Analysis Overview
SHA256
a7b6fb08d17320632c5a3f97d3f265a5e594035fc2b92585b81d0aba16a46df1
Threat Level: Known bad
The file 80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Adds policy Run key to start application
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Loads dropped DLL
Checks computer location settings
Checks whether UAC is enabled
Adds Run key to start application
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops autorun.inf file
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 00:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 00:25
Reported
2024-10-31 03:01
Platform
win7-20241023-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "tsfyumkfykhcqaillkx.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "tsfyumkfykhcqaillkx.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "gguoledztgeapajnoocc.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "tsfyumkfykhcqaillkx.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "zwhysiexoytmygmnl.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "igskfwtnfqmgtcjlki.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "gguoledztgeapajnoocc.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "vwlgeyyvqedaqcmrtujkz.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "tsfyumkfykhcqaillkx.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "soyohwrjzicufmrr.exe ." | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "zwhysiexoytmygmnl.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "vwlgeyyvqedaqcmrtujkz.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "soyohwrjzicufmrr.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "gguoledztgeapajnoocc.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "tsfyumkfykhcqaillkx.exe" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "tsfyumkfykhcqaillkx.exe ." | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | C:\Windows\SysWOW64\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vgfkswgnsqzggcwlxihsrweisze.lss | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | C:\Windows\SysWOW64\vgfkswgnsqzggcwlxihsrweisze.lss | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Program Files (x86)\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | C:\Program Files (x86)\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | C:\Windows\vgfkswgnsqzggcwlxihsrweisze.lss | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\vwlgeyyvqedaqcmrtujkz.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\vgfkswgnsqzggcwlxihsrweisze.lss | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File created | C:\Windows\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\zwhysiexoytmygmnl.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\igskfwtnfqmgtcjlki.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\soyohwrjzicufmrr.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\tsfyumkfykhcqaillkx.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| File opened for modification | C:\Windows\moeazuvtpeectgrxacsukg.exe | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| File opened for modification | C:\Windows\gguoledztgeapajnoocc.exe | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\gssyhm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
"C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe*"
C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
"C:\Users\Admin\AppData\Local\Temp\gssyhm.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"
C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
"C:\Users\Admin\AppData\Local\Temp\gssyhm.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"
C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
"C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.110:80 | www.youtube.com | tcp |
| LV | 78.84.233.161:36438 | tcp | |
| US | 8.8.8.8:53 | kmeggs.org | udp |
| US | 8.8.8.8:53 | fevdyt.net | udp |
| US | 8.8.8.8:53 | kavtbvqf.info | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | zuxejnv.info | udp |
| US | 8.8.8.8:53 | ujgfxdqswh.net | udp |
| BG | 213.214.73.99:33325 | tcp | |
| US | 8.8.8.8:53 | lmklfsc.info | udp |
| US | 8.8.8.8:53 | rbdgpmrh.net | udp |
| US | 8.8.8.8:53 | hejekasms.com | udp |
| LT | 78.61.84.108:24963 | tcp | |
| US | 8.8.8.8:53 | nyjric.net | udp |
| US | 8.8.8.8:53 | hfnzbkxtkgld.net | udp |
| US | 8.8.8.8:53 | sejibalqxar.net | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| US | 8.8.8.8:53 | pzrhjirjbmfy.net | udp |
| US | 8.8.8.8:53 | zvvaxhjddcgt.info | udp |
| US | 8.8.8.8:53 | yzybni.info | udp |
| RU | 178.207.1.211:22619 | tcp | |
| US | 8.8.8.8:53 | evvqnudc.net | udp |
| US | 8.8.8.8:53 | qappvxyiorbw.net | udp |
| US | 8.8.8.8:53 | egksyqv.info | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | bvzdziipsnsh.info | udp |
| US | 8.8.8.8:53 | yokkaqmmwaia.com | udp |
| US | 8.8.8.8:53 | pnfmjmvwlcx.org | udp |
| US | 8.8.8.8:53 | hcfedx.net | udp |
| US | 8.8.8.8:53 | ufdievlbgvre.net | udp |
| US | 8.8.8.8:53 | rxafbhdvpa.net | udp |
| US | 8.8.8.8:53 | ilsuhfnamzie.info | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| LT | 78.57.171.190:35792 | tcp | |
| US | 8.8.8.8:53 | nntasqfztalr.net | udp |
| US | 8.8.8.8:53 | wuzqsmnmhhx.info | udp |
| US | 8.8.8.8:53 | uqickc.com | udp |
| US | 8.8.8.8:53 | ufnqtxn.net | udp |
| RU | 91.147.20.38:33061 | tcp | |
| US | 8.8.8.8:53 | kfnrwavaha.net | udp |
| US | 8.8.8.8:53 | vqhclzq.org | udp |
| US | 8.8.8.8:53 | ekqkluhz.info | udp |
| US | 8.8.8.8:53 | ycomweukeq.org | udp |
| DE | 87.121.55.175:34722 | tcp | |
| US | 8.8.8.8:53 | fjutxinsh.org | udp |
| US | 8.8.8.8:53 | yrdfljh.net | udp |
| RU | 149.255.24.250:28502 | tcp | |
| US | 8.8.8.8:53 | ygtojmicykn.info | udp |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | mqrjlbfy.net | udp |
| US | 8.8.8.8:53 | twmmkhcywuj.org | udp |
| BG | 46.47.114.153:40131 | tcp | |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | mtwsdxguwooo.net | udp |
| US | 8.8.8.8:53 | gtzrnb.net | udp |
| US | 8.8.8.8:53 | icgouo.org | udp |
| LT | 78.60.253.21:20134 | tcp | |
| US | 8.8.8.8:53 | vlyreqzqrkyl.net | udp |
| US | 8.8.8.8:53 | bgyidgfizgh.org | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | aoedmgepfw.info | udp |
| LT | 78.57.141.35:32947 | tcp | |
| US | 8.8.8.8:53 | pwkuxqpmisa.net | udp |
| US | 8.8.8.8:53 | rmnmaithp.net | udp |
| LT | 78.57.148.215:29180 | tcp | |
| US | 8.8.8.8:53 | buxfgafferff.net | udp |
| US | 8.8.8.8:53 | myocswemuq.org | udp |
| US | 8.8.8.8:53 | zsqdtogdxcvc.net | udp |
| US | 8.8.8.8:53 | oerpgkncx.info | udp |
| US | 8.8.8.8:53 | ptxjbjzzqkmh.info | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | oioyoykkmg.com | udp |
| US | 88.216.2.72:38356 | tcp | |
| US | 8.8.8.8:53 | keifme.info | udp |
| US | 8.8.8.8:53 | nfpcylccdcpq.net | udp |
| US | 8.8.8.8:53 | hedgzgtct.info | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| LT | 77.221.78.114:39059 | tcp | |
| US | 8.8.8.8:53 | wdvqnjtod.net | udp |
| US | 8.8.8.8:53 | myncofu.net | udp |
| DE | 95.88.37.1:16821 | tcp | |
| US | 8.8.8.8:53 | cmzjjlvf.net | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 8.8.8.8:53 | aijovytmk.net | udp |
| LT | 78.61.71.103:24731 | tcp | |
| US | 8.8.8.8:53 | eyjddab.net | udp |
| US | 8.8.8.8:53 | docspibisyf.net | udp |
| LT | 79.133.246.9:22567 | tcp | |
| US | 8.8.8.8:53 | melevgvmdal.net | udp |
| US | 8.8.8.8:53 | sktwviqylpo.info | udp |
| US | 8.8.8.8:53 | jjgctlduma.info | udp |
| US | 8.8.8.8:53 | jybhnjfutz.net | udp |
| BG | 93.123.124.231:32816 | tcp | |
| US | 8.8.8.8:53 | pbaqatgeel.net | udp |
| US | 8.8.8.8:53 | zmzpambxptva.net | udp |
| US | 8.8.8.8:53 | vljgbupsl.net | udp |
| US | 8.8.8.8:53 | gnkwqotxmy.net | udp |
| BG | 46.10.166.119:28038 | tcp | |
| US | 8.8.8.8:53 | jesulqrntjs.net | udp |
| US | 8.8.8.8:53 | qpejngowavjy.info | udp |
| US | 8.8.8.8:53 | wpumzcv.info | udp |
| N/A | 46.72.122.198:45245 | tcp |
Files
\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
| MD5 | 89ec3461ef4a893428c32f89de78b396 |
| SHA1 | 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9 |
| SHA256 | 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b |
| SHA512 | 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8 |
C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe
| MD5 | 80cdc7c264ea951dedde8d7cda97fe25 |
| SHA1 | 9961e22ff166d873068b85f829c0b17f8680c889 |
| SHA256 | a7b6fb08d17320632c5a3f97d3f265a5e594035fc2b92585b81d0aba16a46df1 |
| SHA512 | 1efb232e4569fbb233dd9e60f2d38225cc6e091008a2375f6834e5f0785dddd71970c005b78540123ffb9735df1949933937748d554450e51cd9c302f0d44e53 |
\Users\Admin\AppData\Local\Temp\gssyhm.exe
| MD5 | 4c43b695391adccdf409c2a1fffe0bce |
| SHA1 | e145fe5b0ff77f2e5e18424bb91de2fa2e79dddf |
| SHA256 | 7dbf0715bc46c45e08cd0d171924c45521d27f9f658102aae94484ffd884b6f5 |
| SHA512 | d526d0fbb495a0ef248f8cd6fecdddcf692527be0e805c331299cc673efa57f889efd879d67ac87780ac551666422c32b538a489f3d9a0021da5ba5c337e5892 |
C:\Users\Admin\AppData\Local\vgfkswgnsqzggcwlxihsrweisze.lss
| MD5 | 55aae867e6a6e7e29933077c41111307 |
| SHA1 | a1f0fd054c2b87a9d53e3a0f303805919a21cb77 |
| SHA256 | 081974e1c0e9f73e9d50b2658889a1c82e0656d9475cee67fe9108f094093821 |
| SHA512 | b80e3eb75f7de40580230a3c31fafb9cb694f9e0f37b8be47c11153aa2ac37e336be3d2376b7d28e0432b940d40b2abb034258ea8e71c447a7933f961a1ea2ee |
C:\Users\Admin\AppData\Local\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla
| MD5 | 7ccef092b835bfca8a84526098d4d2f5 |
| SHA1 | fa940c0ca5a9082a1007a578a0eec17cbf51d8c9 |
| SHA256 | b11ff6c22c1902c8277bce90e6abcca24487fd6a25b6f12f1a88db6b5650ef67 |
| SHA512 | 9464ec22c6c762816175371c8be58adace9ae8d4899e7df03e1c120dcee5d6308095648184e3d121372ec046915ffab2d208a927d3414ac599b2be1e33ce5db9 |
C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss
| MD5 | 49835b131243614a275975638559081b |
| SHA1 | 870150d801905e6ee2b1a5a5f02dfec6128823d4 |
| SHA256 | 99ed0a78a37808c4e2b6734884098ce3d23441ade2d1eb18fd63faca76f4678c |
| SHA512 | a6189ef25b179f73efbaaf6d0b271d9c7eb29e5bd14783b0a27d2db5fbe058431da9c122a79eab5f2a749ee4206ea841b5d588969872868cc37d236a1a79885f |
C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss
| MD5 | 400fe42db273bcc17fd36c5e93058d3c |
| SHA1 | 15ebaa9378c071f2ddb3057a991ed901dd1ea649 |
| SHA256 | 3e0e4e3078a3317a098d3e981194c9e5a9cbcc3553bf07c322ef7112129fa355 |
| SHA512 | 69e3779d9fceb1e723aa09e5be38db49070de8a1242e2fc4cc40c92cd45c3148ce4ee5f301da6bd1bac74e903bd3bd6a060545490cb18daeb03c15a687fc5904 |
C:\Users\Admin\AppData\Local\vgfkswgnsqzggcwlxihsrweisze.lss
| MD5 | 0b268aae6a5b52e3f98bbe949ae280c3 |
| SHA1 | 42ce8e02252bc97f6eb003d284120b786af4c685 |
| SHA256 | b2797a3cbc304aededba0e0531ba3b1afda014c2903f3c8c81c52502f5b14c9d |
| SHA512 | 95a1ff3ebc179347464665beb3d993989a908a9aebc7a2eeb3a358c591e075649a50edd7bd13550855fe15eea61addf3b73e96efe8d0452b5e874ba367f2dd8a |
C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss
| MD5 | b105162b5c37cd04f382fb40e316efe1 |
| SHA1 | 197d3d95597e6276ee575027c8492211fb8c5680 |
| SHA256 | f9779815b06d937a1cb0c4bcb040b0d7b56ccb65942c89ab39f45a764399e9ff |
| SHA512 | 775cd780ed7a4fe1104e89563bfbaf7b9e02e94cb7f5a9dc11de938e88b4c26aa912f99f24fcb2d47472234c759335d3d5961450cb1f2b37fe2d625af618490a |
C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss
