Analysis Overview
SHA256
2304b24975f5e9e4a21cd2b8af9e026f5a815eb10034e155d666ae34907b0543
Threat Level: Known bad
The file JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93 was found to be: Known bad.
Malicious Activity Summary
Pykspa family
Detect Pykspa worm
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Adds policy Run key to start application
Impair Defenses: Safe Mode Boot
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Checks whether UAC is enabled
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
System policy modification
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-11 07:53
Signatures
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pykspa family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-11 07:53
Reported
2025-04-11 07:56
Platform
win10v2004-20250314-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "ftmgshgpizrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "mdzwldfrnhczblxqdkiz.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "odxsfvvfzrkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "zpkgulmxslfbclwoagd.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "odxsfvvfzrkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "yldwhvtbtjatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "ftmgshgpizrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "ftmgshgpizrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "odxsfvvfzrkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "btqoexankfbzcnauiqphe.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "btqoexankfbzcnauiqphe.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "odxsfvvfzrkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "zpkgulmxslfbclwoagd.exe ." | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "mdzwldfrnhczblxqdkiz.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "ftmgshgpizrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "mdzwldfrnhczblxqdkiz.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "yldwhvtbtjatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "btqoexankfbzcnauiqphe.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "zpkgulmxslfbclwoagd.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\gfjollvptvydnfzavkqptyvv.zdf | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File created | C:\Windows\SysWOW64\gfjollvptvydnfzavkqptyvv.zdf | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File created | C:\Windows\SysWOW64\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File opened for modification | C:\Program Files (x86)\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File created | C:\Program Files (x86)\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File opened for modification | C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\gfjollvptvydnfzavkqptyvv.zdf | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File created | C:\Windows\gfjollvptvydnfzavkqptyvv.zdf | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File opened for modification | C:\Windows\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| File created | C:\Windows\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bdkss.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\bdkss.exe
"C:\Users\Admin\AppData\Local\Temp\bdkss.exe" "-"
C:\Users\Admin\AppData\Local\Temp\bdkss.exe
"C:\Users\Admin\AppData\Local\Temp\bdkss.exe" "-"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| GB | 88.221.135.49:443 | www.bing.com | tcp |
| GB | 88.221.135.49:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | dtrodibohez.com | udp |
| US | 8.8.8.8:53 | zjopidkmlw.info | udp |
| US | 8.8.8.8:53 | wojireu.net | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | gucdzytwr.info | udp |
| US | 8.8.8.8:53 | khbosiqwz.info | udp |
| US | 8.8.8.8:53 | dtyfdanb.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | duhfvzjvxibe.net | udp |
| US | 8.8.8.8:53 | yibzpmfci.info | udp |
| US | 8.8.8.8:53 | kyappaz.info | udp |
| US | 8.8.8.8:53 | ogwukisomu.com | udp |
| US | 8.8.8.8:53 | nupckad.org | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | isbfut.info | udp |
| US | 8.8.8.8:53 | odtsdnjejyjs.net | udp |
| US | 8.8.8.8:53 | lilpvaze.net | udp |
| US | 8.8.8.8:53 | pkefiquiex.info | udp |
| US | 8.8.8.8:53 | icoioogueskq.org | udp |
| US | 8.8.8.8:53 | buzezcqpr.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | varevcbukdc.net | udp |
| US | 8.8.8.8:53 | voqsdjnfrb.info | udp |
| US | 8.8.8.8:53 | vojvtnzcb.com | udp |
| US | 8.8.8.8:53 | lgncbyr.org | udp |
| US | 8.8.8.8:53 | sypvop.info | udp |
| US | 8.8.8.8:53 | wyscoeiowkey.org | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | yiiqzavikyn.info | udp |
| US | 8.8.8.8:53 | wvvjjznud.info | udp |
| US | 8.8.8.8:53 | jeqitec.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | kmscey.com | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | kmkwacycykou.org | udp |
| US | 8.8.8.8:53 | tgludwz.net | udp |
| US | 8.8.8.8:53 | trinwpwsundy.net | udp |
| US | 8.8.8.8:53 | wyhpnjti.net | udp |
| US | 8.8.8.8:53 | zqhxpnjs.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | ssaqeamesm.org | udp |
| US | 8.8.8.8:53 | nudacjjl.net | udp |
| US | 8.8.8.8:53 | nduzovfulexx.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | atgzoneh.net | udp |
| US | 8.8.8.8:53 | wbrdxifed.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | borihcn.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | rtborgmo.info | udp |
| US | 8.8.8.8:53 | tsqnbcwmx.com | udp |
| US | 8.8.8.8:53 | mgmiyguiye.org | udp |
| US | 8.8.8.8:53 | oiccis.com | udp |
| US | 8.8.8.8:53 | veqatgp.net | udp |
| US | 8.8.8.8:53 | hsdcravmnef.com | udp |
| US | 8.8.8.8:53 | pynicfwyvub.net | udp |
| US | 8.8.8.8:53 | hyypzupwo.net | udp |
| US | 8.8.8.8:53 | nklswewnpxrp.net | udp |
| US | 8.8.8.8:53 | lonepub.net | udp |
| US | 8.8.8.8:53 | dpxata.info | udp |
| US | 8.8.8.8:53 | axlyefapivwd.info | udp |
| US | 8.8.8.8:53 | qltuvhcgjh.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | wqnnnp.info | udp |
| US | 8.8.8.8:53 | parcsptsrv.info | udp |
