Malware Analysis Report

2025-08-10 16:32

Sample ID 250411-jrbzwattat
Target JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93
SHA256 2304b24975f5e9e4a21cd2b8af9e026f5a815eb10034e155d666ae34907b0543
Tags
worm pykspa defense_evasion discovery persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2304b24975f5e9e4a21cd2b8af9e026f5a815eb10034e155d666ae34907b0543

Threat Level: Known bad

The file JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93 was found to be: Known bad.

Malicious Activity Summary

worm pykspa defense_evasion discovery persistence privilege_escalation trojan

Pykspa family

Detect Pykspa worm

Modifies WinLogon for persistence

UAC bypass

Disables RegEdit via registry modification

Adds policy Run key to start application

Impair Defenses: Safe Mode Boot

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Checks whether UAC is enabled

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

System policy modification

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-11 07:53

Signatures

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A

Pykspa family

pykspa

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-11 07:53

Reported

2025-04-11 07:56

Platform

win10v2004-20250314-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tbocirknalx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qbrirdzfvjyplp = "btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "ftmgshgpizrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "mdzwldfrnhczblxqdkiz.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "odxsfvvfzrkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "zpkgulmxslfbclwoagd.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "odxsfvvfzrkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "yldwhvtbtjatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "ftmgshgpizrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "ftmgshgpizrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "odxsfvvfzrkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "btqoexankfbzcnauiqphe.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "btqoexankfbzcnauiqphe.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "odxsfvvfzrkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "zpkgulmxslfbclwoagd.exe ." C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "mdzwldfrnhczblxqdkiz.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zpkgulmxslfbclwoagd.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yldwhvtbtjatrxfu = "ftmgshgpizrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "mdzwldfrnhczblxqdkiz.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ftmgshgpizrlkraqa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yldwhvtbtjatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\odxsfvvfzrkffnxoze = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ftmgshgpizrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "yldwhvtbtjatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfwoylipgvldafm = "btqoexankfbzcnauiqphe.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoemxsxmzndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "zpkgulmxslfbclwoagd.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzncjtnrfret = "C:\\Users\\Admin\\AppData\\Local\\Temp\\odxsfvvfzrkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\gfjollvptvydnfzavkqptyvv.zdf C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File created C:\Windows\SysWOW64\gfjollvptvydnfzavkqptyvv.zdf C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File opened for modification C:\Windows\SysWOW64\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File created C:\Windows\SysWOW64\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File opened for modification C:\Program Files (x86)\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File created C:\Program Files (x86)\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File opened for modification C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\gfjollvptvydnfzavkqptyvv.zdf C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File created C:\Windows\gfjollvptvydnfzavkqptyvv.zdf C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File opened for modification C:\Windows\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
File created C:\Windows\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bdkss.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ad7f50f41c1d9410542b2565277c0c93.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\bdkss.exe

"C:\Users\Admin\AppData\Local\Temp\bdkss.exe" "-"