| MD5 | c7141bf3490cc3a6fedb8a61581b80ac |
| SHA1 | 71e3cb6cb00e388b0556b11944dd90e56fb9494b |
| SHA256 | 16851eb70e0d601cf2ae42aba18b39e058f02a965b3128193f2e8e7246446ffd |
| SHA512 | b57647d20d10fe4cf15a262ba016a3b7d1d5a3e2c8a631a22b938810ab9e3012e0432984fc4ec930153943499a78d8cf118d4cef99f917810090bf64e2193e83 |
C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss
| MD5 | fee4953d56b7dd84558e8f9c0799be13 |
| SHA1 | 332431b03b28c79b653eb7f4effcfbc659560b2e |
| SHA256 | 8183288c5bf3e1bbfc2d4d861c06121607ee8a9b016bc59a3d4e34e03a7c1701 |
| SHA512 | 4e4843fd00880ba99ba189ae72ece5f0d841502b15f0d4410635a6ce0bf3b80db0f55b855b9215d4ae6b03883700e15f0eb638bfb23fe88a85ae04fb5687fc60 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-31 00:25
Reported
2024-10-31 03:09
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "cxhzpkaohaladofdv.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "cxhzpkaohaladofdv.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "jhupigzqmiwouicdyyfd.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "yxlhbaumjgvovkfhdemlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "lhslcypeyseuykcbus.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "jhupigzqmiwouicdyyfd.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "lhslcypeyseuykcbus.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "wtfzrogwrmzqvibbvua.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "jhupigzqmiwouicdyyfd.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "lhslcypeyseuykcbus.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "yxlhbaumjgvovkfhdemlz.exe ." | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "yxlhbaumjgvovkfhdemlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "yxlhbaumjgvovkfhdemlz.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "wtfzrogwrmzqvibbvua.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "yxlhbaumjgvovkfhdemlz.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "wtfzrogwrmzqvibbvua.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "vpypeynaskuikukh.exe ." | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File created | C:\Windows\SysWOW64\nfmbogteukseemavkefxetgylwmckwwesncw.pwl | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File created | C:\Windows\SysWOW64\iplpryaafkhixuxhlukrnrtac.hmj | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iplpryaafkhixuxhlukrnrtac.hmj | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfmbogteukseemavkefxetgylwmckwwesncw.pwl | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File created | C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Program Files (x86)\nfmbogteukseemavkefxetgylwmckwwesncw.pwl | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File created | C:\Program Files (x86)\nfmbogteukseemavkefxetgylwmckwwesncw.pwl | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\nfmbogteukseemavkefxetgylwmckwwesncw.pwl | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\iplpryaafkhixuxhlukrnrtac.hmj | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File created | C:\Windows\nfmbogteukseemavkefxetgylwmckwwesncw.pwl | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\vpypeynaskuikukh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\wtfzrogwrmzqvibbvua.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\yxlhbaumjgvovkfhdemlz.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File created | C:\Windows\iplpryaafkhixuxhlukrnrtac.hmj | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\ppebwwrkigwqyoknkmvvkh.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\cxhzpkaohaladofdv.exe | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| File opened for modification | C:\Windows\lhslcypeyseuykcbus.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| File opened for modification | C:\Windows\jhupigzqmiwouicdyyfd.exe | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\jtszeo.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
"C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe*"
C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
"C:\Users\Admin\AppData\Local\Temp\jtszeo.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"
C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
"C:\Users\Admin\AppData\Local\Temp\jtszeo.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"
C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
"C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | 79.222.19.104.in-addr.arpa | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | 92.207.27.104.in-addr.arpa | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| MK | 31.11.79.216:41752 | tcp | |
| US | 8.8.8.8:53 | kmeggs.org | udp |
| US | 8.8.8.8:53 | tihgrwqagfk.com | udp |
| US | 8.8.8.8:53 | fqbyrnqej.com | udp |
| US | 8.8.8.8:53 | kavtbvqf.info | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eslkglxsoxno.info | udp |
| US | 8.8.8.8:53 | ujgfxdqswh.net | udp |
| US | 8.8.8.8:53 | oqsssgoa.com | udp |
| US | 8.8.8.8:53 | wycuwq.com | udp |
| US | 8.8.8.8:53 | tpvsfmvsnrso.info | udp |
| US | 8.8.8.8:53 | ecsqwackmqys.com | udp |
| US | 8.8.8.8:53 | hmbjyjz.info | udp |
| US | 8.8.8.8:53 | sejibalqxar.net | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| US | 8.8.8.8:53 | kpnytctyv.info | udp |
| US | 8.8.8.8:53 | cgihagj.info | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iqtcrbxi.net | udp |
| US | 8.8.8.8:53 | iwuwcicm.info | udp |
| US | 8.8.8.8:53 | ylypyybq.net | udp |
| US | 8.8.8.8:53 | lynjnajtllk.com | udp |
| US | 8.8.8.8:53 | retjlcxlprla.info | udp |
| US | 8.8.8.8:53 | egksyqv.info | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | bvzdziipsnsh.info | udp |
| US | 8.8.8.8:53 | ctzqvet.net | udp |
| US | 8.8.8.8:53 | nzvpvaditkbf.net | udp |
| US | 8.8.8.8:53 | uirmjc.info | udp |
| US | 8.8.8.8:53 | pcmtnypie.com | udp |
| US | 8.8.8.8:53 | ikeiycao.com | udp |
| US | 8.8.8.8:53 | pnsdfbklr.com | udp |
| US | 8.8.8.8:53 | pnfmjmvwlcx.org | udp |
| US | 8.8.8.8:53 | mqwiqayk.com | udp |
| US | 8.8.8.8:53 | ptbfaqx.com | udp |
| US | 8.8.8.8:53 | paxcgclhwjee.net | udp |
| US | 8.8.8.8:53 | savjxjkwjwr.info | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| US | 8.8.8.8:53 | jydyhocg.info | udp |
| US | 8.8.8.8:53 | ugogea.com | udp |
| US | 8.8.8.8:53 | vqhclzq.org | udp |
| US | 8.8.8.8:53 | ssbihypcx.info | udp |
| US | 8.8.8.8:53 | yogdvkmzndeb.info | udp |
| US | 8.8.8.8:53 | zryucvdu.net | udp |
| US | 8.8.8.8:53 | frputx.info | udp |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | efdumh.net | udp |
| US | 8.8.8.8:53 | cyyiqywuiu.com | udp |
| US | 8.8.8.8:53 | wiacookkae.org | udp |
| US | 8.8.8.8:53 | rrlwpq.info | udp |
| US | 8.8.8.8:53 | iycsmoyesc.com | udp |
| US | 8.8.8.8:53 | ruwknvjikcei.net | udp |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | bmvsrozat.info | udp |
| US | 8.8.8.8:53 | qvmlwe.info | udp |
| US | 8.8.8.8:53 | yqhcpet.info | udp |
| US | 8.8.8.8:53 | urpebsd.net | udp |
| US | 8.8.8.8:53 | vyvusmm.org | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | ologud.net | udp |
| US | 8.8.8.8:53 | kafrval.info | udp |
| US | 8.8.8.8:53 | eqpwnaryq.net | udp |
| US | 8.8.8.8:53 | bchqvqhlxl.info | udp |
| US | 8.8.8.8:53 | fhjwmxqqljn.com | udp |
| US | 8.8.8.8:53 | occzlsyc.net | udp |
| US | 8.8.8.8:53 | myocswemuq.org | udp |
| US | 8.8.8.8:53 | lmixcv.info | udp |
| US | 8.8.8.8:53 | oogavbpszwz.net | udp |
| US | 8.8.8.8:53 | agqaka.org | udp |
| US | 8.8.8.8:53 | qpnsvg.net | udp |
| US | 8.8.8.8:53 | mxiprsbyrdv.info | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | jrncvlzwiulh.net | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| US | 8.8.8.8:53 | txhedtkuzzxo.net | udp |
| US | 8.8.8.8:53 | ggkcseig.org | udp |
| US | 8.8.8.8:53 | warwvbmaf.net | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 8.8.8.8:53 | fxpsummprikg.net | udp |
| US | 8.8.8.8:53 | rpforapuw.org | udp |
| US | 8.8.8.8:53 | tlszzpvy.info | udp |
| US | 8.8.8.8:53 | vljgbupsl.net | udp |
| US | 8.8.8.8:53 | pakebuhk.info | udp |
| US | 8.8.8.8:53 | vupwesfcv.info | udp |
| US | 8.8.8.8:53 | cwesmkki.com | udp |
| US | 8.8.8.8:53 | qpejngowavjy.info | udp |
| US | 8.8.8.8:53 | vonozjdumfp.org | udp |
| US | 8.8.8.8:53 | vasazdwwgmbg.net | udp |
| US | 8.8.8.8:53 | cmvvlgzybyv.info | udp |
| US | 8.8.8.8:53 | lcbsfiyyz.com | udp |
| US | 8.8.8.8:53 | iuokggyy.com | udp |
| US | 8.8.8.8:53 | ajhiqylf.info | udp |
| US | 8.8.8.8:53 | oicaqk.org | udp |
| US | 8.8.8.8:53 | tqznqjobr.org | udp |
| US | 8.8.8.8:53 | binawa.net | udp |
| US | 8.8.8.8:53 | dnkyxnwcl.com | udp |
| US | 8.8.8.8:53 | kwbqfvi.net | udp |
| US | 8.8.8.8:53 | wcwmthyqlu.info | udp |
| US | 8.8.8.8:53 | dmbealkee.net | udp |
| US | 8.8.8.8:53 | ibmkuvfttvtt.info | udp |
| US | 8.8.8.8:53 | lyjgdwtqjg.info | udp |
| US | 8.8.8.8:53 | cytnbn.info | udp |
| US | 8.8.8.8:53 | zztpsiymy.net | udp |
| US | 8.8.8.8:53 | yqiweowi.com | udp |
| US | 8.8.8.8:53 | vgcanks.net | udp |
| US | 8.8.8.8:53 | bbeeoob.org | udp |
| US | 8.8.8.8:53 | leiduo.net | udp |
| US | 8.8.8.8:53 | bpeyrxjv.net | udp |
| US | 8.8.8.8:53 | fszehlnx.net | udp |
| US | 8.8.8.8:53 | tmaghjvpj.com | udp |
| US | 8.8.8.8:53 | vfliva.net | udp |
| US | 8.8.8.8:53 | kcomekcgyq.com | udp |
| US | 8.8.8.8:53 | zcyghg.net | udp |
| US | 8.8.8.8:53 | uyccoo.com | udp |
| US | 8.8.8.8:53 | miwrfnnexdzl.net | udp |
| US | 8.8.8.8:53 | jkdcdyf.com | udp |
| US | 8.8.8.8:53 | qcmvqk.info | udp |
| US | 8.8.8.8:53 | dvyyeptzjv.net | udp |
| US | 8.8.8.8:53 | amgemu.org | udp |
| US | 8.8.8.8:53 | gfuvwmjpgb.net | udp |
| US | 8.8.8.8:53 | mneehleczd.net | udp |
| US | 8.8.8.8:53 | birobasm.net | udp |
| US | 8.8.8.8:53 | vfmjwm.info | udp |
| US | 8.8.8.8:53 | zsqxejydfpnt.info | udp |
| US | 88.216.2.72:38356 | tcp | |
| US | 8.8.8.8:53 | zdkypqfkv.net | udp |
| US | 8.8.8.8:53 | zwdipqj.net | udp |
| US | 8.8.8.8:53 | wufqpehed.net | udp |
| US | 8.8.8.8:53 | oslmaiishm.net | udp |
| US | 8.8.8.8:53 | qudyrmntuow.info | udp |
| US | 8.8.8.8:53 | lmeemmbbkus.info | udp |
| US | 8.8.8.8:53 | lsdarobxr.org | udp |
| US | 8.8.8.8:53 | bgofqv.net | udp |
| US | 8.8.8.8:53 | tjrwwkdujvu.com | udp |
| US | 8.8.8.8:53 | usiikeyy.org | udp |
| US | 8.8.8.8:53 | fwqhdq.net | udp |
| US | 8.8.8.8:53 | rvafcnxnds.net | udp |
| US | 8.8.8.8:53 | ohojtynkh.info | udp |
| US | 8.8.8.8:53 | fxdvziybdid.net | udp |
| US | 8.8.8.8:53 | uspavcp.net | udp |
| US | 8.8.8.8:53 | qypjlqlia.info | udp |
| US | 8.8.8.8:53 | hrnujmsfph.net | udp |
| US | 8.8.8.8:53 | qreifitmc.net | udp |
| US | 8.8.8.8:53 | lwblsqkifwh.info | udp |
| US | 8.8.8.8:53 | zogybsk.com | udp |
| US | 8.8.8.8:53 | vinbdfrufytx.net | udp |
| US | 8.8.8.8:53 | ourepitvklx.info | udp |
| US | 8.8.8.8:53 | uuwygwcmmc.com | udp |
| US | 8.8.8.8:53 | hntzlysgnlj.net | udp |
| US | 8.8.8.8:53 | ripbheq.net | udp |
| US | 8.8.8.8:53 | bautpltmsnj.org | udp |
| US | 8.8.8.8:53 | xhisrub.org | udp |
| US | 8.8.8.8:53 | dncrestwe.net | udp |
| US | 8.8.8.8:53 | tmnojq.net | udp |
| US | 8.8.8.8:53 | octpnmfeveb.net | udp |
| US | 8.8.8.8:53 | ueorvkndllkl.info | udp |
| US | 8.8.8.8:53 | fwwaqwlraa.net | udp |
| US | 8.8.8.8:53 | glphceiwrt.info | udp |
| US | 8.8.8.8:53 | ruksvdctcqr.com | udp |
| US | 8.8.8.8:53 | aalrmp.net | udp |
| US | 8.8.8.8:53 | znwjjxvv.net | udp |