| US | 8.8.8.8:53 | tgogjvhqpn.info | udp |
| US | 8.8.8.8:53 | ebuygyziur.info | udp |
| US | 8.8.8.8:53 | yvbxdvgkrmp.net | udp |
| US | 8.8.8.8:53 | gsuuxlbul.net | udp |
| US | 8.8.8.8:53 | usxzhfngazfv.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | fxvsrbpdqa.info | udp |
| US | 8.8.8.8:53 | btjqaef.info | udp |
| US | 8.8.8.8:53 | ukrgxt.info | udp |
| US | 8.8.8.8:53 | notirfj.org | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | barclsf.info | udp |
| US | 8.8.8.8:53 | vqmfsb.net | udp |
| US | 8.8.8.8:53 | pqhjil.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | ktxnnsfm.net | udp |
| US | 8.8.8.8:53 | gayqyg.com | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | tohftotvrjjg.net | udp |
| US | 8.8.8.8:53 | loymwec.net | udp |
| US | 8.8.8.8:53 | bcagdttsfxhl.info | udp |
| US | 8.8.8.8:53 | jqnivgfqb.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | huxlqbblxekm.info | udp |
| US | 8.8.8.8:53 | mtcefskklrj.info | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | khnqgv.info | udp |
| US | 8.8.8.8:53 | rabpzdhr.net | udp |
| US | 8.8.8.8:53 | cgjgjgrsx.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | tcdajcoejcj.info | udp |
| US | 8.8.8.8:53 | lrtnfqhqq.com | udp |
| US | 8.8.8.8:53 | ksmftsn.info | udp |
| US | 8.8.8.8:53 | uixznir.net | udp |
| US | 8.8.8.8:53 | xmocjvkwtaf.com | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | yyewpkl.info | udp |
| US | 8.8.8.8:53 | mebququ.net | udp |
| US | 8.8.8.8:53 | wepppuk.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | eodmjwtyp.net | udp |
| US | 8.8.8.8:53 | mnwqpbxvjvhb.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | airyhmn.net | udp |
| US | 8.8.8.8:53 | qmvuvot.info | udp |
| US | 8.8.8.8:53 | owaoou.com | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | wwxddfiv.net | udp |
| US | 8.8.8.8:53 | ksoiau.com | udp |
| US | 8.8.8.8:53 | vwscvmxt.net | udp |
| US | 8.8.8.8:53 | rcuamez.org | udp |
| US | 8.8.8.8:53 | vuhxtct.com | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | kjwuwbwckwro.info | udp |
| US | 8.8.8.8:53 | hgfilc.info | udp |
| US | 8.8.8.8:53 | kwxcrphv.info | udp |
| US | 8.8.8.8:53 | tjdpzxpk.info | udp |
| US | 8.8.8.8:53 | vsxilglus.org | udp |
| US | 8.8.8.8:53 | ocbbbarrp.info | udp |
| US | 8.8.8.8:53 | uiemocce.com | udp |
| US | 8.8.8.8:53 | wopndxjpoy.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | srzgjglonbyy.net | udp |
| US | 8.8.8.8:53 | sdggmfyh.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | ppharj.net | udp |
| US | 8.8.8.8:53 | bafmxsz.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | uaigykqeau.com | udp |
| US | 8.8.8.8:53 | gkkclarujbd.net | udp |
| US | 8.8.8.8:53 | ywuqug.com | udp |
| US | 8.8.8.8:53 | vffzaatuj.info | udp |
| US | 8.8.8.8:53 | ehylbo.net | udp |
| US | 8.8.8.8:53 | ftxdcurw.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | rtebwwdguuq.org | udp |
| US | 8.8.8.8:53 | carepqw.net | udp |
| US | 8.8.8.8:53 | bbdylihtxbgi.info | udp |
| US | 8.8.8.8:53 | mmqqwmeofn.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | vwlehhjw.info | udp |
| US | 8.8.8.8:53 | trfaduj.net | udp |
| US | 8.8.8.8:53 | quikggwuqqqq.com | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | vyoyfuj.net | udp |
| US | 8.8.8.8:53 | cntzugg.net | udp |
| US | 8.8.8.8:53 | oaqtznxk.info | udp |
| US | 8.8.8.8:53 | eewawc.org | udp |
| US | 8.8.8.8:53 | ggycuu.org | udp |
| US | 8.8.8.8:53 | vuvbemndqv.net | udp |
| US | 8.8.8.8:53 | pdsqbb.net | udp |
| US | 8.8.8.8:53 | lbygpbpmqkoo.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | rtdvyfwoyp.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | jkhgkt.info | udp |
| US | 8.8.8.8:53 | denjyemtisxn.net | udp |
| US | 8.8.8.8:53 | ceowcmfezkb.info | udp |
| US | 8.8.8.8:53 | oclaloraowj.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | hmtpti.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | oimmag.org | udp |
| US | 8.8.8.8:53 | iecwga.org | udp |
| US | 8.8.8.8:53 | tylrrnzfqj.info | udp |
| US | 8.8.8.8:53 | pyjytmn.net | udp |
| US | 8.8.8.8:53 | gnsatmkfme.net | udp |
| US | 8.8.8.8:53 | sglunc.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | kejycuzof.net | udp |
| US | 8.8.8.8:53 | lzxuggc.net | udp |
| US | 8.8.8.8:53 | ymikrcn.info | udp |
| US | 8.8.8.8:53 | yawoyoccagak.com | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | zatwjgjsjcf.com | udp |
| US | 8.8.8.8:53 | efpxrb.net | udp |
| US | 8.8.8.8:53 | pzcivm.net | udp |
| US | 8.8.8.8:53 | ckdqwub.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | zsfkwet.com | udp |
| US | 8.8.8.8:53 | vmjjyfcy.info | udp |
| US | 8.8.8.8:53 | dwxdgczrvoff.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | tclkzzh.info | udp |
| US | 8.8.8.8:53 | qyvuzlr.net | udp |
| US | 8.8.8.8:53 | meayycyoyu.org | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | fcdigmd.com | udp |
| US | 8.8.8.8:53 | dqdggaf.org | udp |
| US | 8.8.8.8:53 | xghfufmhez.info | udp |
| US | 8.8.8.8:53 | vczmjop.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | mgfatmfap.info | udp |
| US | 8.8.8.8:53 | lubamvacr.org | udp |
| US | 8.8.8.8:53 | medwcahcz.info | udp |
| US | 8.8.8.8:53 | cdkfswjoxp.net | udp |
| US | 8.8.8.8:53 | aasqeiau.com | udp |
| US | 8.8.8.8:53 | fenjcyq.com | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | rtahqrlmxn.info | udp |
| US | 8.8.8.8:53 | uatgdmhgp.info | udp |
| US | 8.8.8.8:53 | garsrmoca.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | vqhkpudso.org | udp |
| US | 8.8.8.8:53 | ocnpqu.net | udp |
| US | 8.8.8.8:53 | gipxakrsw.info | udp |
| US | 8.8.8.8:53 | tgrdxc.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | ffgnyfvflf.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | xqmkrgfuxfs.net | udp |
| US | 8.8.8.8:53 | eathiqnt.info | udp |
| US | 8.8.8.8:53 | vmrvzcyqwg.info | udp |
| US | 8.8.8.8:53 | jojeyieqrq.net | udp |
| US | 8.8.8.8:53 | keoqkqoq.org | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | mtwceey.net | udp |
| US | 8.8.8.8:53 | qlrwlyl.net | udp |