C:\Users\Admin\AppData\Local\Temp\bdkss.exe

"C:\Users\Admin\AppData\Local\Temp\bdkss.exe" "-"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ftmgshgpizrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ftmgshgpizrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c odxsfvvfzrkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yldwhvtbtjatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\odxsfvvfzrkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mdzwldfrnhczblxqdkiz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\btqoexankfbzcnauiqphe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zpkgulmxslfbclwoagd.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
GB 88.221.135.49:443 www.bing.com tcp
GB 88.221.135.49:443 www.bing.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:80 www.google.com tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 dtrodibohez.com udp
US 8.8.8.8:53 zjopidkmlw.info udp
US 8.8.8.8:53 wojireu.net udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 gucdzytwr.info udp
US 8.8.8.8:53 khbosiqwz.info udp
US 8.8.8.8:53 dtyfdanb.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 duhfvzjvxibe.net udp
US 8.8.8.8:53 yibzpmfci.info udp
US 8.8.8.8:53 kyappaz.info udp
US 8.8.8.8:53 ogwukisomu.com udp
US 8.8.8.8:53 nupckad.org udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 isbfut.info udp
US 8.8.8.8:53 odtsdnjejyjs.net udp
US 8.8.8.8:53 lilpvaze.net udp
US 8.8.8.8:53 pkefiquiex.info udp
US 8.8.8.8:53 icoioogueskq.org udp
US 8.8.8.8:53 buzezcqpr.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 varevcbukdc.net udp
US 8.8.8.8:53 voqsdjnfrb.info udp
US 8.8.8.8:53 vojvtnzcb.com udp
US 8.8.8.8:53 lgncbyr.org udp
US 8.8.8.8:53 sypvop.info udp
US 8.8.8.8:53 wyscoeiowkey.org udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 yiiqzavikyn.info udp
US 8.8.8.8:53 wvvjjznud.info udp
US 8.8.8.8:53 jeqitec.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 kmscey.com udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 kmkwacycykou.org udp
US 8.8.8.8:53 tgludwz.net udp
US 8.8.8.8:53 trinwpwsundy.net udp
US 8.8.8.8:53 wyhpnjti.net udp
US 8.8.8.8:53 zqhxpnjs.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 ssaqeamesm.org udp
US 8.8.8.8:53 nudacjjl.net udp
US 8.8.8.8:53 nduzovfulexx.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 atgzoneh.net udp
US 8.8.8.8:53 wbrdxifed.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 borihcn.org udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 rtborgmo.info udp
US 8.8.8.8:53 tsqnbcwmx.com udp
US 8.8.8.8:53 mgmiyguiye.org udp
US 8.8.8.8:53 oiccis.com udp
US 8.8.8.8:53 veqatgp.net udp
US 8.8.8.8:53 hsdcravmnef.com udp
US 8.8.8.8:53 pynicfwyvub.net udp
US 8.8.8.8:53 hyypzupwo.net udp
US 8.8.8.8:53 nklswewnpxrp.net udp
US 8.8.8.8:53 lonepub.net udp
US 8.8.8.8:53 dpxata.info udp
US 8.8.8.8:53 axlyefapivwd.info udp
US 8.8.8.8:53 qltuvhcgjh.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 wqnnnp.info udp
US 8.8.8.8:53 parcsptsrv.info udp
US 8.8.8.8:53 tgogjvhqpn.info udp
US 8.8.8.8:53 ebuygyziur.info udp
US 8.8.8.8:53 yvbxdvgkrmp.net udp
US 8.8.8.8:53 gsuuxlbul.net udp
US 8.8.8.8:53 usxzhfngazfv.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 fxvsrbpdqa.info udp
US 8.8.8.8:53 btjqaef.info udp
US 8.8.8.8:53 ukrgxt.info udp
US 8.8.8.8:53 notirfj.org udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 barclsf.info udp
US 8.8.8.8:53 vqmfsb.net udp
US 8.8.8.8:53 pqhjil.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 ktxnnsfm.net udp
US 8.8.8.8:53 gayqyg.com udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 tohftotvrjjg.net udp
US 8.8.8.8:53 loymwec.net udp
US 8.8.8.8:53 bcagdttsfxhl.info udp
US 8.8.8.8:53 jqnivgfqb.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 huxlqbblxekm.info udp
US 8.8.8.8:53 mtcefskklrj.info udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 khnqgv.info udp
US 8.8.8.8:53 rabpzdhr.net udp
US 8.8.8.8:53 cgjgjgrsx.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 tcdajcoejcj.info udp
US 8.8.8.8:53 lrtnfqhqq.com udp
US 8.8.8.8:53 ksmftsn.info udp
US 8.8.8.8:53 uixznir.net udp
US 8.8.8.8:53 xmocjvkwtaf.com udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 yyewpkl.info udp
US 8.8.8.8:53 mebququ.net udp
US 8.8.8.8:53 wepppuk.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 eodmjwtyp.net udp
US 8.8.8.8:53 mnwqpbxvjvhb.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 airyhmn.net udp
US 8.8.8.8:53 qmvuvot.info udp
US 8.8.8.8:53 owaoou.com udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 wwxddfiv.net udp
US 8.8.8.8:53 ksoiau.com udp
US 8.8.8.8:53 vwscvmxt.net udp
US 8.8.8.8:53 rcuamez.org udp
US 8.8.8.8:53 vuhxtct.com udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 kjwuwbwckwro.info udp
US 8.8.8.8:53 hgfilc.info udp
US 8.8.8.8:53 kwxcrphv.info udp
US 8.8.8.8:53 tjdpzxpk.info udp
US 8.8.8.8:53 vsxilglus.org udp
US 8.8.8.8:53 ocbbbarrp.info udp
US 8.8.8.8:53 uiemocce.com udp
US 8.8.8.8:53 wopndxjpoy.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 srzgjglonbyy.net udp
US 8.8.8.8:53 sdggmfyh.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 ppharj.net udp
US 8.8.8.8:53 bafmxsz.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 uaigykqeau.com udp
US 8.8.8.8:53 gkkclarujbd.net udp
US 8.8.8.8:53 ywuqug.com udp
US 8.8.8.8:53 vffzaatuj.info udp
US 8.8.8.8:53 ehylbo.net udp
US 8.8.8.8:53 ftxdcurw.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 rtebwwdguuq.org udp
US 8.8.8.8:53 carepqw.net udp
US 8.8.8.8:53 bbdylihtxbgi.info udp
US 8.8.8.8:53 mmqqwmeofn.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 vwlehhjw.info udp
US 8.8.8.8:53 trfaduj.net udp
US 8.8.8.8:53 quikggwuqqqq.com udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 vyoyfuj.net udp
US 8.8.8.8:53 cntzugg.net udp
US 8.8.8.8:53 oaqtznxk.info udp
