Analysis Overview
SHA256
1218003efc6c2b220d924d207b0d83fd5d20f3a13102f4495c0ad1e86f5e5bbd
Threat Level: Known bad
The file JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Detect Pykspa worm
Pykspa family
UAC bypass
Adds policy Run key to start application
Disables RegEdit via registry modification
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Checks whether UAC is enabled
Adds Run key to start application
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System policy modification
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-19 01:43
Signatures
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pykspa family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-19 01:43
Reported
2025-04-19 01:45
Platform
win10v2004-20250410-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sbsamygtblc = "xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nthmvejt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "ndbqjcrlarpcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "lddupkbxohhwbozbebhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atumiewtlfgwcqcfjhohi.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "etqewocvjzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etqewocvjzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypoeysidtlkycoyzbxc.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ozscqeodnzsay = "xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "ypoeysidtlkycoyzbxc.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ozscqeodnzsay = "ndbqjcrlarpcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "etqewocvjzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypoeysidtlkycoyzbxc.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etqewocvjzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "ndbqjcrlarpcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypoeysidtlkycoyzbxc.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ozscqeodnzsay = "xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xfvcnyfryh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atumiewtlfgwcqcfjhohi.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atumiewtlfgwcqcfjhohi.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sfamcsevhvqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "ndbqjcrlarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ozscqeodnzsay = "ypoeysidtlkycoyzbxc.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lddupkbxohhwbozbebhz.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "xlhulcphujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pzranajxgrjq = "etqewocvjzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ozscqeodnzsay = "etqewocvjzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbvgvkvlwjdmls = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlhulcphujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\elagqagrx = "atumiewtlfgwcqcfjhohi.exe" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ozscqeodnzsay = "lddupkbxohhwbozbebhz.exe ." | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\bzfcdebdazfalevdmpbzfc.ebd | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File created | C:\Windows\SysWOW64\bzfcdebdazfalevdmpbzfc.ebd | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sbsamygtblcieikdxliriqcowjrbsyuya.nby | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File created | C:\Windows\SysWOW64\sbsamygtblcieikdxliriqcowjrbsyuya.nby | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File created | C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File opened for modification | C:\Program Files (x86)\sbsamygtblcieikdxliriqcowjrbsyuya.nby | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File created | C:\Program Files (x86)\sbsamygtblcieikdxliriqcowjrbsyuya.nby | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\bzfcdebdazfalevdmpbzfc.ebd | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File created | C:\Windows\bzfcdebdazfalevdmpbzfc.ebd | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File opened for modification | C:\Windows\sbsamygtblcieikdxliriqcowjrbsyuya.nby | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| File created | C:\Windows\sbsamygtblcieikdxliriqcowjrbsyuya.nby | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\ydqucko.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Users\Admin\AppData\Local\Temp\ydqucko.exe
"C:\Users\Admin\AppData\Local\Temp\ydqucko.exe" "-"
C:\Users\Admin\AppData\Local\Temp\ydqucko.exe
"C:\Users\Admin\AppData\Local\Temp\ydqucko.exe" "-"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe .
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lddupkbxohhwbozbebhz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ypoeysidtlkycoyzbxc.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndbqjcrlarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlhulcphujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etqewocvjzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atumiewtlfgwcqcfjhohi.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| FR | 3.164.174.207:80 | www.imdb.com | tcp |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | xbxogb.net | udp |
| US | 8.8.8.8:53 | giiuxvodjfx.net | udp |
| US | 8.8.8.8:53 | wiudsfovgkqk.info | udp |
| US | 8.8.8.8:53 | ghikng.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | dsotomvxvscs.net | udp |
| US | 8.8.8.8:53 | iyqwqcag.com | udp |
| US | 8.8.8.8:53 | qwqsaiys.org | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | qsxthy.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | akdenvtorif.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | bnnzpe.info | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | tqbuzqk.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | huxkjap.info | udp |
| US | 8.8.8.8:53 | ciuaiqgqoo.com | udp |
| US | 8.8.8.8:53 | ikwcmm.org | udp |
| US | 8.8.8.8:53 | buvxshbo.net | udp |
| US | 8.8.8.8:53 | henbjebapjxc.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | wjwjmedgbs.net | udp |
| US | 8.8.8.8:53 | cefokssgnlm.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | qkfyvu.info | udp |
| US | 8.8.8.8:53 | jkzzkfsyxc.net | udp |
| US | 8.8.8.8:53 | oqayyqsg.com | udp |
| US | 8.8.8.8:53 | umsiqkwowe.org | udp |
| US | 8.8.8.8:53 | tzmyxhbgtz.info | udp |
| US | 8.8.8.8:53 | voqtak.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | wqjwlqq.info | udp |
| US | 8.8.8.8:53 | dryulffbzshh.net | udp |
| US | 8.8.8.8:53 | oaiewk.org | udp |
| US | 8.8.8.8:53 | osvejotmh.info | udp |
| US | 8.8.8.8:53 | jgtqvwv.org | udp |
| US | 8.8.8.8:53 | dbnholny.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | smhcuepep.net | udp |
| US | 8.8.8.8:53 | eizgzajkn.info | udp |
| US | 8.8.8.8:53 | iovmhgx.net | udp |
| US | 8.8.8.8:53 | smqivhb.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | ygdaqdxzuo.info | udp |
| US | 8.8.8.8:53 | yasesgquiy.com | udp |
| US | 8.8.8.8:53 | csigiycg.com | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | mqnvbr.net | udp |
| US | 8.8.8.8:53 | faadeogkz.net | udp |
| US | 8.8.8.8:53 | ztvotvpuhr.net | udp |
| US | 8.8.8.8:53 | zihnrvf.org | udp |
| US | 8.8.8.8:53 | umjmnapsm.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | cwdhncb.info | udp |
| US | 8.8.8.8:53 | cmcaimkgas.org | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | ksucuu.org | udp |
| US | 8.8.8.8:53 | xmxvwzzzxr.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | gycuym.org | udp |
| US | 8.8.8.8:53 | nkzxoo.net | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | nnbgxbhi.net | udp |
| US | 8.8.8.8:53 | dyewgkc.info | udp |
| US | 8.8.8.8:53 | hchtlp.info | udp |
| US | 8.8.8.8:53 | ayuyoo.com | udp |
| US | 8.8.8.8:53 | wepqlkn.info | udp |
| US | 8.8.8.8:53 | mqkopgljr.net | udp |
| US | 8.8.8.8:53 | lwkezgi.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | jceoikhue.info | udp |
| US | 8.8.8.8:53 | bmtrcgq.info | udp |
| US | 8.8.8.8:53 | rmgivtzad.com | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | qwqcqkcg.org | udp |
| US | 8.8.8.8:53 | onswtlsspd.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | mvnyxndmz.info | udp |
| US | 8.8.8.8:53 | qovucsh.info | udp |
| US | 8.8.8.8:53 | iyxmphrvaqwc.net | udp |
| US | 8.8.8.8:53 | ayyduvnu.info | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | jqhkbur.info | udp |
| US | 8.8.8.8:53 | oquoyin.net | udp |
| US | 8.8.8.8:53 | halfokdixit.info | udp |
| US | 8.8.8.8:53 | fypeuj.info | udp |
| US | 8.8.8.8:53 | aesygqqmag.com | udp |
| US | 8.8.8.8:53 | sgpsxsdetlv.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | cgcopkhrb.net | udp |
| US | 8.8.8.8:53 | lynsaib.com | udp |
| US | 8.8.8.8:53 | zqtmbvreln.net | udp |
| US | 8.8.8.8:53 | wagkyowuoguq.org | udp |
| US | 8.8.8.8:53 | mnldaurgdy.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | ecmmgk.org | udp |
| US | 8.8.8.8:53 | aaxmxel.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | exlmljregib.net | udp |
| US | 8.8.8.8:53 | ooeiaygokecw.org | udp |
| US | 8.8.8.8:53 | tgtwxtd.info | udp |
| US | 8.8.8.8:53 | vwjuwkxhc.net | udp |
| US | 8.8.8.8:53 | mdnunlzkey.net | udp |
| US | 8.8.8.8:53 | lmphxcept.org | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | nacyfjvrxo.net | udp |
| US | 8.8.8.8:53 | xxtzzqhoclt.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | cmqekwqu.com | udp |
| US | 8.8.8.8:53 | ombydet.info | udp |
| US | 8.8.8.8:53 | qtzqlp.info | udp |
| US | 8.8.8.8:53 | kwodeonmxch.net | udp |
| US | 8.8.8.8:53 | efcovfrt.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | bxxbydec.info | udp |
| US | 8.8.8.8:53 | mtwxtk.net | udp |
| US | 8.8.8.8:53 | oynjjaloa.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | zczpgfz.net | udp |
| US | 8.8.8.8:53 | vffidgtnx.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | ryxqnsapbp.info | udp |
| US | 8.8.8.8:53 | vhdtsydlqhkq.info | udp |
| US | 8.8.8.8:53 | qkgeoygwwycy.org | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | hupsnrasx.org | udp |
| US | 8.8.8.8:53 | dlzktcuugp.info | udp |
| US | 8.8.8.8:53 | ekqoau.com | udp |
| US | 8.8.8.8:53 | qgskaiwkegue.com | udp |
| US | 8.8.8.8:53 | ghogvydeuj.info | udp |
| US | 8.8.8.8:53 | hgsitoou.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | vpigru.info | udp |