| US | 8.8.8.8:53 | cnkpvb.info | udp |
| US | 8.8.8.8:53 | scimgtunvbgp.info | udp |
| US | 8.8.8.8:53 | zgbdajhmn.org | udp |
| US | 8.8.8.8:53 | okdcbcx.info | udp |
| US | 8.8.8.8:53 | fpdopjdl.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | bwmymej.net | udp |
| US | 8.8.8.8:53 | pofsjwy.com | udp |
| US | 8.8.8.8:53 | optafkelyk.net | udp |
| US | 8.8.8.8:53 | tcsipbvtr.org | udp |
| US | 8.8.8.8:53 | fddrdhdqccrb.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | laezfrajbj.net | udp |
| US | 8.8.8.8:53 | kdiwfemn.info | udp |
| US | 8.8.8.8:53 | lwrtdwxi.info | udp |
| US | 8.8.8.8:53 | ropjdkz.org | udp |
| US | 8.8.8.8:53 | exispooex.info | udp |
| US | 8.8.8.8:53 | occeaskuem.org | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | hrefgrpxxdsc.net | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | ppvxcsxlteyh.info | udp |
| US | 8.8.8.8:53 | btxkgyzy.net | udp |
| US | 8.8.8.8:53 | sieewkaqgs.com | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | uocndotkxyd.info | udp |
| US | 8.8.8.8:53 | lzqaxqi.info | udp |
| US | 8.8.8.8:53 | sceabtree.net | udp |
| US | 8.8.8.8:53 | oqrqlojqp.info | udp |
| US | 8.8.8.8:53 | pboqlatkp.info | udp |
| US | 8.8.8.8:53 | lwfjykqyjzl.net | udp |
| US | 8.8.8.8:53 | zyhndh.info | udp |
| US | 8.8.8.8:53 | uabhlqaoe.info | udp |
| US | 8.8.8.8:53 | mlbomyv.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | myeguxxun.net | udp |
| US | 8.8.8.8:53 | gksfmwvu.net | udp |
| US | 8.8.8.8:53 | pyxbvavsgutm.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | oijqqarg.net | udp |
| US | 8.8.8.8:53 | qcskip.net | udp |
| US | 8.8.8.8:53 | iesfmbgw.net | udp |
| US | 8.8.8.8:53 | vopjbksonic.info | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | uczitsg.net | udp |
| US | 8.8.8.8:53 | heeidicqp.net | udp |
| US | 8.8.8.8:53 | lopuvqm.com | udp |
| US | 8.8.8.8:53 | vzokgombzp.net | udp |
| US | 8.8.8.8:53 | ewjqngn.net | udp |
| US | 8.8.8.8:53 | hnltxqtyhmw.org | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | pgpfjljcibqf.net | udp |
| US | 8.8.8.8:53 | fzfznlh.net | udp |
| US | 8.8.8.8:53 | dyofcroqz.info | udp |
| US | 8.8.8.8:53 | rqbtjmhkhj.net | udp |
| US | 8.8.8.8:53 | rwjpaqmmqx.info | udp |
| US | 8.8.8.8:53 | zxrudg.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | ymjilszcrtp.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | mkboypui.net | udp |
| US | 8.8.8.8:53 | cqmswgl.info | udp |
| US | 8.8.8.8:53 | umjbkqdjuugj.net | udp |
| US | 8.8.8.8:53 | duxrjgwnhjrd.info | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | ngzuhhy.net | udp |
| US | 8.8.8.8:53 | xpjuhsuai.com | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | mkloegnyfy.net | udp |
| US | 8.8.8.8:53 | lstoma.info | udp |
| US | 8.8.8.8:53 | cwpqwmj.info | udp |
| US | 8.8.8.8:53 | owgwwilax.info | udp |
| US | 8.8.8.8:53 | vudolhywloi.com | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | uqoyqguk.com | udp |
| US | 8.8.8.8:53 | wousqygc.org | udp |
| US | 8.8.8.8:53 | blmxnzgixhpx.info | udp |
| US | 8.8.8.8:53 | dcvsxfp.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | yhrruoyuuwsd.info | udp |
| US | 8.8.8.8:53 | krtmpvxyh.net | udp |
| US | 8.8.8.8:53 | kdjqxjjyz.info | udp |
| US | 8.8.8.8:53 | dywwfv.info | udp |
| US | 8.8.8.8:53 | wemywmeo.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | oqwzdufmben.net | udp |
| US | 8.8.8.8:53 | jcfljngv.info | udp |
| US | 8.8.8.8:53 | goycuqyqmk.com | udp |
| US | 8.8.8.8:53 | iovjrkuwkbk.info | udp |
| US | 8.8.8.8:53 | moyqcm.com | udp |
| US | 8.8.8.8:53 | aomcglnjvlhx.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | eawqqkkggwgi.org | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ckrnfad.info | udp |
| US | 8.8.8.8:53 | ohtndorbtnvh.net | udp |
| US | 8.8.8.8:53 | zwewfbpfhat.net | udp |
| US | 8.8.8.8:53 | qetgjogswaj.info | udp |
| US | 8.8.8.8:53 | dwvyli.net | udp |
| US | 8.8.8.8:53 | mbvwdyjc.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | ptfzjflu.net | udp |
| US | 8.8.8.8:53 | bxnevcrg.net | udp |
| US | 8.8.8.8:53 | fwltnc.net | udp |
| US | 8.8.8.8:53 | mmaifeuqhgl.net | udp |
| US | 8.8.8.8:53 | pgfhdosblz.info | udp |
| US | 8.8.8.8:53 | pasytks.info | udp |
| US | 8.8.8.8:53 | nktdtmxgb.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | fzzmpyjyj.info | udp |
| US | 8.8.8.8:53 | grlvpxzuav.net | udp |
| US | 8.8.8.8:53 | ucxurqsmn.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | womikw.info | udp |
| US | 8.8.8.8:53 | nxwbusz.org | udp |
| US | 8.8.8.8:53 | feaoxaxifiy.org | udp |
| US | 8.8.8.8:53 | cyycai.org | udp |
| US | 8.8.8.8:53 | mprzjj.info | udp |
| US | 8.8.8.8:53 | tquynajeh.org | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | zwvgkunqk.org | udp |
| US | 8.8.8.8:53 | moioyq.org | udp |
| US | 8.8.8.8:53 | owunjxl.net | udp |
| US | 8.8.8.8:53 | hjgomd.info | udp |
| US | 8.8.8.8:53 | txwytpzmku.info | udp |
| US | 8.8.8.8:53 | owvutsnmlkj.info | udp |
| US | 8.8.8.8:53 | hqoetpsoj.org | udp |
| US | 8.8.8.8:53 | eswmqsye.com | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | imwypguioabg.net | udp |
| US | 8.8.8.8:53 | aukguokqei.com | udp |
| US | 8.8.8.8:53 | osmkxgfqr.info | udp |
| US | 8.8.8.8:53 | tmqiqam.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | jisbrb.net | udp |
| US | 8.8.8.8:53 | egjciyp.info | udp |
| US | 8.8.8.8:53 | bjthuj.net | udp |
| US | 8.8.8.8:53 | uuyyccgkko.com | udp |
| US | 8.8.8.8:53 | scumwocq.com | udp |
| US | 8.8.8.8:53 | aoeceomkoagq.com | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | fwlyzm.info | udp |
| US | 8.8.8.8:53 | efxqkgybtgx.net | udp |
| US | 8.8.8.8:53 | daannyugaz.net | udp |
| US | 8.8.8.8:53 | jsvmernyhh.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | siogwzor.info | udp |
| US | 8.8.8.8:53 | nyjwiakuz.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | qfqmbjil.info | udp |
| US | 8.8.8.8:53 | mpraqb.net | udp |
| US | 8.8.8.8:53 | rwhtmvsfjmdb.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | rjwmcqpr.info | udp |
