US 8.8.8.8:53 tyfptmtvu.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 imucqousmw.com udp
US 8.8.8.8:53 tdrcjvvxxe.info udp
US 8.8.8.8:53 vblbzf.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 zvwqdsg.com udp
US 8.8.8.8:53 neskryqmfkt.net udp
US 8.8.8.8:53 uqvzwv.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 wbrytqxqx.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 xwdcvofbdex.org udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 ajtglruabkn.net udp
US 8.8.8.8:53 wotgtzr.net udp
US 8.8.8.8:53 mjpsztsvn.net udp
US 8.8.8.8:53 vcripxv.com udp
US 8.8.8.8:53 ddvhwwpd.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 kasykc.org udp
US 8.8.8.8:53 gmwyimaw.com udp
US 8.8.8.8:53 hjnmif.info udp
US 8.8.8.8:53 poxjlh.info udp
US 8.8.8.8:53 vixridxycnr.info udp
US 8.8.8.8:53 aunvdyxbcyzx.info udp
US 8.8.8.8:53 sjmqitic.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 iwnqlznae.net udp
US 8.8.8.8:53 potsrqrab.info udp
US 8.8.8.8:53 zspepgn.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 fqldtv.info udp
US 8.8.8.8:53 ptjwsclmvfp.info udp
US 8.8.8.8:53 msaowecwkqak.org udp
US 8.8.8.8:53 bfdhbjrhlz.net udp
US 8.8.8.8:53 maifdqqczqgo.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 zxutaw.info udp
US 8.8.8.8:53 ijfeshvsl.info udp
US 8.8.8.8:53 onoqsami.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 dqrityq.org udp
US 8.8.8.8:53 ihnyiwnhmi.net udp
US 8.8.8.8:53 reydljxe.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 uuuymi.org udp
US 8.8.8.8:53 jwlkppss.net udp
US 8.8.8.8:53 xyckcgzcxgj.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 putxkzsdounr.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 hoygpbs.net udp
US 8.8.8.8:53 xibwutd.info udp
US 8.8.8.8:53 ykkqau.org udp
US 8.8.8.8:53 qqisgqig.com udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 wsuilddiwoq.net udp
US 8.8.8.8:53 hthvwb.info udp
US 8.8.8.8:53 skvvhgfkh.net udp
US 8.8.8.8:53 uwwkqaqc.org udp
US 8.8.8.8:53 tmrapdfykgt.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 vnzmxshlzc.info udp
US 8.8.8.8:53 huglug.info udp
US 8.8.8.8:53 yuskuq.org udp
US 8.8.8.8:53 wbmazxysrp.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 gauwmi.org udp
US 8.8.8.8:53 zbvmvudht.info udp
US 8.8.8.8:53 tejwjcqvx.net udp
US 8.8.8.8:53 utrefuvrlpl.info udp
US 8.8.8.8:53 ouxbxxzexkf.net udp
US 8.8.8.8:53 qfrequju.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 nftobcovl.info udp
US 8.8.8.8:53 juwefqs.com udp
US 8.8.8.8:53 eycqolruptj.net udp
US 8.8.8.8:53 aifgscmbd.net udp
US 8.8.8.8:53 sypkrovon.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 qmwytutmwwf.net udp
US 8.8.8.8:53 eebwblpxasjd.net udp
US 8.8.8.8:53 akkatktshuw.info udp
US 8.8.8.8:53 qubslmnsd.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 xjykdox.org udp
US 8.8.8.8:53 libkzyhemgc.org udp
US 8.8.8.8:53 odcmkej.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 xlqsfgzuf.info udp
US 8.8.8.8:53 jghtbf.info udp
US 8.8.8.8:53 makdcinnghj.net udp
US 8.8.8.8:53 wsbmwn.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 zmhfriszd.com udp
US 8.8.8.8:53 dybqtuv.org udp
US 8.8.8.8:53 dzgxlmn.org udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 isguugwogo.com udp
US 8.8.8.8:53 pvjfvynqjpcv.net udp
US 8.8.8.8:53 omiuuyco.com udp
US 8.8.8.8:53 gsaieweo.org udp
US 8.8.8.8:53 fkdqrueqjsj.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 ivbgppuluc.net udp
US 8.8.8.8:53 xznstfqekcl.net udp
US 8.8.8.8:53 ogagoauymkgi.org udp