| US | 8.8.8.8:53 | sumwkuisqs.org | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | ruszyh.info | udp |
| US | 8.8.8.8:53 | habbbyhsh.net | udp |
| US | 8.8.8.8:53 | eqfdri.info | udp |
| US | 8.8.8.8:53 | ggwqxujos.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | vvxusvvd.info | udp |
| US | 8.8.8.8:53 | kcbmgiagqc.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | ecyksqag.com | udp |
| US | 8.8.8.8:53 | jlvszr.net | udp |
| US | 8.8.8.8:53 | skrdzabgvgk.net | udp |
| US | 8.8.8.8:53 | rwvyir.net | udp |
| US | 8.8.8.8:53 | oitqdie.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | mikckosqwwca.com | udp |
| US | 8.8.8.8:53 | zrnifctkmmd.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | ssoqscaq.com | udp |
| US | 8.8.8.8:53 | eojitdx.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | eemockysmm.org | udp |
| US | 8.8.8.8:53 | wgnqxeteomd.net | udp |
| US | 8.8.8.8:53 | pfbmdcgyal.info | udp |
| US | 8.8.8.8:53 | aszpdoy.net | udp |
| US | 8.8.8.8:53 | dzrjxsrc.net | udp |
| US | 8.8.8.8:53 | khngfgv.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | omywekigieuo.com | udp |
| US | 8.8.8.8:53 | sqhwwjcanqx.net | udp |
| US | 8.8.8.8:53 | txtydqlsz.org | udp |
| US | 8.8.8.8:53 | ufwnwmgk.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | xybdjtiwb.net | udp |
| US | 8.8.8.8:53 | xtvzdz.net | udp |
| US | 8.8.8.8:53 | gynfzacr.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | djllucahbi.net | udp |
| US | 8.8.8.8:53 | gkswkowuaw.org | udp |
| US | 8.8.8.8:53 | lgtrtfzu.info | udp |
| US | 8.8.8.8:53 | szzalksmzqb.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | cbihbapv.info | udp |
| US | 8.8.8.8:53 | ylsaau.info | udp |
| US | 8.8.8.8:53 | eseqkyigauus.com | udp |
| US | 8.8.8.8:53 | yykqqocecm.org | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | cmmwasyi.org | udp |
| US | 8.8.8.8:53 | wqakaass.com | udp |
| US | 8.8.8.8:53 | frueixqi.info | udp |
| US | 8.8.8.8:53 | fpybcqttiiie.net | udp |
| US | 8.8.8.8:53 | agdsrgm.net | udp |
| US | 8.8.8.8:53 | wgvnrxwcpn.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | ccgcqa.com | udp |
| US | 8.8.8.8:53 | xzhbvyvj.net | udp |
| US | 8.8.8.8:53 | kuswbc.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | kjxsfgzlcl.net | udp |
| US | 8.8.8.8:53 | qablhjykj.net | udp |
| US | 8.8.8.8:53 | orohrr.info | udp |
| US | 8.8.8.8:53 | ijnowubt.info | udp |
| US | 8.8.8.8:53 | ehxjfyzwaxr.net | udp |
| US | 8.8.8.8:53 | uazshup.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | kjmbrxbwfpte.info | udp |
| US | 8.8.8.8:53 | nxzvphly.net | udp |
| US | 8.8.8.8:53 | jivgmmxfkqfs.net | udp |
| US | 8.8.8.8:53 | vcmfrufqvcn.org | udp |
| US | 8.8.8.8:53 | ekjevpjxdbcy.net | udp |
| US | 8.8.8.8:53 | cmeaaksmiksg.com | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | yoykeaascyag.org | udp |
| US | 8.8.8.8:53 | nbjshjjst.info | udp |
| US | 8.8.8.8:53 | xhcfuoii.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | gyokuiussu.org | udp |
| US | 8.8.8.8:53 | eywgcwsomeaw.org | udp |
| US | 8.8.8.8:53 | xamobgt.info | udp |
| US | 8.8.8.8:53 | wuycmwus.org | udp |
| US | 8.8.8.8:53 | jchyqcf.info | udp |
| US | 8.8.8.8:53 | afrphwfcvpsx.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | iebdoeijlfl.info | udp |
| US | 8.8.8.8:53 | yqmhlybghlx.info | udp |
| US | 8.8.8.8:53 | mlygoqjok.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | bdvmjs.info | udp |
| US | 8.8.8.8:53 | jkavoichm.info | udp |
| US | 8.8.8.8:53 | cgdadfe.info | udp |
| US | 8.8.8.8:53 | kfcnyh.net | udp |
| US | 8.8.8.8:53 | dfigkg.info | udp |
| US | 8.8.8.8:53 | chjkbkjwfxq.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | vrhenqmnuegg.net | udp |
| US | 8.8.8.8:53 | gyuavtn.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | vzdwpvpdnb.net | udp |
| US | 8.8.8.8:53 | rukwjyewv.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | mglldgdupixw.info | udp |
| US | 8.8.8.8:53 | aplasslzubo.info | udp |
| US | 8.8.8.8:53 | kptgfigixa.net | udp |
| US | 8.8.8.8:53 | djkrzt.info | udp |
| US | 8.8.8.8:53 | zyfoalls.net | udp |
| US | 8.8.8.8:53 | cwnepln.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | dvlqrhn.org | udp |
| US | 8.8.8.8:53 | yydqkhzz.net | udp |
| US | 8.8.8.8:53 | mfxpnon.info | udp |
| US | 8.8.8.8:53 | caamceiescak.org | udp |
| US | 8.8.8.8:53 | qdrzekvn.net | udp |
| US | 8.8.8.8:53 | qpoolvhcf.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | ekywmeqweg.org | udp |
| US | 8.8.8.8:53 | tbnvbb.net | udp |
| US | 8.8.8.8:53 | ibcszmpqfa.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | pwhcjwybfgp.com | udp |
| US | 8.8.8.8:53 | vozchklwf.com | udp |
| US | 8.8.8.8:53 | haqpbn.info | udp |
| US | 8.8.8.8:53 | tcqybxs.info | udp |
| US | 8.8.8.8:53 | ncrgvkzod.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | chdurgrhygmb.info | udp |
| US | 8.8.8.8:53 | yxwnbolejpip.info | udp |
| US | 8.8.8.8:53 | gocqkmmegk.com | udp |
| US | 8.8.8.8:53 | ofecfqzsd.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | vulafgqevkrp.net | udp |
| US | 8.8.8.8:53 | dapvewa.info | udp |
| US | 8.8.8.8:53 | hodvmc.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | ogdjil.info | udp |
| US | 8.8.8.8:53 | myiemwvrhjvw.net | udp |
| US | 8.8.8.8:53 | oupozkt.info | udp |
| US | 8.8.8.8:53 | evoxkegpefmj.net | udp |
| US | 8.8.8.8:53 | fjpsfzavvnmn.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | stntorwdyq.info | udp |
| US | 8.8.8.8:53 | sggqne.info | udp |
| US | 8.8.8.8:53 | rzloqxddfkh.net | udp |
| US | 8.8.8.8:53 | dgnfswnoi.net | udp |
| US | 8.8.8.8:53 | vwhuvse.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | vcfmbitwxpe.info | udp |
| US | 8.8.8.8:53 | douspcxsdmt.org | udp |
| US | 8.8.8.8:53 | oejyiyfoxqn.net | udp |
| US | 8.8.8.8:53 | ksbaervaqo.net | udp |
| US | 8.8.8.8:53 | pvoatb.net | udp |
| US | 8.8.8.8:53 | dpggihpbqhzz.net | udp |
| US | 8.8.8.8:53 | qnpxmiqrxvcg.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | hpzvsgmjvb.info | udp |
| US | 8.8.8.8:53 | zkyzevld.info | udp |
| US | 8.8.8.8:53 | yewemaiyks.com | udp |
| US | 8.8.8.8:53 | mgmemioyokmm.org | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | ygqqicakyoia.org | udp |
| US | 8.8.8.8:53 | dofunwwk.net | udp |
| US | 8.8.8.8:53 | bllmcutgb.org | udp |
| US | 8.8.8.8:53 | pflelm.net | udp |
| US | 8.8.8.8:53 | qvfqwz.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | qkuiwc.org | udp |
| US | 8.8.8.8:53 | sokcfdmp.info | udp |
| US | 8.8.8.8:53 | cwoigbrbvpp.net | udp |
| US | 8.8.8.8:53 | pqrorkh.com | udp |
| US | 8.8.8.8:53 | svxrdoe.net | udp |
| US | 8.8.8.8:53 | isdfxvlogthx.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | lnhciarot.org | udp |
| US | 8.8.8.8:53 | gzlfqw.net | udp |
| US | 8.8.8.8:53 | rlvfuyisq.org | udp |
| US | 8.8.8.8:53 | yuzhfklcvyh.net | udp |
| US | 8.8.8.8:53 | duxyrsn.net | udp |
| US | 8.8.8.8:53 | yupylj.info | udp |
| US | 8.8.8.8:53 | hzjdryw.org | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | dhrzbjzthfer.net | udp |
| US | 8.8.8.8:53 | uessuu.com | udp |
| US | 8.8.8.8:53 | gsqwqicq.com | udp |
| US | 8.8.8.8:53 | tkhavciq.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | lsgbvxtock.net | udp |
| US | 8.8.8.8:53 | fwlscw.info | udp |
| US | 8.8.8.8:53 | lvtgxuo.org | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | gweztzvr.info | udp |
| US | 8.8.8.8:53 | qmrvxbdq.info | udp |
| US | 8.8.8.8:53 | hrydtt.info | udp |
| US | 8.8.8.8:53 | zgtqpdpifo.net | udp |
| US | 8.8.8.8:53 | hzfelzhmie.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | eeqkgctvf.net | udp |
| US | 8.8.8.8:53 | uwzkncm.info | udp |
| US | 8.8.8.8:53 | jifyzwfdz.info | udp |
| US | 8.8.8.8:53 | vkruqgmed.info | udp |
| US | 8.8.8.8:53 | bvmvbtnzaz.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | qwuowyoi.com | udp |
| US | 8.8.8.8:53 | dkxcgipyb.net | udp |
| US | 8.8.8.8:53 | rsahypna.net | udp |
| US | 8.8.8.8:53 | vdudjuko.net | udp |
| US | 8.8.8.8:53 | aewmgyii.com | udp |
| US | 8.8.8.8:53 | ogvqnextfup.net | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | szcdbgls.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | pfwmwn.info | udp |
| US | 8.8.8.8:53 | xiawwwbdy.org | udp |
| US | 8.8.8.8:53 | jdpnajialv.net | udp |
| US | 8.8.8.8:53 | xkhfxe.info | udp |
| US | 8.8.8.8:53 | fjlrxebizh.net | udp |
| US | 8.8.8.8:53 | nwtphb.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | gkqueasswoeq.com | udp |
| US | 8.8.8.8:53 | mpgnfjriwx.info | udp |
| US | 8.8.8.8:53 | aavdzi.net | udp |
| US | 8.8.8.8:53 | nyjkyejom.net | udp |
| US | 8.8.8.8:53 | ciicyy.org | udp |
| US | 8.8.8.8:53 | amxmpcocy.info | udp |
| US | 8.8.8.8:53 | zfrybafaduu.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | lhhcbsiibk.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | sxavryplb.net | udp |
| US | 8.8.8.8:53 | ftursk.info | udp |
| US | 8.8.8.8:53 | dkqenvaci.net | udp |
| US | 8.8.8.8:53 | deqvcaxgj.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | uspngdvr.info | udp |
| US | 8.8.8.8:53 | aatgrynghhv.net | udp |
| US | 8.8.8.8:53 | fuzatgwalkn.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | llecucnloq.net | udp |
| US | 8.8.8.8:53 | jyiglt.info | udp |
| US | 8.8.8.8:53 | icsalagkdrv.net | udp |
| US | 8.8.8.8:53 | lmaydmx.net | udp |
| US | 8.8.8.8:53 | vplcoxbjoo.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | jmlmcuyegm.info | udp |
| US | 8.8.8.8:53 | mkzvhmaf.net | udp |
| US | 8.8.8.8:53 | cgzgxyn.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | ikaewxbrion.net | udp |
| US | 8.8.8.8:53 | hupydqh.org | udp |
| US | 8.8.8.8:53 | tlqbjhdzjucu.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | eozyvxkarmv.net | udp |
| US | 8.8.8.8:53 | vzgtnmkwvc.info | udp |
| US | 8.8.8.8:53 | gybjjyzaoiq.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | vagpcdyfemjz.net | udp |
| US | 8.8.8.8:53 | nvouhv.info | udp |
| US | 8.8.8.8:53 | aiqqya.org | udp |
| US | 8.8.8.8:53 | rdrmeanni.org | udp |
| US | 8.8.8.8:53 | qimkkaac.com | udp |
| US | 8.8.8.8:53 | vipbvvmp.info | udp |
| US | 8.8.8.8:53 | sizofdv.info | udp |
| US | 8.8.8.8:53 | hdjuivrrizdt.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | qqmsvcpqfb.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | ktfsmw.net | udp |