| US | 8.8.8.8:53 | kiwkiu.org | udp |
| US | 8.8.8.8:53 | jfsirixz.net | udp |
| US | 8.8.8.8:53 | aejudfc.net | udp |
| US | 8.8.8.8:53 | ukvhnkdptk.info | udp |
| US | 8.8.8.8:53 | ymtoaovfdbi.net | udp |
| US | 8.8.8.8:53 | qnzmyexyd.net | udp |
| US | 8.8.8.8:53 | lqoyvyx.info | udp |
| US | 8.8.8.8:53 | eshmpsvrrmuj.net | udp |
| US | 8.8.8.8:53 | qjhljovnka.info | udp |
| US | 8.8.8.8:53 | bsrweqh.net | udp |
| US | 8.8.8.8:53 | msldjsn.info | udp |
| US | 8.8.8.8:53 | dhamsicnlp.info | udp |
| US | 8.8.8.8:53 | rwefryngvgr.net | udp |
| US | 8.8.8.8:53 | kshgvj.net | udp |
| US | 8.8.8.8:53 | vcqzpegbipvo.net | udp |
| US | 8.8.8.8:53 | wrhkncjdhkv.info | udp |
| US | 8.8.8.8:53 | btrgypg.org | udp |
| US | 8.8.8.8:53 | xykutplmhmfn.net | udp |
| US | 8.8.8.8:53 | akfhhuiir.info | udp |
| US | 8.8.8.8:53 | akcbdb.info | udp |
| US | 8.8.8.8:53 | gfzdsgfv.info | udp |
| US | 8.8.8.8:53 | mlgsxflu.net | udp |
| US | 8.8.8.8:53 | jcxbqz.info | udp |
| US | 8.8.8.8:53 | dwcufkeypgb.org | udp |
| US | 8.8.8.8:53 | xwdslaz.org | udp |
| US | 8.8.8.8:53 | kmpdjanxcx.info | udp |
| US | 8.8.8.8:53 | huhfhm.net | udp |
| US | 8.8.8.8:53 | jljcywgh.info | udp |
| US | 8.8.8.8:53 | bufklyv.info | udp |
| US | 8.8.8.8:53 | lbsqishytkk.org | udp |
| US | 8.8.8.8:53 | cowsakie.org | udp |
| US | 8.8.8.8:53 | bkdjaxzeuo.net | udp |
| US | 8.8.8.8:53 | tspkjar.com | udp |
| US | 8.8.8.8:53 | dgoufmjc.net | udp |
| US | 8.8.8.8:53 | aptavxszku.info | udp |
| US | 8.8.8.8:53 | gueaqu.org | udp |
| US | 8.8.8.8:53 | pkbvzf.info | udp |
| US | 8.8.8.8:53 | hrwqdmepds.info | udp |
| US | 8.8.8.8:53 | uofqisl.info | udp |
| US | 8.8.8.8:53 | oesmaemmgi.com | udp |
| US | 8.8.8.8:53 | vhawusap.net | udp |
| US | 8.8.8.8:53 | uubwoir.net | udp |
| US | 8.8.8.8:53 | wiuasuwsguiy.org | udp |
| US | 8.8.8.8:53 | jinfugfp.net | udp |
| US | 8.8.8.8:53 | icagqyegysim.org | udp |
| US | 8.8.8.8:53 | gmhmwfqwnwsi.info | udp |
| US | 8.8.8.8:53 | xgsqhhexzb.info | udp |
| US | 8.8.8.8:53 | wwgcsgyqqc.org | udp |
| US | 8.8.8.8:53 | gziprspizpxi.net | udp |
| US | 8.8.8.8:53 | isiium.com | udp |
| US | 8.8.8.8:53 | ouhnpciy.net | udp |
| US | 8.8.8.8:53 | zrszstijlq.net | udp |
| US | 8.8.8.8:53 | tcxyfinsdvpf.net | udp |
| US | 8.8.8.8:53 | ywucasqc.com | udp |
| US | 8.8.8.8:53 | mayugs.org | udp |
| US | 8.8.8.8:53 | qdaqwtlafa.info | udp |
| US | 8.8.8.8:53 | lopuutpg.info | udp |
| US | 8.8.8.8:53 | wsnzkowknye.info | udp |
| US | 8.8.8.8:53 | mynppxlc.info | udp |
| US | 8.8.8.8:53 | ejkmho.net | udp |
| US | 8.8.8.8:53 | efrjnekd.net | udp |
| US | 8.8.8.8:53 | vupvtfxvsupf.net | udp |
| US | 8.8.8.8:53 | gxjmexojzn.info | udp |
| US | 8.8.8.8:53 | nzycmig.org | udp |
| US | 8.8.8.8:53 | bfbwljnnmu.info | udp |
| US | 8.8.8.8:53 | awwkoy.org | udp |
| US | 8.8.8.8:53 | cuwaqag.net | udp |
| US | 8.8.8.8:53 | anubtiye.net | udp |
| US | 8.8.8.8:53 | ksqoryfwz.net | udp |
| US | 8.8.8.8:53 | ytuqrsdqprs.net | udp |
| US | 8.8.8.8:53 | lgmblm.info | udp |
| US | 8.8.8.8:53 | edkohbninrbz.net | udp |
| US | 8.8.8.8:53 | miuodaxmhmz.net | udp |
| US | 8.8.8.8:53 | ggxekal.info | udp |
| US | 8.8.8.8:53 | ekysuwaiqs.org | udp |
| US | 8.8.8.8:53 | ljcxfyad.net | udp |
| US | 8.8.8.8:53 | ucccik.com | udp |
| US | 8.8.8.8:53 | kwcepczhonjs.info | udp |
| US | 8.8.8.8:53 | pgthpgsgj.org | udp |
| US | 8.8.8.8:53 | xvcrhgyd.net | udp |
| US | 8.8.8.8:53 | mbiiznxdulyh.net | udp |
| US | 8.8.8.8:53 | jaquminefct.info | udp |
| US | 8.8.8.8:53 | tihxvsn.net | udp |
| US | 8.8.8.8:53 | qyuhfue.info | udp |
| US | 8.8.8.8:53 | rensjsymxwj.org | udp |
| US | 8.8.8.8:53 | mgpenyluayh.info | udp |
| US | 8.8.8.8:53 | qpeavxszku.net | udp |
| US | 8.8.8.8:53 | bkxzwfixd.com | udp |
| US | 8.8.8.8:53 | alawfyd.net | udp |
| US | 8.8.8.8:53 | hqtgvburdnbk.net | udp |
| US | 8.8.8.8:53 | ahbwmb.net | udp |
| US | 8.8.8.8:53 | dsyiavvy.net | udp |
| US | 8.8.8.8:53 | fqvopkmiayu.org | udp |
| US | 8.8.8.8:53 | pdcippnw.info | udp |
| US | 8.8.8.8:53 | hpfheyyehz.info | udp |
| US | 8.8.8.8:53 | sjvromvspqq.info | udp |
| US | 8.8.8.8:53 | vjdkqf.net | udp |
| US | 8.8.8.8:53 | gvvbrkaiibne.info | udp |
| US | 8.8.8.8:53 | eargbiv.info | udp |
| US | 8.8.8.8:53 | oabojeh.info | udp |
| US | 8.8.8.8:53 | hkowncecbsb.info | udp |
| US | 8.8.8.8:53 | mytynnbrhspi.info | udp |
| US | 8.8.8.8:53 | majvxrnkki.net | udp |
| US | 8.8.8.8:53 | oqhajmtmnmh.info | udp |
| US | 8.8.8.8:53 | fqdoxzxe.net | udp |
| IT | 31.13.194.66:42785 | tcp | |
| US | 8.8.8.8:53 | kbgihzddpd.info | udp |
| US | 8.8.8.8:53 | esvkde.net | udp |
| US | 8.8.8.8:53 | wieavxszku.net | udp |
| US | 8.8.8.8:53 | oiuiiaos.org | udp |
| US | 8.8.8.8:53 | eozhcmibtrjk.info | udp |
| US | 8.8.8.8:53 | tqaucin.org | udp |
| US | 8.8.8.8:53 | qezkmgbwtxd.net | udp |
| US | 8.8.8.8:53 | rreplnac.info | udp |
| US | 8.8.8.8:53 | oldcporig.info | udp |
| US | 8.8.8.8:53 | lkgatfldr.com | udp |
| US | 8.8.8.8:53 | mphils.info | udp |
| US | 8.8.8.8:53 | pdyydshqvi.net | udp |
| US | 8.8.8.8:53 | ckteoaykwib.info | udp |
| US | 8.8.8.8:53 | hvrmtxjqrmfu.net | udp |
| US | 8.8.8.8:53 | xqeqvctmsuh.net | udp |
| US | 8.8.8.8:53 | vrjezeqhecr.info | udp |
| US | 8.8.8.8:53 | wjasnej.net | udp |
| US | 8.8.8.8:53 | elnrmttr.info | udp |
| US | 8.8.8.8:53 | rsnbksh.org | udp |
| US | 8.8.8.8:53 | qxrwrxkgnrd.net | udp |
| US | 8.8.8.8:53 | pghiaxrr.net | udp |
| US | 8.8.8.8:53 | xslxqsls.net | udp |
| US | 8.8.8.8:53 | cyspwzld.info | udp |
| US | 8.8.8.8:53 | eyhicjv.net | udp |
| US | 8.8.8.8:53 | gkxxztxavsg.info | udp |
| US | 8.8.8.8:53 | tzdahsuuh.info | udp |
| US | 8.8.8.8:53 | qagoeiyu.org | udp |
| US | 8.8.8.8:53 | gfhopbomiu.net | udp |
| US | 8.8.8.8:53 | toiwaux.org | udp |
| US | 8.8.8.8:53 | ympczhxnodq.info | udp |
| US | 8.8.8.8:53 | hgxntkm.net | udp |
| US | 8.8.8.8:53 | aqdehih.net | udp |
| US | 8.8.8.8:53 | ukekjmlftxrp.info | udp |
| US | 8.8.8.8:53 | jmledug.com | udp |
| US | 8.8.8.8:53 | uylsbo.net | udp |
| US | 8.8.8.8:53 | prpufo.info | udp |
| US | 8.8.8.8:53 | ebnmjilylqx.net | udp |
| US | 8.8.8.8:53 | ymndlopgz.net | udp |
| US | 8.8.8.8:53 | sgsoagiiccyw.com | udp |
| US | 8.8.8.8:53 | kwnthepwauq.net | udp |
| US | 8.8.8.8:53 | rkzpufacxejy.net | udp |
| US | 8.8.8.8:53 | coskocwakk.com | udp |
| US | 8.8.8.8:53 | qesjrw.info | udp |
| US | 8.8.8.8:53 | dzskvopmm.info | udp |
| US | 8.8.8.8:53 | tbdleeffez.net | udp |
| US | 8.8.8.8:53 | grblyx.net | udp |
| US | 8.8.8.8:53 | ktjmhxiqwk.net | udp |
| US | 8.8.8.8:53 | jkocjw.info | udp |
| US | 8.8.8.8:53 | zmjoagj.info | udp |
| US | 8.8.8.8:53 | gyayoeqz.net | udp |
| US | 8.8.8.8:53 | djlicfxk.net | udp |
| US | 8.8.8.8:53 | qmfavlpfrzb.info | udp |
| US | 8.8.8.8:53 | fiyktxpf.info | udp |
| US | 8.8.8.8:53 | caqyrtdwnwl.net | udp |
| US | 8.8.8.8:53 | dbuguvooxgpt.info | udp |
| US | 8.8.8.8:53 | nysprahyr.org | udp |
| US | 8.8.8.8:53 | tbhipopoz.net | udp |
| US | 8.8.8.8:53 | eiaqad.info | udp |
| US | 8.8.8.8:53 | ysokokkkmy.com | udp |
| US | 8.8.8.8:53 | xurrzntnvpr.net | udp |
| US | 8.8.8.8:53 | yanbdy.info | udp |
| US | 8.8.8.8:53 | rwbklxfvdgn.net | udp |
| US | 8.8.8.8:53 | ltkxnavxrc.net | udp |
| US | 8.8.8.8:53 | qiuowywy.com | udp |
| US | 8.8.8.8:53 | wttaxtzszuhx.info | udp |
| US | 8.8.8.8:53 | kajpailpjmp.info | udp |
| US | 8.8.8.8:53 | rsyucrq.org | udp |
| US | 8.8.8.8:53 | gwgoqq.com | udp |
| US | 8.8.8.8:53 | fxbuhlpkmrp.info | udp |
| US | 8.8.8.8:53 | aeaoqscg.org | udp |
| US | 8.8.8.8:53 | yqreyx.info | udp |
| US | 8.8.8.8:53 | cvhyxcvn.net | udp |
| US | 8.8.8.8:53 | wjcazsxa.net | udp |
| US | 8.8.8.8:53 | tttbmavnnsp.com | udp |
| US | 8.8.8.8:53 | aclujyfwp.net | udp |
| US | 8.8.8.8:53 | fcfanxzsm.org | udp |
| US | 8.8.8.8:53 | iekyyqwacu.com | udp |
| US | 8.8.8.8:53 | owhqbcj.net | udp |
| US | 8.8.8.8:53 | dolcrrza.net | udp |
| US | 8.8.8.8:53 | nnoydufkrczd.net | udp |
| US | 8.8.8.8:53 | wedcyvhqvir.net | udp |
| US | 8.8.8.8:53 | luvyfdptlmr.net | udp |
| US | 8.8.8.8:53 | dpwoyczy.info | udp |
| US | 8.8.8.8:53 | dchbtb.net | udp |
| US | 8.8.8.8:53 | zrfifzwavamo.info | udp |
| US | 8.8.8.8:53 | mftkjojsesn.info | udp |
| US | 8.8.8.8:53 | lopogb.info | udp |
| US | 8.8.8.8:53 | vqrheyzex.net | udp |
| US | 8.8.8.8:53 | jkegrujevkd.info | udp |
| US | 8.8.8.8:53 | hdsdsdshs.info | udp |
| US | 8.8.8.8:53 | erzszznxmmjg.net | udp |
| US | 8.8.8.8:53 | pdcbgzgydc.info | udp |
| US | 8.8.8.8:53 | wuyaiqgeqy.com | udp |
| US | 8.8.8.8:53 | dnlqvgb.info | udp |
| US | 8.8.8.8:53 | rvvgvhudrpzk.info | udp |
| US | 8.8.8.8:53 | kiojjl.net | udp |
| US | 8.8.8.8:53 | yikqjacsi.info | udp |
| US | 8.8.8.8:53 | uahmrcl.net | udp |
| US | 8.8.8.8:53 | uhpmrupuasn.net | udp |
| US | 8.8.8.8:53 | odfdlbrq.net | udp |
| US | 8.8.8.8:53 | lsvufexetae.org | udp |
| US | 8.8.8.8:53 | xgvhrm.net | udp |
| US | 8.8.8.8:53 | eiretgahlch.info | udp |
| US | 8.8.8.8:53 | ishsjqi.net | udp |
| US | 8.8.8.8:53 | jrzyrcaozcr.org | udp |
| US | 8.8.8.8:53 | wwgsnkrvrqx.info | udp |
| US | 8.8.8.8:53 | asuyko.com | udp |
| US | 8.8.8.8:53 | cyoqawkoam.com | udp |
| US | 8.8.8.8:53 | yqtwkthsq.info | udp |
| US | 8.8.8.8:53 | jndurjar.info | udp |
| US | 8.8.8.8:53 | qweceiiiuo.com | udp |
| US | 8.8.8.8:53 | cxlkhikkn.net | udp |
| US | 8.8.8.8:53 | uezkjspxo.info | udp |
| US | 8.8.8.8:53 | tyvfjpsipeb.info | udp |
| US | 8.8.8.8:53 | hqusplden.net | udp |
| US | 8.8.8.8:53 | iacwswysqowu.com | udp |
| US | 8.8.8.8:53 | foorpe.info | udp |
| US | 8.8.8.8:53 | ryxdtsd.net | udp |
| US | 8.8.8.8:53 | xqzqfrx.net | udp |
| US | 8.8.8.8:53 | msfmtzx.info | udp |
| US | 8.8.8.8:53 | prlacqfn.info | udp |
| US | 8.8.8.8:53 | cikgciaceciq.org | udp |
| US | 8.8.8.8:53 | bclelijpxcd.info | udp |
| US | 8.8.8.8:53 | tnvtsi.net | udp |
| US | 8.8.8.8:53 | ouqoeesiae.org | udp |
| US | 8.8.8.8:53 | gvdohoqeo.info | udp |
| US | 8.8.8.8:53 | qubqirdevwh.net | udp |
| US | 8.8.8.8:53 | ngyfqwd.net | udp |
| US | 8.8.8.8:53 | peeszgdent.info | udp |
| US | 8.8.8.8:53 | tkiwebzqb.net | udp |
| US | 8.8.8.8:53 | reewxp.info | udp |
| US | 8.8.8.8:53 | otcnwf.info | udp |
| US | 8.8.8.8:53 | pojqitj.org | udp |
| US | 8.8.8.8:53 | jfrenmxp.net | udp |
| US | 8.8.8.8:53 | okdwtk.net | udp |
| US | 8.8.8.8:53 | gquuksom.com | udp |
| US | 8.8.8.8:53 | kcnanfdb.info | udp |
| US | 8.8.8.8:53 | gxuoigloa.net | udp |
| US | 8.8.8.8:53 | bcfclsv.com | udp |
| US | 8.8.8.8:53 | zxhjpeunqdj.org | udp |
| US | 8.8.8.8:53 | dunolqrmder.net | udp |
| US | 8.8.8.8:53 | pempqdt.com | udp |
| US | 8.8.8.8:53 | zjyunb.net | udp |
| US | 8.8.8.8:53 | flrgnicbbfti.net | udp |
| US | 8.8.8.8:53 | rbiieeeaaw.info | udp |
| US | 8.8.8.8:53 | ajeufitgtoe.info | udp |
| US | 8.8.8.8:53 | gysukcf.net | udp |
| US | 8.8.8.8:53 | gjjibgjpfvz.info | udp |
| US | 8.8.8.8:53 | oesaeigqwuki.com | udp |
| US | 8.8.8.8:53 | owggrwlie.info | udp |
| US | 8.8.8.8:53 | oaaiesqwks.com | udp |
| US | 8.8.8.8:53 | kgmgmyx.net | udp |
| US | 8.8.8.8:53 | hhbibsteqcn.info | udp |
| US | 8.8.8.8:53 | pahoyrkovwl.info | udp |
| US | 8.8.8.8:53 | ymmfuk.info | udp |
| US | 8.8.8.8:53 | tbtthvcxpi.net | udp |
| US | 8.8.8.8:53 | eggsdeaqdgk.info | udp |
| US | 8.8.8.8:53 | iyysmcgaoq.com | udp |
| US | 8.8.8.8:53 | uajybit.info | udp |
| US | 8.8.8.8:53 | qcaequgeic.org | udp |