US 8.8.8.8:53 fsdirfp.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 hrbgyd.info udp
US 8.8.8.8:53 uxbhtgf.net udp
US 8.8.8.8:53 dmnaxqeurug.info udp
US 8.8.8.8:53 eiuiuqyc.com udp
US 8.8.8.8:53 wwkomycgqk.org udp
US 8.8.8.8:53 zgvcafvg.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 rswyleo.net udp
US 8.8.8.8:53 yclmvrysb.info udp
US 8.8.8.8:53 iktohktzlkp.info udp
US 8.8.8.8:53 yxxxnh.net udp
US 8.8.8.8:53 gdqffi.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 hsrvxsz.net udp
US 8.8.8.8:53 usaqkiwsec.com udp
US 8.8.8.8:53 tsnklkwun.net udp
US 8.8.8.8:53 dirmxwx.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 zedjdhur.net udp
US 8.8.8.8:53 bgkojvy.org udp
US 8.8.8.8:53 fubzcmrvxf.info udp
US 8.8.8.8:53 gbdsch.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 jcrmmizktkn.com udp
US 8.8.8.8:53 hmsmlcl.net udp
US 8.8.8.8:53 kndawsbglp.net udp
US 8.8.8.8:53 gxqhelneby.net udp
US 8.8.8.8:53 rztulhfslluv.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 jgvyznb.org udp
US 8.8.8.8:53 pivgdurieqr.org udp
US 8.8.8.8:53 myimgstwv.net udp
US 8.8.8.8:53 amlezawffmh.info udp
US 8.8.8.8:53 euwqeo.org udp
US 8.8.8.8:53 wcpsbwjqop.net udp
US 8.8.8.8:53 lkujumvx.net udp
US 8.8.8.8:53 lxydniqt.net udp
US 8.8.8.8:53 zltojpow.net udp
US 8.8.8.8:53 lltejndirap.org udp
US 8.8.8.8:53 mmjhyrpijgl.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 nkaoghxqhtt.org udp
US 8.8.8.8:53 aqxydtrusib.net udp
US 8.8.8.8:53 ttgkfxtwe.info udp
US 8.8.8.8:53 krlvfgjul.info udp
US 8.8.8.8:53 pxqlwjpsvw.info udp
US 8.8.8.8:53 jqxatal.org udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 maderaj.info udp
US 8.8.8.8:53 lbigex.info udp
US 8.8.8.8:53 uqkusqwymu.org udp
US 8.8.8.8:53 virzfozihofs.info udp
US 8.8.8.8:53 jncumop.info udp
US 8.8.8.8:53 zjkvjlwdyjxn.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 mcqmyeccgq.org udp
US 8.8.8.8:53 xyxufczgdcd.info udp
US 8.8.8.8:53 iyzpzp.net udp
US 8.8.8.8:53 owmdzmmd.net udp
US 8.8.8.8:53 gseskyiegw.com udp
US 8.8.8.8:53 dltkbekaz.info udp
US 8.8.8.8:53 xfbpupbj.net udp
US 8.8.8.8:53 zzyihet.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 tzpjikgmwcii.info udp
US 8.8.8.8:53 awuarqw.info udp
US 8.8.8.8:53 hohtpyrgno.net udp
US 8.8.8.8:53 utwnjxrd.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 lgzyxip.net udp
US 8.8.8.8:53 xgxyducqbua.info udp
US 8.8.8.8:53 nythtwmk.net udp
US 8.8.8.8:53 jmezhmh.org udp
US 8.8.8.8:53 rorhfuxce.info udp
US 8.8.8.8:53 nsjrws.net udp
US 8.8.8.8:53 jymepkz.net udp
US 8.8.8.8:53 sqiquiowwmgw.org udp
US 8.8.8.8:53 uzllvkkywz.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 daljqkres.com udp
US 8.8.8.8:53 sfqrnb.net udp
US 8.8.8.8:53 wacumgsyiq.org udp
US 8.8.8.8:53 rpojivri.info udp
US 8.8.8.8:53 vawjwzlxhs.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 icxklimgn.info udp
US 8.8.8.8:53 tdppde.info udp
US 8.8.8.8:53 necvcsfv.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 rwgezch.org udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jnuqgsaxui.net udp
US 8.8.8.8:53 iomcmimaugga.org udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 kamzji.net udp
US 8.8.8.8:53 rakbogoo.net udp
US 8.8.8.8:53 drfpftfy.info udp
US 8.8.8.8:53 auakmisq.com udp
US 8.8.8.8:53 kwdwzil.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 htzodqnpsoc.info udp
US 8.8.8.8:53 xrcoyxgcti.net udp
US 8.8.8.8:53 gssios.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 bxjaeyrujow.org udp
US 8.8.8.8:53 mocoet.net udp
US 8.8.8.8:53 iyaoks.org udp
US 8.8.8.8:53 xcoogiyut.info udp