| US | 8.8.8.8:53 | qiuwnvbe.net | udp |
| US | 8.8.8.8:53 | ftzqallsj.net | udp |
| US | 8.8.8.8:53 | cecqqkeyuc.org | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | nqyzwulqn.info | udp |
| US | 8.8.8.8:53 | jgfxxnrjv.org | udp |
| US | 8.8.8.8:53 | ldrgfmpmf.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | kkkwos.com | udp |
| US | 8.8.8.8:53 | aulcvcnmxcs.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | xwiqocrqtsh.info | udp |
| US | 8.8.8.8:53 | asdefybnraj.net | udp |
| US | 8.8.8.8:53 | amumoeqwoq.org | udp |
| US | 8.8.8.8:53 | zfwjlgr.info | udp |
| US | 8.8.8.8:53 | netygbeox.net | udp |
| US | 8.8.8.8:53 | dappdhjjz.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | guyuuy.org | udp |
| US | 8.8.8.8:53 | kfhmigtul.info | udp |
| US | 8.8.8.8:53 | ckwrroxoftrm.net | udp |
| US | 8.8.8.8:53 | yvhpgguzxtcz.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | czdmjpex.net | udp |
| US | 8.8.8.8:53 | zqlctug.com | udp |
| US | 8.8.8.8:53 | swdyxozkpcj.net | udp |
| US | 8.8.8.8:53 | iaqqmaywykwy.com | udp |
| US | 8.8.8.8:53 | swkshux.net | udp |
| US | 8.8.8.8:53 | bwlmiyhvm.com | udp |
| US | 8.8.8.8:53 | ibsbgnpn.info | udp |
| US | 8.8.8.8:53 | gphgjbbpwb.info | udp |
| US | 8.8.8.8:53 | unpjhm.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | jqhlvkwnlh.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | eopsjtn.net | udp |
| US | 8.8.8.8:53 | djqmndtl.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | zqjzxcox.info | udp |
| US | 8.8.8.8:53 | qqyllyl.net | udp |
| US | 8.8.8.8:53 | salenia.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | ggtqgjgs.info | udp |
| US | 8.8.8.8:53 | sccuwm.org | udp |
| US | 8.8.8.8:53 | ygccoucy.org | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | myggyycakc.org | udp |
| US | 8.8.8.8:53 | lfefyabalmf.net | udp |
| US | 8.8.8.8:53 | oqpctmipru.info | udp |
| US | 8.8.8.8:53 | mqzlnn.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | tijizqtgn.org | udp |
| US | 8.8.8.8:53 | tzcfyagwit.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | nsxstmtyec.net | udp |
| US | 8.8.8.8:53 | tygiuazyks.info | udp |
| US | 8.8.8.8:53 | hantwtyf.net | udp |
| US | 8.8.8.8:53 | nhvatyw.net | udp |
| US | 8.8.8.8:53 | zjfzgi.info | udp |
| US | 8.8.8.8:53 | sourrhw.net | udp |
| US | 8.8.8.8:53 | qcpuzjhlagv.info | udp |
| US | 8.8.8.8:53 | bhkvgy.info | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | bqdbyduw.info | udp |
| US | 8.8.8.8:53 | unhimiflnz.info | udp |
| US | 8.8.8.8:53 | polqbuhyd.info | udp |
| US | 8.8.8.8:53 | jwzetmo.net | udp |
| US | 8.8.8.8:53 | chbtgtdh.info | udp |
| US | 8.8.8.8:53 | oyymymsicw.com | udp |
| US | 8.8.8.8:53 | iishsyvbooym.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | jwkzhnrka.org | udp |
| US | 8.8.8.8:53 | iiowsqp.info | udp |
| US | 8.8.8.8:53 | kgxtgz.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | ribrrqhsjjqz.net | udp |
| US | 8.8.8.8:53 | vxfktir.com | udp |
| US | 8.8.8.8:53 | cladjqhexa.net | udp |
| US | 8.8.8.8:53 | bztlngrqjkh.com | udp |
| US | 8.8.8.8:53 | ceeymiyeeuec.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | lbzlxioa.info | udp |
| US | 8.8.8.8:53 | gngdymj.net | udp |
| US | 8.8.8.8:53 | qxhinydr.info | udp |
| US | 8.8.8.8:53 | satcbxds.info | udp |
| US | 8.8.8.8:53 | qgmcieqe.org | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | ckxyfklneql.net | udp |
| US | 8.8.8.8:53 | bqqipihqhlj.net | udp |
| US | 8.8.8.8:53 | pggwbwdow.net | udp |
| US | 8.8.8.8:53 | wiaakk.org | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | uqvjgtbqghnj.info | udp |
| US | 8.8.8.8:53 | yklgpmf.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | xkjkfww.com | udp |
| US | 8.8.8.8:53 | gepwfovafig.info | udp |
| US | 8.8.8.8:53 | gytqllhevpr.info | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | rydbbivxuyg.com | udp |
| US | 8.8.8.8:53 | slpfiyeycne.info | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | lqyswsucva.info | udp |
| US | 8.8.8.8:53 | odpiqhyurk.net | udp |
| US | 8.8.8.8:53 | lbhwawzvxsni.info | udp |
| US | 8.8.8.8:53 | eaeoyegymc.org | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | heguesolztdl.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | ielgwwwoqcx.info | udp |
| US | 8.8.8.8:53 | pklgnebeaup.com | udp |
| US | 8.8.8.8:53 | aptfzieyxulf.net | udp |
| US | 8.8.8.8:53 | rojmxyqqw.org | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | hhrsnv.info | udp |
| US | 8.8.8.8:53 | amhqbnzqcuz.info | udp |
| US | 8.8.8.8:53 | buoyfmtatcx.com | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | zsauqe.info | udp |
| US | 8.8.8.8:53 | vtmjwbjc.info | udp |
| US | 8.8.8.8:53 | xczieqfovsg.com | udp |
| US | 8.8.8.8:53 | njjgmfwm.net | udp |
| US | 8.8.8.8:53 | iejwpvzfugl.info | udp |
| US | 8.8.8.8:53 | yuicoo.org | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | ixvkxvm.net | udp |
| US | 8.8.8.8:53 | iybgpqrd.net | udp |
| US | 8.8.8.8:53 | lenjhdjz.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | cypbnolclck.net | udp |
| US | 8.8.8.8:53 | ksktxffpkhpl.info | udp |
| US | 8.8.8.8:53 | pdhpzjrmmn.info | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | ptsdtcd.info | udp |
| US | 8.8.8.8:53 | zcvsrkrst.net | udp |
| US | 8.8.8.8:53 | nwdapnfadnam.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | gubtlkefnebc.info | udp |
| US | 8.8.8.8:53 | kidaiiv.net | udp |
| US | 8.8.8.8:53 | mhkcfcran.net | udp |
| US | 8.8.8.8:53 | gjtqay.info | udp |
| US | 8.8.8.8:53 | wmpjfp.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | eenplql.net | udp |
| US | 8.8.8.8:53 | papigevnt.com | udp |
| US | 8.8.8.8:53 | sttewar.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | osqywkoc.org | udp |
| US | 8.8.8.8:53 | lueykidmpin.net | udp |
| US | 8.8.8.8:53 | mmuyhof.net | udp |
| US | 8.8.8.8:53 | muqeeu.org | udp |
| US | 8.8.8.8:53 | tshmab.net | udp |
| US | 8.8.8.8:53 | tylwnpvsimd.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | vskbpy.info | udp |
| US | 8.8.8.8:53 | rdpqzbgsvg.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | ioceec.com | udp |