| US | 8.8.8.8:53 | tghyeiv.com | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | wwksim.org | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | zqpqzwweroe.net | udp |
| US | 8.8.8.8:53 | frajrads.info | udp |
| US | 8.8.8.8:53 | baqzjg.net | udp |
| US | 8.8.8.8:53 | jchaegpsg.net | udp |
| US | 8.8.8.8:53 | bexcqvtyfaz.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | ucewugswkccy.org | udp |
| US | 8.8.8.8:53 | iutntu.net | udp |
| US | 8.8.8.8:53 | tahcxpomgnzy.net | udp |
| US | 8.8.8.8:53 | nohirozut.com | udp |
| US | 8.8.8.8:53 | fgnkbuya.net | udp |
| US | 8.8.8.8:53 | xyusdjiql.com | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | skzcbacpsfrv.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | mwtuzofgsigq.net | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | ogfwzjwac.net | udp |
| US | 8.8.8.8:53 | sabtlgbwb.info | udp |
| US | 8.8.8.8:53 | qivstxgoq.net | udp |
| US | 8.8.8.8:53 | kiklygssjol.net | udp |
| US | 8.8.8.8:53 | ibuxzw.net | udp |
| US | 8.8.8.8:53 | lsywtguqdhn.org | udp |
| US | 8.8.8.8:53 | vilorm.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | imywawycku.com | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | dbikrlvteomi.net | udp |
| US | 8.8.8.8:53 | jgqejexp.info | udp |
| US | 8.8.8.8:53 | zovoxknmx.com | udp |
| US | 8.8.8.8:53 | ektkfoxevmt.net | udp |
| US | 8.8.8.8:53 | tgjabcy.com | udp |
| US | 8.8.8.8:53 | jekdpjsfjj.info | udp |
| US | 8.8.8.8:53 | mgkwci.com | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | uiatfomwcewg.info | udp |
| US | 8.8.8.8:53 | psdecgcsd.com | udp |
| US | 8.8.8.8:53 | zyhtotnln.com | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | nzfiem.net | udp |
| US | 8.8.8.8:53 | cmkqskhfzloh.net | udp |
| US | 8.8.8.8:53 | kstjmutdffff.net | udp |
| US | 8.8.8.8:53 | pcovxhzepa.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | kuxglb.info | udp |
| US | 8.8.8.8:53 | dahukqx.com | udp |
| US | 8.8.8.8:53 | qgqxes.info | udp |
| US | 8.8.8.8:53 | xijtfofuxlp.org | udp |
| US | 8.8.8.8:53 | fjrkfiparix.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | jakrlk.net | udp |
| US | 8.8.8.8:53 | zqqgsru.info | udp |
| US | 8.8.8.8:53 | ddajfxjpbn.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | xmpyzssnrvt.com | udp |
| US | 8.8.8.8:53 | winbwfphhq.net | udp |
| US | 8.8.8.8:53 | wcoextfkvcpd.info | udp |
| US | 8.8.8.8:53 | bldaskg.info | udp |
| US | 8.8.8.8:53 | ledolojnfwx.org | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | ialqwiryfxgi.net | udp |
| US | 8.8.8.8:53 | zavotdnwn.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | gqfylojal.info | udp |
| US | 8.8.8.8:53 | nuarsh.info | udp |
| US | 8.8.8.8:53 | rydsrsh.org | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | mwvmghdqlsng.net | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | blrpbjjkroox.info | udp |
| US | 8.8.8.8:53 | pkdyaedczjy.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | vupqsguwfwr.net | udp |
| US | 8.8.8.8:53 | imqjqwsjaj.info | udp |
| US | 8.8.8.8:53 | zodhnswmh.org | udp |
| US | 8.8.8.8:53 | brsbntvv.net | udp |
| US | 8.8.8.8:53 | lkqyrgwn.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | gkqkagewqekc.com | udp |
| US | 8.8.8.8:53 | fopilgbhdx.net | udp |
| US | 8.8.8.8:53 | sgmfte.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | rxzuembko.org | udp |
| US | 8.8.8.8:53 | qxpfyxv.net | udp |
| US | 8.8.8.8:53 | kwscgo.com | udp |
| US | 8.8.8.8:53 | bybqhgkgp.com | udp |
| US | 8.8.8.8:53 | jgrnqhjoj.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | rzdurlnb.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | ensexan.net | udp |
| US | 8.8.8.8:53 | cmjulbjrdwq.net | udp |
| US | 8.8.8.8:53 | jioirlb.org | udp |
| US | 8.8.8.8:53 | yyajoxclqzi.net | udp |
| US | 8.8.8.8:53 | byhobii.org | udp |
| US | 8.8.8.8:53 | wvkhmszov.info | udp |
| US | 8.8.8.8:53 | pavqoek.org | udp |
| US | 8.8.8.8:53 | uiiktjymger.info | udp |
| US | 8.8.8.8:53 | dfbkvaa.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | eylfenmsfbd.info | udp |
| US | 8.8.8.8:53 | vbozpeoyhw.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | isymsouk.org | udp |
| US | 8.8.8.8:53 | sgccdep.net | udp |
| US | 8.8.8.8:53 | ssfopuf.net | udp |
| US | 8.8.8.8:53 | sgygcsqu.net | udp |
| US | 8.8.8.8:53 | rslkccjb.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | lvzlyejx.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | icropaxpf.info | udp |
| US | 8.8.8.8:53 | umoggk.org | udp |
| US | 8.8.8.8:53 | ugbuzwtqn.net | udp |
| US | 8.8.8.8:53 | gwwosskg.org | udp |
| US | 8.8.8.8:53 | vzufkf.info | udp |
| US | 8.8.8.8:53 | awemrcwjd.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | zoctsqsvnl.info | udp |
| US | 8.8.8.8:53 | mhdqxw.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | ibyjdm.info | udp |
| US | 8.8.8.8:53 | lprkehotusaa.net | udp |
| US | 8.8.8.8:53 | ylbgbkv.net | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | ykvlqejqk.info | udp |
| US | 8.8.8.8:53 | gwxpzmuutkb.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | bxpdplai.net | udp |
| US | 8.8.8.8:53 | fabneqlptqyg.net | udp |
| US | 8.8.8.8:53 | molgnxvilmn.net | udp |
| US | 8.8.8.8:53 | bfmwdknuzxyx.info | udp |
| US | 8.8.8.8:53 | ostwrslks.info | udp |
| US | 8.8.8.8:53 | podivek.net | udp |
| US | 8.8.8.8:53 | nwxywq.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | iqvnlxtmhdbx.info | udp |
| US | 8.8.8.8:53 | hgylgap.org | udp |
| US | 8.8.8.8:53 | rvvsdszdtt.net | udp |
| US | 8.8.8.8:53 | ozuranwz.net | udp |
| US | 8.8.8.8:53 | ttyjvzykbx.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | qcgzrp.net | udp |
| US | 8.8.8.8:53 | dskgnxx.net | udp |
| US | 8.8.8.8:53 | gqgpmyom.net | udp |
| US | 8.8.8.8:53 | xyzsdxin.info | udp |
| US | 8.8.8.8:53 | sdsvkghqdfqa.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | kuohgniha.info | udp |
| US | 8.8.8.8:53 | mbjkkjdv.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | jqtobgsav.org | udp |
| US | 8.8.8.8:53 | okdgfmeyh.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | relnjxpotuf.info | udp |
| US | 8.8.8.8:53 | auowmc.org | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | hngzogqsfjjp.net | udp |
| US | 8.8.8.8:53 | ggzodqt.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | sgaiqqugkg.org | udp |
| US | 8.8.8.8:53 | qbtgxdepyudp.info | udp |
| US | 8.8.8.8:53 | cazcbocgfpm.info | udp |
| US | 8.8.8.8:53 | ogtxdepgt.info | udp |
| US | 8.8.8.8:53 | guhyeoyhr.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | pyhqodw.org | udp |
| US | 8.8.8.8:53 | qrdruyitlz.net | udp |
| US | 8.8.8.8:53 | dgncdtlqsyg.info | udp |
| US | 8.8.8.8:53 | xknetvnv.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | myomrqa.net | udp |
| US | 8.8.8.8:53 | cikozahcbgt.info | udp |
| US | 8.8.8.8:53 | hghpgzrkooz.net | udp |
| US | 8.8.8.8:53 | rappttsgd.com | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | zksplmxg.net | udp |
| US | 8.8.8.8:53 | boltdkdunrir.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | aiqvtoz.info | udp |
| US | 8.8.8.8:53 | tizdowrqc.info | udp |
| US | 8.8.8.8:53 | pqmgxex.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | gubjte.info | udp |
| US | 8.8.8.8:53 | ywzoxda.net | udp |
| US | 8.8.8.8:53 | vmmfucbp.info | udp |
| US | 8.8.8.8:53 | woeildoixs.net | udp |
| US | 8.8.8.8:53 | bfxmpbiyfh.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | rrrhnrkmxx.info | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | zgzkhtu.net | udp |
| US | 8.8.8.8:53 | ngtetbb.net | udp |
| US | 8.8.8.8:53 | jvlgvddn.net | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | ckeyqgqogeim.com | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | mccecx.net | udp |
| US | 8.8.8.8:53 | wezipnlptwp.info | udp |
| US | 8.8.8.8:53 | wnfyiq.net | udp |
| US | 8.8.8.8:53 | duxsjco.com | udp |
| US | 8.8.8.8:53 | waztfdrabjho.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | zfsazedsb.com | udp |
| US | 8.8.8.8:53 | jabqomvnc.com | udp |
| US | 8.8.8.8:53 | dwiezrhfvtdl.net | udp |
| US | 8.8.8.8:53 | vdnvvmuct.org | udp |
| US | 8.8.8.8:53 | zmthbnuwhfb.info | udp |
| US | 8.8.8.8:53 | xamvwzfsfsvg.info | udp |
| US | 8.8.8.8:53 | usqexhkswvb.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | uqxntmfrc.info | udp |
| US | 8.8.8.8:53 | vbvhcmsut.com | udp |
| US | 8.8.8.8:53 | zrzgrocscm.net | udp |
| US | 8.8.8.8:53 | ihhsjs.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | zubepeb.info | udp |
| US | 8.8.8.8:53 | eferdlxndv.info | udp |
| US | 8.8.8.8:53 | kymesskuge.org | udp |
| US | 8.8.8.8:53 | laxxvcd.net | udp |
| US | 8.8.8.8:53 | genflzv.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | wpneowfsfevj.info | udp |
| US | 8.8.8.8:53 | hcwafkg.net | udp |
| US | 8.8.8.8:53 | aizbpvowiuf.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | tloglxhvvwf.info | udp |
| US | 8.8.8.8:53 | opqfthqbrbpw.info | udp |
| US | 8.8.8.8:53 | gemagjigd.net | udp |
| US | 8.8.8.8:53 | ovwyhvyrdw.info | udp |
| US | 8.8.8.8:53 | giiqomnvnlpz.info | udp |
| US | 8.8.8.8:53 | xwluvtyrcgv.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | wirjbvrz.net | udp |
| US | 8.8.8.8:53 | grtzvzhz.info | udp |
| US | 8.8.8.8:53 | tbganvwcmq.net | udp |
| US | 8.8.8.8:53 | lnevby.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | kgyguyawsq.org | udp |
| US | 8.8.8.8:53 | qafpdi.net | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | qafzjm.info | udp |
| US | 8.8.8.8:53 | tgjeyse.com | udp |
| US | 8.8.8.8:53 | eqztcnucln.net | udp |
| US | 8.8.8.8:53 | nxhjvixx.info | udp |
| US | 8.8.8.8:53 | xvhfyvyg.info | udp |
| US | 8.8.8.8:53 | rydifzf.org | udp |
| US | 8.8.8.8:53 | ikhwjyh.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | pflwetarnv.net | udp |
| US | 8.8.8.8:53 | yyuahg.info | udp |
| US | 8.8.8.8:53 | pszdborrrg.net | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | zuxwjcss.net | udp |
| US | 8.8.8.8:53 | eccycmmkeikk.com | udp |
| US | 8.8.8.8:53 | xazbrjje.net | udp |
| US | 8.8.8.8:53 | fljapeh.org | udp |
| US | 8.8.8.8:53 | xqyixk.net | udp |
| US | 8.8.8.8:53 | hgxsnwtmc.info | udp |
| US | 8.8.8.8:53 | rlbydywmnpf.net | udp |