US 8.8.8.8:53 ncykjbbsjis.org udp
US 8.8.8.8:53 hjoqieb.org udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 zwfgewr.com udp
US 8.8.8.8:53 xjhmoya.net udp
US 8.8.8.8:53 yxkmzadvvd.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 eeyeyeucwi.com udp
US 8.8.8.8:53 wcqcsyocuaci.com udp
US 8.8.8.8:53 mmmiecgssuuu.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 xfdnihor.net udp
US 8.8.8.8:53 zpfeuykdvzvu.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 wuecmu.org udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 ggxotuowijoh.net udp
US 8.8.8.8:53 joruyszkp.net udp
US 8.8.8.8:53 gkgafzhegffd.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 gaawicqosikk.com udp
US 8.8.8.8:53 ncrubnfxv.org udp
US 8.8.8.8:53 omhdgvebpnp.net udp
US 8.8.8.8:53 ramwrw.net udp
US 8.8.8.8:53 pyekumwryg.net udp
US 8.8.8.8:53 lelimqma.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 plplqrxe.info udp
US 8.8.8.8:53 pynwxvk.com udp
US 8.8.8.8:53 iukubsb.info udp
US 8.8.8.8:53 hpincwhqlmm.com udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 bwjjjprcd.net udp
US 8.8.8.8:53 uvlqnavywuh.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 vmpyfstqoes.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 eepgxnp.info udp
US 8.8.8.8:53 lytuzslnsetb.net udp
US 8.8.8.8:53 kunwoml.net udp
US 8.8.8.8:53 takbkggddl.info udp
US 8.8.8.8:53 bvdhuh.info udp
US 8.8.8.8:53 mqlsgknclc.net udp
US 8.8.8.8:53 jlftdoty.info udp
US 8.8.8.8:53 gaxqssrcqeu.info udp
US 8.8.8.8:53 vndmmln.org udp
US 8.8.8.8:53 wwfakhnen.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 fmhxaghunao.net udp
US 8.8.8.8:53 gmkamscq.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 uimrpt.info udp
US 8.8.8.8:53 zwxkzebevez.net udp
US 8.8.8.8:53 vqvjjqu.info udp
US 8.8.8.8:53 tmnqzkl.info udp
US 8.8.8.8:53 iocoyqyiiecy.com udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 pcmdafotrwqv.net udp
US 8.8.8.8:53 hdpeknb.com udp
US 8.8.8.8:53 aiynpwlmk.info udp
US 8.8.8.8:53 mfgojui.net udp
US 8.8.8.8:53 nbfzrd.net udp
US 8.8.8.8:53 dippnt.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 aixinwlydycj.net udp
US 8.8.8.8:53 rpphlszh.net udp
US 8.8.8.8:53 wnqinjjazv.info udp
US 8.8.8.8:53 ztnjrdfe.info udp
US 8.8.8.8:53 umxffeziz.net udp
US 8.8.8.8:53 cjmcjprl.net udp
US 8.8.8.8:53 jnbphmrj.net udp
US 8.8.8.8:53 uumcwq.org udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 ethcdwju.net udp
US 8.8.8.8:53 uhcbicgt.net udp
US 8.8.8.8:53 vimmzeshb.org udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 fqlgigzanfx.net udp
US 8.8.8.8:53 yafazxekk.net udp
US 8.8.8.8:53 kappik.net udp
US 8.8.8.8:53 pakkghdfnc.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 rtrjjcuqz.net udp
US 8.8.8.8:53 nvhmjklvlutg.info udp
US 8.8.8.8:53 sagkmevwz.info udp
US 8.8.8.8:53 pmttdh.net udp
US 8.8.8.8:53 ksdjjli.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 zhnodqbnkec.com udp
US 8.8.8.8:53 rtdtrsenu.info udp
US 8.8.8.8:53 rciepom.net udp
US 8.8.8.8:53 xmryzbzse.com udp
US 8.8.8.8:53 sufioiuvgjgg.net udp
US 8.8.8.8:53 ihcdduiyigvf.info udp
US 8.8.8.8:53 bvfebbys.info udp
US 8.8.8.8:53 ymfqvfmari.net udp
US 8.8.8.8:53 lgzjmbzi.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 shysnqpgx.info udp
US 8.8.8.8:53 hvzpnczl.net udp
US 8.8.8.8:53 dsprkx.info udp
US 8.8.8.8:53 fgrxzs.info udp
US 8.8.8.8:53 jkmfqu.net udp
US 8.8.8.8:53 zhvivltg.info udp
US 8.8.8.8:53 tqpngkjep.info udp
US 8.8.8.8:53 kwsamm.org udp
US 8.8.8.8:53 bqhrmpnwgpxn.info udp