| US | 8.8.8.8:53 | gubhcuoh.info | udp |
| US | 8.8.8.8:53 | tcdxpetiwvq.net | udp |
| US | 8.8.8.8:53 | xzvqhei.net | udp |
| US | 8.8.8.8:53 | teaacdtqjap.net | udp |
| US | 8.8.8.8:53 | thfpsrkg.net | udp |
| US | 8.8.8.8:53 | uplqpgffv.net | udp |
| US | 8.8.8.8:53 | vmnzaauww.com | udp |
| US | 8.8.8.8:53 | nozozyp.info | udp |
| US | 8.8.8.8:53 | xwqowmqjhuy.info | udp |
| US | 8.8.8.8:53 | utxlxul.info | udp |
| US | 8.8.8.8:53 | kcdmpzd.info | udp |
| US | 8.8.8.8:53 | gyqghevjsah.info | udp |
| US | 8.8.8.8:53 | rqzyiujilw.net | udp |
| US | 8.8.8.8:53 | okeiemwy.org | udp |
| US | 8.8.8.8:53 | sabpylqwmhwr.net | udp |
| US | 8.8.8.8:53 | ssywwsui.com | udp |
| US | 8.8.8.8:53 | burknwdor.com | udp |
| US | 8.8.8.8:53 | oyookvxpbanw.info | udp |
| US | 8.8.8.8:53 | nkpxbwhinql.com | udp |
| US | 8.8.8.8:53 | ruqgvfx.org | udp |
| US | 8.8.8.8:53 | zozgcobcaq.net | udp |
| US | 8.8.8.8:53 | kcslgoll.info | udp |
| US | 8.8.8.8:53 | zecovv.info | udp |
| LT | 87.247.65.131:41927 | tcp | |
| US | 8.8.8.8:53 | hjjakml.com | udp |
| US | 8.8.8.8:53 | tvzrkn.net | udp |
| US | 8.8.8.8:53 | iqogkeqm.com | udp |
| US | 8.8.8.8:53 | umeszbdhi.info | udp |
| US | 8.8.8.8:53 | dcvygkv.org | udp |
| US | 8.8.8.8:53 | lhvyev.net | udp |
| US | 8.8.8.8:53 | ljfgeynu.net | udp |
| US | 8.8.8.8:53 | mvrlhhspnj.info | udp |
| US | 8.8.8.8:53 | pubdtrzkyif.com | udp |
| US | 8.8.8.8:53 | iegemk.com | udp |
| US | 8.8.8.8:53 | seghjqrmn.net | udp |
| US | 8.8.8.8:53 | royidr.info | udp |
| US | 8.8.8.8:53 | rxhxfw.net | udp |
| US | 8.8.8.8:53 | bifggqrkn.net | udp |
| US | 8.8.8.8:53 | ejhaxwolmr.net | udp |
| US | 8.8.8.8:53 | lyewvfmqdwzh.net | udp |
| US | 8.8.8.8:53 | shhqfhsmcw.net | udp |
| US | 8.8.8.8:53 | oqldzpz.net | udp |
| US | 8.8.8.8:53 | ybhevkhywst.info | udp |
| US | 8.8.8.8:53 | mbjrzorf.net | udp |
| US | 8.8.8.8:53 | wbpglgmpvf.info | udp |
| US | 8.8.8.8:53 | lsfqogasdtt.net | udp |
| US | 8.8.8.8:53 | umbqfpzfw.info | udp |
| US | 8.8.8.8:53 | ykwggc.com | udp |
| US | 8.8.8.8:53 | ucawmoumiysg.com | udp |
| US | 8.8.8.8:53 | tsasuukkf.net | udp |
| US | 8.8.8.8:53 | wbmgiwzhcu.net | udp |
| US | 8.8.8.8:53 | yrecgmoyvxh.net | udp |
| US | 8.8.8.8:53 | mexsbsbhjgq.info | udp |
| US | 8.8.8.8:53 | jlffbn.net | udp |
| US | 8.8.8.8:53 | eowawwmkei.org | udp |
| US | 8.8.8.8:53 | uvcodihahbp.net | udp |
| US | 8.8.8.8:53 | jozypulgtcq.com | udp |
| US | 8.8.8.8:53 | rkbwpalgr.net | udp |
| US | 8.8.8.8:53 | kiocamoemkgo.org | udp |
| US | 8.8.8.8:53 | siekzyqkd.info | udp |
| US | 8.8.8.8:53 | ylaxujjvpzdt.info | udp |
| US | 8.8.8.8:53 | koiqio.org | udp |
| US | 8.8.8.8:53 | htqiugaqhcb.org | udp |
| US | 8.8.8.8:53 | mldbdcbn.info | udp |
| US | 8.8.8.8:53 | hlqltge.net | udp |
| US | 8.8.8.8:53 | skqichhuy.net | udp |
| US | 8.8.8.8:53 | pedxzbrhzb.info | udp |
| US | 8.8.8.8:53 | icaecugi.com | udp |
| US | 8.8.8.8:53 | elrmjqoskpgo.net | udp |
| US | 8.8.8.8:53 | iomunypmc.info | udp |
| US | 8.8.8.8:53 | vlsqekixshcp.net | udp |
| US | 8.8.8.8:53 | lszahmfkt.net | udp |
| US | 8.8.8.8:53 | gusyys.org | udp |
| US | 8.8.8.8:53 | bksknnrazerp.info | udp |
| US | 8.8.8.8:53 | xhwtmfujbani.net | udp |
| US | 8.8.8.8:53 | iwwmiiga.org | udp |
| US | 8.8.8.8:53 | wuqsnaq.info | udp |
| US | 8.8.8.8:53 | feawjoykmt.info | udp |
| US | 8.8.8.8:53 | jgzbxllqdecg.net | udp |
| US | 8.8.8.8:53 | xigozx.info | udp |
| US | 8.8.8.8:53 | wtigijfy.info | udp |
| US | 8.8.8.8:53 | xazbfnbxwans.net | udp |
| US | 8.8.8.8:53 | hvhmyofneur.info | udp |
| US | 8.8.8.8:53 | thbjldcrxt.net | udp |
| US | 8.8.8.8:53 | hpltuulfrbtg.net | udp |
| US | 8.8.8.8:53 | asecuyemymyi.org | udp |
| US | 8.8.8.8:53 | yywgnwbwzs.net | udp |
| US | 8.8.8.8:53 | lkbiigbnkir.net | udp |
| US | 8.8.8.8:53 | yarxnoq.info | udp |
| US | 8.8.8.8:53 | jswmnalgvlx.org | udp |
| US | 8.8.8.8:53 | fbjfdkrr.net | udp |
| US | 8.8.8.8:53 | nmvxnr.net | udp |
| US | 8.8.8.8:53 | zmrarczuld.net | udp |
| US | 8.8.8.8:53 | soxotpwkd.info | udp |
| US | 8.8.8.8:53 | dwpkzhv.com | udp |
| US | 8.8.8.8:53 | amriowjldlc.info | udp |
| US | 8.8.8.8:53 | fsnqjwv.info | udp |
| US | 8.8.8.8:53 | aayeieoamcqe.org | udp |
| US | 8.8.8.8:53 | ipusvbgbzw.net | udp |
| US | 8.8.8.8:53 | rltwexojzn.net | udp |
| US | 8.8.8.8:53 | mokckeae.org | udp |
| US | 8.8.8.8:53 | uwzhgmzuv.net | udp |
| US | 8.8.8.8:53 | fzomamzqlovg.info | udp |
| US | 8.8.8.8:53 | dayucgzmwkv.net | udp |
| US | 8.8.8.8:53 | uadxlfbhtrby.net | udp |
| US | 8.8.8.8:53 | lqzrecgexgn.com | udp |
| US | 8.8.8.8:53 | mvnpomqx.info | udp |
| US | 8.8.8.8:53 | wuybayvsmwt.info | udp |
| US | 8.8.8.8:53 | acvijwfis.info | udp |
| US | 8.8.8.8:53 | cxlwpyglvdcc.net | udp |
| US | 8.8.8.8:53 | smbehcrvtuf.info | udp |
| US | 8.8.8.8:53 | qisakqeiecqu.org | udp |
| US | 8.8.8.8:53 | ddnypysoj.org | udp |
| US | 8.8.8.8:53 | mtxstcq.info | udp |
| US | 8.8.8.8:53 | iggcfwpytwa.net | udp |
| US | 8.8.8.8:53 | cewkaoeqii.org | udp |
| US | 8.8.8.8:53 | agtjxghkrq.net | udp |
| US | 8.8.8.8:53 | aaxgnmwcb.net | udp |
| US | 8.8.8.8:53 | tuaxjj.net | udp |
| US | 8.8.8.8:53 | gnxurajd.net | udp |
| US | 8.8.8.8:53 | drdyjtiz.info | udp |
| US | 8.8.8.8:53 | ckrqlgvagoz.net | udp |
| US | 8.8.8.8:53 | csrxwxlmx.net | udp |
| US | 8.8.8.8:53 | vkylhtylchns.net | udp |
| US | 8.8.8.8:53 | ushkxbyxdgg.net | udp |
| US | 8.8.8.8:53 | zhksvcsp.net | udp |
| US | 8.8.8.8:53 | hmofrznh.info | udp |
| US | 8.8.8.8:53 | aoyvfv.info | udp |
| US | 8.8.8.8:53 | aycmjgp.net | udp |
| US | 8.8.8.8:53 | rhjqoghezh.info | udp |
| US | 8.8.8.8:53 | jalkbr.info | udp |
| US | 8.8.8.8:53 | uldeyb.info | udp |
| US | 8.8.8.8:53 | azhyqhhpfqp.net | udp |
| US | 8.8.8.8:53 | cxffzmlflm.info | udp |
| US | 8.8.8.8:53 | jbcvjgvwyjs.com | udp |
| US | 8.8.8.8:53 | qauwoj.info | udp |
| US | 8.8.8.8:53 | oarmayvufrf.info | udp |
| US | 8.8.8.8:53 | fwadvrcw.info | udp |
| US | 8.8.8.8:53 | hjcutzth.net | udp |
| US | 8.8.8.8:53 | maltyz.net | udp |
| US | 8.8.8.8:53 | zmrtxdjw.info | udp |
| US | 8.8.8.8:53 | qqispynns.info | udp |
| US | 8.8.8.8:53 | tintjhdhp.info | udp |
| US | 8.8.8.8:53 | znpodz.net | udp |
| US | 8.8.8.8:53 | fcvuvkyohfv.org | udp |
| US | 8.8.8.8:53 | usztsauxtyh.net | udp |
| US | 8.8.8.8:53 | dwfebekyt.org | udp |
| US | 8.8.8.8:53 | vebczah.com | udp |
| US | 8.8.8.8:53 | ppgkzw.info | udp |
| US | 8.8.8.8:53 | dujnret.org | udp |
| US | 8.8.8.8:53 | yuucbetns.info | udp |
| US | 8.8.8.8:53 | bktpfwsl.net | udp |
| US | 8.8.8.8:53 | rstojpg.net | udp |
| US | 8.8.8.8:53 | zhdxyujpzudd.info | udp |
| US | 8.8.8.8:53 | dlwqdu.info | udp |
| US | 8.8.8.8:53 | gofwtqg.info | udp |
| US | 8.8.8.8:53 | hegsmwj.org | udp |
| US | 8.8.8.8:53 | iplqdlbmaiyt.info | udp |
| US | 8.8.8.8:53 | yyuaoeumqmki.com | udp |
| US | 8.8.8.8:53 | sqeaccmaqa.org | udp |
| US | 8.8.8.8:53 | nsdbsgdrvhn.info | udp |
| HK | 156.237.207.232:80 | yeseee.com | tcp |
| BY | 178.125.249.3:19589 | tcp | |
| US | 8.8.8.8:53 | gvrfpip.info | udp |
| US | 8.8.8.8:53 | iyjjvddp.info | udp |
| US | 8.8.8.8:53 | ggrqolzyoy.net | udp |
| US | 8.8.8.8:53 | kyiqacma.com | udp |
| US | 8.8.8.8:53 | jupejihn.info | udp |
| US | 8.8.8.8:53 | hrodiovgffm.net | udp |
| US | 8.8.8.8:53 | dqlpfiwwkepz.net | udp |
| US | 8.8.8.8:53 | zijhhgbgy.org | udp |
| US | 8.8.8.8:53 | bylihqpez.info | udp |
| US | 8.8.8.8:53 | 232.207.237.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | taxsnux.com | udp |
| US | 8.8.8.8:53 | jrfhtodifg.info | udp |
| US | 8.8.8.8:53 | vynafnjux.org | udp |
| US | 8.8.8.8:53 | mnfpekhmdcza.net | udp |
| US | 8.8.8.8:53 | hxtsvvg.org | udp |
| US | 8.8.8.8:53 | ytdetyvev.info | udp |
| US | 8.8.8.8:53 | iwlpzasaqq.net | udp |
| US | 8.8.8.8:53 | suewikoywsuo.org | udp |
| US | 8.8.8.8:53 | luxnouxdfuf.net | udp |
| US | 8.8.8.8:53 | qqjmgxmb.net | udp |
| US | 8.8.8.8:53 | iwkqqwaoqaeq.com | udp |
| US | 8.8.8.8:53 | bakfznqyjrsl.net | udp |
| US | 8.8.8.8:53 | jolbnynrzeeu.info | udp |
| US | 8.8.8.8:53 | fxawtfy.info | udp |
| US | 8.8.8.8:53 | mcpmajvv.net | udp |
| US | 8.8.8.8:53 | waxuvktcirec.info | udp |
| US | 8.8.8.8:53 | tsxauoqgjzf.net | udp |
| US | 8.8.8.8:53 | rblcgst.org | udp |
| US | 8.8.8.8:53 | cfpsrc.net | udp |
| US | 8.8.8.8:53 | jlzatxz.info | udp |
| US | 8.8.8.8:53 | wwmqtih.net | udp |
| US | 8.8.8.8:53 | jidupfr.org | udp |
| US | 8.8.8.8:53 | cynwpvlg.info | udp |
| US | 8.8.8.8:53 | beklnku.com | udp |
| US | 8.8.8.8:53 | zwgxrkq.org | udp |
| US | 8.8.8.8:53 | jrfepop.org | udp |
| US | 8.8.8.8:53 | qqzkbofsp.net | udp |
| US | 8.8.8.8:53 | nicxrmrxya.net | udp |
| US | 8.8.8.8:53 | lwjpkg.info | udp |
| US | 8.8.8.8:53 | wgaogaqiku.org | udp |
| US | 8.8.8.8:53 | bjteet.info | udp |
| US | 8.8.8.8:53 | qmvygc.net | udp |
| US | 8.8.8.8:53 | swyueylxlve.info | udp |
| US | 8.8.8.8:53 | lgfexnbsblf.info | udp |
| US | 8.8.8.8:53 | ftizam.info | udp |
| US | 8.8.8.8:53 | vdinsezipu.net | udp |
| US | 8.8.8.8:53 | sattmarij.net | udp |
| US | 8.8.8.8:53 | elmsfcnviaha.net | udp |
| US | 8.8.8.8:53 | meqyvqaagpws.info | udp |
| US | 8.8.8.8:53 | egqkaykymuwy.com | udp |
| US | 8.8.8.8:53 | rvmonfphd.org | udp |
| US | 8.8.8.8:53 | afxgnqb.net | udp |
| US | 8.8.8.8:53 | kacmqaekoq.com | udp |
| US | 8.8.8.8:53 | cggoawui.org | udp |
| US | 8.8.8.8:53 | qywgwgyq.com | udp |
| US | 8.8.8.8:53 | nofljiwg.info | udp |
| US | 8.8.8.8:53 | mfxmirp.net | udp |
| US | 8.8.8.8:53 | cnsqroz.net | udp |
| US | 8.8.8.8:53 | ugxzpkqsvwl.net | udp |
| US | 8.8.8.8:53 | jcbhfkvmz.org | udp |
| US | 8.8.8.8:53 | bcksphj.net | udp |
| US | 8.8.8.8:53 | agimwqqayw.com | udp |
| US | 8.8.8.8:53 | egvmisianow.info | udp |
| US | 8.8.8.8:53 | xanwqkg.info | udp |
| US | 8.8.8.8:53 | carniqb.net | udp |
| US | 8.8.8.8:53 | sokqegqqaayc.org | udp |
| US | 8.8.8.8:53 | zivytptdz.com | udp |
| US | 8.8.8.8:53 | rqdkyeowgcx.net | udp |
| US | 8.8.8.8:53 | xygbdoqlv.org | udp |
| US | 8.8.8.8:53 | djnklkzedcg.org | udp |
| US | 8.8.8.8:53 | lhbghq.net | udp |
| US | 8.8.8.8:53 | fofcgchur.net | udp |
| US | 8.8.8.8:53 | kmaocqew.org | udp |
| US | 8.8.8.8:53 | agiwfgdsu.net | udp |
| US | 8.8.8.8:53 | lwxoxtiuqit.net | udp |
| US | 8.8.8.8:53 | vsrkronqxqc.net | udp |
| US | 8.8.8.8:53 | qgqvid.info | udp |
| US | 8.8.8.8:53 | ymwomwegsy.org | udp |
| US | 8.8.8.8:53 | icaijmduf.net | udp |
| US | 8.8.8.8:53 | qccqwqqi.org | udp |
| US | 8.8.8.8:53 | vefevexgg.net | udp |
| US | 8.8.8.8:53 | kazyicyavtoq.info | udp |
| US | 8.8.8.8:53 | cqoycgwuqi.com | udp |
| US | 8.8.8.8:53 | qcqmqaku.org | udp |
| US | 8.8.8.8:53 | cfwjbujktq.info | udp |
| US | 8.8.8.8:53 | sijvuqcud.net | udp |
| LT | 77.221.78.114:39059 | tcp | |
| US | 8.8.8.8:53 | stfhbwifvy.info | udp |
| US | 8.8.8.8:53 | fzqwtokyrnsr.net | udp |
| US | 8.8.8.8:53 | fgyojpnggd.info | udp |
| US | 8.8.8.8:53 | lemhdf.info | udp |
| US | 8.8.8.8:53 | ywociuosey.org | udp |
| US | 8.8.8.8:53 | efdlohhy.info | udp |
| US | 8.8.8.8:53 | kjtyfem.info | udp |
| US | 8.8.8.8:53 | zitiqkxzo.info | udp |
| US | 8.8.8.8:53 | hxjezkaaj.net | udp |
| US | 8.8.8.8:53 | ymxkblgll.net | udp |
| US | 8.8.8.8:53 | itabjj.net | udp |
| US | 8.8.8.8:53 | scaoec.com | udp |
| US | 8.8.8.8:53 | pcvoxmrujpuz.net | udp |
| US | 8.8.8.8:53 | pmvwlcgtpsd.com | udp |