| US | 8.8.8.8:53 | zcnlvwhlxro.org | udp |
| US | 8.8.8.8:53 | wyfehnr.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | kfikluwxow.info | udp |
| US | 8.8.8.8:53 | wibprwtck.info | udp |
| US | 8.8.8.8:53 | dqnvlkumb.org | udp |
| US | 8.8.8.8:53 | yoendedyaq.net | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | ycvhwv.net | udp |
| US | 8.8.8.8:53 | bdrrbhlyshrl.info | udp |
| US | 8.8.8.8:53 | whstfoy.net | udp |
| US | 8.8.8.8:53 | dgzjxof.com | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | dqziykf.com | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | edewsrgpkyrb.info | udp |
| US | 8.8.8.8:53 | iohzvepmfghv.net | udp |
| US | 8.8.8.8:53 | hrsyexwl.net | udp |
| US | 8.8.8.8:53 | zhlicbmh.net | udp |
| US | 8.8.8.8:53 | sugqmm.org | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | hsqkbqf.info | udp |
| US | 8.8.8.8:53 | kmwaykcq.com | udp |
| US | 8.8.8.8:53 | hmgymbjxggss.net | udp |
| US | 8.8.8.8:53 | xuwzsbrs.net | udp |
| US | 8.8.8.8:53 | pkdvwyvohv.net | udp |
| US | 8.8.8.8:53 | zezorkz.org | udp |
| US | 8.8.8.8:53 | uofybqz.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | rlyotqoevyr.net | udp |
| US | 8.8.8.8:53 | sanqtmsdeq.info | udp |
| US | 8.8.8.8:53 | zyagbkxa.net | udp |
| US | 8.8.8.8:53 | csywmywweykq.com | udp |
| US | 8.8.8.8:53 | bgprtlwltyh.net | udp |
| US | 8.8.8.8:53 | vadjjurmv.net | udp |
| US | 8.8.8.8:53 | kjnabadqnrp.info | udp |
| US | 8.8.8.8:53 | rspkxgbz.info | udp |
| US | 8.8.8.8:53 | uklevyv.info | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | bsulvit.info | udp |
| US | 8.8.8.8:53 | sjzonex.net | udp |
| US | 8.8.8.8:53 | oitolnzedjt.info | udp |
| US | 8.8.8.8:53 | pqudsql.info | udp |
| US | 8.8.8.8:53 | ufouzxinj.info | udp |
| US | 8.8.8.8:53 | iamyys.org | udp |
| US | 8.8.8.8:53 | tcexqiwic.info | udp |
| US | 8.8.8.8:53 | ympmpsvit.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | vwpmakltloci.net | udp |
| US | 8.8.8.8:53 | lxfkrptzp.org | udp |
| US | 8.8.8.8:53 | uxywhdmg.net | udp |
| US | 8.8.8.8:53 | yqvhkwmev.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | jgmwhjqcvebb.info | udp |
| US | 8.8.8.8:53 | ehwmiafn.info | udp |
| US | 8.8.8.8:53 | lzfyvax.org | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | idplikihupbq.net | udp |
| US | 8.8.8.8:53 | iiewyg.org | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | gfxzpycjb.info | udp |
| US | 8.8.8.8:53 | ecyyio.org | udp |
| US | 8.8.8.8:53 | csikmiue.com | udp |
| US | 8.8.8.8:53 | bweyrkrd.info | udp |
| US | 8.8.8.8:53 | tusqxslyt.net | udp |
| US | 8.8.8.8:53 | bbncgi.net | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | zxunfi.info | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | kayccoka.org | udp |
| US | 8.8.8.8:53 | oxczvoj.net | udp |
| US | 8.8.8.8:53 | zyesfyhsean.net | udp |
| US | 8.8.8.8:53 | ogqqeigu.com | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | kgtjxkd.net | udp |
| US | 8.8.8.8:53 | civdqb.net | udp |
| US | 8.8.8.8:53 | bnrsjsdepoh.net | udp |
| US | 8.8.8.8:53 | jqnibpanex.net | udp |
| US | 8.8.8.8:53 | iolbex.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | vblsvov.info | udp |
| US | 8.8.8.8:53 | pjbabjjm.info | udp |
| US | 8.8.8.8:53 | qkqgsewkmc.org | udp |
| US | 8.8.8.8:53 | cioyiiukmwmk.com | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | yojucrpja.net | udp |
| US | 8.8.8.8:53 | bzptng.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | kamykg.org | udp |
| US | 8.8.8.8:53 | gweemfqkrphm.info | udp |
| US | 8.8.8.8:53 | zqwkpmdiwut.com | udp |
| US | 8.8.8.8:53 | mkmvbcpebsuu.net | udp |
| US | 8.8.8.8:53 | wmxlxnofqrtg.net | udp |
| US | 8.8.8.8:53 | jmosvwp.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | oycaomqoak.org | udp |
| US | 8.8.8.8:53 | dznjbbsm.net | udp |
| US | 8.8.8.8:53 | anhzatlu.net | udp |
| US | 8.8.8.8:53 | curmcyfia.net | udp |
| US | 8.8.8.8:53 | erdoqo.net | udp |
| US | 8.8.8.8:53 | dorczmyud.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | wwjklefkfsz.info | udp |
| US | 8.8.8.8:53 | hftefxb.info | udp |
| US | 8.8.8.8:53 | duhyymbxu.com | udp |
| US | 8.8.8.8:53 | wemuisjmr.net | udp |
| US | 8.8.8.8:53 | kchkrrt.info | udp |
| US | 8.8.8.8:53 | dwglaeby.info | udp |
| US | 8.8.8.8:53 | gmuwhpvmp.info | udp |
| US | 8.8.8.8:53 | naxejol.net | udp |
| US | 8.8.8.8:53 | nhjifczd.net | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | bdlzvgc.org | udp |
| US | 8.8.8.8:53 | yyswgucwes.org | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | gintvzbqfasy.net | udp |
| US | 8.8.8.8:53 | ewvgtgtcz.net | udp |
| US | 8.8.8.8:53 | vebnoq.info | udp |
| US | 8.8.8.8:53 | izedxl.info | udp |
| US | 8.8.8.8:53 | vpnztjfy.net | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | brluhjqcemil.net | udp |
| US | 8.8.8.8:53 | amockgpp.info | udp |
| US | 8.8.8.8:53 | pmhvpupghjjy.info | udp |
| US | 8.8.8.8:53 | zwxtlvjvvjw.net | udp |
| US | 8.8.8.8:53 | rohdhw.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | ncangjcgrd.info | udp |
| US | 8.8.8.8:53 | kopknpqch.net | udp |
| US | 8.8.8.8:53 | gsdcfctunwig.info | udp |
| US | 8.8.8.8:53 | wvfsbpfcfl.info | udp |
| US | 8.8.8.8:53 | sqryaliih.info | udp |
| US | 8.8.8.8:53 | eplowtawrfxz.net | udp |
| US | 8.8.8.8:53 | dyihravas.info | udp |
| US | 8.8.8.8:53 | hqrgmensj.net | udp |
| US | 8.8.8.8:53 | jmgxytmd.net | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | gavjdundpeh.info | udp |
| US | 8.8.8.8:53 | peqivsrf.net | udp |
| US | 8.8.8.8:53 | ziiyzw.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | farnsv.info | udp |
| US | 8.8.8.8:53 | pexslnirqx.net | udp |
| US | 8.8.8.8:53 | fcrvdyhtl.com | udp |
| US | 8.8.8.8:53 | jwblfj.info | udp |
| US | 8.8.8.8:53 | sumoeyoaec.com | udp |
| US | 8.8.8.8:53 | vwfevaz.com | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | ldzcjplr.info | udp |
| US | 8.8.8.8:53 | hfpzntjjbadf.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | uijiczi.info | udp |
| US | 8.8.8.8:53 | xhlcvabnuh.net | udp |
| US | 8.8.8.8:53 | qpyxuijode.info | udp |
| US | 8.8.8.8:53 | qincgi.net | udp |
| US | 8.8.8.8:53 | wufwlmjywzv.net | udp |
| US | 8.8.8.8:53 | druisxvuycrh.info | udp |
| US | 8.8.8.8:53 | qhzgvhpfen.net | udp |
| US | 8.8.8.8:53 | ueiwkw.org | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | quuwqcessmqq.org | udp |
| US | 8.8.8.8:53 | lttlhzaiisgc.net | udp |
| US | 8.8.8.8:53 | fdwmcomth.info | udp |
| US | 8.8.8.8:53 | zskmbgb.org | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | iawrmopmffvf.info | udp |
| US | 8.8.8.8:53 | gmiacqqk.org | udp |
| US | 8.8.8.8:53 | iwoiymyk.com | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | supshcr.info | udp |
| US | 8.8.8.8:53 | wsbmtowdn.info | udp |
| US | 8.8.8.8:53 | oahnjeibvxtw.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | zunxrwpwle.info | udp |
| US | 8.8.8.8:53 | satcdd.net | udp |
| US | 8.8.8.8:53 | rexanw.net | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | spykhhuwhaz.info | udp |
| US | 8.8.8.8:53 | smotbzehkc.net | udp |
| US | 8.8.8.8:53 | yxjldhni.info | udp |
| US | 8.8.8.8:53 | hifwaj.net | udp |
| US | 8.8.8.8:53 | vdtuuhtm.net | udp |
| US | 8.8.8.8:53 | siqsos.com | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | wxdcfvjum.net | udp |
| US | 8.8.8.8:53 | awqmkw.com | udp |
| US | 8.8.8.8:53 | hsmrubdm.net | udp |
| US | 8.8.8.8:53 | gdhecqmgsb.net | udp |
| US | 8.8.8.8:53 | dacezd.info | udp |
| US | 8.8.8.8:53 | qhxcicpwk.info | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | rtvtxgt.com | udp |
| US | 8.8.8.8:53 | pyrosxlf.net | udp |
| US | 8.8.8.8:53 | jadrzal.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | ggkuci.org | udp |
| US | 8.8.8.8:53 | vsxzdlahsc.net | udp |
| US | 8.8.8.8:53 | qoryciielgw.net | udp |
| US | 8.8.8.8:53 | rlswtvwwi.info | udp |
| US | 8.8.8.8:53 | tczojkdmt.com | udp |
| US | 8.8.8.8:53 | oiqwzo.info | udp |
| US | 8.8.8.8:53 | natgocajd.net | udp |
| US | 8.8.8.8:53 | tssyjnlgjmv.org | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | ultwrasysvh.info | udp |
| US | 8.8.8.8:53 | tlmjmxucwgp.org | udp |
| US | 8.8.8.8:53 | wiceaimuakoq.com | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | razrhgzrfb.net | udp |
| US | 8.8.8.8:53 | dwvhzx.info | udp |
| US | 8.8.8.8:53 | vlglyxutkrkb.net | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | gvtdycynqg.info | udp |
| US | 8.8.8.8:53 | oqqobf.info | udp |
| US | 8.8.8.8:53 | gsueieqvkrjn.net | udp |
| US | 8.8.8.8:53 | flzjekh.com | udp |
| US | 8.8.8.8:53 | xsdbkumegu.info | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | tfhvbcb.net | udp |
| US | 8.8.8.8:53 | wyyeeuou.com | udp |
| US | 8.8.8.8:53 | bfedtcfrri.net | udp |
| US | 8.8.8.8:53 | lqguughfrfg.org | udp |
| US | 8.8.8.8:53 | twrqhmcopkz.com | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | jpookb.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | qezkvov.info | udp |
| US | 8.8.8.8:53 | nkpkjyr.net | udp |
| US | 8.8.8.8:53 | fwhucmggrugm.info | udp |
| US | 8.8.8.8:53 | tdryvh.net | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | fmkplsjq.net | udp |
| US | 8.8.8.8:53 | ytxukmaq.info | udp |
| US | 8.8.8.8:53 | feunojjm.info | udp |
| US | 8.8.8.8:53 | xgghnsoon.net | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | sybmdmxmguj.info | udp |
| US | 8.8.8.8:53 | uacsgg.org | udp |
| US | 8.8.8.8:53 | bliiyegakbjf.net | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | oummcaukkm.org | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | zvylhp.info | udp |
| US | 8.8.8.8:53 | jabxlbkymq.net | udp |
| US | 8.8.8.8:53 | wjbbxjzhjax.net | udp |
| US | 8.8.8.8:53 | eksuhdhcl.net | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | lgzklrnwe.org | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | iummkgkams.com | udp |
| US | 8.8.8.8:53 | tltdeqcmjo.info | udp |
| US | 8.8.8.8:53 | amgsuceusq.org | udp |
| US | 8.8.8.8:53 | uunmbx.info | udp |
| US | 8.8.8.8:53 | kkcqmmamea.com | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | oyqkenfgiah.info | udp |
| US | 8.8.8.8:53 | jczksrtveits.info | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | knwdqfzpbh.net | udp |
| US | 8.8.8.8:53 | nthgluf.com | udp |