US 8.8.8.8:53 eewawc.org udp
US 8.8.8.8:53 ggycuu.org udp
US 8.8.8.8:53 vuvbemndqv.net udp
US 8.8.8.8:53 pdsqbb.net udp
US 8.8.8.8:53 lbygpbpmqkoo.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 rtdvyfwoyp.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 jkhgkt.info udp
US 8.8.8.8:53 denjyemtisxn.net udp
US 8.8.8.8:53 ceowcmfezkb.info udp
US 8.8.8.8:53 oclaloraowj.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 hmtpti.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 oimmag.org udp
US 8.8.8.8:53 iecwga.org udp
US 8.8.8.8:53 tylrrnzfqj.info udp
US 8.8.8.8:53 pyjytmn.net udp
US 8.8.8.8:53 gnsatmkfme.net udp
US 8.8.8.8:53 sglunc.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 kejycuzof.net udp
US 8.8.8.8:53 lzxuggc.net udp
US 8.8.8.8:53 ymikrcn.info udp
US 8.8.8.8:53 yawoyoccagak.com udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 zatwjgjsjcf.com udp
US 8.8.8.8:53 efpxrb.net udp
US 8.8.8.8:53 pzcivm.net udp
US 8.8.8.8:53 ckdqwub.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 zsfkwet.com udp
US 8.8.8.8:53 vmjjyfcy.info udp
US 8.8.8.8:53 dwxdgczrvoff.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 tclkzzh.info udp
US 8.8.8.8:53 qyvuzlr.net udp
US 8.8.8.8:53 meayycyoyu.org udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 fcdigmd.com udp
US 8.8.8.8:53 dqdggaf.org udp
US 8.8.8.8:53 xghfufmhez.info udp
US 8.8.8.8:53 vczmjop.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 mgfatmfap.info udp
US 8.8.8.8:53 lubamvacr.org udp
US 8.8.8.8:53 medwcahcz.info udp
US 8.8.8.8:53 cdkfswjoxp.net udp
US 8.8.8.8:53 aasqeiau.com udp
US 8.8.8.8:53 fenjcyq.com udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 rtahqrlmxn.info udp
US 8.8.8.8:53 uatgdmhgp.info udp
US 8.8.8.8:53 garsrmoca.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 vqhkpudso.org udp
US 8.8.8.8:53 ocnpqu.net udp
US 8.8.8.8:53 gipxakrsw.info udp
US 8.8.8.8:53 tgrdxc.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 ffgnyfvflf.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 xqmkrgfuxfs.net udp
US 8.8.8.8:53 eathiqnt.info udp
US 8.8.8.8:53 vmrvzcyqwg.info udp
US 8.8.8.8:53 jojeyieqrq.net udp
US 8.8.8.8:53 keoqkqoq.org udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 mtwceey.net udp
US 8.8.8.8:53 qlrwlyl.net udp
US 8.8.8.8:53 cnkpvb.info udp
US 8.8.8.8:53 scimgtunvbgp.info udp
US 8.8.8.8:53 zgbdajhmn.org udp
US 8.8.8.8:53 okdcbcx.info udp
US 8.8.8.8:53 fpdopjdl.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 bwmymej.net udp
US 8.8.8.8:53 pofsjwy.com udp
US 8.8.8.8:53 optafkelyk.net udp
US 8.8.8.8:53 tcsipbvtr.org udp
US 8.8.8.8:53 fddrdhdqccrb.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 laezfrajbj.net udp
US 8.8.8.8:53 kdiwfemn.info udp
US 8.8.8.8:53 lwrtdwxi.info udp
US 8.8.8.8:53 ropjdkz.org udp
US 8.8.8.8:53 exispooex.info udp
US 8.8.8.8:53 occeaskuem.org udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 hrefgrpxxdsc.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 ppvxcsxlteyh.info udp
US 8.8.8.8:53 btxkgyzy.net udp
US 8.8.8.8:53 sieewkaqgs.com udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 uocndotkxyd.info udp
US 8.8.8.8:53 lzqaxqi.info udp
US 8.8.8.8:53 sceabtree.net udp
US 8.8.8.8:53 oqrqlojqp.info udp
US 8.8.8.8:53 pboqlatkp.info udp
US 8.8.8.8:53 lwfjykqyjzl.net udp
US 8.8.8.8:53 zyhndh.info udp
US 8.8.8.8:53 uabhlqaoe.info udp
US 8.8.8.8:53 mlbomyv.net udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 myeguxxun.net udp
US 8.8.8.8:53 gksfmwvu.net udp
US 8.8.8.8:53 pyxbvavsgutm.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 oijqqarg.net udp
US 8.8.8.8:53 qcskip.net udp
US 8.8.8.8:53 iesfmbgw.net udp
US 8.8.8.8:53 vopjbksonic.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 uczitsg.net udp
US 8.8.8.8:53 heeidicqp.net udp
US 8.8.8.8:53 lopuvqm.com udp
US 8.8.8.8:53 vzokgombzp.net udp
US 8.8.8.8:53 ewjqngn.net udp
US 8.8.8.8:53 hnltxqtyhmw.org udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 pgpfjljcibqf.net udp
US 8.8.8.8:53 fzfznlh.net udp
US 8.8.8.8:53 dyofcroqz.info udp
US 8.8.8.8:53 rqbtjmhkhj.net udp
US 8.8.8.8:53 rwjpaqmmqx.info udp
US 8.8.8.8:53 zxrudg.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 ymjilszcrtp.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 mkboypui.net udp
US 8.8.8.8:53 cqmswgl.info udp
US 8.8.8.8:53 umjbkqdjuugj.net udp
US 8.8.8.8:53 duxrjgwnhjrd.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 ngzuhhy.net udp
US 8.8.8.8:53 xpjuhsuai.com udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 mkloegnyfy.net udp
US 8.8.8.8:53 lstoma.info udp
US 8.8.8.8:53 cwpqwmj.info udp
US 8.8.8.8:53 owgwwilax.info udp
US 8.8.8.8:53 vudolhywloi.com udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 uqoyqguk.com udp
US 8.8.8.8:53 wousqygc.org udp
US 8.8.8.8:53 blmxnzgixhpx.info udp
US 8.8.8.8:53 dcvsxfp.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 yhrruoyuuwsd.info udp
US 8.8.8.8:53 krtmpvxyh.net udp
US 8.8.8.8:53 kdjqxjjyz.info udp
US 8.8.8.8:53 dywwfv.info udp
US 8.8.8.8:53 wemywmeo.com udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 oqwzdufmben.net udp
US 8.8.8.8:53 jcfljngv.info udp
US 8.8.8.8:53 goycuqyqmk.com udp
US 8.8.8.8:53 iovjrkuwkbk.info udp
US 8.8.8.8:53 moyqcm.com udp
US 8.8.8.8:53 aomcglnjvlhx.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 eawqqkkggwgi.org udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ckrnfad.info udp
US 8.8.8.8:53 ohtndorbtnvh.net udp
US 8.8.8.8:53 zwewfbpfhat.net udp
US 8.8.8.8:53 qetgjogswaj.info udp
US 8.8.8.8:53 dwvyli.net udp
US 8.8.8.8:53 mbvwdyjc.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 ptfzjflu.net udp
US 8.8.8.8:53 bxnevcrg.net udp
US 8.8.8.8:53 fwltnc.net udp
US 8.8.8.8:53 mmaifeuqhgl.net udp
US 8.8.8.8:53 pgfhdosblz.info udp
US 8.8.8.8:53 pasytks.info udp