| US | 8.8.8.8:53 | raeoprklqc.info | udp |
| US | 8.8.8.8:53 | shnpzwyodof.net | udp |
| US | 8.8.8.8:53 | bgdqgf.net | udp |
| US | 8.8.8.8:53 | ucxmvkjahpn.info | udp |
| US | 8.8.8.8:53 | gsderkaso.info | udp |
| US | 8.8.8.8:53 | ginyfyj.info | udp |
| US | 8.8.8.8:53 | pionfeze.info | udp |
| US | 8.8.8.8:53 | cgkcui.org | udp |
| US | 8.8.8.8:53 | xzfgaacnmmfu.net | udp |
| US | 8.8.8.8:53 | lzrasizmj.net | udp |
| US | 8.8.8.8:53 | zvznxf.info | udp |
| US | 8.8.8.8:53 | yilpmh.info | udp |
| US | 8.8.8.8:53 | ycxvrvto.info | udp |
| US | 8.8.8.8:53 | cuuwxsykwea.info | udp |
| US | 8.8.8.8:53 | squqkm.org | udp |
| US | 8.8.8.8:53 | eacqsw.org | udp |
| US | 8.8.8.8:53 | eqwkxorsw.net | udp |
| US | 8.8.8.8:53 | xwtmlinof.net | udp |
| US | 8.8.8.8:53 | tithjmlb.net | udp |
| US | 8.8.8.8:53 | vpnwlqdqeauj.net | udp |
| US | 8.8.8.8:53 | cmaakgskgoqk.com | udp |
| US | 8.8.8.8:53 | amvbrfhisy.info | udp |
| US | 8.8.8.8:53 | rzohmurstn.info | udp |
| US | 8.8.8.8:53 | dhdgtd.info | udp |
| US | 8.8.8.8:53 | njkkkqukgji.org | udp |
| US | 8.8.8.8:53 | ehtrbdxwnwt.net | udp |
| US | 8.8.8.8:53 | aufqflf.info | udp |
| US | 8.8.8.8:53 | sbablr.net | udp |
| US | 8.8.8.8:53 | onvipnl.net | udp |
| US | 8.8.8.8:53 | yamiyu.org | udp |
| US | 8.8.8.8:53 | oezfxoxed.info | udp |
| US | 8.8.8.8:53 | aubgzylblcd.info | udp |
| US | 8.8.8.8:53 | uuecll.net | udp |
| US | 8.8.8.8:53 | rwhudyf.org | udp |
| US | 8.8.8.8:53 | lpwyvujofcm.net | udp |
| US | 8.8.8.8:53 | dvnfddco.info | udp |
| US | 8.8.8.8:53 | hkzfeunqft.net | udp |
| US | 8.8.8.8:53 | suncjsvmr.info | udp |
| US | 8.8.8.8:53 | tokgsgnnaceo.info | udp |
| US | 8.8.8.8:53 | uacoqg.org | udp |
| US | 8.8.8.8:53 | yokmnx.info | udp |
| US | 8.8.8.8:53 | ijdtcyej.net | udp |
| US | 8.8.8.8:53 | kvjyvchozgq.net | udp |
| US | 8.8.8.8:53 | thgxfl.info | udp |
| US | 8.8.8.8:53 | rcrcrbxww.net | udp |
| US | 8.8.8.8:53 | mkqqeoys.org | udp |
| US | 8.8.8.8:53 | cgzizmeq.info | udp |
| US | 8.8.8.8:53 | hmvqzix.com | udp |
| US | 8.8.8.8:53 | ocmwkuug.com | udp |
| US | 8.8.8.8:53 | ucpvxszpb.info | udp |
| US | 8.8.8.8:53 | ivemnxnb.info | udp |
| US | 8.8.8.8:53 | mlfcdejcu.net | udp |
| US | 8.8.8.8:53 | hwkgtysv.info | udp |
| US | 8.8.8.8:53 | zkdrzmqgrk.net | udp |
| US | 8.8.8.8:53 | cysggooo.org | udp |
| US | 8.8.8.8:53 | nflpfx.info | udp |
| US | 8.8.8.8:53 | wacysgigcaey.org | udp |
| US | 8.8.8.8:53 | ujicnpxsnl.net | udp |
| US | 8.8.8.8:53 | xtnhdkldhi.info | udp |
| US | 8.8.8.8:53 | qxggvgl.info | udp |
| US | 8.8.8.8:53 | igqztsawouj.net | udp |
| US | 8.8.8.8:53 | dwsikogj.info | udp |
| US | 8.8.8.8:53 | tyxufrnp.info | udp |
| US | 8.8.8.8:53 | yoimsyai.org | udp |
| US | 8.8.8.8:53 | uawwuoeowmuw.com | udp |
| US | 8.8.8.8:53 | vsouzbxgt.info | udp |
| US | 8.8.8.8:53 | xgnijggfclh.com | udp |
| US | 8.8.8.8:53 | wjdqglpu.net | udp |
| US | 8.8.8.8:53 | lldutkvyr.com | udp |
| US | 8.8.8.8:53 | xykijz.info | udp |
| US | 8.8.8.8:53 | nmlmtevvo.info | udp |
| US | 8.8.8.8:53 | azvutebjec.net | udp |
| US | 8.8.8.8:53 | rqbmtixdpcb.info | udp |
| US | 8.8.8.8:53 | axkyjh.net | udp |
| US | 8.8.8.8:53 | gtpmumq.net | udp |
| US | 8.8.8.8:53 | wsyqzjzsjih.info | udp |
| US | 8.8.8.8:53 | rigifehun.net | udp |
| US | 8.8.8.8:53 | itdiivurgl.net | udp |
| US | 8.8.8.8:53 | frspdwnj.net | udp |
| US | 8.8.8.8:53 | tmayxmurogi.org | udp |
| US | 8.8.8.8:53 | ylzbkowkvn.info | udp |
| US | 8.8.8.8:53 | iuecpck.info | udp |
| US | 8.8.8.8:53 | nmloxwrxo.net | udp |
| US | 8.8.8.8:53 | ecvecmvlfgx.net | udp |
| US | 8.8.8.8:53 | ksgkugkgkgii.com | udp |
| US | 8.8.8.8:53 | zzkzhrlo.info | udp |
| US | 8.8.8.8:53 | hfgkacxqinla.net | udp |
| US | 8.8.8.8:53 | pkbpbyz.org | udp |
| US | 8.8.8.8:53 | gaguoqkmmm.org | udp |
| US | 8.8.8.8:53 | vgzuvzgdwn.net | udp |
| US | 8.8.8.8:53 | xizjfuqnvubh.info | udp |
| US | 8.8.8.8:53 | daxwxmiwnis.com | udp |
| US | 8.8.8.8:53 | savqpwhqr.info | udp |
| US | 8.8.8.8:53 | iusiogeeos.org | udp |
| US | 8.8.8.8:53 | idlffowv.info | udp |
| US | 8.8.8.8:53 | aemnosge.net | udp |
| US | 8.8.8.8:53 | yajpyqiudrkm.info | udp |
| US | 8.8.8.8:53 | lrowcjkt.net | udp |
| US | 8.8.8.8:53 | qmgokg.com | udp |
| US | 8.8.8.8:53 | yocauycg.org | udp |
| US | 8.8.8.8:53 | mfrlyp.info | udp |
| US | 8.8.8.8:53 | rqtuscv.com | udp |
| US | 8.8.8.8:53 | xbxlmfybwlcm.net | udp |
| US | 8.8.8.8:53 | acxqaei.net | udp |
| US | 8.8.8.8:53 | ocsacumo.org | udp |
| US | 8.8.8.8:53 | qqejldixywih.info | udp |
| US | 8.8.8.8:53 | firqntlbjs.info | udp |
| US | 8.8.8.8:53 | fjswfmxs.net | udp |
| US | 8.8.8.8:53 | seftvq.info | udp |
| US | 8.8.8.8:53 | uyhxtmjmzzn.net | udp |
| US | 8.8.8.8:53 | vanjpyu.com | udp |
| US | 8.8.8.8:53 | ipusxl.info | udp |
| US | 8.8.8.8:53 | ikjeggcrbq.net | udp |
| US | 8.8.8.8:53 | oklwmhsexc.net | udp |
| US | 8.8.8.8:53 | uchymef.net | udp |
| US | 8.8.8.8:53 | hehdlebkhif.info | udp |
| US | 8.8.8.8:53 | tatcntpljz.info | udp |
| US | 8.8.8.8:53 | lexthisfyv.info | udp |
| US | 8.8.8.8:53 | ugdmtph.net | udp |
| GR | 94.69.80.118:44227 | tcp | |
| US | 8.8.8.8:53 | rvwmjyzodabt.info | udp |
| US | 8.8.8.8:53 | dhqyoyayy.info | udp |
| US | 8.8.8.8:53 | amksoweiuc.com | udp |
| US | 8.8.8.8:53 | roejsuia.net | udp |
| US | 8.8.8.8:53 | jzhmdjb.info | udp |
| US | 8.8.8.8:53 | kcgmcc.com | udp |
| US | 8.8.8.8:53 | ywbmxtjsfezl.info | udp |
| US | 8.8.8.8:53 | hvjjjigqvij.info | udp |
| US | 8.8.8.8:53 | buvogivgp.org | udp |
| US | 8.8.8.8:53 | fytqtdparf.net | udp |
| US | 8.8.8.8:53 | fxbpxdej.net | udp |
| US | 8.8.8.8:53 | ygaayqgs.com | udp |
| US | 8.8.8.8:53 | kvbeztme.info | udp |
| US | 8.8.8.8:53 | koxgcrrtnuk.net | udp |
| US | 8.8.8.8:53 | dbxytamqyr.info | udp |
| US | 8.8.8.8:53 | uxrmbazwdnqf.net | udp |
| US | 8.8.8.8:53 | ckakygew.com | udp |
| US | 8.8.8.8:53 | raazpygl.net | udp |
| US | 8.8.8.8:53 | walbskjn.info | udp |
| US | 8.8.8.8:53 | zynxzvkowl.info | udp |
| US | 8.8.8.8:53 | fbuwnvjv.info | udp |
| US | 8.8.8.8:53 | ssmxzo.info | udp |
| US | 8.8.8.8:53 | xvryjoayrev.info | udp |
| US | 8.8.8.8:53 | pwkovrjiq.com | udp |
| US | 8.8.8.8:53 | pmqgqnyy.net | udp |
| US | 8.8.8.8:53 | ykkcji.net | udp |
| US | 8.8.8.8:53 | oggazxlcfsfe.net | udp |
| US | 8.8.8.8:53 | rgiklh.info | udp |
| US | 8.8.8.8:53 | brdoxdos.info | udp |
| US | 8.8.8.8:53 | tboyrtniuyn.net | udp |
| US | 8.8.8.8:53 | dzdqif.net | udp |
| US | 8.8.8.8:53 | pxhqcg.info | udp |
| US | 8.8.8.8:53 | hjfkrp.net | udp |
| US | 8.8.8.8:53 | qfvhzf.net | udp |
| US | 8.8.8.8:53 | hdcbymtpjotb.net | udp |
| US | 8.8.8.8:53 | macuaiyeuqqe.org | udp |
| US | 8.8.8.8:53 | qciscqym.org | udp |
| US | 8.8.8.8:53 | fmpqpmkofcy.net | udp |
| US | 8.8.8.8:53 | ymmyqbztclxr.info | udp |
| US | 8.8.8.8:53 | wmbuhyrvcon.info | udp |
| US | 8.8.8.8:53 | iqjkiytxpcb.net | udp |
| US | 8.8.8.8:53 | haddjeg.net | udp |
| US | 8.8.8.8:53 | kusiwm.org | udp |
| US | 8.8.8.8:53 | mwycqayuwe.com | udp |
| US | 8.8.8.8:53 | ckgqqyaw.com | udp |
| US | 8.8.8.8:53 | vgciuofoq.net | udp |
| US | 8.8.8.8:53 | bklmbonrp.org | udp |
| US | 8.8.8.8:53 | ngvlpyey.net | udp |
| US | 8.8.8.8:53 | mutctc.net | udp |
| US | 8.8.8.8:53 | fvljsbupim.net | udp |
| US | 8.8.8.8:53 | eegyiyso.org | udp |
| US | 8.8.8.8:53 | waymomyo.org | udp |
| US | 8.8.8.8:53 | xwsavip.net | udp |
| US | 8.8.8.8:53 | atpsjmvhsmb.net | udp |
| US | 8.8.8.8:53 | hcionq.info | udp |
| US | 8.8.8.8:53 | mmzzozjw.info | udp |
| US | 8.8.8.8:53 | mkxejqwf.info | udp |
| US | 8.8.8.8:53 | noxrtgs.org | udp |
| US | 8.8.8.8:53 | iqteicdl.net | udp |
| US | 8.8.8.8:53 | hmzuogpis.info | udp |
| US | 8.8.8.8:53 | lipononon.info | udp |
| US | 8.8.8.8:53 | dewgvrjsbws.org | udp |
| US | 8.8.8.8:53 | julkryi.info | udp |
| US | 8.8.8.8:53 | rbaypnpuzol.org | udp |
| US | 8.8.8.8:53 | rqwquc.net | udp |
| US | 8.8.8.8:53 | owggbafsvuj.info | udp |
| US | 8.8.8.8:53 | xfrrgutv.net | udp |
| US | 8.8.8.8:53 | eazerazey.net | udp |
| US | 8.8.8.8:53 | diumcyxuvir.com | udp |
| US | 8.8.8.8:53 | cydnzcjqzgl.net | udp |
| US | 8.8.8.8:53 | yzhatlbh.info | udp |
| US | 8.8.8.8:53 | vhveha.info | udp |
| US | 8.8.8.8:53 | ywykekseiegk.com | udp |
| US | 8.8.8.8:53 | sqqumgekumeo.org | udp |
| US | 8.8.8.8:53 | ikccgk.com | udp |
| US | 8.8.8.8:53 | wyzgpatjx.info | udp |
| US | 8.8.8.8:53 | amegia.org | udp |
| US | 8.8.8.8:53 | orhgnmihiizh.info | udp |
| US | 8.8.8.8:53 | mqdujgx.info | udp |
| US | 8.8.8.8:53 | meumgzpu.info | udp |
| US | 8.8.8.8:53 | pqpsdqt.org | udp |
| US | 8.8.8.8:53 | mecfrprlvw.net | udp |
| US | 8.8.8.8:53 | emjqqmtql.info | udp |
| US | 8.8.8.8:53 | nmyavgmcg.com | udp |
| US | 8.8.8.8:53 | fshhtxpue.org | udp |
| US | 8.8.8.8:53 | imluhkyxr.info | udp |
| US | 8.8.8.8:53 | aycsigaiskoo.org | udp |
| US | 8.8.8.8:53 | skiqugtsht.info | udp |
| US | 8.8.8.8:53 | lytuefatnbnu.net | udp |
| US | 8.8.8.8:53 | tlrgdipevar.net | udp |
| US | 8.8.8.8:53 | etzapfaojii.net | udp |
| US | 8.8.8.8:53 | lnnvbcdyf.com | udp |
| US | 8.8.8.8:53 | qlfqexn.info | udp |
| US | 8.8.8.8:53 | pbgsxnywj.info | udp |
| US | 8.8.8.8:53 | sfkgeqzvgj.info | udp |
| US | 8.8.8.8:53 | qcggkayw.com | udp |
| US | 8.8.8.8:53 | rendya.info | udp |
| US | 8.8.8.8:53 | xgcmtnr.net | udp |
| US | 8.8.8.8:53 | jczubghuf.com | udp |
| US | 8.8.8.8:53 | lgjply.net | udp |
| US | 8.8.8.8:53 | vkvfqucw.info | udp |
| US | 8.8.8.8:53 | duxxxrpmyz.info | udp |
| US | 8.8.8.8:53 | qdfcjrr.net | udp |
| US | 8.8.8.8:53 | oahzbczz.info | udp |
| US | 8.8.8.8:53 | fuyzsxp.org | udp |
| US | 8.8.8.8:53 | mmgeec.com | udp |
| US | 8.8.8.8:53 | dkgxbaxz.net | udp |
| US | 8.8.8.8:53 | lelxray.net | udp |
| US | 8.8.8.8:53 | bsxjofye.info | udp |
| US | 8.8.8.8:53 | puvtjiaya.net | udp |
| US | 8.8.8.8:53 | sabffwd.net | udp |
| US | 8.8.8.8:53 | llmtynj.com | udp |
| US | 8.8.8.8:53 | huxeyxqoh.org | udp |
| US | 8.8.8.8:53 | dtprub.info | udp |
| US | 8.8.8.8:53 | lzkeoaqml.com | udp |
| US | 8.8.8.8:53 | imvgzn.net | udp |
| US | 8.8.8.8:53 | pwmnodbphh.info | udp |
| US | 8.8.8.8:53 | zumwrx.info | udp |
| US | 8.8.8.8:53 | xhtzec.info | udp |
| US | 8.8.8.8:53 | dngfrgoifb.info | udp |
| US | 8.8.8.8:53 | pifxhrj.info | udp |
| US | 8.8.8.8:53 | yqymqm.com | udp |
| US | 8.8.8.8:53 | aezafqv.net | udp |
| US | 8.8.8.8:53 | siyqvceqj.info | udp |
| US | 8.8.8.8:53 | wzpltpziuu.net | udp |
| US | 8.8.8.8:53 | fhqyde.info | udp |
| US | 8.8.8.8:53 | wqbnjuesscl.net | udp |
| US | 8.8.8.8:53 | jyknbtfah.com | udp |
| US | 8.8.8.8:53 | ltmundpr.info | udp |
| US | 8.8.8.8:53 | wjgdlmtoumn.net | udp |
| US | 8.8.8.8:53 | accywyvwx.info | udp |
| US | 8.8.8.8:53 | lozcpehcnox.org | udp |
| US | 8.8.8.8:53 | baiizeh.com | udp |
| US | 8.8.8.8:53 | zmpdhstkfdw.org | udp |
| US | 8.8.8.8:53 | hdswvm.net | udp |
| US | 8.8.8.8:53 | ueqfqooc.net | udp |
| US | 8.8.8.8:53 | urjcmidspk.net | udp |
| US | 8.8.8.8:53 | wglxbeyixsg.info | udp |
| US | 8.8.8.8:53 | csaomkgeme.com | udp |
| US | 8.8.8.8:53 | lfworg.net | udp |
| US | 8.8.8.8:53 | iieeoaic.com | udp |
| US | 8.8.8.8:53 | zsxjbahsp.org | udp |
| US | 8.8.8.8:53 | vagjxq.net | udp |
| US | 8.8.8.8:53 | aogobal.info | udp |
| US | 8.8.8.8:53 | nhwpjsxbjzbj.info | udp |
| US | 8.8.8.8:53 | buvavsv.com | udp |
| US | 8.8.8.8:53 | ewayyggaeg.org | udp |
| US | 8.8.8.8:53 | gudechrg.info | udp |