| US | 8.8.8.8:53 | xbfhtyff.info | udp |
| US | 8.8.8.8:53 | tamkewp.org | udp |
| US | 8.8.8.8:53 | nsflxjfnkwv.net | udp |
| US | 8.8.8.8:53 | qkveyb.info | udp |
| US | 8.8.8.8:53 | dihvgvfkhyb.net | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | nvdngnikdpdn.info | udp |
| US | 8.8.8.8:53 | zumyixzyford.net | udp |
| US | 8.8.8.8:53 | kktyzavkfid.info | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | cswccq.org | udp |
| US | 8.8.8.8:53 | qcdymgtiotjc.info | udp |
| US | 8.8.8.8:53 | pkjhvsjyc.info | udp |
| US | 8.8.8.8:53 | usnpplxpvsq.info | udp |
| US | 8.8.8.8:53 | qjmktqvv.net | udp |
| US | 8.8.8.8:53 | tyfxgqn.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | dcjytqaclap.org | udp |
| US | 8.8.8.8:53 | mmpktkdc.info | udp |
| US | 8.8.8.8:53 | favsvpw.info | udp |
| US | 8.8.8.8:53 | fetortx.net | udp |
| US | 8.8.8.8:53 | yqgcwsiq.com | udp |
| US | 8.8.8.8:53 | huruleppzcwk.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | xlwgvn.net | udp |
| US | 8.8.8.8:53 | gamzvrz.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | llyfpzwtxa.info | udp |
| US | 8.8.8.8:53 | wfntvv.net | udp |
| US | 8.8.8.8:53 | iwaxhxcz.info | udp |
| US | 8.8.8.8:53 | lgtysqfop.info | udp |
| US | 8.8.8.8:53 | ijbaxabeu.info | udp |
| US | 8.8.8.8:53 | zekmkkgldznj.net | udp |
| US | 8.8.8.8:53 | wclfmcwabet.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | ooskzihz.info | udp |
| US | 8.8.8.8:53 | buvxshbo.net | udp |
| US | 8.8.8.8:53 | osyuwgoqkw.com | udp |
| US | 8.8.8.8:53 | gcioqiywocao.org | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | oqjwrexl.net | udp |
| US | 8.8.8.8:53 | kybbhfsmx.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | ygbaritsibt.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | dczfawngdur.org | udp |
| US | 8.8.8.8:53 | dbnholny.net | udp |
| US | 8.8.8.8:53 | jxgaoxoduxoy.info | udp |
| US | 8.8.8.8:53 | jmjntmjiswdy.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | fxfqpuhjz.com | udp |
| US | 8.8.8.8:53 | gwxlxucpecnm.net | udp |
| US | 8.8.8.8:53 | qfstctpnrd.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | qeporpepmjms.net | udp |
| US | 8.8.8.8:53 | cowkeosqz.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | hkvmqxzwsa.net | udp |
| US | 8.8.8.8:53 | vubrryjtlu.net | udp |
| US | 8.8.8.8:53 | aonybit.info | udp |
| US | 8.8.8.8:53 | wesikqaquoko.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | cshxxytsnmc.info | udp |
| US | 8.8.8.8:53 | odfkmdb.info | udp |
| US | 8.8.8.8:53 | kmdoyvakp.net | udp |
| US | 8.8.8.8:53 | uuekcscgcw.com | udp |
| US | 8.8.8.8:53 | zrnjwthqjvzj.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | gjyqvdupr.info | udp |
| US | 8.8.8.8:53 | ryiynopn.info | udp |
| US | 8.8.8.8:53 | cguwzgdgzbt.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | qdxkopz.net | udp |
| US | 8.8.8.8:53 | ttpcdqllybrv.net | udp |
| US | 8.8.8.8:53 | qilipnzii.info | udp |
| US | 8.8.8.8:53 | polscr.net | udp |
| US | 8.8.8.8:53 | wczqgiw.info | udp |
| US | 8.8.8.8:53 | nipqdslewhbn.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | zbgijwtqs.info | udp |
| US | 8.8.8.8:53 | yuzivct.info | udp |
| US | 8.8.8.8:53 | oclyxabqdbz.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | umllqwe.net | udp |
| US | 8.8.8.8:53 | ykigigss.com | udp |
| US | 8.8.8.8:53 | dkebosimtc.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | qeqcciigmyqa.com | udp |
| US | 8.8.8.8:53 | qivfbrx.net | udp |
| US | 8.8.8.8:53 | dkurufuc.info | udp |
| US | 8.8.8.8:53 | ehlmgx.info | udp |
| US | 8.8.8.8:53 | bfrcjpa.net | udp |
| US | 8.8.8.8:53 | ywugsqwk.org | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | usmkyk.com | udp |
| US | 8.8.8.8:53 | xqqijypyahb.com | udp |
| US | 8.8.8.8:53 | gizmdazqesg.info | udp |
| US | 8.8.8.8:53 | bflugs.net | udp |
| US | 8.8.8.8:53 | yyzjrrnqip.net | udp |
| US | 8.8.8.8:53 | xugrbqoij.net | udp |
| US | 8.8.8.8:53 | halfokdixit.info | udp |
| US | 8.8.8.8:53 | ffzxdl.info | udp |
| US | 8.8.8.8:53 | uiovockpotph.info | udp |
| US | 8.8.8.8:53 | ghwsbaasah.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | skzronguf.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | ucqrrojzxnkq.net | udp |
| US | 8.8.8.8:53 | vhxuabmoh.org | udp |
| US | 8.8.8.8:53 | qirbrxpmkd.info | udp |
| US | 8.8.8.8:53 | dtwyjqcqiq.info | udp |
| US | 8.8.8.8:53 | kkuwguyysc.org | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | jqpjcp.net | udp |
| US | 8.8.8.8:53 | zbtyhlp.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | owueksem.org | udp |
| US | 8.8.8.8:53 | qttadukdir.net | udp |
| US | 8.8.8.8:53 | hrphslzidist.net | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | iqtokyjgd.info | udp |
| US | 8.8.8.8:53 | bulemyztm.com | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | farvromuo.org | udp |
| US | 8.8.8.8:53 | jkzsxzzx.info | udp |
| US | 8.8.8.8:53 | jzwupux.com | udp |
| US | 8.8.8.8:53 | tdovwkocdxom.info | udp |
| US | 8.8.8.8:53 | qosqcoam.org | udp |
| US | 8.8.8.8:53 | doruxevf.info | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | knjxphwz.info | udp |
| US | 8.8.8.8:53 | sgujcau.net | udp |
| US | 8.8.8.8:53 | ciauozh.net | udp |
| US | 8.8.8.8:53 | hazbpezbbwj.org | udp |
| US | 8.8.8.8:53 | woklix.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | bkrlju.net | udp |
| US | 8.8.8.8:53 | wgewpkbwo.net | udp |
| US | 8.8.8.8:53 | zebmremkt.com | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | rnncfwk.com | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | mclohnzured.net | udp |
| US | 8.8.8.8:53 | kwdabfp.info | udp |
| US | 8.8.8.8:53 | bcxapao.net | udp |
| US | 8.8.8.8:53 | nwjkjch.org | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | alfwckezdwea.info | udp |
| US | 8.8.8.8:53 | ugkkcqqs.com | udp |
| US | 8.8.8.8:53 | irvuvwtdq.net | udp |
| US | 8.8.8.8:53 | kuiekkegsc.com | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | qftfrynjot.info | udp |
| US | 8.8.8.8:53 | rzqtyav.org | udp |
| US | 8.8.8.8:53 | hcgihmqlikh.net | udp |
| US | 8.8.8.8:53 | fcrhrox.com | udp |
| US | 8.8.8.8:53 | ypoiekdvjuj.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | hdxixovzbq.net | udp |
| US | 8.8.8.8:53 | xnhmir.net | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | xljiuneq.info | udp |
| US | 8.8.8.8:53 | kdrgyw.net | udp |
| US | 8.8.8.8:53 | tyrgbzxwy.info | udp |
| US | 8.8.8.8:53 | bhaecgtmco.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | cksumqkikg.org | udp |
| US | 8.8.8.8:53 | lyxgpj.info | udp |
| US | 8.8.8.8:53 | ueyeyimyiw.com | udp |
| US | 8.8.8.8:53 | ukmaskukswwa.com | udp |
| US | 8.8.8.8:53 | sayewk.org | udp |
| US | 8.8.8.8:53 | tsronkfan.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | wgusbysefuf.info | udp |
| US | 8.8.8.8:53 | hcixkfjzxude.net | udp |
| US | 8.8.8.8:53 | roqjur.info | udp |
| US | 8.8.8.8:53 | htrerkivfv.net | udp |
| US | 8.8.8.8:53 | ywejaghevtsi.net | udp |
| US | 8.8.8.8:53 | wbhedxm.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | fvrhpkjtjaz.org | udp |
| US | 8.8.8.8:53 | nqtctqn.com | udp |
| US | 8.8.8.8:53 | raoifwhka.org | udp |
| US | 8.8.8.8:53 | aczsnsljl.info | udp |
| US | 8.8.8.8:53 | twfbqoysp.info | udp |
| US | 8.8.8.8:53 | sbusnkikn.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | iaomdsn.info | udp |
| US | 8.8.8.8:53 | xbtfto.net | udp |
| US | 8.8.8.8:53 | sysmpdbmyqc.net | udp |
| US | 8.8.8.8:53 | tsnfuljiz.info | udp |
| US | 8.8.8.8:53 | jdgmlq.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | bclawmo.com | udp |
| US | 8.8.8.8:53 | zyfsbsinegb.org | udp |
| US | 8.8.8.8:53 | uuqcsesa.org | udp |
| US | 8.8.8.8:53 | wsvcvcbwn.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | wwmntpxdya.net | udp |
| US | 8.8.8.8:53 | vbrrmyxe.net | udp |
| US | 8.8.8.8:53 | oouigmkaeg.org | udp |
| US | 8.8.8.8:53 | iuqhsvwbvgm.net | udp |
| US | 8.8.8.8:53 | tsuupcevjc.info | udp |
| US | 8.8.8.8:53 | qqdalunkgmb.info | udp |
| US | 8.8.8.8:53 | eidbmodtu.info | udp |
| US | 8.8.8.8:53 | eqcuqgasyk.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | yodlhss.info | udp |
| US | 8.8.8.8:53 | hgagfhztkn.net | udp |
| US | 8.8.8.8:53 | tnshbwvysabv.info | udp |
| US | 8.8.8.8:53 | lewonzqpbzfr.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | ocvyjetaz.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | nwiinxxadxh.info | udp |
| US | 8.8.8.8:53 | maueuewscq.com | udp |
| US | 8.8.8.8:53 | tcfhbmxb.info | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | jivgmmxfkqfs.net | udp |
| US | 8.8.8.8:53 | ngvhjc.info | udp |
| US | 8.8.8.8:53 | hbxgvnf.org | udp |
| US | 8.8.8.8:53 | kuoeizpxtygu.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | xieqsqxxlmnu.info | udp |
| US | 8.8.8.8:53 | iwgsaosaqi.org | udp |
| US | 8.8.8.8:53 | vfwmtsxqbif.info | udp |
| US | 8.8.8.8:53 | trymmtsmhuk.org | udp |
| US | 8.8.8.8:53 | lmstju.info | udp |
| US | 8.8.8.8:53 | nbjshjjst.info | udp |
| US | 8.8.8.8:53 | owfyrxy.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | uczkmur.net | udp |
| US | 8.8.8.8:53 | qrpvucqdde.net | udp |
| US | 8.8.8.8:53 | yfcqlqba.net | udp |
| US | 8.8.8.8:53 | gxpozyonn.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | vhnebfuiqo.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | rodkdkkgd.org | udp |
| US | 8.8.8.8:53 | ylswjvlce.net | udp |
| US | 8.8.8.8:53 | hshshue.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | fkvsqgdijuk.com | udp |
| US | 8.8.8.8:53 | iiyyzjfjta.net | udp |
| US | 8.8.8.8:53 | xksrej.info | udp |
| US | 8.8.8.8:53 | imxstztifepe.info | udp |
| US | 8.8.8.8:53 | bwqksqe.info | udp |
| US | 8.8.8.8:53 | egsmywku.org | udp |
| US | 8.8.8.8:53 | xrnqxkr.org | udp |
| US | 8.8.8.8:53 | jjjuwgon.net | udp |
| US | 8.8.8.8:53 | qdhjhcbtd.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | fctgwmdm.net | udp |
| US | 8.8.8.8:53 | boxglq.net | udp |
| US | 8.8.8.8:53 | roncpfd.org | udp |
| US | 8.8.8.8:53 | jpzuvpbao.info | udp |
| US | 8.8.8.8:53 | qctxhj.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | mvmovylbb.net | udp |
| US | 8.8.8.8:53 | evubkexlhg.info | udp |
| US | 8.8.8.8:53 | ecbuiwng.info | udp |
| US | 8.8.8.8:53 | kptgfigixa.net | udp |