US 8.8.8.8:53 nktdtmxgb.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 fzzmpyjyj.info udp
US 8.8.8.8:53 grlvpxzuav.net udp
US 8.8.8.8:53 ucxurqsmn.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 womikw.info udp
US 8.8.8.8:53 nxwbusz.org udp
US 8.8.8.8:53 feaoxaxifiy.org udp
US 8.8.8.8:53 cyycai.org udp
US 8.8.8.8:53 mprzjj.info udp
US 8.8.8.8:53 tquynajeh.org udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 zwvgkunqk.org udp
US 8.8.8.8:53 moioyq.org udp
US 8.8.8.8:53 owunjxl.net udp
US 8.8.8.8:53 hjgomd.info udp
US 8.8.8.8:53 txwytpzmku.info udp
US 8.8.8.8:53 owvutsnmlkj.info udp
US 8.8.8.8:53 hqoetpsoj.org udp
US 8.8.8.8:53 eswmqsye.com udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 imwypguioabg.net udp
US 8.8.8.8:53 aukguokqei.com udp
US 8.8.8.8:53 osmkxgfqr.info udp
US 8.8.8.8:53 tmqiqam.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 jisbrb.net udp
US 8.8.8.8:53 egjciyp.info udp
US 8.8.8.8:53 bjthuj.net udp
US 8.8.8.8:53 uuyyccgkko.com udp
US 8.8.8.8:53 scumwocq.com udp
US 8.8.8.8:53 aoeceomkoagq.com udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 fwlyzm.info udp
US 8.8.8.8:53 efxqkgybtgx.net udp
US 8.8.8.8:53 daannyugaz.net udp
US 8.8.8.8:53 jsvmernyhh.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 siogwzor.info udp
US 8.8.8.8:53 nyjwiakuz.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 qfqmbjil.info udp
US 8.8.8.8:53 mpraqb.net udp
US 8.8.8.8:53 rwhtmvsfjmdb.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 rjwmcqpr.info udp
US 8.8.8.8:53 qiuwnvbe.net udp
US 8.8.8.8:53 ftzqallsj.net udp
US 8.8.8.8:53 cecqqkeyuc.org udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 nqyzwulqn.info udp
US 8.8.8.8:53 jgfxxnrjv.org udp
US 8.8.8.8:53 ldrgfmpmf.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 kkkwos.com udp
US 8.8.8.8:53 aulcvcnmxcs.info udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 xwiqocrqtsh.info udp
US 8.8.8.8:53 asdefybnraj.net udp
US 8.8.8.8:53 amumoeqwoq.org udp
US 8.8.8.8:53 zfwjlgr.info udp
US 8.8.8.8:53 netygbeox.net udp
US 8.8.8.8:53 dappdhjjz.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 guyuuy.org udp
US 8.8.8.8:53 kfhmigtul.info udp
US 8.8.8.8:53 ckwrroxoftrm.net udp
US 8.8.8.8:53 yvhpgguzxtcz.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 czdmjpex.net udp
US 8.8.8.8:53 zqlctug.com udp
US 8.8.8.8:53 swdyxozkpcj.net udp
US 8.8.8.8:53 iaqqmaywykwy.com udp
US 8.8.8.8:53 swkshux.net udp
US 8.8.8.8:53 bwlmiyhvm.com udp
US 8.8.8.8:53 ibsbgnpn.info udp
US 8.8.8.8:53 gphgjbbpwb.info udp
US 8.8.8.8:53 unpjhm.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 jqhlvkwnlh.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 eopsjtn.net udp
US 8.8.8.8:53 djqmndtl.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 zqjzxcox.info udp
US 8.8.8.8:53 qqyllyl.net udp
US 8.8.8.8:53 salenia.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 ggtqgjgs.info udp
US 8.8.8.8:53 sccuwm.org udp
US 8.8.8.8:53 ygccoucy.org udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 myggyycakc.org udp
US 8.8.8.8:53 lfefyabalmf.net udp
US 8.8.8.8:53 oqpctmipru.info udp
US 8.8.8.8:53 mqzlnn.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 tijizqtgn.org udp
US 8.8.8.8:53 tzcfyagwit.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 nsxstmtyec.net udp
US 8.8.8.8:53 tygiuazyks.info udp
US 8.8.8.8:53 hantwtyf.net udp
US 8.8.8.8:53 nhvatyw.net udp
US 8.8.8.8:53 zjfzgi.info udp
US 8.8.8.8:53 sourrhw.net udp
US 8.8.8.8:53 qcpuzjhlagv.info udp
US 8.8.8.8:53 bhkvgy.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 bqdbyduw.info udp
US 8.8.8.8:53 unhimiflnz.info udp
US 8.8.8.8:53 polqbuhyd.info udp
US 8.8.8.8:53 jwzetmo.net udp
US 8.8.8.8:53 chbtgtdh.info udp
US 8.8.8.8:53 oyymymsicw.com udp
US 8.8.8.8:53 iishsyvbooym.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 jwkzhnrka.org udp
US 8.8.8.8:53 iiowsqp.info udp
US 8.8.8.8:53 kgxtgz.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 ribrrqhsjjqz.net udp
US 8.8.8.8:53 vxfktir.com udp
US 8.8.8.8:53 cladjqhexa.net udp
US 8.8.8.8:53 bztlngrqjkh.com udp
US 8.8.8.8:53 ceeymiyeeuec.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 lbzlxioa.info udp
US 8.8.8.8:53 gngdymj.net udp
US 8.8.8.8:53 qxhinydr.info udp
US 8.8.8.8:53 satcbxds.info udp
US 8.8.8.8:53 qgmcieqe.org udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 ckxyfklneql.net udp
US 8.8.8.8:53 bqqipihqhlj.net udp
US 8.8.8.8:53 pggwbwdow.net udp
US 8.8.8.8:53 wiaakk.org udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 uqvjgtbqghnj.info udp
US 8.8.8.8:53 yklgpmf.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 xkjkfww.com udp
US 8.8.8.8:53 gepwfovafig.info udp
US 8.8.8.8:53 gytqllhevpr.info udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 rydbbivxuyg.com udp
US 8.8.8.8:53 slpfiyeycne.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 lqyswsucva.info udp
US 8.8.8.8:53 odpiqhyurk.net udp
US 8.8.8.8:53 lbhwawzvxsni.info udp
US 8.8.8.8:53 eaeoyegymc.org udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 heguesolztdl.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 ielgwwwoqcx.info udp
US 8.8.8.8:53 pklgnebeaup.com udp
US 8.8.8.8:53 aptfzieyxulf.net udp
US 8.8.8.8:53 rojmxyqqw.org udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 hhrsnv.info udp
US 8.8.8.8:53 amhqbnzqcuz.info udp
US 8.8.8.8:53 buoyfmtatcx.com udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 zsauqe.info udp
US 8.8.8.8:53 vtmjwbjc.info udp
US 8.8.8.8:53 xczieqfovsg.com udp
US 8.8.8.8:53 njjgmfwm.net udp
US 8.8.8.8:53 iejwpvzfugl.info udp
US 8.8.8.8:53 yuicoo.org udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 ixvkxvm.net udp
US 8.8.8.8:53 iybgpqrd.net udp
US 8.8.8.8:53 lenjhdjz.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 cypbnolclck.net udp
US 8.8.8.8:53 ksktxffpkhpl.info udp