US 8.8.8.8:53 ryzirsf.com udp
US 8.8.8.8:53 guoqcgykiy.org udp
US 8.8.8.8:53 vyklbwhog.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 gipjjazqb.info udp
US 8.8.8.8:53 jilcfuzqs.net udp
US 8.8.8.8:53 ygitbvywt.net udp
US 8.8.8.8:53 wspvxvekjjh.info udp
US 8.8.8.8:53 zktwdudhp.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 rtfwrwfzbqdb.net udp
US 8.8.8.8:53 auceksug.org udp
US 8.8.8.8:53 kwkmqwumuo.org udp
US 8.8.8.8:53 zkyybwtgxtz.com udp
US 8.8.8.8:53 wyzbvqv.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 xypwqcn.org udp
US 8.8.8.8:53 dbncii.net udp
US 8.8.8.8:53 ugvutdl.info udp
US 8.8.8.8:53 zldmqpreajyk.info udp
US 8.8.8.8:53 ahfbsbgslo.info udp
US 8.8.8.8:53 zbtsdqgtx.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 dwumhixse.com udp
US 8.8.8.8:53 wsgmdwoujim.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 wqdpfqxhkj.net udp
US 8.8.8.8:53 dvfqxnsetrop.info udp
US 8.8.8.8:53 hipbhsd.info udp
US 8.8.8.8:53 sckesnurnx.net udp
US 8.8.8.8:53 xbwwqgnvlphu.net udp
US 8.8.8.8:53 bqrybgpnh.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 djhbcajkb.com udp
US 8.8.8.8:53 qxnwvyvxzgg.net udp
US 8.8.8.8:53 yitkhadirsz.info udp
US 8.8.8.8:53 ospuihkkd.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 hcfzywtjek.net udp
US 8.8.8.8:53 zylmffrmdat.org udp
US 8.8.8.8:53 zmvugin.com udp
US 8.8.8.8:53 hdaebkvpdwk.org udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 hdrojetcplwk.info udp
US 8.8.8.8:53 bexfen.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 lefpjxvjpvr.com udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 qmftox.info udp
US 8.8.8.8:53 foacxwmuoml.info udp
US 8.8.8.8:53 yepaieofj.net udp
US 8.8.8.8:53 thkabe.info udp
US 8.8.8.8:53 goqaeowege.org udp
US 8.8.8.8:53 kitylpegl.net udp
US 8.8.8.8:53 ggpiffpcumw.net udp
US 8.8.8.8:53 gxfwdoe.info udp
US 8.8.8.8:53 euygxsc.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 feridkhfoih.org udp
US 8.8.8.8:53 hdpsznys.info udp
US 8.8.8.8:53 lyzwthn.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 dgzajkfsr.info udp
US 8.8.8.8:53 fvvwcddmqyj.net udp
US 8.8.8.8:53 sytsclb.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 vvxgtshojhx.net udp
US 8.8.8.8:53 fgkkjen.info udp
US 8.8.8.8:53 ayjmlsuzef.net udp
US 8.8.8.8:53 ukhuermxbb.net udp
US 8.8.8.8:53 kyuiyoiawmek.com udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 edzsvokhac.info udp
US 8.8.8.8:53 ugnihavkgwj.net udp
US 8.8.8.8:53 ibeiytuc.net udp
US 8.8.8.8:53 hwevpubxalhk.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 yiagwq.com udp
US 8.8.8.8:53 qhnodlabsasc.net udp
US 8.8.8.8:53 ygsgosao.org udp
US 8.8.8.8:53 odtczrbvx.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 kfgwxdbc.info udp
US 8.8.8.8:53 jenldzvesrjm.net udp
US 8.8.8.8:53 dwilkmnoblgi.info udp
US 8.8.8.8:53 wdlkzmx.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 impwlr.info udp
US 8.8.8.8:53 gfajewxxuap.net udp
US 8.8.8.8:53 xlhsxpal.net udp
US 8.8.8.8:53 dqvykb.info udp
US 8.8.8.8:53 lialgp.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 vfvhvg.info udp
US 8.8.8.8:53 yygsguye.com udp
US 8.8.8.8:53 qeimekic.org udp
US 8.8.8.8:53 rkmmvddznczu.info udp
US 8.8.8.8:53 dobbnleh.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 vejaxyfaj.com udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 gprdmknfpwtu.info udp
US 8.8.8.8:53 qjlryr.net udp
US 8.8.8.8:53 axcseai.info udp
US 8.8.8.8:53 pmvgutd.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ltfveargiv.info udp
US 8.8.8.8:53 socvcyhix.net udp