| US | 8.8.8.8:53 | bjjogvwnivqw.info | udp |
| US | 8.8.8.8:53 | yelewy.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | zkpsnbdqkt.net | udp |
| US | 8.8.8.8:53 | rebsleojdjf.org | udp |
| US | 8.8.8.8:53 | qpoolvhcf.info | udp |
| US | 8.8.8.8:53 | hcnclth.info | udp |
| US | 8.8.8.8:53 | fanetbt.org | udp |
| US | 8.8.8.8:53 | znliza.net | udp |
| US | 8.8.8.8:53 | arhhvb.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | twsveagzjney.info | udp |
| US | 8.8.8.8:53 | vikzczbicati.net | udp |
| US | 8.8.8.8:53 | vqdkeaj.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | oibcauzid.info | udp |
| US | 8.8.8.8:53 | xmdapusuyn.net | udp |
| US | 8.8.8.8:53 | gekiteeqd.net | udp |
| US | 8.8.8.8:53 | ofecfqzsd.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | mqoawomckwiy.org | udp |
| US | 8.8.8.8:53 | vtohri.info | udp |
| US | 8.8.8.8:53 | hnzuuixwfez.info | udp |
| US | 8.8.8.8:53 | gpxhygjxuf.net | udp |
| US | 8.8.8.8:53 | znqgvpvvlxna.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | lczmjltd.net | udp |
| US | 8.8.8.8:53 | vuhcbx.net | udp |
| US | 8.8.8.8:53 | syxrzgz.info | udp |
| US | 8.8.8.8:53 | zzhepkuct.info | udp |
| US | 8.8.8.8:53 | hchqdkty.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | arhvrracp.info | udp |
| US | 8.8.8.8:53 | vmdozghku.info | udp |
| US | 8.8.8.8:53 | uifjnehat.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | letsuvpch.com | udp |
| US | 8.8.8.8:53 | gajjuoug.net | udp |
| US | 8.8.8.8:53 | ogewrcwf.info | udp |
| US | 8.8.8.8:53 | qcicieqe.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | dwncwyjudqc.info | udp |
| US | 8.8.8.8:53 | jbnulqn.com | udp |
| US | 8.8.8.8:53 | kgvmnxwqctzv.net | udp |
| US | 8.8.8.8:53 | owvnud.net | udp |
| US | 8.8.8.8:53 | dnxmoutgr.com | udp |
| US | 8.8.8.8:53 | eoipxjfwwll.net | udp |
| US | 8.8.8.8:53 | vmtbnha.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | divkaifudom.info | udp |
| US | 8.8.8.8:53 | peauhd.info | udp |
| US | 8.8.8.8:53 | qasayo.org | udp |
| US | 8.8.8.8:53 | tvjyxazeqyg.info | udp |
| US | 8.8.8.8:53 | iiuuvkxqnln.info | udp |
| US | 8.8.8.8:53 | vwflrmpepkpl.info | udp |
| US | 8.8.8.8:53 | gwwyoauy.com | udp |
| US | 8.8.8.8:53 | upbtbuplqe.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | xhdredghzi.info | udp |
| US | 8.8.8.8:53 | lbvevlbqzaxz.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | rbosaw.info | udp |
| US | 8.8.8.8:53 | xsumvvjhlugq.info | udp |
| US | 8.8.8.8:53 | gavkrub.info | udp |
| US | 8.8.8.8:53 | bjapdckb.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | gweztzvr.info | udp |
| US | 8.8.8.8:53 | neqkhwppzu.net | udp |
| US | 8.8.8.8:53 | mstfoi.info | udp |
| US | 8.8.8.8:53 | pfduohvqd.com | udp |
| US | 8.8.8.8:53 | omcugaasuiqs.com | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | vboijriuxhyp.net | udp |
| US | 8.8.8.8:53 | cyljxwxlfhxj.net | udp |
| US | 8.8.8.8:53 | oyggueye.org | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | jqpmfnbmiqsl.info | udp |
| US | 8.8.8.8:53 | dlaqxkzamb.info | udp |
| US | 8.8.8.8:53 | ogvqnextfup.net | udp |
| US | 8.8.8.8:53 | jqdbwmbsfgpf.info | udp |
| US | 8.8.8.8:53 | vytajgsilgq.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | immussouoaqm.com | udp |
| US | 8.8.8.8:53 | zlvlqx.info | udp |
| US | 8.8.8.8:53 | pdesch.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | oqcamiue.org | udp |
| US | 8.8.8.8:53 | vkhdjgl.net | udp |
| US | 8.8.8.8:53 | zlvgdxp.com | udp |
| US | 8.8.8.8:53 | vopoispy.net | udp |
| US | 8.8.8.8:53 | fotsdwz.net | udp |
| US | 8.8.8.8:53 | gskiqciu.com | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | hmjxjkbbsdpl.net | udp |
| US | 8.8.8.8:53 | loptyhuqml.net | udp |
| US | 8.8.8.8:53 | kfgpbyircq.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | ngfcrkqvi.net | udp |
| US | 8.8.8.8:53 | jzhjvqvuh.com | udp |
| US | 8.8.8.8:53 | jehgfyntp.org | udp |
| US | 8.8.8.8:53 | pkkusmsszws.info | udp |
| US | 8.8.8.8:53 | zyrhqollagv.com | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | wixuovsoemq.net | udp |
| US | 8.8.8.8:53 | sxavryplb.net | udp |
| US | 8.8.8.8:53 | meujkdao.info | udp |
| US | 8.8.8.8:53 | vrqwfkhgp.com | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | bkhykmzs.info | udp |
| US | 8.8.8.8:53 | ruxesym.net | udp |
| US | 8.8.8.8:53 | fjtrzgoa.info | udp |
| US | 8.8.8.8:53 | qisqma.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | movilal.info | udp |
| US | 8.8.8.8:53 | cujgjqhmjlo.net | udp |
| US | 8.8.8.8:53 | vplcoxbjoo.net | udp |
| US | 8.8.8.8:53 | tcpohrodahgi.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | uknjtebpr.net | udp |
| US | 8.8.8.8:53 | omueemu.net | udp |
| US | 8.8.8.8:53 | mkzvhmaf.net | udp |
| US | 8.8.8.8:53 | fobsybx.org | udp |
| US | 8.8.8.8:53 | ncrmbitil.com | udp |
| US | 8.8.8.8:53 | azuubqvojm.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | dijzuhueuq.net | udp |
| US | 8.8.8.8:53 | qwuyewogpct.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | jkefxko.info | udp |
| US | 8.8.8.8:53 | kjhjdn.info | udp |
| US | 8.8.8.8:53 | mbvejgnmkqj.info | udp |
| US | 8.8.8.8:53 | uczzersy.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | lenwnzall.com | udp |
| US | 8.8.8.8:53 | jvgrgb.info | udp |
| US | 8.8.8.8:53 | aiqqya.org | udp |
| US | 8.8.8.8:53 | vilvteb.net | udp |
| US | 8.8.8.8:53 | hiikjndga.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | guwaimmgucsu.com | udp |
| US | 8.8.8.8:53 | xofextv.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | smucisiookqm.com | udp |
| US | 8.8.8.8:53 | geebmbsqneds.net | udp |
| US | 8.8.8.8:53 | goemui.org | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | iaxiuwn.net | udp |
| US | 8.8.8.8:53 | nbsbcnvx.info | udp |
| US | 8.8.8.8:53 | csiokimo.org | udp |
| US | 8.8.8.8:53 | zbalvclk.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | kyqecyckyq.com | udp |
| US | 8.8.8.8:53 | vincfib.net | udp |
| US | 8.8.8.8:53 | asqqkuscv.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | fibdahmb.info | udp |
| US | 8.8.8.8:53 | dkjzkmhmj.org | udp |
| US | 8.8.8.8:53 | ctxqdaswz.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | sciesckqmcyo.com | udp |
| US | 8.8.8.8:53 | drysdrd.com | udp |
| US | 8.8.8.8:53 | xfpajnjs.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | vzlwgqhlqbcp.info | udp |
| US | 8.8.8.8:53 | debqvadou.com | udp |
| US | 8.8.8.8:53 | jidxkqx.org | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | jrmcxrvelga.net | udp |
| US | 8.8.8.8:53 | rzxyzaxrkyf.com | udp |
| US | 8.8.8.8:53 | uingpelupzt.net | udp |
| US | 8.8.8.8:53 | cqvoqmlyk.net | udp |
| US | 8.8.8.8:53 | hajuzzellkx.net | udp |
| US | 8.8.8.8:53 | wkmqiyocumwo.com | udp |
| US | 8.8.8.8:53 | nppixueby.com | udp |
| US | 8.8.8.8:53 | gcgwymyaiusa.org | udp |
| US | 8.8.8.8:53 | hwxzpjcsqy.info | udp |
| US | 8.8.8.8:53 | yhkyid.info | udp |
| US | 8.8.8.8:53 | qsmwkkoeiu.org | udp |
| US | 8.8.8.8:53 | lkxofmakimh.net | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | uiatfomwcewg.info | udp |
| US | 8.8.8.8:53 | rbldrynb.net | udp |
| US | 8.8.8.8:53 | uaxcyav.info | udp |
| US | 8.8.8.8:53 | kbkcahwtppde.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | jrhonas.org | udp |
| US | 8.8.8.8:53 | cmkqskhfzloh.net | udp |
| US | 8.8.8.8:53 | camquy.org | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | psfshzikdi.info | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | xytufhhmmuz.net | udp |
| US | 8.8.8.8:53 | zdhjexgtfl.net | udp |
| US | 8.8.8.8:53 | owhbxwix.info | udp |
| US | 8.8.8.8:53 | fgbcmcz.org | udp |
| US | 8.8.8.8:53 | lrzlxiv.info | udp |
| US | 8.8.8.8:53 | qrpasuf.net | udp |
| US | 8.8.8.8:53 | ketgaqr.info | udp |
| US | 8.8.8.8:53 | poxfxqn.org | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | bzcgppblqzez.net | udp |
| US | 8.8.8.8:53 | dttgfphehyn.org | udp |
| US | 8.8.8.8:53 | jarfzxf.com | udp |
| US | 8.8.8.8:53 | qaowim.org | udp |
| US | 8.8.8.8:53 | cugdaeeegid.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | jryyhsxn.net | udp |
| US | 8.8.8.8:53 | ggmuioag.com | udp |
| US | 8.8.8.8:53 | acyqaoscco.org | udp |
| US | 8.8.8.8:53 | ahjpvthe.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | eyskokmwwqmw.org | udp |
| US | 8.8.8.8:53 | wohwiydctdr.net | udp |
| US | 8.8.8.8:53 | qsrexaeqj.net | udp |
| US | 8.8.8.8:53 | vediowtkf.com | udp |
| US | 8.8.8.8:53 | bgjihql.net | udp |
| US | 8.8.8.8:53 | ahvyymxkbsm.info | udp |
| US | 8.8.8.8:53 | vlzhhgru.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | wrbsff.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | pwonqcpvwjj.org | udp |
| US | 8.8.8.8:53 | jeumutmotqx.org | udp |
| US | 8.8.8.8:53 | cuyaywai.org | udp |
| US | 8.8.8.8:53 | fmpktqpifyd.net | udp |
| US | 8.8.8.8:53 | meypnhxmicgr.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | qqhrpojhx.info | udp |
| US | 8.8.8.8:53 | zlvgnqn.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | nkzzgitebms.net | udp |
| US | 8.8.8.8:53 | uqlfloteori.net | udp |
| US | 8.8.8.8:53 | zssalus.net | udp |
| US | 8.8.8.8:53 | zywmnyn.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | akmyik.org | udp |
| US | 8.8.8.8:53 | qehujyf.info | udp |
| US | 8.8.8.8:53 | cmjulbjrdwq.net | udp |
| US | 8.8.8.8:53 | urfhja.info | udp |
| US | 8.8.8.8:53 | wvkhmszov.info | udp |
| US | 8.8.8.8:53 | pqnodstzv.com | udp |
| US | 8.8.8.8:53 | kexuozfhb.net | udp |
| US | 8.8.8.8:53 | qyocsmscuqca.com | udp |
| US | 8.8.8.8:53 | mykmgemmwk.org | udp |
| US | 8.8.8.8:53 | qqawqn.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | htbonnlrlhvk.info | udp |
| US | 8.8.8.8:53 | wmemmqee.com | udp |
| US | 8.8.8.8:53 | yffcunihlgd.info | udp |
| US | 8.8.8.8:53 | yzhdwejyh.info | udp |
| US | 8.8.8.8:53 | uyqgmg.org | udp |
| US | 8.8.8.8:53 | sgccdep.net | udp |
| US | 8.8.8.8:53 | tfzobzizac.info | udp |
| US | 8.8.8.8:53 | eibqqet.info | udp |
| US | 8.8.8.8:53 | cqpuoatdqg.net | udp |
| US | 8.8.8.8:53 | argopolqn.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | suuimc.org | udp |
| US | 8.8.8.8:53 | djiqjmvin.info | udp |
| US | 8.8.8.8:53 | osgcwaec.org | udp |
| US | 8.8.8.8:53 | dkpuezc.org | udp |
| US | 8.8.8.8:53 | ctvsirr.info | udp |