| US | 8.8.8.8:53 | rpffvwdc.net | udp |
| US | 8.8.8.8:53 | kpjadylsba.net | udp |
| US | 8.8.8.8:53 | elnapul.info | udp |
| BG | 46.47.114.153:40131 | tcp | |
| US | 8.8.8.8:53 | ztqdje.info | udp |
| US | 8.8.8.8:53 | rcbljousb.com | udp |
| US | 8.8.8.8:53 | hdecxtp.org | udp |
| US | 8.8.8.8:53 | keisreo.info | udp |
| US | 8.8.8.8:53 | creyhbxohm.info | udp |
| US | 8.8.8.8:53 | njburqdcd.com | udp |
| US | 8.8.8.8:53 | tbxultccmj.info | udp |
| US | 8.8.8.8:53 | nqldnkf.com | udp |
| US | 8.8.8.8:53 | bcntgndccmru.net | udp |
| US | 8.8.8.8:53 | kecocmgu.com | udp |
| US | 8.8.8.8:53 | migkig.org | udp |
| US | 8.8.8.8:53 | fbsaaimnsmgv.info | udp |
| US | 8.8.8.8:53 | kyswflejd.net | udp |
| US | 8.8.8.8:53 | psjgnfdmjwx.net | udp |
| US | 8.8.8.8:53 | hmbtrmsnydae.info | udp |
| US | 8.8.8.8:53 | wsgrvobrq.net | udp |
| US | 8.8.8.8:53 | uyokqw.com | udp |
| US | 8.8.8.8:53 | bydbtahum.net | udp |
| US | 8.8.8.8:53 | vqjudurgv.net | udp |
| US | 8.8.8.8:53 | pygdlsz.com | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | zuxejnv.info | udp |
| US | 8.8.8.8:53 | tpvsfmvsnrso.info | udp |
| US | 8.8.8.8:53 | ogbzhsjcovr.net | udp |
| US | 8.8.8.8:53 | eimwiiomsq.org | udp |
| US | 8.8.8.8:53 | xpxfxdqswh.info | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| US | 8.8.8.8:53 | wevgoov.info | udp |
| US | 8.8.8.8:53 | nujmtindoh.info | udp |
| US | 8.8.8.8:53 | htrplv.info | udp |
| US | 8.8.8.8:53 | nbdztrqh.net | udp |
| US | 8.8.8.8:53 | udylpipwz.net | udp |
| US | 8.8.8.8:53 | pctomggbraj.com | udp |
| US | 8.8.8.8:53 | eitnmjxwv.net | udp |
| US | 8.8.8.8:53 | lbgaxfb.com | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | shomipvf.net | udp |
| US | 8.8.8.8:53 | xjqippo.org | udp |
| US | 8.8.8.8:53 | nzvpvaditkbf.net | udp |
| US | 8.8.8.8:53 | gqhcduvihrh.info | udp |
| US | 8.8.8.8:53 | igxmmap.net | udp |
| US | 8.8.8.8:53 | pnsdfbklr.com | udp |
| US | 8.8.8.8:53 | gyvqwcxtyk.info | udp |
| US | 8.8.8.8:53 | twaszbkemsp.net | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| US | 8.8.8.8:53 | aqnotuhi.info | udp |
| US | 8.8.8.8:53 | uylheqvecsf.info | udp |
| US | 8.8.8.8:53 | dqomjupjyi.info | udp |
| US | 8.8.8.8:53 | hsksignnoewk.net | udp |
| US | 8.8.8.8:53 | rodgfhnztueb.info | udp |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | lqeuqrlvbef.net | udp |
| US | 8.8.8.8:53 | smkigimkgwwq.org | udp |
| US | 8.8.8.8:53 | phqaumrnf.com | udp |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | goimsayscows.com | udp |
| US | 8.8.8.8:53 | wxxyfgierv.net | udp |
| US | 8.8.8.8:53 | pwarhvzx.net | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | qiisxre.net | udp |
| US | 8.8.8.8:53 | rriepvuthz.info | udp |
| US | 8.8.8.8:53 | nbjrecsg.net | udp |
| US | 8.8.8.8:53 | occzlsyc.net | udp |
| US | 8.8.8.8:53 | ptxjbjzzqkmh.info | udp |
| US | 8.8.8.8:53 | rwhipqp.org | udp |
| US | 8.8.8.8:53 | vmgxfihyh.com | udp |
| US | 8.8.8.8:53 | ekquuwag.com | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | rtuyhjjj.info | udp |
| US | 8.8.8.8:53 | hvtdtsgilkr.org | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| US | 8.8.8.8:53 | xmnmhchgm.net | udp |
| US | 8.8.8.8:53 | cmzjjlvf.net | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 8.8.8.8:53 | cwuwjvqr.info | udp |
| US | 8.8.8.8:53 | ocbmjefhvqj.info | udp |
| US | 8.8.8.8:53 | vljgbupsl.net | udp |
| US | 8.8.8.8:53 | bsieldyd.info | udp |
| US | 8.8.8.8:53 | tmoebn.net | udp |
| US | 8.8.8.8:53 | dyjzbs.net | udp |
| US | 8.8.8.8:53 | vivsjwxcrnj.org | udp |
| US | 8.8.8.8:53 | cwesmkki.com | udp |
| US | 8.8.8.8:53 | eefmqcw.net | udp |
| US | 8.8.8.8:53 | iaattusoh.info | udp |
| US | 8.8.8.8:53 | qpejngowavjy.info | udp |
| US | 8.8.8.8:53 | vozpebnh.info | udp |
| US | 8.8.8.8:53 | moenscmecw.net | udp |
| US | 8.8.8.8:53 | zoxadhrur.com | udp |
| US | 8.8.8.8:53 | lcbsfiyyz.com | udp |
| US | 8.8.8.8:53 | birepoq.com | udp |
| US | 8.8.8.8:53 | vpwcwhdpom.info | udp |
| US | 8.8.8.8:53 | lttmba.net | udp |
| US | 8.8.8.8:53 | ajhiqylf.info | udp |
| US | 8.8.8.8:53 | dmbealkee.net | udp |
| US | 8.8.8.8:53 | bafefq.net | udp |
| US | 8.8.8.8:53 | vzjhcolkz.info | udp |
| US | 8.8.8.8:53 | juhldclic.com | udp |
| US | 8.8.8.8:53 | yqiweowi.com | udp |
| US | 8.8.8.8:53 | brargk.info | udp |
| US | 8.8.8.8:53 | vgcanks.net | udp |
| US | 8.8.8.8:53 | buoytrytcc.info | udp |
| US | 8.8.8.8:53 | azdhbhstwfkh.info | udp |
| US | 8.8.8.8:53 | fszehlnx.net | udp |
| US | 8.8.8.8:53 | pjlfqvazbsjo.net | udp |
| US | 8.8.8.8:53 | rfntjbxs.info | udp |
| US | 8.8.8.8:53 | aimuusuaao.org | udp |
| US | 8.8.8.8:53 | qegcqcceeyke.com | udp |
| US | 8.8.8.8:53 | gzcwnopqd.info | udp |
| US | 8.8.8.8:53 | jkdcdyf.com | udp |
| US | 8.8.8.8:53 | ysdiviayz.info | udp |
| US | 8.8.8.8:53 | czvgxitbxg.net | udp |
| US | 8.8.8.8:53 | snmlbztkwkqv.net | udp |
| US | 8.8.8.8:53 | gfuvwmjpgb.net | udp |
| US | 8.8.8.8:53 | mneehleczd.net | udp |
| US | 8.8.8.8:53 | ugabhufak.net | udp |
| US | 8.8.8.8:53 | zsqxejydfpnt.info | udp |
| US | 8.8.8.8:53 | touwnu.info | udp |
| GR | 62.169.208.44:26222 | tcp | |
| US | 8.8.8.8:53 | dswpog.net | udp |
| US | 8.8.8.8:53 | pomhlyinh.net | udp |
| US | 8.8.8.8:53 | ithaweln.info | udp |
| US | 8.8.8.8:53 | xdzmrft.org | udp |
| US | 8.8.8.8:53 | uspavcp.net | udp |
| US | 8.8.8.8:53 | ecoqtke.net | udp |
| US | 8.8.8.8:53 | hrnujmsfph.net | udp |
| US | 8.8.8.8:53 | ourepitvklx.info | udp |
| US | 8.8.8.8:53 | eooswcouec.com | udp |
| US | 8.8.8.8:53 | fsczualcjk.info | udp |
| US | 8.8.8.8:53 | nmwnbosecp.info | udp |
| US | 8.8.8.8:53 | bsvtdu.net | udp |
| US | 8.8.8.8:53 | uuwygwcmmc.com | udp |
| US | 8.8.8.8:53 | fifqlpb.org | udp |
| US | 8.8.8.8:53 | ripbheq.net | udp |
| US | 8.8.8.8:53 | mnhhpwrtdai.info | udp |
| US | 8.8.8.8:53 | mcunzkr.net | udp |
| US | 8.8.8.8:53 | jnzrnrhadt.info | udp |
| US | 8.8.8.8:53 | octpnmfeveb.net | udp |
| US | 8.8.8.8:53 | xfrefwl.info | udp |
| US | 8.8.8.8:53 | kasabx.net | udp |
| US | 8.8.8.8:53 | cnnkoyjwprx.info | udp |
| US | 8.8.8.8:53 | yqvxspny.net | udp |
| US | 8.8.8.8:53 | cwbobcrni.info | udp |
| US | 8.8.8.8:53 | tcxdgup.org | udp |
| US | 8.8.8.8:53 | ruksvdctcqr.com | udp |
| US | 8.8.8.8:53 | aalrmp.net | udp |
| US | 8.8.8.8:53 | mskgeeb.info | udp |
| US | 8.8.8.8:53 | oeewfmk.net | udp |
| US | 8.8.8.8:53 | lqoyvyx.info | udp |
| US | 8.8.8.8:53 | qsssec.com | udp |
| US | 8.8.8.8:53 | bsrweqh.net | udp |
| US | 8.8.8.8:53 | fyqrkpnbuw.net | udp |
| US | 8.8.8.8:53 | pptjrvfokbr.net | udp |
| US | 8.8.8.8:53 | jyzepuh.org | udp |
| US | 8.8.8.8:53 | juhdvcwd.info | udp |
| US | 8.8.8.8:53 | kshgvj.net | udp |
| US | 8.8.8.8:53 | yzyzhfwp.net | udp |
| US | 8.8.8.8:53 | xykutplmhmfn.net | udp |
| US | 8.8.8.8:53 | sqqypacmjwg.net | udp |
| US | 8.8.8.8:53 | ausggnptzkhy.net | udp |
| US | 8.8.8.8:53 | hqicbsebx.net | udp |
| US | 8.8.8.8:53 | vfosjdtu.net | udp |
| US | 8.8.8.8:53 | dajxtuf.org | udp |
| US | 8.8.8.8:53 | hwxxdb.net | udp |
| US | 8.8.8.8:53 | mlgsxflu.net | udp |
| US | 8.8.8.8:53 | mwpundwwgqf.info | udp |
| US | 8.8.8.8:53 | llmylvqrvc.info | udp |
| US | 8.8.8.8:53 | kmpdjanxcx.info | udp |
| US | 8.8.8.8:53 | ayaisqusmc.com | udp |
| US | 8.8.8.8:53 | smlorkx.net | udp |
| US | 8.8.8.8:53 | xqcyxif.info | udp |
| US | 8.8.8.8:53 | pevbsci.com | udp |
| US | 8.8.8.8:53 | jljcywgh.info | udp |
| US | 8.8.8.8:53 | cenavclyjvz.net | udp |
| US | 8.8.8.8:53 | wykkis.org | udp |
| US | 8.8.8.8:53 | nszgvcoej.net | udp |
| US | 8.8.8.8:53 | aptavxszku.info | udp |
| US | 8.8.8.8:53 | cseckqqekoic.com | udp |
| US | 8.8.8.8:53 | oesmaemmgi.com | udp |
| US | 8.8.8.8:53 | emzpnpjytdi.info | udp |
| US | 8.8.8.8:53 | jfmxfzrurlvj.net | udp |
| US | 8.8.8.8:53 | rvpimiew.info | udp |
| US | 8.8.8.8:53 | jinfugfp.net | udp |
| US | 8.8.8.8:53 | icagqyegysim.org | udp |
| US | 8.8.8.8:53 | siqmoyggcq.org | udp |
| US | 8.8.8.8:53 | ajpowcjojvl.net | udp |
| US | 8.8.8.8:53 | cywumaqcoa.org | udp |
| US | 8.8.8.8:53 | tjqryxbhdomh.net | udp |
| US | 8.8.8.8:53 | isiium.com | udp |
| US | 8.8.8.8:53 | uycmtvuz.info | udp |
| US | 8.8.8.8:53 | qdaqwtlafa.info | udp |
| US | 8.8.8.8:53 | qcimyu.org | udp |
| US | 8.8.8.8:53 | urvgrtjlwxx.info | udp |
| US | 8.8.8.8:53 | gteghdjchdr.info | udp |
| US | 8.8.8.8:53 | gulazqdhbey.info | udp |
| US | 8.8.8.8:53 | hirultsib.info | udp |
| US | 8.8.8.8:53 | gxjmexojzn.info | udp |
| US | 8.8.8.8:53 | jxdasrpmhurk.info | udp |
| US | 8.8.8.8:53 | btnaaytgsfj.info | udp |
| US | 8.8.8.8:53 | oqbrfifgv.net | udp |
| US | 8.8.8.8:53 | pdnakhfafspz.info | udp |
| US | 8.8.8.8:53 | dqvyxrbch.net | udp |
| US | 8.8.8.8:53 | fmgkkih.com | udp |
| US | 8.8.8.8:53 | nnbxpgfvjitu.info | udp |
| US | 8.8.8.8:53 | vehihtg.info | udp |
| US | 8.8.8.8:53 | mbiiznxdulyh.net | udp |
| US | 8.8.8.8:53 | iewieqieoq.org | udp |
| US | 8.8.8.8:53 | umnyzdn.net | udp |
| US | 8.8.8.8:53 | jaquminefct.info | udp |
| US | 8.8.8.8:53 | sahrbstroek.net | udp |
| US | 8.8.8.8:53 | rgnhewpuhig.net | udp |
| US | 8.8.8.8:53 | qpeavxszku.net | udp |
| US | 8.8.8.8:53 | mygcsuwesmwm.com | udp |
| US | 8.8.8.8:53 | rgjetfbdsewq.info | udp |
| US | 8.8.8.8:53 | knykwdex.net | udp |
| US | 8.8.8.8:53 | vmdhdpoe.net | udp |
| US | 8.8.8.8:53 | lgnpzslkftim.net | udp |
| US | 8.8.8.8:53 | nvqhtsfzlm.info | udp |
| US | 8.8.8.8:53 | ugwstuhdomv.info | udp |
| US | 8.8.8.8:53 | kwhqlsf.net | udp |
| US | 8.8.8.8:53 | kdxkczbux.net | udp |
| US | 8.8.8.8:53 | aekgyvebddls.net | udp |
| US | 8.8.8.8:53 | oqhajmtmnmh.info | udp |
| US | 8.8.8.8:53 | eqzirgalxqr.info | udp |
| US | 8.8.8.8:53 | wieavxszku.net | udp |
| US | 8.8.8.8:53 | kcyask.com | udp |
| US | 8.8.8.8:53 | gxvrnexi.info | udp |
| US | 8.8.8.8:53 | qrdabwdgw.info | udp |
| US | 8.8.8.8:53 | kjzcwqq.net | udp |
| US | 8.8.8.8:53 | rreplnac.info | udp |
| US | 8.8.8.8:53 | zqmibxhaj.org | udp |
| US | 8.8.8.8:53 | pozydco.com | udp |
| US | 8.8.8.8:53 | dmnxpitmx.org | udp |
| US | 8.8.8.8:53 | rugdhelmt.net | udp |
| US | 8.8.8.8:53 | iyjndxxu.net | udp |
| US | 8.8.8.8:53 | xqeqvctmsuh.net | udp |
| US | 8.8.8.8:53 | wjasnej.net | udp |
| US | 8.8.8.8:53 | jmtnzgcazlrn.net | udp |
| US | 8.8.8.8:53 | scempivbz.net | udp |
| US | 8.8.8.8:53 | qxrwrxkgnrd.net | udp |
| US | 8.8.8.8:53 | rxlmehyn.info | udp |
| US | 8.8.8.8:53 | blrududc.net | udp |
| US | 8.8.8.8:53 | ariaui.info | udp |
| US | 8.8.8.8:53 | wgwtnn.info | udp |
| PL | 84.38.209.39:29389 | tcp | |
| US | 8.8.8.8:53 | wuwdpawsrohg.net | udp |
| US | 8.8.8.8:53 | xkdtdwpsgk.info | udp |
| US | 8.8.8.8:53 | xghygzsuyad.net | udp |
| US | 8.8.8.8:53 | hgxntkm.net | udp |
| US | 8.8.8.8:53 | eqrxvaygczvk.info | udp |
| US | 8.8.8.8:53 | otttjaek.info | udp |
| US | 8.8.8.8:53 | yyookkkg.org | udp |
| US | 8.8.8.8:53 | pbrhfkpfkygt.info | udp |
| US | 8.8.8.8:53 | sgsoagiiccyw.com | udp |
| US | 8.8.8.8:53 | sgiseo.org | udp |
| US | 8.8.8.8:53 | okecgq.com | udp |
| US | 8.8.8.8:53 | nslpvomst.com | udp |
| US | 8.8.8.8:53 | kwacjtx.net | udp |
| US | 8.8.8.8:53 | fgxnxhxoitsr.info | udp |
| US | 8.8.8.8:53 | djlicfxk.net | udp |
| US | 8.8.8.8:53 | fodcfyd.net | udp |
| US | 8.8.8.8:53 | ykznheipxvr.net | udp |
| US | 8.8.8.8:53 | dbuguvooxgpt.info | udp |
| US | 8.8.8.8:53 | kmkkoeacmm.com | udp |