US 8.8.8.8:53 vkxrfsjadnv.info udp
US 8.8.8.8:53 sftofvwx.info udp
US 8.8.8.8:53 yyckugqcea.org udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 ogaqgozel.net udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 gcqehga.info udp
US 8.8.8.8:53 gfjrwlnhoy.net udp
US 8.8.8.8:53 zjbkbnv.net udp
US 8.8.8.8:53 siznmshylop.info udp
US 8.8.8.8:53 uounvcvyiikp.info udp
US 8.8.8.8:53 gylxwrhfxw.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 sivcusbjayt.net udp
US 8.8.8.8:53 ctekjre.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 lcggjepfhgj.com udp
US 8.8.8.8:53 iqhyyqiwog.info udp
US 8.8.8.8:53 zsrzjs.info udp
US 8.8.8.8:53 icewqc.org udp
US 8.8.8.8:53 tofuanbxf.com udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 roxkjgncp.com udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 ignheigjhf.info udp
US 8.8.8.8:53 dupygjtzh.com udp
US 8.8.8.8:53 agvalyxwb.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 zisocq.net udp
US 8.8.8.8:53 yuforee.net udp
US 8.8.8.8:53 mkcmqy.org udp
US 8.8.8.8:53 xjjvwyumcfjs.info udp
US 8.8.8.8:53 yzxkjxsriqss.info udp
US 8.8.8.8:53 xklsrjorvup.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 jybklt.net udp
US 8.8.8.8:53 htexdvwy.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 gfbghhhmko.net udp
US 8.8.8.8:53 xojplj.net udp
US 8.8.8.8:53 kuquss.org udp
US 8.8.8.8:53 iysmousi.org udp
US 8.8.8.8:53 ceogfzpu.info udp
US 8.8.8.8:53 cwbcbnfze.net udp
US 8.8.8.8:53 vsvbneh.org udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 xcjnhzbpzts.com udp
US 8.8.8.8:53 qwtsxoh.net udp
US 8.8.8.8:53 mkgsaosgakqw.com udp
US 8.8.8.8:53 oszfxvfnoeuz.info udp
US 8.8.8.8:53 euuemsma.com udp
US 8.8.8.8:53 fqsvtxyl.info udp
US 8.8.8.8:53 ioqkekkemcua.org udp
US 8.8.8.8:53 ydygzbgv.info udp
US 8.8.8.8:53 xlhmbzthuobp.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 hbzvslsl.info udp
US 8.8.8.8:53 vsrstvnlx.net udp
US 8.8.8.8:53 rvnnsqkqly.net udp
US 8.8.8.8:53 imfgfyu.net udp
US 8.8.8.8:53 bcfgpkiwn.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 tgrytityr.com udp
US 8.8.8.8:53 bqcunepoz.info udp
US 8.8.8.8:53 oqlzsgswz.info udp
US 8.8.8.8:53 zqimythgyo.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 bifnoqjdd.net udp
US 8.8.8.8:53 vvgssb.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 gmfshgs.net udp
US 8.8.8.8:53 saeumw.com udp
US 8.8.8.8:53 ckshfdip.net udp
US 8.8.8.8:53 gbfkdhf.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 ewsycoj.info udp
US 8.8.8.8:53 volqoklyi.info udp
US 8.8.8.8:53 mtisryt.info udp
US 8.8.8.8:53 wnyxkvmzcc.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 fubimgtbdmgj.net udp
US 8.8.8.8:53 jgfgjwd.com udp
US 8.8.8.8:53 vlzzdlei.net udp
US 8.8.8.8:53 dqdviah.net udp
US 8.8.8.8:53 hfjpblwdys.info udp
US 8.8.8.8:53 oqwvlyxqzvr.info udp
US 8.8.8.8:53 zcpgclt.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 dewwytpgb.net udp
US 8.8.8.8:53 yumdhsjidtv.info udp
US 8.8.8.8:53 kvnwwkoxhm.net udp
US 8.8.8.8:53 goqicc.com udp
US 8.8.8.8:53 larkffu.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 linlpmzk.info udp
US 8.8.8.8:53 dheayz.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 cmvglfrue.info udp
US 8.8.8.8:53 cgsgwbkbmgsd.info udp
US 8.8.8.8:53 dnztafukzpmz.net udp
US 8.8.8.8:53 xcnuub.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 bdhsmhhs.net udp
US 8.8.8.8:53 nmuaui.info udp
US 8.8.8.8:53 ooumtoudhlt.net udp
US 8.8.8.8:53 ekpjtgbmfac.info udp
US 8.8.8.8:53 gnrccz.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 yukvtu.info udp