| US | 8.8.8.8:53 | cbinhybhze.net | udp |
| US | 8.8.8.8:53 | uwparkj.info | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | votzeqfkhpev.info | udp |
| US | 8.8.8.8:53 | kcdlaxhpftpz.info | udp |
| US | 8.8.8.8:53 | hpddtcltqu.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | akfuol.info | udp |
| US | 8.8.8.8:53 | bxbajiiaqjeh.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | sqdvvvfiv.info | udp |
| US | 8.8.8.8:53 | hrnzrmgv.info | udp |
| US | 8.8.8.8:53 | gouuqauy.org | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | ihiixcc.info | udp |
| US | 8.8.8.8:53 | kuuykgkk.com | udp |
| US | 8.8.8.8:53 | njnokh.net | udp |
| US | 8.8.8.8:53 | xavofysujln.com | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | njfyhbuihkvr.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | ihthnouuevbo.info | udp |
| US | 8.8.8.8:53 | rwnotdd.com | udp |
| US | 8.8.8.8:53 | gacqbj.net | udp |
| US | 8.8.8.8:53 | hqdagqqc.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | eewgawauisgc.com | udp |
| US | 8.8.8.8:53 | acfknel.net | udp |
| US | 8.8.8.8:53 | tqhxhutwnxsg.net | udp |
| US | 8.8.8.8:53 | wohdxoaib.net | udp |
| US | 8.8.8.8:53 | hmdppleab.com | udp |
| US | 8.8.8.8:53 | wympggf.net | udp |
| US | 8.8.8.8:53 | qudsngxotcl.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | gdatspldxr.info | udp |
| US | 8.8.8.8:53 | xgzrdemnr.org | udp |
| US | 8.8.8.8:53 | fsrwfsl.com | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | qkzwtzqkjao.net | udp |
| US | 8.8.8.8:53 | rmxoaigpz.com | udp |
| US | 8.8.8.8:53 | dctilnifxo.net | udp |
| US | 8.8.8.8:53 | acwyhtazg.net | udp |
| US | 8.8.8.8:53 | ttcofrprroht.net | udp |
| US | 8.8.8.8:53 | vsoboojmbxrz.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | jhyitchedn.net | udp |
| US | 8.8.8.8:53 | kncuzirbmrnu.info | udp |
| US | 8.8.8.8:53 | myoghme.info | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | icptpquof.net | udp |
| US | 8.8.8.8:53 | ykceqzb.info | udp |
| US | 8.8.8.8:53 | rkjrikpkadl.com | udp |
| US | 8.8.8.8:53 | maqwqc.org | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | rgzhxwp.net | udp |
| US | 8.8.8.8:53 | sawhnadqv.info | udp |
| US | 8.8.8.8:53 | qrdruyitlz.net | udp |
| US | 8.8.8.8:53 | wkuuugow.org | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | hgdzvbxfh.net | udp |
| US | 8.8.8.8:53 | rbribehe.info | udp |
| US | 8.8.8.8:53 | xqlulgck.net | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\ydqucko.exe
| MD5 | 97a292f9f8ab884148ca535660707d9b |
| SHA1 | b97f8c7661613a2aad65490a008f95b68fc49217 |
| SHA256 | 4fdbe250a3d787e852ce69cc196fb3107b4c7226d57053fdea841a8ab9fa39c8 |
| SHA512 | 2522133031bd1529b36e9ea63e8876c2366c4b81fc3b7f8286d200b9d89d9a03915f13ab24bb6704f15fe6c5825e273538c8ec0b4b64acba75c6ae14faeddc0e |
C:\Users\Admin\AppData\Local\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | ab7a5bddba1a1194e7240f2e054b28d0 |
| SHA1 | 543cf651f1522b34cbd41fbf23fc26be115a994d |
| SHA256 | 23d64e2aee729286c1d082e77a389a476bc7464b3e4b94ed651c3fbc689b4bac |
| SHA512 | 7fa9c7b7822495e5326dae7d7e0c7124b39e257c497c37801604e5b42bcc501312e449af3bff1d11a66a6b0c9bf41b1f6e9d689851b024f506bfaa6a44d555e8 |
C:\Users\Admin\AppData\Local\sbsamygtblcieikdxliriqcowjrbsyuya.nby
| MD5 | 60bbedf213d2c8125fca5a9f916d2fa9 |
| SHA1 | 023cb9ce7b9ed7f42f87118fdfdcc482d6d05dde |
| SHA256 | 693c6100869c0b29a8883835a0f60dced8dea1d6a6a509178fd4306c585b9195 |
| SHA512 | 5524efe361e595f4e62fdac06823e4b87c279598a0f94396a90c27140a784b478d48c9c5df3adc263941c28ef98fb50e7e31d2e8fb9c85b37cfa423799ca0ebd |
C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | a97255467e87f5f9b505923706965cbf |
| SHA1 | 9c5560f59b99243e488b2898e2ef932cd019af95 |
| SHA256 | c1bdaeca0a119aa353414a93f7c855cb4782b68d0bfedb66d4131f617534704f |
| SHA512 | e2c063149554879432f98319291f248dae780176612e50d5455c6bcb6d326ada4cb6a1ce0733ffdd774ccaaf49a8af2e41799e483d90c9fe644a679f91be9924 |
C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | 6c095cbe6a2a5b8b3e8d125f1bf8a8a3 |
| SHA1 | e71c2d3f1da28950de4b8b80c5e400c88fc94a96 |
| SHA256 | 5f8c3b9d8f2a50d74bc24965974f7269d006b6ff783b0ab5ac153824a33aeee9 |
| SHA512 | dd286f26c0e7882ad1e4554913f8f9a5fe80bc23356e55f37decfcc105ef85e8815403b9a87cd6a864bc04e1fbf873874a690ec929a99be3595191f1bcb8b55c |
C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | c3944a427cd240d06f17d9f62c6169ee |
| SHA1 | d247e309889fd7a96e6b6a1ca3d0f341affb5b19 |
| SHA256 | ba19de70f61798373c3d69a002aa10fe4ab6681c5ddfc41cbb812b6af467b566 |
| SHA512 | c0e8c786b8683b0a198a98724d6ba0cb6d8050a91f968bc4589790e830aa9099c2c82b938e060dd7bd6108264c7d73878532782e60645c46d4df800f213d9e6f |
C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | eda2da70e8d8d8b16dedee6f62c43b96 |
| SHA1 | 599c1e608d8bc636d716d1b87cadc1552bad95de |
| SHA256 | c9c98384da218acb625a7f907077b0127cc8a9581518df5741d2971f6cdaed9b |
| SHA512 | 46763c7de62c0c04acbd711b6fced0b3fda615ad5a165c6952e6c4d99ccb077d661f2b688d51bb4083176ee59cd281e9849971c5d5725fdf4e1ff866e38f71f3 |
C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | 378623d0ba4fd558ff45c92237a34b7b |
| SHA1 | e589ee77ba9fb68c5aa5d0db3b0f5891bd2fc27f |
| SHA256 | b634a8c4bdb1cbd0dfa9c7282f6190037246e8e6199ad50cb824eecb11dfacd0 |
| SHA512 | df939f620c44814487481f8cd1b3d63ca522b7374a21f8c9b6067b380c6200eb020f10387210cd3451d41183e5d72b8740b4059a522fc6944716609af286e20e |
C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | 341935bb603ff4ce270a12ca29ee89de |
| SHA1 | afb15050a7d6e2f71c7f80b67153b319d3521a07 |
| SHA256 | a087e557a2c4bc03e421b107546a204adc8afa52f6b35c35501c6ac10cfb3208 |
| SHA512 | ed7d67c2003673213604d3e369ad0b148685374388eb40f21cfd658559795734bedfab341ab5e8abf9283e8daa491c9ed92e4b83f4c97baad1c64010760fecda |
C:\Program Files (x86)\bzfcdebdazfalevdmpbzfc.ebd
| MD5 | d510431ef1464949c8e0ab65d84ab567 |
| SHA1 | b3186f9b1fbd06a4f6d692fcc5ea73ad140bdce3 |
| SHA256 | ddfd39c530a34b88140df793f67f035308306ac7c86ab111a73a04f2bd04034c |
| SHA512 | c5e32a43aa03615bb4e205b5a7de872db7466ec1ddcacdea845307fa15d144c610c43c69f7c4265811850fabd655f1fe489fdbe2ebe08c38e4c16affd3499d45 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-19 01:43
Reported
2025-04-19 01:45
Platform
win11-20250410-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzsldcssnfftezhzyzjng.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "vzsldcssnfftezhzyzjng.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zryflycqz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kfpziyfwirin = "ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "gjbtkixwqhgtdxevttcf.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzodrmyulzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "srftgalgwjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "tvmdtqecvljvexdtqpx.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "zzodrmyulzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\srftgalgwjentjmz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzsldcssnfftezhzyzjng.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "zzodrmyulzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\srftgalgwjentjmz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\srftgalgwjentjmz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "gjbtkixwqhgtdxevttcf.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "ijzpeankcrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "srftgalgwjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzodrmyulzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "zzodrmyulzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\srftgalgwjentjmz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjbtkixwqhgtdxevttcf.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzsldcssnfftezhzyzjng.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "gjbtkixwqhgtdxevttcf.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "vzsldcssnfftezhzyzjng.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjbtkixwqhgtdxevttcf.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\srftgalgwjentjmz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzsldcssnfftezhzyzjng.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzsldcssnfftezhzyzjng.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "zzodrmyulzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "vzsldcssnfftezhzyzjng.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzsldcssnfftezhzyzjng.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "vzsldcssnfftezhzyzjng.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "vzsldcssnfftezhzyzjng.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijzpeankcrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvmdtqecvljvexdtqpx.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijzpeankcrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvmdtqecvljvexdtqpx.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzodrmyulzvfmdhvq.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "gjbtkixwqhgtdxevttcf.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "vzsldcssnfftezhzyzjng.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "ijzpeankcrozhzetpn.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\jfqblckcpzrxa = "zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "ijzpeankcrozhzetpn.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nlylxqaujvpxcrt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjbtkixwqhgtdxevttcf.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sltbiwbqah = "zzodrmyulzvfmdhvq.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\srftgalgwjentjmz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjbtkixwqhgtdxevttcf.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\srftgalgwjentjmz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\srftgalgwjentjmz.exe" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\khtfqirkyjcjnb = "vzsldcssnfftezhzyzjng.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nhqzhwcsdlb = "vzsldcssnfftezhzyzjng.exe ." | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\wfdbycxcczexnnaxbhwfdb.cxc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File created | C:\Windows\SysWOW64\wfdbycxcczexnnaxbhwfdb.cxc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nhqzhwcsdlbfgrpxmddxgpxmsitbrvwhf.ctt | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File created | C:\Windows\SysWOW64\nhqzhwcsdlbfgrpxmddxgpxmsitbrvwhf.ctt | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\nhqzhwcsdlbfgrpxmddxgpxmsitbrvwhf.ctt | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File created | C:\Program Files (x86)\nhqzhwcsdlbfgrpxmddxgpxmsitbrvwhf.ctt | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File opened for modification | C:\Program Files (x86)\wfdbycxcczexnnaxbhwfdb.cxc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File created | C:\Program Files (x86)\wfdbycxcczexnnaxbhwfdb.cxc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\wfdbycxcczexnnaxbhwfdb.cxc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File created | C:\Windows\wfdbycxcczexnnaxbhwfdb.cxc | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File opened for modification | C:\Windows\nhqzhwcsdlbfgrpxmddxgpxmsitbrvwhf.ctt | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| File created | C:\Windows\nhqzhwcsdlbfgrpxmddxgpxmsitbrvwhf.ctt | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c0b20d90d346511b654c08a7a94a9dbc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe
"C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe" "-"
C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe
"C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe" "-"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijzpeankcrozhzetpn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\srftgalgwjentjmz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvmdtqecvljvexdtqpx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ijzpeankcrozhzetpn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vzsldcssnfftezhzyzjng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c gjbtkixwqhgtdxevttcf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c srftgalgwjentjmz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzodrmyulzvfmdhvq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzsldcssnfftezhzyzjng.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| NL | 142.250.153.104:80 | www.google.com | tcp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | leuboug.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | loipjdgufxkg.net | udp |
| US | 8.8.8.8:53 | bwsseltaosw.org | udp |
| US | 8.8.8.8:53 | bxxbydec.info | udp |
| US | 8.8.8.8:53 | kixhdrxe.info | udp |
| US | 8.8.8.8:53 | iqkomm.com | udp |
| US | 8.8.8.8:53 | fgmzsxmilqdn.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | wikqmscacige.org | udp |
| US | 8.8.8.8:53 | bftmjcxmz.org | udp |
| US | 8.8.8.8:53 | zfhqjcnvot.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | piufhthprapz.info | udp |
| US | 8.8.8.8:53 | xnbnbshshynq.info | udp |
| US | 8.8.8.8:53 | pgrivkl.com | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | loikfiyj.info | udp |
| US | 8.8.8.8:53 | xczmbyhtx.com | udp |
| US | 8.8.8.8:53 | qpctqq.info | udp |
| US | 8.8.8.8:53 | fqzmnwyzzwu.org | udp |
| US | 8.8.8.8:53 | gwimgc.org | udp |
| US | 8.8.8.8:53 | gmddlipn.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | mwewmgai.com | udp |
| US | 8.8.8.8:53 | maqwqc.org | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | fopnrswmyrsr.net | udp |
| US | 8.8.8.8:53 | ardhjogsp.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | vtdaqnhgtkiq.info | udp |
| US | 8.8.8.8:53 | ovnutmokbmh.info | udp |
| US | 8.8.8.8:53 | yqzernlf.info | udp |
| US | 8.8.8.8:53 | hobedgvsj.info | udp |
| US | 8.8.8.8:53 | wwiifuegq.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | idplikihupbq.net | udp |
| US | 8.8.8.8:53 | vemehvuwqy.info | udp |
| US | 8.8.8.8:53 | aukwchygrqll.net | udp |
| US | 8.8.8.8:53 | zgakruh.com | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | wmcwkmegkeiw.org | udp |
| US | 8.8.8.8:53 | nnntztdz.info | udp |
| US | 8.8.8.8:53 | ytriyjzzehkc.net | udp |
| US | 8.8.8.8:53 | bsrzdmzwp.com | udp |
| US | 8.8.8.8:53 | gutwjkfihqn.info | udp |
| US | 8.8.8.8:53 | hocplcc.info | udp |
| US | 8.8.8.8:53 | rqzenox.com | udp |
| US | 8.8.8.8:53 | sigkoemc.com | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | swutvfgfac.net | udp |
| US | 8.8.8.8:53 | pqmmeg.info | udp |
| US | 8.8.8.8:53 | gbkoknhoo.info | udp |
| US | 8.8.8.8:53 | lutsycv.info | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | lyubkefppkd.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | hxvvbsjqypv.net | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | sltjoxtl.net | udp |
| US | 8.8.8.8:53 | eowaugwyag.org | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | yypensxal.info | udp |
| US | 8.8.8.8:53 | batxxesx.net | udp |
| US | 8.8.8.8:53 | xdvktnhshul.com | udp |
| US | 8.8.8.8:53 | vrrhnttibl.info | udp |
| US | 8.8.8.8:53 | hifwaj.net | udp |
| US | 8.8.8.8:53 | rmjiksd.info | udp |
| US | 8.8.8.8:53 | sscgqg.com | udp |
| US | 8.8.8.8:53 | auvaewrqp.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | rrdarhnyj.com | udp |
| US | 8.8.8.8:53 | nhpczxe.org | udp |
| US | 8.8.8.8:53 | bgniuut.info | udp |
| US | 8.8.8.8:53 | wxxuaadore.net | udp |
| US | 8.8.8.8:53 | jlpcytnpld.info | udp |
| US | 8.8.8.8:53 | vabsvv.info | udp |
| US | 8.8.8.8:53 | sfgnpq.info | udp |
| US | 8.8.8.8:53 | egnjxgggpp.info | udp |
| US | 8.8.8.8:53 | kwmgocz.info | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | lpgjvz.net | udp |
| US | 8.8.8.8:53 | jherrhxq.info | udp |
| US | 8.8.8.8:53 | uwzmquphbig.info | udp |
| US | 8.8.8.8:53 | idvlzkp.info | udp |
| US | 8.8.8.8:53 | flzjekh.com | udp |
| US | 8.8.8.8:53 | tmomlmuw.info | udp |
| US | 8.8.8.8:53 | rynhlv.net | udp |
| US | 8.8.8.8:53 | jnfokyaj.net | udp |
| US | 8.8.8.8:53 | eyrodbloteod.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | cskomm.org | udp |
| US | 8.8.8.8:53 | huduhl.net | udp |
| US | 8.8.8.8:53 | nqjisyg.com | udp |
| US | 8.8.8.8:53 | bqrfwpiekd.info | udp |
| US | 8.8.8.8:53 | hgmuukd.info | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | yhzazqbtdm.info | udp |
| US | 8.8.8.8:53 | ssdybcyfr.info | udp |
| US | 8.8.8.8:53 | xvbivorcwqn.org | udp |
| US | 8.8.8.8:53 | cawoes.org | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | myvkntip.info | udp |
| US | 8.8.8.8:53 | blvxnxmfemta.info | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | uwugvstmbqv.info | udp |
| US | 8.8.8.8:53 | wjbbxjzhjax.net | udp |
| US | 8.8.8.8:53 | miuasil.net | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\gvzdgq.exe
| MD5 | 1ca589c6c91403015ecfb93a13ad3480 |
| SHA1 | 7f573677d5228d3accb0b8c365d685c049456bb6 |
| SHA256 | ad7a64eadd76e4a6f77a9c25f82e009b7b332321764adb809df6f9798818f4c7 |
| SHA512 | 8eb67f23affb419c06e96529ff06774238ae4249c960b08dcd8bab3490a7913168daac58fc0ae6e23acec979460445d75dd7dd2dbef2f9882d81793c26cdf460 |
C:\Users\Admin\AppData\Local\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | f817c1522ca58fdc6336b0270dee6599 |
| SHA1 | 9f769d4c16a95cff30f76fbebd456077c94e704f |
| SHA256 | 68fec1bfd73fae27fcdaa70669549f67db7c3acf925c95a3d2ccd65a5bb90247 |
| SHA512 | 340cd98c62ea1eab6729fa2bd1ec6cc983024590679536028e6b251f221c66ac3fa5a7868f005c58e876426c4e6154d19e3d09228a80fd552b0548aaf5666b96 |
C:\Users\Admin\AppData\Local\nhqzhwcsdlbfgrpxmddxgpxmsitbrvwhf.ctt
| MD5 | 8745ea2476e114d3bb643a0bb8d9a6d9 |
| SHA1 | 15e018ff78dc7ac90913fc99d4089696c07f95c6 |
| SHA256 | e2a7feda5d03482c82059d29d6dbdb2a0908f199d23e7f09e9f099d693dc5bd4 |
| SHA512 | c02193214407125b4992b0016b57d19d1e4f30baff3fdfd16a6094dd564970d874992e0a4f61d3e7fe37d0ce4c9d7dfa15f721030c266a219e32181c42864067 |
C:\Program Files (x86)\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | 5e05600cc42163f742cd62a45fd1f4d5 |
| SHA1 | aecb9f870d45b432912d8ee872874d3b3185cd80 |
| SHA256 | edd0f863665f904f4287f8cab4fec204c1229f06de7e3d5e6994202b7658db96 |
| SHA512 | 56c769797d320370f265a8afe72d7cb298f626f76f595278bb14e510ce87f5012a86fdfa3ff8d60a31441f1860b347fa1318e32e655b986e98459cf7614e2b49 |
C:\Users\Admin\AppData\Local\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | ff3d377770f67ba349d4f55a81d810b6 |
| SHA1 | 6c66c4cb700079d2ec4d329f00e8d9648852aaf3 |
| SHA256 | d9dcfc6f9485f55cab5b45a3ab9a0e074dadd6d7d61a10543746567e508da63d |
| SHA512 | 3adfd308f45883d702aad698b394160dd6ea0f18f417351e98c5eb82531942d58e5a8c9a50bd1ac2eccc18b83b17680d24b3e93ef97c4996f18aaf97ec4bd57e |
C:\Program Files (x86)\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | 8f7f8c0934064d12dfc96bbe526a46e5 |
| SHA1 | 3e8eb3e1301280a8451f163024f81ae00f9f82c0 |
| SHA256 | 82b6fa3c83c521580a42105d964eb9ef904903956474abda7a5cb9e61fa83ae4 |
| SHA512 | 9908a9be2daadbd91608e1b956a165fb602e4f1df067288a9a52886ed7da748b2100d8c262ec2a5a0c36b1687f575cb78647baa583d9f466fa18d2d210ede663 |
C:\Users\Admin\AppData\Local\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | 86bbb18040bc8efde0d6cd0bb5372145 |
| SHA1 | 80251cff2ebb66e0bea136e924aa0ea6e5963627 |
| SHA256 | 6cebffa452cc3676b237999d0ab4906e005186492a96c1563fc679a60f01c1c1 |
| SHA512 | 20d958440ade18da3778f54891202cb433a212af50324cf490d891af22fbe047f833d75f1507cb4d5f3d55b318082b472e70c47d8a8745b0b2cf52d177ddfcac |
C:\Program Files (x86)\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | e3591b3fb824103704e75bfe202ef611 |
| SHA1 | bf937491e58fd838ca22c428fbd6c4e2748d0a33 |
| SHA256 | 5d34b59050af5b6fd23a635967062f2306ebeb6428a39fe696e26ab011eac5a1 |
| SHA512 | 5120964da57fa10b6391e8b2ca64dd9e438ec4b4b4c0b75414aafee4c1ab027cde8054ac158467c99201e8f2198ecdf4b14d0796960de9362a58cf06ff206882 |
C:\Program Files (x86)\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | 3014fd37f6ea84b5c3279a04f8fc10a5 |
| SHA1 | d1ec94a89a904740aefadb6c2a602c043be55f5a |
| SHA256 | 5b641be4d4bb95b3b07edff82644a3025e18bf67421e5c98b546cdd8bc0fe923 |
| SHA512 | a8f1446d95add390632ef4c5469c86229db11f3f13b7b89a0d538ecdc4a15d7bdc9b03e9f16ef290701da3d469cda62fb0372def4bdd43866349667d16c7bf7f |
C:\Windows\SysWOW64\wfdbycxcczexnnaxbhwfdb.cxc
| MD5 | de26d537a075a38b0f223ee7e64eb31c |
| SHA1 | 15fd6b614fa2a11f7fc0563df54fdceddc8c71a5 |
| SHA256 | 0d50003d4a8090280638a681423a6935eb5373594e284a3ee0176e3628930ffb |
| SHA512 | bad1a666348c85c9316493b28e38433f54142b3251cf45b2c3f3ffd9ed5577bee2f92df33ec1440ca2607b9c8d67b3944f0c72c1569bfd9852742c1e131ccbd7 |