| US | 8.8.8.8:53 | gcxuigpej.net | udp |
| US | 8.8.8.8:53 | sqjlhbejikro.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | nuqwuqg.org | udp |
| US | 8.8.8.8:53 | fihslg.net | udp |
| US | 8.8.8.8:53 | gsyqjid.info | udp |
| US | 8.8.8.8:53 | jkzrzcf.org | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | rucplgvs.net | udp |
| US | 8.8.8.8:53 | niijhkdef.com | udp |
| US | 8.8.8.8:53 | zhtrmyijqy.info | udp |
| US | 8.8.8.8:53 | emhuxzgnlw.info | udp |
| US | 8.8.8.8:53 | dljadjsvxm.info | udp |
| US | 8.8.8.8:53 | gwltyqt.net | udp |
| US | 8.8.8.8:53 | zuiiazvia.com | udp |
| US | 8.8.8.8:53 | ltjmodlt.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | ujyirl.net | udp |
| US | 8.8.8.8:53 | hfkuggnw.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | lhorwwyopo.info | udp |
| US | 8.8.8.8:53 | jcwhxufaqdfl.net | udp |
| US | 8.8.8.8:53 | ahbmvbhhpub.net | udp |
| US | 8.8.8.8:53 | ocpsbsimm.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | eqiooeawmiiw.com | udp |
| US | 8.8.8.8:53 | nznzvmugga.info | udp |
| US | 8.8.8.8:53 | tcyoxxpk.net | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | hgfaokodp.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | mthcdwpmvvs.net | udp |
| US | 8.8.8.8:53 | aneotaz.info | udp |
| US | 8.8.8.8:53 | hqmkpq.info | udp |
| US | 8.8.8.8:53 | ycewkq.org | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | kgjaicmgmo.info | udp |
| US | 8.8.8.8:53 | senyzjufekfu.info | udp |
| US | 8.8.8.8:53 | exnavpvkds.info | udp |
| US | 8.8.8.8:53 | lxlcfhjuv.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | bgvzxneg.info | udp |
| US | 8.8.8.8:53 | prlizl.info | udp |
| US | 8.8.8.8:53 | iwnsys.info | udp |
| US | 8.8.8.8:53 | ycquwo.org | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | xavcvupho.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | pvwtfdhygxtm.net | udp |
| US | 8.8.8.8:53 | gcyiiaigsu.com | udp |
| US | 8.8.8.8:53 | bvzmzp.net | udp |
| US | 8.8.8.8:53 | llnnxmlphg.info | udp |
| US | 8.8.8.8:53 | slpiaq.info | udp |
| US | 8.8.8.8:53 | mynqlopfbwp.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | nyopnh.info | udp |
| US | 8.8.8.8:53 | igtabgped.info | udp |
| US | 8.8.8.8:53 | gchjhevjpai.info | udp |
| US | 8.8.8.8:53 | lirmuecctz.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | lypexww.net | udp |
| US | 8.8.8.8:53 | ewuxtijvcvl.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | kstuqmf.info | udp |
| US | 8.8.8.8:53 | lppouwi.net | udp |
| US | 8.8.8.8:53 | nejhleakhey.info | udp |
| US | 8.8.8.8:53 | xikwlim.org | udp |
| US | 8.8.8.8:53 | ynxobt.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | xyffjwj.org | udp |
| US | 8.8.8.8:53 | kuvqbw.info | udp |
| US | 8.8.8.8:53 | etukpb.info | udp |
| US | 8.8.8.8:53 | jodaufkwwsx.net | udp |
| US | 8.8.8.8:53 | yufzgvcy.net | udp |
| US | 8.8.8.8:53 | tmtjhjtk.net | udp |
| US | 8.8.8.8:53 | xdoewrdvokql.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | heraofjywibl.info | udp |
| US | 8.8.8.8:53 | wqpuzalt.info | udp |
| US | 8.8.8.8:53 | ddpkdozarxzq.net | udp |
| US | 8.8.8.8:53 | viuxfqcdnu.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | wuqoqcayyy.com | udp |
| US | 8.8.8.8:53 | kcgywcmuscqm.com | udp |
| US | 8.8.8.8:53 | moatgoxenwf.net | udp |
| US | 8.8.8.8:53 | gsegplcb.net | udp |
| US | 8.8.8.8:53 | aynjnrbmsj.net | udp |
| US | 8.8.8.8:53 | bllzfqvjziz.org | udp |
| US | 8.8.8.8:53 | efhypgxeiynd.info | udp |
| US | 8.8.8.8:53 | jdlmdtpya.com | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | oqscaoqi.org | udp |
| US | 8.8.8.8:53 | mgqmay.com | udp |
| US | 8.8.8.8:53 | aeomagao.org | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | wzlnpdtddit.info | udp |
| US | 8.8.8.8:53 | kyhrrkauiki.net | udp |
| US | 8.8.8.8:53 | eyquscoy.org | udp |
| US | 8.8.8.8:53 | srvhbu.info | udp |
| US | 8.8.8.8:53 | rmcilircclt.info | udp |
| US | 8.8.8.8:53 | wrdxislddf.info | udp |
| US | 8.8.8.8:53 | atxglzh.info | udp |
| US | 8.8.8.8:53 | yacaacmism.com | udp |
| US | 8.8.8.8:53 | eyqomiaeiq.com | udp |
| US | 8.8.8.8:53 | qfstupfbdsqi.net | udp |
| US | 8.8.8.8:53 | tedyyvqhayx.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | bfuoemrlsg.info | udp |
| US | 8.8.8.8:53 | sgouamgmii.org | udp |
| US | 8.8.8.8:53 | uvtdzjoekg.net | udp |
| US | 8.8.8.8:53 | ioacgeyicg.com | udp |
| US | 8.8.8.8:53 | msgqsaasawoy.org | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | euhgbhz.net | udp |
| US | 8.8.8.8:53 | yfzuvixiz.net | udp |
| US | 8.8.8.8:53 | wkcisq.com | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | auhlyrt.net | udp |
| US | 8.8.8.8:53 | myhpuy.info | udp |
| US | 8.8.8.8:53 | cmckeygkis.com | udp |
| US | 8.8.8.8:53 | wzjswaiop.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | srmgjmralkj.info | udp |
| US | 8.8.8.8:53 | ubvokcz.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | pcyjhiw.com | udp |
| US | 8.8.8.8:53 | ostobvjc.info | udp |
| US | 8.8.8.8:53 | eezoxuzlc.net | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | cchobsbqckz.net | udp |
| US | 8.8.8.8:53 | cnrcbxjqd.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | eafclqcer.info | udp |
| US | 8.8.8.8:53 | wwnodjs.net | udp |
| US | 8.8.8.8:53 | smokacos.org | udp |
| US | 8.8.8.8:53 | jvycftc.com | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | hysbkg.net | udp |
| US | 8.8.8.8:53 | oerllu.net | udp |
| US | 8.8.8.8:53 | oavzogaqnvyp.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | ywcahp.net | udp |
| US | 8.8.8.8:53 | ykqkyg.org | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | amggaowy.com | udp |
| US | 8.8.8.8:53 | nxrzhkpf.net | udp |
| US | 8.8.8.8:53 | oaoywi.com | udp |
| US | 8.8.8.8:53 | wikawksa.com | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | ggqaeaieaomw.com | udp |
| US | 8.8.8.8:53 | cuhniaows.info | udp |
| US | 8.8.8.8:53 | gcenflaqzo.info | udp |
| US | 8.8.8.8:53 | bheguvpdiihz.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | ypfxmj.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | majaphl.net | udp |