US 8.8.8.8:53 pjppqydg.net udp
US 8.8.8.8:53 qexqldltxfpp.info udp
US 8.8.8.8:53 jihkrmtrg.net udp
US 8.8.8.8:53 aoumsmcuys.com udp
US 8.8.8.8:53 xeggrtbl.info udp
US 8.8.8.8:53 kplgrynocgv.net udp
US 8.8.8.8:53 fwhhgqvzmz.net udp
US 8.8.8.8:53 ewkwqikasi.com udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 gobasmmwa.net udp
US 8.8.8.8:53 yolytmybtaf.info udp
US 8.8.8.8:53 pcghcks.org udp
US 8.8.8.8:53 narkjclkaqy.net udp
US 8.8.8.8:53 wfvjvaboxnet.info udp
US 8.8.8.8:53 lszfrmupqm.info udp
US 8.8.8.8:53 ggspdezvi.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 xindncv.org udp
US 8.8.8.8:53 uugcwc.org udp
US 8.8.8.8:53 knqcknzye.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 fkpqxkmkdyrp.net udp
US 8.8.8.8:53 ulrpvguioqtz.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 cgazfnpshka.net udp
US 8.8.8.8:53 pwtbad.net udp
US 8.8.8.8:53 esxsncqymcz.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 vyyvzox.org udp
US 8.8.8.8:53 vwehltdiagi.org udp
US 8.8.8.8:53 cgaaqprr.net udp
US 8.8.8.8:53 ztdwmeuasv.net udp
US 8.8.8.8:53 mipwylhuryd.info udp
US 8.8.8.8:53 jmdefiz.com udp
US 8.8.8.8:53 ibguwzrpsr.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 cqgmwwmasmwk.com udp
US 8.8.8.8:53 omccemsemi.com udp
US 8.8.8.8:53 myaseqsgqi.com udp
US 8.8.8.8:53 kgecci.com udp
US 8.8.8.8:53 aknkduksh.net udp
US 8.8.8.8:53 koedfzaojfhy.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 iylnzffs.net udp
US 8.8.8.8:53 egpvqkpep.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 aaugcoassaqa.com udp
US 8.8.8.8:53 tyloyuiqxkb.com udp
US 8.8.8.8:53 rlwziqfimw.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 wmwyeq.org udp
US 8.8.8.8:53 vitqolnkres.com udp
US 8.8.8.8:53 ookquaom.com udp
US 8.8.8.8:53 gklfnpw.net udp
US 8.8.8.8:53 ehcdlynnyhk.net udp
US 8.8.8.8:53 wmuycycs.com udp
US 8.8.8.8:53 rmwfbdlzewlx.info udp
US 8.8.8.8:53 zbnbjkhx.net udp
US 8.8.8.8:53 fcrjoetqcmdc.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 poruwgfmxon.com udp
US 8.8.8.8:53 teqpobkeoo.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 ciemaqyamg.com udp
US 8.8.8.8:53 mqgwcvpojezz.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 tuwwlppqpfxy.info udp
US 8.8.8.8:53 xsafaxjp.net udp
US 8.8.8.8:53 owcuomak.com udp
US 8.8.8.8:53 zqbmewe.org udp
US 8.8.8.8:53 ryqvqrpiajqn.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 tudgihlrvori.info udp
US 8.8.8.8:53 miauwzsl.info udp
US 8.8.8.8:53 ifkfdbxyjz.info udp
US 8.8.8.8:53 fgrwpoj.com udp
US 8.8.8.8:53 zpgnvb.info udp
US 8.8.8.8:53 cwpklvuul.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 oeaipvjwnsb.net udp
US 8.8.8.8:53 tpqqzfsz.net udp
US 8.8.8.8:53 qnjiwrbvrau.info udp
US 8.8.8.8:53 neteddft.net udp
US 8.8.8.8:53 uyyeguiyiyea.org udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 kkmmya.com udp
US 8.8.8.8:53 iivezkiyr.net udp
US 8.8.8.8:53 kxdxnojehx.info udp
US 8.8.8.8:53 jrdrptnueg.info udp
US 8.8.8.8:53 bvfilanwe.info udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 wofmlar.net udp
US 8.8.8.8:53 ynrlhm.info udp
US 8.8.8.8:53 pgfsxw.info udp
US 8.8.8.8:53 prmyteuwqsn.com udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 pnvcfylbkw.net udp
US 8.8.8.8:53 jkorfkfeb.net udp
US 8.8.8.8:53 jusmkidql.com udp
US 8.8.8.8:53 gwmseywyyuyk.com udp
US 8.8.8.8:53 qbhezq.net udp
US 8.8.8.8:53 swwsieka.com udp
US 8.8.8.8:53 xqmlxlnjsxbw.net udp
US 8.8.8.8:53 tajwfki.com udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 qiousyqmesog.org udp