| US | 8.8.8.8:53 | kyocycssciyc.com | udp |
| US | 8.8.8.8:53 | legyllgar.net | udp |
| US | 8.8.8.8:53 | cyoaccuagi.com | udp |
| US | 8.8.8.8:53 | lobshdxqrbv.org | udp |
| US | 8.8.8.8:53 | rwbklxfvdgn.net | udp |
| US | 8.8.8.8:53 | swwuwkka.org | udp |
| US | 8.8.8.8:53 | ptyxvofusy.info | udp |
| US | 8.8.8.8:53 | lpobxcz.com | udp |
| US | 8.8.8.8:53 | kajpailpjmp.info | udp |
| US | 8.8.8.8:53 | mccyjpxaz.info | udp |
| US | 8.8.8.8:53 | rsgokoftgc.net | udp |
| US | 8.8.8.8:53 | sajtvebwz.net | udp |
| US | 8.8.8.8:53 | gwgoqq.com | udp |
| US | 8.8.8.8:53 | kccgucgu.org | udp |
| US | 8.8.8.8:53 | xpfmxyhdon.net | udp |
| US | 8.8.8.8:53 | qwnkvqlmgym.net | udp |
| US | 8.8.8.8:53 | rbyfak.net | udp |
| US | 8.8.8.8:53 | cvhyxcvn.net | udp |
| US | 8.8.8.8:53 | wjcazsxa.net | udp |
| US | 8.8.8.8:53 | fiepvwpivef.com | udp |
| US | 8.8.8.8:53 | miokqo.com | udp |
| US | 8.8.8.8:53 | aclujyfwp.net | udp |
| US | 8.8.8.8:53 | gislpxktd.info | udp |
| US | 8.8.8.8:53 | htrrzpijsd.net | udp |
| US | 8.8.8.8:53 | ewegpmxz.info | udp |
| US | 8.8.8.8:53 | xffemswh.info | udp |
| US | 8.8.8.8:53 | syvytcc.info | udp |
| US | 8.8.8.8:53 | pzwwrlewwj.net | udp |
| US | 8.8.8.8:53 | ylqefiw.info | udp |
| US | 8.8.8.8:53 | rztmbuka.info | udp |
| US | 8.8.8.8:53 | vqrheyzex.net | udp |
| US | 8.8.8.8:53 | emayrfvnpqus.net | udp |
| US | 8.8.8.8:53 | rypztbpm.info | udp |
| US | 8.8.8.8:53 | surkdlbdvgd.net | udp |
| US | 8.8.8.8:53 | jkegrujevkd.info | udp |
| US | 8.8.8.8:53 | okjlper.net | udp |
| US | 8.8.8.8:53 | vadcui.net | udp |
| US | 8.8.8.8:53 | vvgrkznk.info | udp |
| US | 8.8.8.8:53 | wuyaiqgeqy.com | udp |
| US | 8.8.8.8:53 | djnewdjr.net | udp |
| US | 8.8.8.8:53 | scsccy.org | udp |
| US | 8.8.8.8:53 | vicyhzdbhj.info | udp |
| US | 8.8.8.8:53 | uhpmrupuasn.net | udp |
| US | 8.8.8.8:53 | mwnqjbhtigyx.info | udp |
| US | 8.8.8.8:53 | kbpbjlcflp.net | udp |
| US | 8.8.8.8:53 | hbatnfxuzw.net | udp |
| US | 8.8.8.8:53 | rypnvqgzxmj.info | udp |
| US | 8.8.8.8:53 | bmzobypil.org | udp |
| US | 8.8.8.8:53 | oacqsyko.com | udp |
| US | 8.8.8.8:53 | wsxyxyevf.info | udp |
| US | 8.8.8.8:53 | dlrwqadxkm.net | udp |
| US | 8.8.8.8:53 | mwocxdfe.info | udp |
| US | 8.8.8.8:53 | uoswek.org | udp |
| US | 8.8.8.8:53 | flsejcp.net | udp |
| US | 8.8.8.8:53 | iqtkewgpr.info | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ywkyauss.com | udp |
| US | 8.8.8.8:53 | ryxdtsd.net | udp |
| US | 8.8.8.8:53 | iswoqsvkin.net | udp |
| US | 8.8.8.8:53 | lcpvwifarrdf.net | udp |
| US | 8.8.8.8:53 | mhpzdgtlrz.net | udp |
| US | 8.8.8.8:53 | ggznzc.info | udp |
| US | 8.8.8.8:53 | ommkseqe.com | udp |
| US | 8.8.8.8:53 | horqbxcnvarq.info | udp |
| US | 8.8.8.8:53 | qgegcg.org | udp |
| US | 8.8.8.8:53 | msfmtzx.info | udp |
| US | 8.8.8.8:53 | pvoozj.net | udp |
| US | 8.8.8.8:53 | ewoaomesugas.org | udp |
| US | 8.8.8.8:53 | xyvyxoplk.net | udp |
| US | 8.8.8.8:53 | uxieho.net | udp |
| US | 8.8.8.8:53 | sjcrtokuscv.info | udp |
| US | 8.8.8.8:53 | tuxyjfg.com | udp |
| US | 8.8.8.8:53 | emkvxivozfdl.info | udp |
| US | 8.8.8.8:53 | umlkxqsinck.net | udp |
| US | 8.8.8.8:53 | xjfhqhjjcsj.net | udp |
| US | 8.8.8.8:53 | qubqirdevwh.net | udp |
| US | 8.8.8.8:53 | zzccsnyciuuj.info | udp |
| US | 8.8.8.8:53 | hmxoux.net | udp |
| US | 8.8.8.8:53 | reewxp.info | udp |
| US | 8.8.8.8:53 | bxzouovqrpfq.info | udp |
| RU | 92.126.30.117:27344 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mswmwyay.org | udp |
| US | 8.8.8.8:53 | ztvrtsrci.com | udp |
| US | 8.8.8.8:53 | qkhwkypqz.net | udp |
| US | 8.8.8.8:53 | cuqsikqiuc.org | udp |
| US | 8.8.8.8:53 | oksapkv.info | udp |
| US | 8.8.8.8:53 | jfrenmxp.net | udp |
| US | 8.8.8.8:53 | dunolqrmder.net | udp |
| US | 8.8.8.8:53 | tmeszklhh.net | udp |
| US | 8.8.8.8:53 | iuctlijqhzmj.info | udp |
| US | 8.8.8.8:53 | kgqkcggq.org | udp |
| US | 8.8.8.8:53 | fbskad.info | udp |
| US | 8.8.8.8:53 | yzjpjfhanr.info | udp |
| US | 8.8.8.8:53 | ajeufitgtoe.info | udp |
| US | 8.8.8.8:53 | svzcnbdifl.net | udp |
| US | 8.8.8.8:53 | qiwsqoycqigk.com | udp |
| US | 8.8.8.8:53 | vybmfz.net | udp |
| US | 8.8.8.8:53 | qxxcro.net | udp |
| US | 8.8.8.8:53 | oesaeigqwuki.com | udp |
| US | 8.8.8.8:53 | fylicurel.info | udp |
| US | 8.8.8.8:53 | kklwvarkjvn.info | udp |
| US | 8.8.8.8:53 | bsoypkhpfo.net | udp |
| US | 8.8.8.8:53 | ecmsoqkk.com | udp |
| US | 8.8.8.8:53 | eqaookusse.com | udp |
| US | 8.8.8.8:53 | fesilnuez.com | udp |
| US | 8.8.8.8:53 | uvdbznyfy.net | udp |
| US | 8.8.8.8:53 | rfjbxyrwhmz.net | udp |
| US | 8.8.8.8:53 | vvjlizxsewog.info | udp |
| US | 8.8.8.8:53 | lavexsyscch.com | udp |
| US | 8.8.8.8:53 | thzjiiqesc.info | udp |
| US | 8.8.8.8:53 | ahzcyggg.info | udp |
| US | 8.8.8.8:53 | teaacdtqjap.net | udp |
| US | 8.8.8.8:53 | meuzbq.net | udp |
| US | 8.8.8.8:53 | thfpsrkg.net | udp |
| US | 8.8.8.8:53 | yjlmvoew.net | udp |
| US | 8.8.8.8:53 | xwqowmqjhuy.info | udp |
| US | 8.8.8.8:53 | fdukmjxh.net | udp |
| US | 8.8.8.8:53 | qwfylqpk.net | udp |
| US | 8.8.8.8:53 | qayakuoiky.org | udp |
| US | 8.8.8.8:53 | mdainrbbifun.net | udp |
| US | 8.8.8.8:53 | pcprsjdmpwd.net | udp |
| US | 8.8.8.8:53 | asajvwgi.net | udp |
| US | 8.8.8.8:53 | burknwdor.com | udp |
| US | 8.8.8.8:53 | jqvptazjwg.info | udp |
| US | 8.8.8.8:53 | aawyswsuak.org | udp |
| US | 8.8.8.8:53 | nylqckdutge.org | udp |
| US | 8.8.8.8:53 | mbvpuecj.net | udp |
| US | 8.8.8.8:53 | gywsawomkaag.com | udp |
| US | 8.8.8.8:53 | rgnjvtqjsi.info | udp |
| US | 8.8.8.8:53 | oqamggiewmko.com | udp |
| US | 8.8.8.8:53 | zozgcobcaq.net | udp |
| US | 8.8.8.8:53 | lwbjuynoqa.info | udp |
| US | 8.8.8.8:53 | lkoowajegsm.com | udp |
| US | 8.8.8.8:53 | ujianpbo.net | udp |
| US | 8.8.8.8:53 | uwiiwocs.org | udp |
| US | 8.8.8.8:53 | llvmzokob.com | udp |
| US | 8.8.8.8:53 | jiisyyq.net | udp |
| US | 8.8.8.8:53 | gwofpraijm.info | udp |
| US | 8.8.8.8:53 | smlqyqf.net | udp |
| US | 8.8.8.8:53 | hjjakml.com | udp |
| US | 8.8.8.8:53 | kydfpkhv.info | udp |
| US | 8.8.8.8:53 | owgsuocwks.com | udp |
| US | 8.8.8.8:53 | synbfy.info | udp |
| US | 8.8.8.8:53 | mvrlhhspnj.info | udp |
| US | 8.8.8.8:53 | lwzudqhza.info | udp |
| US | 8.8.8.8:53 | vkupjvfa.net | udp |
| US | 8.8.8.8:53 | tpuhqbfg.info | udp |
| US | 8.8.8.8:53 | ympscypadnq.info | udp |
| US | 8.8.8.8:53 | pubdtrzkyif.com | udp |
| US | 8.8.8.8:53 | yclabmdol.net | udp |
| US | 8.8.8.8:53 | kcyyosmi.com | udp |
| US | 8.8.8.8:53 | lbashuv.net | udp |
| US | 8.8.8.8:53 | jooodfuznhj.com | udp |
| US | 8.8.8.8:53 | lrpflyl.info | udp |
| US | 8.8.8.8:53 | rxhxfw.net | udp |
| US | 8.8.8.8:53 | igwqfupyxch.net | udp |
| US | 8.8.8.8:53 | zkykjxrhzafp.net | udp |
| US | 8.8.8.8:53 | lupufhtslqh.org | udp |
| US | 8.8.8.8:53 | gaucggeo.org | udp |
| US | 8.8.8.8:53 | fsggngt.net | udp |
| US | 8.8.8.8:53 | renthyl.org | udp |
| US | 8.8.8.8:53 | lsfqogasdtt.net | udp |
| US | 8.8.8.8:53 | tldsymbx.info | udp |
| US | 8.8.8.8:53 | lgtqrspfq.info | udp |
| US | 8.8.8.8:53 | mexsbsbhjgq.info | udp |
| US | 8.8.8.8:53 | qgpsucx.net | udp |
| US | 8.8.8.8:53 | zbjclss.com | udp |
| US | 8.8.8.8:53 | prrjtbjytutt.info | udp |
| US | 8.8.8.8:53 | ylaxujjvpzdt.info | udp |
| US | 8.8.8.8:53 | zsktzm.info | udp |
| US | 8.8.8.8:53 | zhiscz.net | udp |
| US | 8.8.8.8:53 | hlqltge.net | udp |
| US | 8.8.8.8:53 | ggiqwigz.net | udp |
| US | 8.8.8.8:53 | oemgykmcyoeo.com | udp |
| US | 8.8.8.8:53 | mnyyga.info | udp |
| US | 8.8.8.8:53 | biaegfznduyq.net | udp |
| US | 8.8.8.8:53 | lehtot.info | udp |
| US | 8.8.8.8:53 | gedidodzbih.net | udp |
| US | 8.8.8.8:53 | vlsqekixshcp.net | udp |
| US | 8.8.8.8:53 | xbnwlc.info | udp |
| US | 8.8.8.8:53 | sukuyiom.com | udp |
| US | 8.8.8.8:53 | egtikhmy.info | udp |
| US | 8.8.8.8:53 | wkqigyyi.org | udp |
| US | 8.8.8.8:53 | hpagitapzd.info | udp |
| KZ | 2.132.29.13:30066 | tcp | |
| US | 8.8.8.8:53 | unfirhpk.net | udp |
| US | 8.8.8.8:53 | bsszmgtwbd.net | udp |
| US | 8.8.8.8:53 | jgzbxllqdecg.net | udp |
| US | 8.8.8.8:53 | irytaavwa.net | udp |
| US | 8.8.8.8:53 | mcaiowaikecc.com | udp |
| US | 8.8.8.8:53 | thbjldcrxt.net | udp |
| US | 8.8.8.8:53 | hpltuulfrbtg.net | udp |
| US | 8.8.8.8:53 | bzcudl.net | udp |
| US | 8.8.8.8:53 | patltmlplyr.net | udp |
| US | 8.8.8.8:53 | ykiepahzyloz.net | udp |
| US | 8.8.8.8:53 | gyxhlip.info | udp |
| US | 8.8.8.8:53 | zmrarczuld.net | udp |
| US | 8.8.8.8:53 | xgkynky.info | udp |
| US | 8.8.8.8:53 | usytrgzmk.info | udp |
| US | 8.8.8.8:53 | dwpkzhv.com | udp |
| US | 8.8.8.8:53 | lptydccj.info | udp |
| US | 8.8.8.8:53 | mluytpsvvs.net | udp |
| US | 8.8.8.8:53 | imnsqg.info | udp |
| US | 8.8.8.8:53 | rltwexojzn.net | udp |
| US | 8.8.8.8:53 | zrpvpvrnly.net | udp |
| US | 8.8.8.8:53 | tzmldvnbyw.info | udp |
| US | 8.8.8.8:53 | igsacosi.com | udp |
| US | 8.8.8.8:53 | mfjqpfww.net | udp |
| US | 8.8.8.8:53 | dayucgzmwkv.net | udp |
| US | 8.8.8.8:53 | irsgxcvwi.net | udp |
| US | 8.8.8.8:53 | acxeql.info | udp |
| US | 8.8.8.8:53 | rudsxay.org | udp |
| US | 8.8.8.8:53 | lzasxipvf.net | udp |
| US | 8.8.8.8:53 | inlklod.net | udp |
| US | 8.8.8.8:53 | xscnuevuoh.info | udp |
| US | 8.8.8.8:53 | wuybayvsmwt.info | udp |
| US | 8.8.8.8:53 | nbzzjywqutlo.net | udp |
| US | 8.8.8.8:53 | nzabdr.net | udp |
| US | 8.8.8.8:53 | ixtcwkx.info | udp |
| US | 8.8.8.8:53 | lfvxxt.info | udp |
| US | 8.8.8.8:53 | qwuaicog.com | udp |
| US | 8.8.8.8:53 | iggcfwpytwa.net | udp |
| US | 8.8.8.8:53 | uvcxju.net | udp |
| US | 8.8.8.8:53 | fmtkrphjyb.net | udp |
| US | 8.8.8.8:53 | cjbbfa.info | udp |
| US | 8.8.8.8:53 | tuaxjj.net | udp |
| US | 8.8.8.8:53 | gnxurajd.net | udp |
| US | 8.8.8.8:53 | wcmnjgvsyqd.net | udp |
| US | 8.8.8.8:53 | wontzvylz.info | udp |
| US | 8.8.8.8:53 | jbcsgnpp.net | udp |
| US | 8.8.8.8:53 | ygikaeog.com | udp |
| US | 8.8.8.8:53 | xwdpma.net | udp |
| US | 8.8.8.8:53 | jgsuxu.info | udp |
| US | 8.8.8.8:53 | xcpxbamqdqo.info | udp |
| US | 8.8.8.8:53 | rdgsneagqr.info | udp |
| US | 8.8.8.8:53 | zoggrzj.net | udp |
| US | 8.8.8.8:53 | fsqcrdll.net | udp |
| US | 8.8.8.8:53 | dagobms.org | udp |
| US | 8.8.8.8:53 | jalkbr.info | udp |
| US | 8.8.8.8:53 | zultkqufo.com | udp |
| US | 8.8.8.8:53 | cxffzmlflm.info | udp |
| US | 8.8.8.8:53 | wrdoibbxsqiz.net | udp |
| US | 8.8.8.8:53 | teogwmvktkb.net | udp |
| US | 8.8.8.8:53 | ebzopvrqmkw.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | wyojvg.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | maltyz.net | udp |
| US | 8.8.8.8:53 | wrutxa.info | udp |
| US | 8.8.8.8:53 | nzhiqmukju.net | udp |
| US | 8.8.8.8:53 | pnagbwf.org | udp |
| US | 8.8.8.8:53 | lexnfxhauylz.net | udp |
| US | 8.8.8.8:53 | zucozx.net | udp |
| US | 8.8.8.8:53 | usztsauxtyh.net | udp |
| US | 8.8.8.8:53 | yzlwdp.net | udp |
| US | 8.8.8.8:53 | ppgkzw.info | udp |
| US | 8.8.8.8:53 | ncgeawziuqr.info | udp |
| US | 8.8.8.8:53 | bktpfwsl.net | udp |
| US | 8.8.8.8:53 | licknqqnn.com | udp |
| US | 8.8.8.8:53 | bgrpfonhx.com | udp |
| US | 8.8.8.8:53 | iplqdlbmaiyt.info | udp |
| US | 8.8.8.8:53 | jmeoksvnbqb.info | udp |
| US | 8.8.8.8:53 | wrpzeszijfe.net | udp |
| US | 8.8.8.8:53 | qkwskw.com | udp |
| US | 8.8.8.8:53 | cswwuqgk.org | udp |
| US | 8.8.8.8:53 | ueiyokkc.org | udp |
| US | 8.8.8.8:53 | icguwgwkgggw.com | udp |