| US | 8.8.8.8:53 | gssnxeduhlnu.net | udp |
| US | 8.8.8.8:53 | bmtdvcljjzgr.net | udp |
| US | 8.8.8.8:53 | ilpijzuqfawi.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | ozruprdk.net | udp |
| US | 8.8.8.8:53 | ilgbdr.net | udp |
| US | 8.8.8.8:53 | tbaxjo.net | udp |
| US | 8.8.8.8:53 | avmnvlho.net | udp |
| US | 8.8.8.8:53 | tzpttxdfpmoj.net | udp |
| US | 8.8.8.8:53 | rbjtwonckvd.com | udp |
| US | 8.8.8.8:53 | invmbwo.info | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | ceuskasq.com | udp |
| US | 8.8.8.8:53 | hjturabugk.net | udp |
| US | 8.8.8.8:53 | qofaysp.net | udp |
| US | 8.8.8.8:53 | kbazbgx.net | udp |
| US | 8.8.8.8:53 | iiwasegg.org | udp |
| US | 8.8.8.8:53 | pvxwhtyoswwj.net | udp |
| US | 8.8.8.8:53 | cskgqgyiaw.com | udp |
| US | 8.8.8.8:53 | yjvpxxbdjult.info | udp |
| US | 8.8.8.8:53 | fevktevahwf.com | udp |
| US | 8.8.8.8:53 | knewputnr.info | udp |
| US | 8.8.8.8:53 | iojgvg.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | sbhcsleo.net | udp |
| US | 8.8.8.8:53 | tuqhow.net | udp |
| US | 8.8.8.8:53 | evbqloxgq.net | udp |
| US | 8.8.8.8:53 | rufubofrt.net | udp |
| US | 8.8.8.8:53 | rukqvctyd.org | udp |
| US | 8.8.8.8:53 | afnnuv.net | udp |
| US | 8.8.8.8:53 | gmsmoy.net | udp |
| US | 8.8.8.8:53 | bibrhslsycz.org | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | csvqcdl.net | udp |
| US | 8.8.8.8:53 | rmtylgrpdsc.net | udp |
| US | 8.8.8.8:53 | piykwzxgn.org | udp |
| US | 8.8.8.8:53 | btzebbfjh.net | udp |
| US | 8.8.8.8:53 | lgrxryvipkn.org | udp |
| US | 8.8.8.8:53 | leaeznoep.org | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | liuiqlxwzun.net | udp |
| US | 8.8.8.8:53 | aavyzeptyk.net | udp |
| US | 8.8.8.8:53 | ujlqfbhjrfhw.net | udp |
| US | 8.8.8.8:53 | jkxmzrpad.org | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | hkshtsfqzvv.org | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | bvdwfq.net | udp |
| US | 8.8.8.8:53 | gpjuvwluqwk.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | xgjghwund.net | udp |
| US | 8.8.8.8:53 | dqvadqp.com | udp |
| US | 8.8.8.8:53 | xerfnkrtzdht.info | udp |
| US | 8.8.8.8:53 | llzlnghylsh.com | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | updvwmgyjqj.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | jcdyzg.info | udp |
| US | 8.8.8.8:53 | qwyamewkys.com | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | uewekkqsuk.org | udp |
| US | 8.8.8.8:53 | xrdyaipcpkh.net | udp |
| US | 8.8.8.8:53 | cugywairfela.net | udp |
| US | 8.8.8.8:53 | vrioncoprfz.net | udp |
| US | 8.8.8.8:53 | cykkmemkgy.org | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | iijcktvc.net | udp |
| US | 8.8.8.8:53 | gcffvyz.net | udp |
| US | 8.8.8.8:53 | asleqifqn.net | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | jhordowevu.info | udp |
| US | 8.8.8.8:53 | mizgltnl.info | udp |
| US | 8.8.8.8:53 | ecnunnubl.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | oarzwqeuqwd.info | udp |
| US | 8.8.8.8:53 | mmatissmmqlv.net | udp |
| US | 8.8.8.8:53 | ydkepcdex.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | pebdxvjr.info | udp |
| US | 8.8.8.8:53 | yevzabb.info | udp |
| US | 8.8.8.8:53 | gsjkpud.info | udp |
| US | 8.8.8.8:53 | vqvvvlp.info | udp |
| US | 8.8.8.8:53 | qysoym.org | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | onhpbfxj.info | udp |
| US | 8.8.8.8:53 | grpnjtiyqz.info | udp |
| US | 8.8.8.8:53 | gklyporklce.net | udp |
| US | 8.8.8.8:53 | jxzkzddiae.info | udp |
| US | 8.8.8.8:53 | vblmxmlit.org | udp |
| US | 8.8.8.8:53 | qiaeysiw.org | udp |
| US | 8.8.8.8:53 | uizntjvutxqi.net | udp |
| US | 8.8.8.8:53 | cehwvixqhyk.net | udp |
| US | 8.8.8.8:53 | acccyykqge.org | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | ucfirgp.info | udp |
| US | 8.8.8.8:53 | qcwapigp.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | tsbglaskaet.info | udp |
| US | 8.8.8.8:53 | tutstsl.net | udp |
| US | 8.8.8.8:53 | ffxxuo.info | udp |
| US | 8.8.8.8:53 | mcwsxoxzj.info | udp |
| US | 8.8.8.8:53 | qjoozrzjowoe.net | udp |
| US | 8.8.8.8:53 | yaissecqsy.org | udp |
| US | 8.8.8.8:53 | fmcbbggmhyj.info | udp |
| US | 8.8.8.8:53 | smwxozpdtpbu.info | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | qximncgg.net | udp |
| US | 8.8.8.8:53 | ikisjihwaqi.info | udp |
| US | 8.8.8.8:53 | qmowjd.info | udp |
| US | 8.8.8.8:53 | jsmqxspfyk.info | udp |
| US | 8.8.8.8:53 | zslwfnvqt.info | udp |
| US | 8.8.8.8:53 | rufiryq.org | udp |
| US | 8.8.8.8:53 | luovijvkfki.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | vdnagd.info | udp |
| US | 8.8.8.8:53 | xylglgjgu.net | udp |
| US | 8.8.8.8:53 | hmisjorga.info | udp |
| US | 8.8.8.8:53 | mvaqna.net | udp |
| US | 8.8.8.8:53 | cqiuay.com | udp |
| US | 8.8.8.8:53 | cktyzqt.net | udp |
| US | 8.8.8.8:53 | wubzrwjkd.net | udp |
| US | 8.8.8.8:53 | txdmrerqjbzo.info | udp |
| US | 8.8.8.8:53 | ulzgjtxy.info | udp |
| US | 8.8.8.8:53 | gqamhtfd.info | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | herynbumiagd.info | udp |
| US | 8.8.8.8:53 | pgjvpwlph.com | udp |
| US | 8.8.8.8:53 | syumaycq.org | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | wjqrnokh.net | udp |
| US | 8.8.8.8:53 | ybccrcjjiiz.info | udp |
| US | 8.8.8.8:53 | tzjwrgwggmaa.info | udp |
| US | 8.8.8.8:53 | hzrclerisx.net | udp |
| US | 8.8.8.8:53 | pjvomxggdvdl.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | puncrkzo.net | udp |
| US | 8.8.8.8:53 | bxvkfzfl.net | udp |
| US | 8.8.8.8:53 | cqwqygws.org | udp |
| US | 8.8.8.8:53 | pbaejx.net | udp |
| US | 8.8.8.8:53 | tyaqtktv.info | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | jinraw.net | udp |
| US | 8.8.8.8:53 | quuagsyu.org | udp |
| US | 8.8.8.8:53 | cyrhlmj.info | udp |
| US | 8.8.8.8:53 | bwpbuxyezg.info | udp |
| US | 8.8.8.8:53 | funkyuiqj.net | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | kwludeky.info | udp |
| US | 8.8.8.8:53 | rynpjnxdplsp.info | udp |
| US | 8.8.8.8:53 | jnukbpplwr.info | udp |
| US | 8.8.8.8:53 | myayquss.org | udp |