US 8.8.8.8:53 mmtypydkbwn.info udp
US 8.8.8.8:53 kfjhty.net udp
US 8.8.8.8:53 mmiwmyca.com udp
US 8.8.8.8:53 iglullxcx.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 esqyaqqqwe.com udp
US 8.8.8.8:53 kgcfdgjazrul.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 vrxcaymsrmid.info udp
US 8.8.8.8:53 ecgkeuyquywq.org udp
US 8.8.8.8:53 aqimac.org udp
US 8.8.8.8:53 fbnqdjdf.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 pmkwkvnzjk.info udp
US 8.8.8.8:53 ocbgbcx.net udp
US 8.8.8.8:53 zgggqf.net udp
US 8.8.8.8:53 ovadnsaktt.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 hanwvuw.org udp
US 8.8.8.8:53 tmznvhdlhock.net udp
US 8.8.8.8:53 wadcuzzlrlnh.net udp
US 8.8.8.8:53 jgjnfepmnsbz.info udp
US 8.8.8.8:53 wwplfeegvje.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 ugiajytsfaj.net udp
US 8.8.8.8:53 egkkce.org udp
US 8.8.8.8:53 mzvcrcpfysow.info udp
US 8.8.8.8:53 hosibojkdyn.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 jkopiwze.info udp
US 8.8.8.8:53 naxzukxq.net udp
US 8.8.8.8:53 nrariqcgjta.info udp
US 8.8.8.8:53 aokkogqo.org udp
US 8.8.8.8:53 npishzbx.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 kmkmwoaq.com udp
US 8.8.8.8:53 mfyenffynq.info udp
US 8.8.8.8:53 gwrfpgfxi.net udp
US 8.8.8.8:53 nsizcof.info udp
US 8.8.8.8:53 golqbrj.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 lwlfzopaljug.info udp
US 8.8.8.8:53 fqhzlxwrjxpo.net udp
US 8.8.8.8:53 kuyemauc.com udp
US 8.8.8.8:53 ejyuoio.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 sghudtqjlv.net udp
US 8.8.8.8:53 tzloywfjrin.com udp
US 8.8.8.8:53 hopthipoubk.com udp
US 8.8.8.8:53 youuysyqaaue.com udp
US 8.8.8.8:53 ojnmuzmvwodg.info udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 zcknzirosxd.com udp
US 8.8.8.8:53 cuqegy.org udp
US 8.8.8.8:53 byfmqulsvex.net udp
US 8.8.8.8:53 rqrsfmd.com udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 jghqrzqzgfmj.net udp
US 8.8.8.8:53 ypfqzcdit.net udp
US 8.8.8.8:53 tldskzwhqe.info udp
US 8.8.8.8:53 sgrusmfficrp.net udp
US 8.8.8.8:53 axbcqfblepsi.info udp
US 8.8.8.8:53 tmqpoehu.info udp
US 8.8.8.8:53 yyokws.com udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 cbzmpaj.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 wrqreqgvcd.info udp
US 8.8.8.8:53 eiuoqogk.com udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 lodebaz.org udp
US 8.8.8.8:53 spokeyxsl.info udp
US 8.8.8.8:53 syiaju.net udp
US 8.8.8.8:53 kexohiehytn.info udp
US 8.8.8.8:53 uqfculqlf.net udp
US 8.8.8.8:53 ukcyris.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 cbptey.info udp
US 8.8.8.8:53 pqqgdx.net udp
US 8.8.8.8:53 whzqbusjf.net udp
US 8.8.8.8:53 ocshhlmo.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 xlnzhnzp.info udp
US 8.8.8.8:53 xubuhszij.net udp
US 8.8.8.8:53 uupoqaquygl.info udp
US 8.8.8.8:53 fupuhgphvwt.net udp
US 8.8.8.8:53 akqoyugk.com udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 mqkxcmiiwo.info udp
US 8.8.8.8:53 dabnivgxwmvq.net udp
US 8.8.8.8:53 sbdcxyrt.info udp
US 8.8.8.8:53 usuuoaqwmogs.com udp
US 8.8.8.8:53 soiquuco.com udp
US 8.8.8.8:53 rvazsyttv.org udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 pcdktuccd.org udp
US 8.8.8.8:53 ityfkkll.net udp
US 8.8.8.8:53 umteqyv.info udp
US 8.8.8.8:53 rdvxbx.info udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 rirrxb.net udp
US 8.8.8.8:53 irviec.net udp
US 8.8.8.8:53 igkkoaigowgq.com udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 gpzctxjd.info udp
US 8.8.8.8:53 flrcluhcrhlb.info udp