US 8.8.8.8:53 pdhpzjrmmn.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 ptsdtcd.info udp
US 8.8.8.8:53 zcvsrkrst.net udp
US 8.8.8.8:53 nwdapnfadnam.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 gubtlkefnebc.info udp
US 8.8.8.8:53 kidaiiv.net udp
US 8.8.8.8:53 mhkcfcran.net udp
US 8.8.8.8:53 gjtqay.info udp
US 8.8.8.8:53 wmpjfp.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 eenplql.net udp
US 8.8.8.8:53 papigevnt.com udp
US 8.8.8.8:53 sttewar.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 osqywkoc.org udp
US 8.8.8.8:53 lueykidmpin.net udp
US 8.8.8.8:53 mmuyhof.net udp
US 8.8.8.8:53 muqeeu.org udp
US 8.8.8.8:53 tshmab.net udp
US 8.8.8.8:53 tylwnpvsimd.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 vskbpy.info udp
US 8.8.8.8:53 rdpqzbgsvg.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 ioceec.com udp
US 8.8.8.8:53 gcxuigpej.net udp
US 8.8.8.8:53 sqjlhbejikro.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 nuqwuqg.org udp
US 8.8.8.8:53 fihslg.net udp
US 8.8.8.8:53 gsyqjid.info udp
US 8.8.8.8:53 jkzrzcf.org udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 rucplgvs.net udp
US 8.8.8.8:53 niijhkdef.com udp
US 8.8.8.8:53 zhtrmyijqy.info udp
US 8.8.8.8:53 emhuxzgnlw.info udp
US 8.8.8.8:53 dljadjsvxm.info udp
US 8.8.8.8:53 gwltyqt.net udp
US 8.8.8.8:53 zuiiazvia.com udp
US 8.8.8.8:53 ltjmodlt.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 ujyirl.net udp
US 8.8.8.8:53 hfkuggnw.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 lhorwwyopo.info udp
US 8.8.8.8:53 jcwhxufaqdfl.net udp
US 8.8.8.8:53 ahbmvbhhpub.net udp
US 8.8.8.8:53 ocpsbsimm.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 eqiooeawmiiw.com udp
US 8.8.8.8:53 nznzvmugga.info udp
US 8.8.8.8:53 tcyoxxpk.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 hgfaokodp.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 mthcdwpmvvs.net udp
US 8.8.8.8:53 aneotaz.info udp
US 8.8.8.8:53 hqmkpq.info udp
US 8.8.8.8:53 ycewkq.org udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 kgjaicmgmo.info udp
US 8.8.8.8:53 senyzjufekfu.info udp
US 8.8.8.8:53 exnavpvkds.info udp
US 8.8.8.8:53 lxlcfhjuv.info udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 bgvzxneg.info udp
US 8.8.8.8:53 prlizl.info udp
US 8.8.8.8:53 iwnsys.info udp
US 8.8.8.8:53 ycquwo.org udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 xavcvupho.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 pvwtfdhygxtm.net udp
US 8.8.8.8:53 gcyiiaigsu.com udp
US 8.8.8.8:53 bvzmzp.net udp
US 8.8.8.8:53 llnnxmlphg.info udp
US 8.8.8.8:53 slpiaq.info udp
US 8.8.8.8:53 mynqlopfbwp.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 nyopnh.info udp
US 8.8.8.8:53 igtabgped.info udp
US 8.8.8.8:53 gchjhevjpai.info udp
US 8.8.8.8:53 lirmuecctz.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 lypexww.net udp
US 8.8.8.8:53 ewuxtijvcvl.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 kstuqmf.info udp
US 8.8.8.8:53 lppouwi.net udp
US 8.8.8.8:53 nejhleakhey.info udp
US 8.8.8.8:53 xikwlim.org udp
US 8.8.8.8:53 ynxobt.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 xyffjwj.org udp
US 8.8.8.8:53 kuvqbw.info udp
US 8.8.8.8:53 etukpb.info udp
US 8.8.8.8:53 jodaufkwwsx.net udp
US 8.8.8.8:53 yufzgvcy.net udp
US 8.8.8.8:53 tmtjhjtk.net udp
US 8.8.8.8:53 xdoewrdvokql.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 heraofjywibl.info udp
US 8.8.8.8:53 wqpuzalt.info udp
US 8.8.8.8:53 ddpkdozarxzq.net udp
US 8.8.8.8:53 viuxfqcdnu.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 wuqoqcayyy.com udp
US 8.8.8.8:53 kcgywcmuscqm.com udp
US 8.8.8.8:53 moatgoxenwf.net udp
US 8.8.8.8:53 gsegplcb.net udp
US 8.8.8.8:53 aynjnrbmsj.net udp
US 8.8.8.8:53 bllzfqvjziz.org udp
US 8.8.8.8:53 efhypgxeiynd.info udp
US 8.8.8.8:53 jdlmdtpya.com udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 oqscaoqi.org udp
US 8.8.8.8:53 mgqmay.com udp
US 8.8.8.8:53 aeomagao.org udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 wzlnpdtddit.info udp
US 8.8.8.8:53 kyhrrkauiki.net udp
US 8.8.8.8:53 eyquscoy.org udp
US 8.8.8.8:53 srvhbu.info udp
US 8.8.8.8:53 rmcilircclt.info udp
US 8.8.8.8:53 wrdxislddf.info udp
US 8.8.8.8:53 atxglzh.info udp
US 8.8.8.8:53 yacaacmism.com udp
US 8.8.8.8:53 eyqomiaeiq.com udp
US 8.8.8.8:53 qfstupfbdsqi.net udp
US 8.8.8.8:53 tedyyvqhayx.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 bfuoemrlsg.info udp
US 8.8.8.8:53 sgouamgmii.org udp
US 8.8.8.8:53 uvtdzjoekg.net udp
US 8.8.8.8:53 ioacgeyicg.com udp
US 8.8.8.8:53 msgqsaasawoy.org udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 euhgbhz.net udp
US 8.8.8.8:53 yfzuvixiz.net udp
US 8.8.8.8:53 wkcisq.com udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 auhlyrt.net udp
US 8.8.8.8:53 myhpuy.info udp
US 8.8.8.8:53 cmckeygkis.com udp
US 8.8.8.8:53 wzjswaiop.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 srmgjmralkj.info udp
US 8.8.8.8:53 ubvokcz.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 pcyjhiw.com udp
US 8.8.8.8:53 ostobvjc.info udp
US 8.8.8.8:53 eezoxuzlc.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 cchobsbqckz.net udp
US 8.8.8.8:53 cnrcbxjqd.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 eafclqcer.info udp
US 8.8.8.8:53 wwnodjs.net udp
US 8.8.8.8:53 smokacos.org udp
US 8.8.8.8:53 jvycftc.com udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 hysbkg.net udp
US 8.8.8.8:53 oerllu.net udp
US 8.8.8.8:53 oavzogaqnvyp.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 ywcahp.net udp
US 8.8.8.8:53 ykqkyg.org udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 amggaowy.com udp
US 8.8.8.8:53 nxrzhkpf.net udp
US 8.8.8.8:53 oaoywi.com udp
US 8.8.8.8:53 wikawksa.com udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 ggqaeaieaomw.com udp
US 8.8.8.8:53 cuhniaows.info udp
US 8.8.8.8:53 gcenflaqzo.info udp