| US | 8.8.8.8:53 | zxewsqrv.net | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | konzyttr.info | udp |
| US | 8.8.8.8:53 | ecnasayr.net | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | bejmzh.info | udp |
| US | 8.8.8.8:53 | vmxgrimem.net | udp |
| US | 8.8.8.8:53 | cqhdrwocfik.info | udp |
| US | 8.8.8.8:53 | rmesdjbcnbb.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | owegpyhet.info | udp |
| US | 8.8.8.8:53 | ddruzx.info | udp |
| US | 8.8.8.8:53 | emvudcqsl.net | udp |
| US | 8.8.8.8:53 | chrixtnzpejl.info | udp |
| US | 8.8.8.8:53 | gsdljesjlebz.info | udp |
| US | 8.8.8.8:53 | ruknbtlkhr.info | udp |
| US | 8.8.8.8:53 | wkkdzg.net | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | rcnxfrj.net | udp |
| US | 8.8.8.8:53 | unztginy.info | udp |
| US | 8.8.8.8:53 | slqsmmpmcr.net | udp |
| US | 8.8.8.8:53 | grqydv.info | udp |
| US | 8.8.8.8:53 | nsnuzyr.info | udp |
| US | 8.8.8.8:53 | zqhirwplowz.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | hqxvryk.info | udp |
| US | 8.8.8.8:53 | lnvsztdyzd.info | udp |
| US | 8.8.8.8:53 | oskaogys.com | udp |
| US | 8.8.8.8:53 | bgjsaz.info | udp |
| US | 8.8.8.8:53 | bljqsi.info | udp |
| US | 8.8.8.8:53 | asmsiy.org | udp |
| US | 8.8.8.8:53 | ocfice.net | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | eemsomskwc.org | udp |
| US | 8.8.8.8:53 | jnajnvhfxntr.net | udp |
| US | 8.8.8.8:53 | zelwhon.net | udp |
| US | 8.8.8.8:53 | dyrrfdc.org | udp |
| US | 8.8.8.8:53 | rhdyzyx.info | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | asdenvj.info | udp |
| US | 8.8.8.8:53 | jyptls.info | udp |
| US | 8.8.8.8:53 | xhodvlturbjx.net | udp |
| US | 8.8.8.8:53 | djhezbwugs.info | udp |
| US | 8.8.8.8:53 | lawabot.net | udp |
| US | 8.8.8.8:53 | ylsptizfjq.net | udp |
| US | 8.8.8.8:53 | nmvivqmdxov.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | egvpza.info | udp |
| US | 8.8.8.8:53 | qxjrnacjh.info | udp |
| US | 8.8.8.8:53 | qcckei.org | udp |
| US | 8.8.8.8:53 | radsqhtdbyww.net | udp |
| US | 8.8.8.8:53 | prxidpdxgq.info | udp |
| US | 8.8.8.8:53 | qamskm.com | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | iucooeecqigu.com | udp |
| US | 8.8.8.8:53 | owqypoxmmf.info | udp |
| US | 8.8.8.8:53 | aukuyiyequcy.org | udp |
| US | 8.8.8.8:53 | nmunszxhhb.net | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | tinqmec.org | udp |
| US | 8.8.8.8:53 | vyltzvb.net | udp |
| US | 8.8.8.8:53 | fixijml.org | udp |
| US | 8.8.8.8:53 | jcjipnzzfkrz.net | udp |
| US | 8.8.8.8:53 | ewfaciadiye.net | udp |
| US | 8.8.8.8:53 | bvrlxiawb.net | udp |
| US | 8.8.8.8:53 | ekakcuuqmuqs.org | udp |
| US | 8.8.8.8:53 | tmiwinpe.net | udp |
| US | 8.8.8.8:53 | vksuvrghb.com | udp |
| US | 8.8.8.8:53 | aqsippjzv.net | udp |
| US | 8.8.8.8:53 | ebbqjaqbdpm.net | udp |
| US | 8.8.8.8:53 | ygfewa.info | udp |
| US | 8.8.8.8:53 | bujydax.net | udp |
| US | 8.8.8.8:53 | jzonpwme.info | udp |
| US | 8.8.8.8:53 | wgyxdiye.info | udp |
| US | 8.8.8.8:53 | puphqlwbdn.net | udp |
| US | 8.8.8.8:53 | sxsydftugfl.net | udp |
| US | 8.8.8.8:53 | tpbqwienvubk.net | udp |
| US | 8.8.8.8:53 | qefjwzrgy.net | udp |
| US | 8.8.8.8:53 | vatywwnedxl.com | udp |
| US | 8.8.8.8:53 | gobgxjp.info | udp |
| US | 8.8.8.8:53 | khbswjfovxae.info | udp |
| US | 8.8.8.8:53 | msoiygcw.org | udp |
| US | 8.8.8.8:53 | gnohdjqrclw.net | udp |
| US | 8.8.8.8:53 | axpsdnkbswzw.info | udp |
| US | 8.8.8.8:53 | fuvzha.net | udp |
| US | 8.8.8.8:53 | jntxuexoq.net | udp |
| US | 8.8.8.8:53 | tepkbua.net | udp |
| US | 8.8.8.8:53 | rnnwtbnuz.net | udp |
| US | 8.8.8.8:53 | xwesmh.info | udp |
| US | 8.8.8.8:53 | awtrjqbmv.net | udp |
| US | 8.8.8.8:53 | jiptaunk.info | udp |
| US | 8.8.8.8:53 | fovdfevdlfjh.net | udp |
| US | 8.8.8.8:53 | ejpdqikairvo.info | udp |
| US | 8.8.8.8:53 | zqlsbogsp.org | udp |
| US | 8.8.8.8:53 | pzvaow.net | udp |
| US | 8.8.8.8:53 | oskqkaqcgsii.org | udp |
| US | 8.8.8.8:53 | ssgqsckw.com | udp |
| US | 8.8.8.8:53 | rpcsrbpy.info | udp |
| US | 8.8.8.8:53 | butyuulrvkh.org | udp |
| US | 8.8.8.8:53 | auogoewgggek.org | udp |
| US | 8.8.8.8:53 | riblmjep.info | udp |
| US | 8.8.8.8:53 | cxritgbkwiqj.net | udp |
| US | 8.8.8.8:53 | kgoima.com | udp |
| US | 8.8.8.8:53 | nplnnuadjc.net | udp |
| US | 8.8.8.8:53 | hjzvbbrobec.org | udp |
| US | 8.8.8.8:53 | sqhkzlqm.net | udp |
| US | 8.8.8.8:53 | wnyqel.info | udp |
| US | 8.8.8.8:53 | umsescgqkqmc.org | udp |
| US | 8.8.8.8:53 | xflrdxdu.net | udp |
| US | 8.8.8.8:53 | rfvgye.net | udp |
| US | 8.8.8.8:53 | tvapdwq.com | udp |
| US | 8.8.8.8:53 | lgvqjyultcxq.info | udp |
| US | 8.8.8.8:53 | yabgjuiyvpj.net | udp |
| US | 8.8.8.8:53 | zibkhpzupwx.org | udp |
| US | 8.8.8.8:53 | pybfnkfav.com | udp |
| US | 8.8.8.8:53 | yiggycge.com | udp |
| US | 8.8.8.8:53 | yqtafgfohsp.net | udp |
| US | 8.8.8.8:53 | soppzcavhjx.info | udp |
| US | 8.8.8.8:53 | vxfnyvsopmz.info | udp |
| US | 8.8.8.8:53 | euzbtop.info | udp |
| US | 8.8.8.8:53 | ikmsqwisam.com | udp |
| US | 8.8.8.8:53 | nrpqjt.info | udp |
| US | 8.8.8.8:53 | mogouqsgccic.org | udp |
| US | 8.8.8.8:53 | jhjcpkca.net | udp |
| US | 8.8.8.8:53 | jeyfbwjyn.info | udp |
| US | 8.8.8.8:53 | secbxwdrern.info | udp |
| US | 8.8.8.8:53 | lkngjoezjnq.com | udp |
| US | 8.8.8.8:53 | rdroqjdf.info | udp |
| US | 8.8.8.8:53 | pqbklmj.org | udp |
| US | 8.8.8.8:53 | cagkeuuywc.org | udp |
| US | 8.8.8.8:53 | zqzevbkx.net | udp |
| US | 8.8.8.8:53 | uoogcqgy.com | udp |
| US | 8.8.8.8:53 | wrbgtg.info | udp |
| US | 8.8.8.8:53 | qjvfxqxej.info | udp |
| US | 8.8.8.8:53 | sglqjuvkrip.info | udp |
| US | 8.8.8.8:53 | fgkvzjn.info | udp |
| US | 8.8.8.8:53 | akxcpqvggyj.info | udp |
| US | 8.8.8.8:53 | cwsfhcybexjf.net | udp |
| US | 8.8.8.8:53 | vsswekgnat.info | udp |
| US | 8.8.8.8:53 | qeljxqi.info | udp |
| US | 8.8.8.8:53 | wqvfpmzioqr.info | udp |
| US | 8.8.8.8:53 | mcveyexfl.info | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | asiezavitnl.net | udp |
| US | 8.8.8.8:53 | xtbtbj.net | udp |
| US | 8.8.8.8:53 | pvsmvfhxkcja.info | udp |