Files

C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\vcqtxds.exe

MD5 01a2a904d402f5b4e604bf16bf06c0f6
SHA1 8aac8a223064dc6385dbdf037ee25c273d52e10d
SHA256 486ed7fb3cdc250cfbdbcd1ec6b41164c2c378f441a53824007fd6e56ae11c0a
SHA512 76317a835951d1a9d064a4e0b53fc0928df4415ddb8e93fd9d8578b001dbf208adbaae4ea4a69d0011d7cb461d2a48372aa666a2be9280985d7ca14384714ed8

C:\Users\Admin\AppData\Local\zaifddmejhqmysktdhrsaxv.ewb

MD5 e9e3881bb492144d951a5bd904ff7b26
SHA1 d5456713c1e8101e31a7852cdc52bbcd1347c116
SHA256 3744f46a78fdba958405b21b5bd7694049fe845579908c06a8b7c301693baa85
SHA512 bb75139b59523b889ce66aa703e0fd597e152a4ccb0f4c882bc205e55089ef5b3b9293be3d6e6ea7f73d84f4f0069d492013caebbb9afa3b9d8f24ce3c14e89e

C:\Users\Admin\AppData\Local\myrzitnqgpjqnsvpkzugzhqbvyoxryvadx.hco

MD5 6fc24ee2d1a8b8f9fc2bbb8f841addde
SHA1 03985648cab5f11e24e9c0b7c1431fde5674fdc9
SHA256 a941a85fb31eb8b5d8931942fd2877b3131cfda028515ce3f86f3c42e0034e5f
SHA512 83f60fafab1e2f68f918466b00460740fcc9e4b41f5e41d69f36886743ec664351980a11d1e341e6347f8991d584a989413530ac3baef68d1f93e47ccf09beda

C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb

MD5 a1bf25baeb5904dc2188d224b2b959f7
SHA1 6844041f2b85d76e2da8b8f24e99ae0bc660496c
SHA256 ef4b3b44ff1cb5d337b4fd6c70c3a72f2b187914a0f6a29184908bbb7d28cd8c
SHA512 590520408973e52e86482c35a704adbc2c6a28098a1e412783656e8fe8077f697f26f748072a6b2a2f15d75d85771608e9e529fe075120247547587561d8b488

C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb

MD5 d2597ad953a76469d6557a9708bd2423
SHA1 ba8a7b90db325c22fe9507d03a9c227044fe3283
SHA256 732bb11f2a645e8f94e63d56b64e659b3d16aff7da240a9973887678893de5b7
SHA512 2b34a7bce079711847a62de3ef3d6c7ea4ac79719a4087ca382dce8174871781abc77b9d17693ce5bb780575db334ce2a9043808d2b0228c1c6fada1ccb8da3c

C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb

MD5 bea61c38bfa7979e53fd677aef8f7c8a
SHA1 4dcbe954af3b00f5ec2fd70f8fc839c0d72a5ddd
SHA256 e6dc0b4f7f1d7b93347adbbbad54664e764f12ab7dd26c86cb73e48f7f53e06c
SHA512 0b52105fb7dceccc3ff9a7b4cf6f9d4dc2abad694ecf95ffb2e2b97b1ebd5bf84cc97a25ecb14a46f4aeebabdc283a5c43634a9853c57c4849cab7e462955809

C:\Users\Admin\AppData\Local\zaifddmejhqmysktdhrsaxv.ewb

MD5 280df886c0f2e32828a1ecbb47509894
SHA1 97292103905ff68dc23dae3289b410ec3c858444
SHA256 221b47fe360a400f4e897f86eb9e6c14a19173e44650d6e8ea60953952a7b6f7
SHA512 4af1406e6e66fbf1800466492ccc9529685abfa69f7fed4fe811a9f6f62b7940242be495bc73b0e485aea508535d24a021f9f88cf8d96ea7164fe081041a6fa9

C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb

MD5 7874a1a7af170ccc796ffed2fd42a9e3
SHA1 88f06da247fe2fbe8227e97a6e98413430066c9c
SHA256 236aebd67be3cd23c0ae2444a97080265fbe624774ec83eaacb959899232ffa5
SHA512 0ee80eca10c22bdbb521ea038b6164054ff77a295dab739c10854b3a2a49e06872ed6aacd04ef111eeae71022a1270de83a9f8d546a584bcd6fad7da8c1aac70

C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb

MD5 8efb6bde9b5b8df1ce03c8dd5d7afe4f
SHA1 4bf9cf6eb453785e31b30d11b1f3791d325d982f
SHA256 d043c20f9f53bf82fa8867742c0037038f479824657ca495afa7174f65c0c8a4
SHA512 57439df05adeb4bc759f66c9be7973abe2d2e9e8053f650368aa66bbd76b688a5e00ab47fe102077a624212a92e6e5d7bc31a876ae64930c3d29e3d6d9cf933d

C:\Program Files (x86)\zaifddmejhqmysktdhrsaxv.ewb

MD5 2421d5ca5dc3356bf89178d2ff77100e
SHA1 de93fa10c0ef21e81e3db52dad391950e810d933
SHA256 6543372712a82721a45aa6ae564586b87818f28db3947428214d6707cf845883
SHA512 f05c09c5f9bc24cce627114383fa522eb26da1abe808d39073285a5bbbb03356c817abf0b75eca9a30cbbdfb045e2c7746bad960ecb4d0c1068a192b091c687f