US 8.8.8.8:53 bheguvpdiihz.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 ypfxmj.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 majaphl.net udp
US 8.8.8.8:53 gssnxeduhlnu.net udp
US 8.8.8.8:53 bmtdvcljjzgr.net udp
US 8.8.8.8:53 ilpijzuqfawi.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 ozruprdk.net udp
US 8.8.8.8:53 ilgbdr.net udp
US 8.8.8.8:53 tbaxjo.net udp
US 8.8.8.8:53 avmnvlho.net udp
US 8.8.8.8:53 tzpttxdfpmoj.net udp
US 8.8.8.8:53 rbjtwonckvd.com udp
US 8.8.8.8:53 invmbwo.info udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 ceuskasq.com udp
US 8.8.8.8:53 hjturabugk.net udp
US 8.8.8.8:53 qofaysp.net udp
US 8.8.8.8:53 kbazbgx.net udp
US 8.8.8.8:53 iiwasegg.org udp
US 8.8.8.8:53 pvxwhtyoswwj.net udp
US 8.8.8.8:53 cskgqgyiaw.com udp
US 8.8.8.8:53 yjvpxxbdjult.info udp
US 8.8.8.8:53 fevktevahwf.com udp
US 8.8.8.8:53 knewputnr.info udp
US 8.8.8.8:53 iojgvg.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 sbhcsleo.net udp
US 8.8.8.8:53 tuqhow.net udp
US 8.8.8.8:53 evbqloxgq.net udp
US 8.8.8.8:53 rufubofrt.net udp
US 8.8.8.8:53 rukqvctyd.org udp
US 8.8.8.8:53 afnnuv.net udp
US 8.8.8.8:53 gmsmoy.net udp
US 8.8.8.8:53 bibrhslsycz.org udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 csvqcdl.net udp
US 8.8.8.8:53 rmtylgrpdsc.net udp
US 8.8.8.8:53 piykwzxgn.org udp
US 8.8.8.8:53 btzebbfjh.net udp
US 8.8.8.8:53 lgrxryvipkn.org udp
US 8.8.8.8:53 leaeznoep.org udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 liuiqlxwzun.net udp
US 8.8.8.8:53 aavyzeptyk.net udp
US 8.8.8.8:53 ujlqfbhjrfhw.net udp
US 8.8.8.8:53 jkxmzrpad.org udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 hkshtsfqzvv.org udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 bvdwfq.net udp
US 8.8.8.8:53 gpjuvwluqwk.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 xgjghwund.net udp
US 8.8.8.8:53 dqvadqp.com udp
US 8.8.8.8:53 xerfnkrtzdht.info udp
US 8.8.8.8:53 llzlnghylsh.com udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 updvwmgyjqj.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 jcdyzg.info udp
US 8.8.8.8:53 qwyamewkys.com udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 uewekkqsuk.org udp
US 8.8.8.8:53 xrdyaipcpkh.net udp
US 8.8.8.8:53 cugywairfela.net udp
US 8.8.8.8:53 vrioncoprfz.net udp
US 8.8.8.8:53 cykkmemkgy.org udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 iijcktvc.net udp
US 8.8.8.8:53 gcffvyz.net udp
US 8.8.8.8:53 asleqifqn.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 jhordowevu.info udp
US 8.8.8.8:53 mizgltnl.info udp
US 8.8.8.8:53 ecnunnubl.info udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 oarzwqeuqwd.info udp
US 8.8.8.8:53 mmatissmmqlv.net udp
US 8.8.8.8:53 ydkepcdex.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 pebdxvjr.info udp
US 8.8.8.8:53 yevzabb.info udp
US 8.8.8.8:53 gsjkpud.info udp
US 8.8.8.8:53 vqvvvlp.info udp
US 8.8.8.8:53 qysoym.org udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 onhpbfxj.info udp
US 8.8.8.8:53 grpnjtiyqz.info udp
US 8.8.8.8:53 gklyporklce.net udp
US 8.8.8.8:53 jxzkzddiae.info udp
US 8.8.8.8:53 vblmxmlit.org udp
US 8.8.8.8:53 qiaeysiw.org udp
US 8.8.8.8:53 uizntjvutxqi.net udp
US 8.8.8.8:53 cehwvixqhyk.net udp
US 8.8.8.8:53 acccyykqge.org udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 ucfirgp.info udp
US 8.8.8.8:53 qcwapigp.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 tsbglaskaet.info udp
US 8.8.8.8:53 tutstsl.net udp
US 8.8.8.8:53 ffxxuo.info udp
US 8.8.8.8:53 mcwsxoxzj.info udp
US 8.8.8.8:53 qjoozrzjowoe.net udp
US 8.8.8.8:53 yaissecqsy.org udp
US 8.8.8.8:53 fmcbbggmhyj.info udp
US 8.8.8.8:53 smwxozpdtpbu.info udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 qximncgg.net udp
US 8.8.8.8:53 ikisjihwaqi.info udp
US 8.8.8.8:53 qmowjd.info udp
US 8.8.8.8:53 jsmqxspfyk.info udp
US 8.8.8.8:53 zslwfnvqt.info udp
US 8.8.8.8:53 rufiryq.org udp
US 8.8.8.8:53 luovijvkfki.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 vdnagd.info udp
US 8.8.8.8:53 xylglgjgu.net udp
US 8.8.8.8:53 hmisjorga.info udp
US 8.8.8.8:53 mvaqna.net udp
US 8.8.8.8:53 cqiuay.com udp
US 8.8.8.8:53 cktyzqt.net udp
US 8.8.8.8:53 wubzrwjkd.net udp
US 8.8.8.8:53 txdmrerqjbzo.info udp
US 8.8.8.8:53 ulzgjtxy.info udp
US 8.8.8.8:53 gqamhtfd.info udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 herynbumiagd.info udp
US 8.8.8.8:53 pgjvpwlph.com udp
US 8.8.8.8:53 syumaycq.org udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 wjqrnokh.net udp
US 8.8.8.8:53 ybccrcjjiiz.info udp
US 8.8.8.8:53 tzjwrgwggmaa.info udp
US 8.8.8.8:53 hzrclerisx.net udp
US 8.8.8.8:53 pjvomxggdvdl.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 puncrkzo.net udp
US 8.8.8.8:53 bxvkfzfl.net udp
US 8.8.8.8:53 cqwqygws.org udp
US 8.8.8.8:53 pbaejx.net udp
US 8.8.8.8:53 tyaqtktv.info udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 jinraw.net udp
US 8.8.8.8:53 quuagsyu.org udp
US 8.8.8.8:53 cyrhlmj.info udp
US 8.8.8.8:53 bwpbuxyezg.info udp
US 8.8.8.8:53 funkyuiqj.net udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 kwludeky.info udp
US 8.8.8.8:53 rynpjnxdplsp.info udp
US 8.8.8.8:53 jnukbpplwr.info udp
US 8.8.8.8:53 myayquss.org udp
US 8.8.8.8:53 zxewsqrv.net udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 konzyttr.info udp
US 8.8.8.8:53 ecnasayr.net udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 bejmzh.info udp
US 8.8.8.8:53 vmxgrimem.net udp
US 8.8.8.8:53 cqhdrwocfik.info udp
US 8.8.8.8:53 rmesdjbcnbb.net udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 owegpyhet.info udp
US 8.8.8.8:53 ddruzx.info udp
US 8.8.8.8:53 emvudcqsl.net udp
US 8.8.8.8:53 chrixtnzpejl.info udp
US 8.8.8.8:53 gsdljesjlebz.info udp
US 8.8.8.8:53 ruknbtlkhr.info udp
US 8.8.8.8:53 wkkdzg.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 rcnxfrj.net udp
US 8.8.8.8:53 unztginy.info udp
US 8.8.8.8:53 slqsmmpmcr.net udp