| US | 8.8.8.8:53 | fwxmxr.info | udp |
| US | 8.8.8.8:53 | riqzhklh.net | udp |
| US | 8.8.8.8:53 | pnzmrkotdao.org | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | opnwzzpiyzq.info | udp |
| US | 8.8.8.8:53 | xgzejotqt.info | udp |
| US | 8.8.8.8:53 | cjtryayafq.info | udp |
| US | 8.8.8.8:53 | gucdzytwr.info | udp |
| US | 8.8.8.8:53 | axrtlmxeok.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | shpackv.net | udp |
| US | 8.8.8.8:53 | gihaftzunefn.info | udp |
| US | 8.8.8.8:53 | snoqomtcf.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | lcrixsc.net | udp |
| US | 8.8.8.8:53 | ismuygpbrtqf.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | virpbszarz.info | udp |
| US | 8.8.8.8:53 | wweuqrldrqnn.info | udp |
| US | 8.8.8.8:53 | pzlibo.info | udp |
| US | 8.8.8.8:53 | omtoaw.net | udp |
| US | 8.8.8.8:53 | ugmysqke.com | udp |
| US | 8.8.8.8:53 | halaxct.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | fetrvhmwdbhc.info | udp |
| US | 8.8.8.8:53 | cqcmukwyko.com | udp |
| US | 8.8.8.8:53 | kxyoxjurva.info | udp |
| US | 8.8.8.8:53 | ospqmed.net | udp |
| US | 8.8.8.8:53 | rkfaekfnbzpd.info | udp |
| US | 8.8.8.8:53 | iuwauu.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | cwfkwyn.net | udp |
| US | 8.8.8.8:53 | rjgmhjrmjt.info | udp |
| US | 8.8.8.8:53 | qgbgbgf.net | udp |
| US | 8.8.8.8:53 | mqwsgggwcm.org | udp |
| US | 8.8.8.8:53 | wipkhsoqvsl.net | udp |
| US | 8.8.8.8:53 | aoyaiqgg.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | vkzelnmfnun.org | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | qkcshfafx.net | udp |
| US | 8.8.8.8:53 | xqqllqdip.net | udp |
| US | 8.8.8.8:53 | eoeqqy.com | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | papihuqxjt.net | udp |
| US | 8.8.8.8:53 | nkynbhdgphrf.net | udp |
| US | 8.8.8.8:53 | yqjcldifaw.net | udp |
| US | 8.8.8.8:53 | pysorwl.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | qmimdwiku.net | udp |
| US | 8.8.8.8:53 | rtborgmo.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\bdkss.exe
| MD5 | b3f5515cb112346250cfdc140121be1d |
| SHA1 | 284092b1e94e38325e180710f825aaddf3cda552 |
| SHA256 | 41a3090bc788386fcd6dc186ab09d56d856568fd8a08c46516b23dbd004d3b76 |
| SHA512 | e7439e545572b96495b9d39bc25f9d7dc6d66f7d5e1ca34a3b61733e45820bcdf7c09daebac668e7260df5f1a8a6f113ab4122690fe126a51f6aac46a2f43bd0 |
C:\Users\Admin\AppData\Local\Temp\bdkss.exe
| MD5 | cc36a4be8ad407c3d9223cf71f08dd45 |
| SHA1 | f98691efa8a53dba52198469c96055b10a42376b |
| SHA256 | 705f4d273dd9474bfc93e310c4b38eafdd945d65ce67fe43bcf5eddf8b0c857b |
| SHA512 | 4051e89831a9318191f9eae1ed6cf6bc8733e0cad10e2c614ffab453bfb30162d761cfa854e14e8d51cd718846a85bd7b4f62bd4755a2bd4f0792b13a564fa0a |
C:\Users\Admin\AppData\Local\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | 001cc70baba0717b63063b2b2561c327 |
| SHA1 | 96d389bb5bd6a6a1856f07bedc7ea5e8d11cacdb |
| SHA256 | 8f775c658d679cfa569b1d772b48214bd6a89b11c4a7b3e32d45bd5e39254ece |
| SHA512 | b6860ae5ac93f2d265997d3a1a7692d884a108fd7d98e6ea95d259f44155d0992bf067348141e8ebae5ce1ac2547dbe7d3be53c3f7370b5dcd73717220b42938 |
C:\Users\Admin\AppData\Local\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo
| MD5 | d5b95fe95679e5decb1bdc8c7e10bc43 |
| SHA1 | 9a58efa1d551bb3086312fd3e64abd29174877f2 |
| SHA256 | deee563429823e7705baee1ba2aed4a0a5a0dafda0c233a13387db1892e26a21 |
| SHA512 | cc29c9097ba7f6b7d30e9d6f72b5979bbf11b65c680508c52a5efdb06f31446fddb35781b0dbdad870dae5c39db03b9cc70bd85c92b0d73e3ff5c6bb77077663 |
C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | 8dd2e8001910ab01addf9c9437d77d4c |
| SHA1 | 7715393355fed2016725b20fe5b929cc93813e11 |
| SHA256 | 449182133e2aeb41ecf670fd69e031c7a8c8e0a5e953a26fec05ea4efd07d66d |
| SHA512 | e73cf1e1495ee9e8c21bd9237ebc40ac0d1ba213110ec7108c95a537c220a7d947f0912499f530ea1107cbef4c6f7f228e6b7c90caf9157bc39d639e99a7d58f |
C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | 5e4b16377b0cdee1a200d6d04940a75c |
| SHA1 | 8aea2ca05eed9ddeb8ec9ef95cdf144584e95f70 |
| SHA256 | e37ad1f7bfe7a6629ba51f119c884303939ca06f722db81d3a509d08bdf6a879 |
| SHA512 | 5f31f35fdde5c53c180c06867810fc7ed67bfb25f2b5f2923061c652e9438c38267dea3df47d01a36921c688588e2733d123d02f7df413e5172ee32f25e644c3 |
C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | e38917633a051ff08a8e59e5f0bd35cb |
| SHA1 | 789b62c8c75b7fcb3f1bef8d002b7ce9a18c6e4f |
| SHA256 | fd022cdc04db9811fcf5394dc496ce0e4eded1d343144e7bde679286bb6260ed |
| SHA512 | baa0cb16aba4f05e65a49e475c6262f169bc0743764fb778b54c04713cb0de9d65ed4db6564357a1cf306364f1303f046d15bee948c565709f18b3ee3be3bea0 |
C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | 3e55412c4f43a391fef5fed9d466c37f |
| SHA1 | 66f24d592194075a3480f0f2ca5786e84b2647d6 |
| SHA256 | e0ec41076be1eb53bb738635f7c8dda9166880d95fe01b0c7bec01f4659009de |
| SHA512 | 651b911adaabeeaf32a2ddf52d5e47787d555c82cf2f6caa376a08f736032ab56459e874e981b8293650b7e42b3428dd9d56759b3999453eee2c0d32c920c0ea |
C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | e85752559888e3e2cfba9946f7daf734 |
| SHA1 | 9f68d18f7b904c059ccba914fb4790b7bc3a7a57 |
| SHA256 | 733a5f1cd3c8df20ab95f4fce5ce301e3912638867c7ad86449f7c48182586f2 |
| SHA512 | 92c1bbe79523c5c4330798f368f707df60b392df7144874c413dfbf664b93bc39ec409ae45da49f5b14ac6f50e6b32a606d6e8f469c6a859ff61d0d43f5d4a9c |
C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | 6376f85d34bcadc1336ba2bcbaa67c81 |
| SHA1 | 9f65417e5b4e8217a88523b82f5f2ae07b5996c4 |
| SHA256 | 34101ad84b5b0f6f26594c2c60afa021412d7efa6e663ee60f0330a3dbe4fb7c |
| SHA512 | ac09b555a7b3bb50ad19bde510104c6cb8d87242aa3c658ef68e651eff946154f0a63d74291d3d14661c2d00c998cf3ea0cc8228feb841604a0a8d438c29b0fe |
C:\Users\Admin\AppData\Local\gfjollvptvydnfzavkqptyvv.zdf
| MD5 | 281881506ca1f1b9a87b3924bebf5a44 |
| SHA1 | b10373993d810d7e99ebbce5a1a82ca77f46c800 |
| SHA256 | d04d4811111467a3a30aa77361df7508c67a7034e321ed973892ce6d5d9072c3 |
| SHA512 | f8d7a4d25c75b0d52df9a3bee158be5be759918b78d9bf881385b7258044a937d263c6ff2e14b7fa4d389fe8abf263615702b50600fe29125eede3bd119e10a7 |