US 8.8.8.8:53 grqydv.info udp
US 8.8.8.8:53 nsnuzyr.info udp
US 8.8.8.8:53 zqhirwplowz.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 hqxvryk.info udp
US 8.8.8.8:53 lnvsztdyzd.info udp
US 8.8.8.8:53 oskaogys.com udp
US 8.8.8.8:53 bgjsaz.info udp
US 8.8.8.8:53 bljqsi.info udp
US 8.8.8.8:53 asmsiy.org udp
US 8.8.8.8:53 ocfice.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 eemsomskwc.org udp
US 8.8.8.8:53 jnajnvhfxntr.net udp
US 8.8.8.8:53 zelwhon.net udp
US 8.8.8.8:53 dyrrfdc.org udp
US 8.8.8.8:53 rhdyzyx.info udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 asdenvj.info udp
US 8.8.8.8:53 jyptls.info udp
US 8.8.8.8:53 xhodvlturbjx.net udp
US 8.8.8.8:53 djhezbwugs.info udp
US 8.8.8.8:53 lawabot.net udp
US 8.8.8.8:53 ylsptizfjq.net udp
US 8.8.8.8:53 nmvivqmdxov.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 egvpza.info udp
US 8.8.8.8:53 qxjrnacjh.info udp
US 8.8.8.8:53 qcckei.org udp
US 8.8.8.8:53 radsqhtdbyww.net udp
US 8.8.8.8:53 prxidpdxgq.info udp
US 8.8.8.8:53 qamskm.com udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 iucooeecqigu.com udp
US 8.8.8.8:53 owqypoxmmf.info udp
US 8.8.8.8:53 aukuyiyequcy.org udp
US 8.8.8.8:53 nmunszxhhb.net udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 tinqmec.org udp
US 8.8.8.8:53 vyltzvb.net udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 jcjipnzzfkrz.net udp
US 8.8.8.8:53 ewfaciadiye.net udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 ekakcuuqmuqs.org udp
US 8.8.8.8:53 tmiwinpe.net udp
US 8.8.8.8:53 vksuvrghb.com udp
US 8.8.8.8:53 aqsippjzv.net udp
US 8.8.8.8:53 ebbqjaqbdpm.net udp
US 8.8.8.8:53 ygfewa.info udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 jzonpwme.info udp
US 8.8.8.8:53 wgyxdiye.info udp
US 8.8.8.8:53 puphqlwbdn.net udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 tpbqwienvubk.net udp
US 8.8.8.8:53 qefjwzrgy.net udp
US 8.8.8.8:53 vatywwnedxl.com udp
US 8.8.8.8:53 gobgxjp.info udp
US 8.8.8.8:53 khbswjfovxae.info udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 gnohdjqrclw.net udp
US 8.8.8.8:53 axpsdnkbswzw.info udp
US 8.8.8.8:53 fuvzha.net udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 tepkbua.net udp
US 8.8.8.8:53 rnnwtbnuz.net udp
US 8.8.8.8:53 xwesmh.info udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 jiptaunk.info udp
US 8.8.8.8:53 fovdfevdlfjh.net udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 zqlsbogsp.org udp
US 8.8.8.8:53 pzvaow.net udp
US 8.8.8.8:53 oskqkaqcgsii.org udp
US 8.8.8.8:53 ssgqsckw.com udp
US 8.8.8.8:53 rpcsrbpy.info udp
US 8.8.8.8:53 butyuulrvkh.org udp
US 8.8.8.8:53 auogoewgggek.org udp
US 8.8.8.8:53 riblmjep.info udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 kgoima.com udp
US 8.8.8.8:53 nplnnuadjc.net udp
US 8.8.8.8:53 hjzvbbrobec.org udp
US 8.8.8.8:53 sqhkzlqm.net udp
US 8.8.8.8:53 wnyqel.info udp
US 8.8.8.8:53 umsescgqkqmc.org udp
US 8.8.8.8:53 xflrdxdu.net udp
US 8.8.8.8:53 rfvgye.net udp
US 8.8.8.8:53 tvapdwq.com udp
US 8.8.8.8:53 lgvqjyultcxq.info udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 zibkhpzupwx.org udp
US 8.8.8.8:53 pybfnkfav.com udp
US 8.8.8.8:53 yiggycge.com udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 soppzcavhjx.info udp
US 8.8.8.8:53 vxfnyvsopmz.info udp
US 8.8.8.8:53 euzbtop.info udp
US 8.8.8.8:53 ikmsqwisam.com udp
US 8.8.8.8:53 nrpqjt.info udp
US 8.8.8.8:53 mogouqsgccic.org udp
US 8.8.8.8:53 jhjcpkca.net udp
US 8.8.8.8:53 jeyfbwjyn.info udp
US 8.8.8.8:53 secbxwdrern.info udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 rdroqjdf.info udp
US 8.8.8.8:53 pqbklmj.org udp
US 8.8.8.8:53 cagkeuuywc.org udp
US 8.8.8.8:53 zqzevbkx.net udp
US 8.8.8.8:53 uoogcqgy.com udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 qjvfxqxej.info udp
US 8.8.8.8:53 sglqjuvkrip.info udp
US 8.8.8.8:53 fgkvzjn.info udp
US 8.8.8.8:53 akxcpqvggyj.info udp
US 8.8.8.8:53 cwsfhcybexjf.net udp
US 8.8.8.8:53 vsswekgnat.info udp
US 8.8.8.8:53 qeljxqi.info udp
US 8.8.8.8:53 wqvfpmzioqr.info udp
US 8.8.8.8:53 mcveyexfl.info udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 asiezavitnl.net udp
US 8.8.8.8:53 xtbtbj.net udp
US 8.8.8.8:53 pvsmvfhxkcja.info udp
US 8.8.8.8:53 fwxmxr.info udp
US 8.8.8.8:53 riqzhklh.net udp
US 8.8.8.8:53 pnzmrkotdao.org udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 opnwzzpiyzq.info udp
US 8.8.8.8:53 xgzejotqt.info udp
US 8.8.8.8:53 cjtryayafq.info udp
US 8.8.8.8:53 gucdzytwr.info udp
US 8.8.8.8:53 axrtlmxeok.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 shpackv.net udp
US 8.8.8.8:53 gihaftzunefn.info udp
US 8.8.8.8:53 snoqomtcf.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 lcrixsc.net udp
US 8.8.8.8:53 ismuygpbrtqf.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 virpbszarz.info udp
US 8.8.8.8:53 wweuqrldrqnn.info udp
US 8.8.8.8:53 pzlibo.info udp
US 8.8.8.8:53 omtoaw.net udp
US 8.8.8.8:53 ugmysqke.com udp
US 8.8.8.8:53 halaxct.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 fetrvhmwdbhc.info udp
US 8.8.8.8:53 cqcmukwyko.com udp
US 8.8.8.8:53 kxyoxjurva.info udp
US 8.8.8.8:53 ospqmed.net udp
US 8.8.8.8:53 rkfaekfnbzpd.info udp
US 8.8.8.8:53 iuwauu.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 cwfkwyn.net udp
US 8.8.8.8:53 rjgmhjrmjt.info udp
US 8.8.8.8:53 qgbgbgf.net udp
US 8.8.8.8:53 mqwsgggwcm.org udp
US 8.8.8.8:53 wipkhsoqvsl.net udp
US 8.8.8.8:53 aoyaiqgg.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 vkzelnmfnun.org udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 qkcshfafx.net udp
US 8.8.8.8:53 xqqllqdip.net udp
US 8.8.8.8:53 eoeqqy.com udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 papihuqxjt.net udp
US 8.8.8.8:53 nkynbhdgphrf.net udp
US 8.8.8.8:53 yqjcldifaw.net udp
US 8.8.8.8:53 pysorwl.org udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 qmimdwiku.net udp
US 8.8.8.8:53 rtborgmo.info udp

Files

C:\Users\Admin\AppData\Local\Temp\bdkss.exe

MD5 b3f5515cb112346250cfdc140121be1d
SHA1 284092b1e94e38325e180710f825aaddf3cda552
SHA256 41a3090bc788386fcd6dc186ab09d56d856568fd8a08c46516b23dbd004d3b76
SHA512 e7439e545572b96495b9d39bc25f9d7dc6d66f7d5e1ca34a3b61733e45820bcdf7c09daebac668e7260df5f1a8a6f113ab4122690fe126a51f6aac46a2f43bd0

C:\Users\Admin\AppData\Local\Temp\bdkss.exe

MD5 cc36a4be8ad407c3d9223cf71f08dd45
SHA1 f98691efa8a53dba52198469c96055b10a42376b
SHA256 705f4d273dd9474bfc93e310c4b38eafdd945d65ce67fe43bcf5eddf8b0c857b
SHA512 4051e89831a9318191f9eae1ed6cf6bc8733e0cad10e2c614ffab453bfb30162d761cfa854e14e8d51cd718846a85bd7b4f62bd4755a2bd4f0792b13a564fa0a

C:\Users\Admin\AppData\Local\gfjollvptvydnfzavkqptyvv.zdf

MD5 001cc70baba0717b63063b2b2561c327
SHA1 96d389bb5bd6a6a1856f07bedc7ea5e8d11cacdb
SHA256 8f775c658d679cfa569b1d772b48214bd6a89b11c4a7b3e32d45bd5e39254ece
SHA512 b6860ae5ac93f2d265997d3a1a7692d884a108fd7d98e6ea95d259f44155d0992bf067348141e8ebae5ce1ac2547dbe7d3be53c3f7370b5dcd73717220b42938

C:\Users\Admin\AppData\Local\pzoemxsxmzndybgsyypzoemxsxmzndybgsy.pzo

MD5 d5b95fe95679e5decb1bdc8c7e10bc43
SHA1 9a58efa1d551bb3086312fd3e64abd29174877f2
SHA256 deee563429823e7705baee1ba2aed4a0a5a0dafda0c233a13387db1892e26a21
SHA512 cc29c9097ba7f6b7d30e9d6f72b5979bbf11b65c680508c52a5efdb06f31446fddb35781b0dbdad870dae5c39db03b9cc70bd85c92b0d73e3ff5c6bb77077663

C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf

MD5 8dd2e8001910ab01addf9c9437d77d4c
SHA1 7715393355fed2016725b20fe5b929cc93813e11
SHA256 449182133e2aeb41ecf670fd69e031c7a8c8e0a5e953a26fec05ea4efd07d66d
SHA512 e73cf1e1495ee9e8c21bd9237ebc40ac0d1ba213110ec7108c95a537c220a7d947f0912499f530ea1107cbef4c6f7f228e6b7c90caf9157bc39d639e99a7d58f

C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf

MD5 5e4b16377b0cdee1a200d6d04940a75c
SHA1 8aea2ca05eed9ddeb8ec9ef95cdf144584e95f70
SHA256 e37ad1f7bfe7a6629ba51f119c884303939ca06f722db81d3a509d08bdf6a879
SHA512 5f31f35fdde5c53c180c06867810fc7ed67bfb25f2b5f2923061c652e9438c38267dea3df47d01a36921c688588e2733d123d02f7df413e5172ee32f25e644c3

C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf

MD5 e38917633a051ff08a8e59e5f0bd35cb
SHA1 789b62c8c75b7fcb3f1bef8d002b7ce9a18c6e4f
SHA256 fd022cdc04db9811fcf5394dc496ce0e4eded1d343144e7bde679286bb6260ed
SHA512 baa0cb16aba4f05e65a49e475c6262f169bc0743764fb778b54c04713cb0de9d65ed4db6564357a1cf306364f1303f046d15bee948c565709f18b3ee3be3bea0

C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf

MD5 3e55412c4f43a391fef5fed9d466c37f
SHA1 66f24d592194075a3480f0f2ca5786e84b2647d6
SHA256 e0ec41076be1eb53bb738635f7c8dda9166880d95fe01b0c7bec01f4659009de
SHA512 651b911adaabeeaf32a2ddf52d5e47787d555c82cf2f6caa376a08f736032ab56459e874e981b8293650b7e42b3428dd9d56759b3999453eee2c0d32c920c0ea

C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf

MD5 e85752559888e3e2cfba9946f7daf734
SHA1 9f68d18f7b904c059ccba914fb4790b7bc3a7a57
SHA256 733a5f1cd3c8df20ab95f4fce5ce301e3912638867c7ad86449f7c48182586f2
SHA512 92c1bbe79523c5c4330798f368f707df60b392df7144874c413dfbf664b93bc39ec409ae45da49f5b14ac6f50e6b32a606d6e8f469c6a859ff61d0d43f5d4a9c

C:\Program Files (x86)\gfjollvptvydnfzavkqptyvv.zdf

MD5 6376f85d34bcadc1336ba2bcbaa67c81
SHA1 9f65417e5b4e8217a88523b82f5f2ae07b5996c4
SHA256 34101ad84b5b0f6f26594c2c60afa021412d7efa6e663ee60f0330a3dbe4fb7c
SHA512 ac09b555a7b3bb50ad19bde510104c6cb8d87242aa3c658ef68e651eff946154f0a63d74291d3d14661c2d00c998cf3ea0cc8228feb841604a0a8d438c29b0fe

C:\Users\Admin\AppData\Local\gfjollvptvydnfzavkqptyvv.zdf

MD5 281881506ca1f1b9a87b3924bebf5a44
SHA1 b10373993d810d7e99ebbce5a1a82ca77f46c800
SHA256 d04d4811111467a3a30aa77361df7508c67a7034e321ed973892ce6d5d9072c3
SHA512 f8d7a4d25c75b0d52df9a3bee158be5be759918b78d9bf881385b7258044a937d263c6ff2e14b7fa4d389fe8abf263615702b50600fe29125eede3bd119e10a7