| HK | 156.237.207.232:80 | yeseee.com | tcp |
| US | 8.8.8.8:53 | dgagmwuom.info | udp |
| US | 8.8.8.8:53 | ixhgstfxzq.net | udp |
| US | 8.8.8.8:53 | kyiqacma.com | udp |
| US | 8.8.8.8:53 | jupejihn.info | udp |
| US | 8.8.8.8:53 | zlhhsbjg.info | udp |
| US | 8.8.8.8:53 | otzqts.info | udp |
| US | 8.8.8.8:53 | kakgwssuuiim.com | udp |
| US | 8.8.8.8:53 | twthcnbu.net | udp |
| US | 8.8.8.8:53 | taxsnux.com | udp |
| US | 8.8.8.8:53 | uuwuci.info | udp |
| US | 8.8.8.8:53 | wrclinyubwwb.info | udp |
| US | 8.8.8.8:53 | zssmpk.net | udp |
| US | 8.8.8.8:53 | pgzahlpmengn.info | udp |
| US | 8.8.8.8:53 | qknyjun.info | udp |
| US | 8.8.8.8:53 | iwlpzasaqq.net | udp |
| US | 8.8.8.8:53 | tvfrfyf.net | udp |
| US | 8.8.8.8:53 | wqlwsh.info | udp |
| US | 8.8.8.8:53 | ojtqeup.net | udp |
| US | 8.8.8.8:53 | bakfznqyjrsl.net | udp |
| US | 8.8.8.8:53 | lwssduo.com | udp |
| US | 8.8.8.8:53 | zbirgfjdbylb.net | udp |
| US | 8.8.8.8:53 | rcqkjeisy.net | udp |
| US | 8.8.8.8:53 | lgyjphrwu.info | udp |
| US | 8.8.8.8:53 | luompddplgp.info | udp |
| US | 8.8.8.8:53 | mptxajoylql.info | udp |
| US | 8.8.8.8:53 | tsxauoqgjzf.net | udp |
| US | 8.8.8.8:53 | wqjytoqujwv.net | udp |
| US | 8.8.8.8:53 | msyiemkumw.com | udp |
| US | 8.8.8.8:53 | wiiywsukweqk.org | udp |
| US | 8.8.8.8:53 | jrlqbprm.net | udp |
| US | 8.8.8.8:53 | ywoshqhmx.info | udp |
| US | 8.8.8.8:53 | ikqvzrhwc.info | udp |
| US | 8.8.8.8:53 | beklnku.com | udp |
| US | 8.8.8.8:53 | citbraxc.net | udp |
| US | 8.8.8.8:53 | ocjjxusykevv.net | udp |
| US | 8.8.8.8:53 | owlgvejziqh.info | udp |
| US | 8.8.8.8:53 | nicxrmrxya.net | udp |
| US | 8.8.8.8:53 | lwqajwzgxkb.info | udp |
| US | 8.8.8.8:53 | njlyjirqkmn.info | udp |
| US | 8.8.8.8:53 | lodicuycz.net | udp |
| US | 8.8.8.8:53 | dcvrznxtve.net | udp |
| US | 8.8.8.8:53 | iegynym.net | udp |
| US | 8.8.8.8:53 | sqmcmyiu.com | udp |
| US | 8.8.8.8:53 | awuswsny.info | udp |
| US | 8.8.8.8:53 | qmvygc.net | udp |
| US | 8.8.8.8:53 | liwertlarxh.info | udp |
| US | 8.8.8.8:53 | tjfxnqiuxuk.net | udp |
| IE | 92.251.194.3:27876 | tcp | |
| US | 8.8.8.8:53 | zhhrotqgtf.net | udp |
| US | 8.8.8.8:53 | aayvly.info | udp |
| US | 8.8.8.8:53 | pqmopopqh.org | udp |
| US | 8.8.8.8:53 | eqdycvlqz.net | udp |
| US | 8.8.8.8:53 | ouiekkckacss.com | udp |
| US | 8.8.8.8:53 | vdinsezipu.net | udp |
| US | 8.8.8.8:53 | jzhuzwporqfn.info | udp |
| US | 8.8.8.8:53 | cggoawui.org | udp |
| US | 8.8.8.8:53 | gmtnplpuzabf.net | udp |
| US | 8.8.8.8:53 | sotsbwt.net | udp |
| US | 8.8.8.8:53 | mfxmirp.net | udp |
| US | 8.8.8.8:53 | xjxwpmnzn.info | udp |
| US | 8.8.8.8:53 | pqibcvao.net | udp |
| US | 8.8.8.8:53 | wavldikgikw.info | udp |
| US | 8.8.8.8:53 | elplwj.info | udp |
| US | 8.8.8.8:53 | bcksphj.net | udp |
| US | 8.8.8.8:53 | uqwumusk.org | udp |
| US | 8.8.8.8:53 | ztvczb.info | udp |
| US | 8.8.8.8:53 | xanwqkg.info | udp |
| US | 8.8.8.8:53 | rqkdii.info | udp |
| US | 8.8.8.8:53 | mptidmkjd.info | udp |
| US | 8.8.8.8:53 | wbetpdul.info | udp |
| US | 8.8.8.8:53 | gkzgeziloxus.net | udp |
| US | 8.8.8.8:53 | amuiyqmcsm.org | udp |
| US | 8.8.8.8:53 | kxtttvtubjlx.info | udp |
| US | 8.8.8.8:53 | zvuethrrrhtb.info | udp |
| US | 8.8.8.8:53 | fofcgchur.net | udp |
| US | 8.8.8.8:53 | vodrrrr.org | udp |
| US | 8.8.8.8:53 | kgbgpalkjgb.net | udp |
| US | 8.8.8.8:53 | rxhwtatl.info | udp |
| US | 8.8.8.8:53 | hefmdyj.org | udp |
| US | 8.8.8.8:53 | yjehnnolzqbq.info | udp |
| US | 8.8.8.8:53 | icaijmduf.net | udp |
| US | 8.8.8.8:53 | syfzstfcq.net | udp |
| US | 8.8.8.8:53 | xkeabyv.com | udp |
| US | 8.8.8.8:53 | qetoxfl.net | udp |
| US | 8.8.8.8:53 | cfwjbujktq.info | udp |
| US | 8.8.8.8:53 | stbslg.info | udp |
| US | 8.8.8.8:53 | ycbivv.info | udp |
| US | 8.8.8.8:53 | yaxihtt.info | udp |
| US | 8.8.8.8:53 | stfhbwifvy.info | udp |
| US | 8.8.8.8:53 | rjdirb.net | udp |
| US | 8.8.8.8:53 | fgyojpnggd.info | udp |
| US | 8.8.8.8:53 | rsuwsvs.com | udp |
| US | 8.8.8.8:53 | swjevozmaot.info | udp |
| US | 8.8.8.8:53 | issatkmiey.net | udp |
| US | 8.8.8.8:53 | efdlohhy.info | udp |
| US | 8.8.8.8:53 | jnxpzofluqgv.net | udp |
| US | 8.8.8.8:53 | okuqnmnibaz.info | udp |
| US | 8.8.8.8:53 | wqrewgs.net | udp |
| US | 8.8.8.8:53 | lcqpelrt.info | udp |
| US | 8.8.8.8:53 | oenkpnbczab.net | udp |
| US | 8.8.8.8:53 | zitiqkxzo.info | udp |
| US | 8.8.8.8:53 | uehynijurjx.info | udp |
| US | 8.8.8.8:53 | fvrzjt.net | udp |
| US | 8.8.8.8:53 | bdjhkwrwlct.net | udp |
| US | 8.8.8.8:53 | lejqvol.com | udp |
| US | 8.8.8.8:53 | pmvwlcgtpsd.com | udp |
| US | 8.8.8.8:53 | sgmaqcoqwaii.com | udp |
| US | 8.8.8.8:53 | bgdqgf.net | udp |
| US | 8.8.8.8:53 | ntnatkxsyx.info | udp |
| US | 8.8.8.8:53 | fctskjhwgynr.net | udp |
| US | 8.8.8.8:53 | yqxwmiy.net | udp |
| US | 8.8.8.8:53 | upxkhuzkr.info | udp |
| US | 8.8.8.8:53 | mcmokiay.org | udp |
| US | 8.8.8.8:53 | oizefcxwi.info | udp |
| US | 8.8.8.8:53 | qlrjdo.net | udp |
| US | 8.8.8.8:53 | ycxvrvto.info | udp |
| US | 8.8.8.8:53 | kywoho.net | udp |
| US | 8.8.8.8:53 | opviekt.info | udp |
| US | 8.8.8.8:53 | hdimlfbvdxpk.net | udp |
| US | 8.8.8.8:53 | aoykowkgicyy.com | udp |
| US | 8.8.8.8:53 | iimwsaiuck.com | udp |
| US | 8.8.8.8:53 | ceybdwd.info | udp |
| US | 8.8.8.8:53 | qyzoycv.info | udp |
| US | 8.8.8.8:53 | eqwkxorsw.net | udp |
| US | 8.8.8.8:53 | gyuaeyauqw.org | udp |
| US | 8.8.8.8:53 | xjtjvcjqz.net | udp |
| US | 8.8.8.8:53 | ubgepo.net | udp |
| US | 8.8.8.8:53 | bstlfoldha.info | udp |
| US | 8.8.8.8:53 | cmaakgskgoqk.com | udp |
| US | 8.8.8.8:53 | amvbrfhisy.info | udp |
| US | 8.8.8.8:53 | tgnqbsmgi.net | udp |
| US | 8.8.8.8:53 | rzohmurstn.info | udp |
| US | 8.8.8.8:53 | jogyvbjdxfvb.info | udp |
| US | 8.8.8.8:53 | yeqqqo.net | udp |
| US | 8.8.8.8:53 | sbablr.net | udp |
| US | 8.8.8.8:53 | gyssuswakk.org | udp |
| US | 8.8.8.8:53 | knqylqhet.info | udp |
| US | 8.8.8.8:53 | aubgzylblcd.info | udp |
| US | 8.8.8.8:53 | tjdyzjqo.net | udp |
| US | 8.8.8.8:53 | blnfdqykka.info | udp |
| US | 8.8.8.8:53 | rzbgiunhta.info | udp |
| US | 8.8.8.8:53 | zcydmjuf.net | udp |
| US | 8.8.8.8:53 | xcjowdreaa.net | udp |
| US | 8.8.8.8:53 | kyimmoimkeb.info | udp |
| US | 8.8.8.8:53 | yyyocgkycs.org | udp |
| US | 8.8.8.8:53 | rcrcrbxww.net | udp |
| US | 8.8.8.8:53 | zewutfwnnky.net | udp |
| US | 8.8.8.8:53 | dfumnd.net | udp |
| US | 8.8.8.8:53 | ocmwkuug.com | udp |
| US | 8.8.8.8:53 | kspinqtbmss.info | udp |
| US | 8.8.8.8:53 | rcfnqctg.info | udp |
| US | 8.8.8.8:53 | hehyqnx.com | udp |
| US | 8.8.8.8:53 | mlfcdejcu.net | udp |
| US | 8.8.8.8:53 | wptlreqsrxl.net | udp |
| US | 8.8.8.8:53 | isphnkjuznx.info | udp |
| US | 8.8.8.8:53 | uynkpsuvtgz.net | udp |
| US | 8.8.8.8:53 | yufrrgzwkqt.net | udp |
| US | 8.8.8.8:53 | wyiatut.info | udp |
| US | 8.8.8.8:53 | urgczoasfcp.info | udp |
| US | 8.8.8.8:53 | wqssymym.com | udp |
| US | 8.8.8.8:53 | zeccfgn.org | udp |
| US | 8.8.8.8:53 | ompjjqpe.info | udp |
| US | 8.8.8.8:53 | cmfwhshup.net | udp |
| US | 8.8.8.8:53 | dwsikogj.info | udp |
| US | 8.8.8.8:53 | dhioxsr.info | udp |
| US | 8.8.8.8:53 | eyskai.org | udp |
| US | 8.8.8.8:53 | xgnijggfclh.com | udp |
| US | 8.8.8.8:53 | ewsuycsyciqu.com | udp |
| US | 8.8.8.8:53 | vgziql.net | udp |
| US | 8.8.8.8:53 | xykijz.info | udp |
| US | 8.8.8.8:53 | znpyqffgagh.info | udp |
| US | 8.8.8.8:53 | brlixnjnnz.info | udp |
| US | 8.8.8.8:53 | eyjyjuzdnmn.info | udp |
| US | 8.8.8.8:53 | rkkxyyftfre.info | udp |
| US | 8.8.8.8:53 | esveuz.net | udp |
| US | 8.8.8.8:53 | wsyqzjzsjih.info | udp |
| US | 8.8.8.8:53 | qwryahmgy.net | udp |
| US | 8.8.8.8:53 | laqhcjsc.info | udp |
| BG | 89.215.35.152:40235 | tcp | |
| US | 8.8.8.8:53 | bsfwhwgslqb.info | udp |
| US | 8.8.8.8:53 | ftakawn.net | udp |
| US | 8.8.8.8:53 | fupjry.net | udp |
| US | 8.8.8.8:53 | hziuyprisgog.net | udp |
| US | 8.8.8.8:53 | iuecpck.info | udp |
| US | 8.8.8.8:53 | himneqri.info | udp |
| US | 8.8.8.8:53 | aavqtob.info | udp |
| US | 8.8.8.8:53 | bqngtxwriphe.net | udp |
| US | 8.8.8.8:53 | leqbsudb.net | udp |
| US | 8.8.8.8:53 | wzdqnqmqwjvw.net | udp |
| US | 8.8.8.8:53 | hfgkacxqinla.net | udp |
| US | 8.8.8.8:53 | qljqbw.info | udp |
| US | 8.8.8.8:53 | jflhce.net | udp |
| US | 8.8.8.8:53 | mijooumcbyl.net | udp |
| US | 8.8.8.8:53 | snzzgfrcjic.info | udp |
| US | 8.8.8.8:53 | cycgmsgoeu.org | udp |
| US | 8.8.8.8:53 | uwougiow.com | udp |
| US | 8.8.8.8:53 | wutiyo.net | udp |
| US | 8.8.8.8:53 | xizjfuqnvubh.info | udp |
| US | 8.8.8.8:53 | mgfznqaw.info | udp |
| US | 8.8.8.8:53 | savqpwhqr.info | udp |
| US | 8.8.8.8:53 | tljzkkmbkg.info | udp |
| US | 8.8.8.8:53 | yajpyqiudrkm.info | udp |
| US | 8.8.8.8:53 | lrowcjkt.net | udp |
| US | 8.8.8.8:53 | azlmfogivq.info | udp |
| US | 8.8.8.8:53 | yocauycg.org | udp |
| US | 8.8.8.8:53 | tjkudxxmnw.net | udp |
| US | 8.8.8.8:53 | coceumyqqoeu.com | udp |
| US | 8.8.8.8:53 | jfxqzq.info | udp |
| US | 8.8.8.8:53 | xbxlmfybwlcm.net | udp |
| US | 8.8.8.8:53 | xqhtrgwuopgh.net | udp |
| US | 8.8.8.8:53 | zyflndtj.net | udp |
| US | 8.8.8.8:53 | rwpzfdznpdmz.info | udp |
| US | 8.8.8.8:53 | pvilyq.net | udp |
| US | 8.8.8.8:53 | vanjpyu.com | udp |
| US | 8.8.8.8:53 | vmnmbvae.net | udp |
| US | 8.8.8.8:53 | ipusxl.info | udp |
| US | 8.8.8.8:53 | iyjlfazy.net | udp |
| US | 8.8.8.8:53 | qvdvjmnw.net | udp |
| US | 8.8.8.8:53 | gcyuygyuci.com | udp |
| US | 8.8.8.8:53 | xvgbxibie.info | udp |
| US | 8.8.8.8:53 | oklwmhsexc.net | udp |
| US | 8.8.8.8:53 | jrmrzmpg.info | udp |
| US | 8.8.8.8:53 | jefyhx.net | udp |
| US | 8.8.8.8:53 | vccdjb.net | udp |
| US | 8.8.8.8:53 | vedsuip.info | udp |
| US | 8.8.8.8:53 | ywbmxtjsfezl.info | udp |
| US | 8.8.8.8:53 | gaagqkyyskeg.com | udp |
| US | 8.8.8.8:53 | egfhlomqnizc.info | udp |
| US | 8.8.8.8:53 | ygaayqgs.com | udp |
| US | 8.8.8.8:53 | yjcgvy.info | udp |
| US | 8.8.8.8:53 | ccukoeoyos.com | udp |
| US | 8.8.8.8:53 | qunsptr.net | udp |
| US | 8.8.8.8:53 | hejfbgmkec.info | udp |
| US | 8.8.8.8:53 | ajzoveo.info | udp |
| US | 8.8.8.8:53 | ssmxzo.info | udp |
| US | 8.8.8.8:53 | icikstov.info | udp |
| US | 8.8.8.8:53 | pmqgqnyy.net | udp |
| US | 8.8.8.8:53 | kuqsca.com | udp |
| US | 8.8.8.8:53 | jskougrtj.info | udp |
| US | 8.8.8.8:53 | tboyrtniuyn.net | udp |
| US | 8.8.8.8:53 | ymsapirqt.info | udp |
| US | 8.8.8.8:53 | oimwky.com | udp |
| US | 8.8.8.8:53 | waaawwssso.com | udp |
| US | 8.8.8.8:53 | omrujip.net | udp |
| US | 8.8.8.8:53 | pmfgftl.info | udp |
| US | 8.8.8.8:53 | ehpkcshqfox.net | udp |
| US | 8.8.8.8:53 | iqjkiytxpcb.net | udp |
| US | 8.8.8.8:53 | zoihvi.info | udp |
| US | 8.8.8.8:53 | rocmmj.net | udp |
| US | 8.8.8.8:53 | mwycqayuwe.com | udp |
| US | 8.8.8.8:53 | zmnqrt.net | udp |
| US | 8.8.8.8:53 | ditilpj.info | udp |
| US | 8.8.8.8:53 | euecceqesg.com | udp |
| US | 8.8.8.8:53 | yrwzizgs.net | udp |
| US | 8.8.8.8:53 | gkmaqgeikc.org | udp |
| US | 8.8.8.8:53 | epjmxcqi.info | udp |
| US | 8.8.8.8:53 | fvljsbupim.net | udp |
| US | 8.8.8.8:53 | waymomyo.org | udp |
| US | 8.8.8.8:53 | evpshiwprexs.info | udp |
| US | 8.8.8.8:53 | bwsuhntfuq.info | udp |
| US | 8.8.8.8:53 | tjjayen.info | udp |
| US | 8.8.8.8:53 | iexcvuieoec.net | udp |
| US | 8.8.8.8:53 | hmzuogpis.info | udp |
| US | 8.8.8.8:53 | rcsnqk.net | udp |
| US | 8.8.8.8:53 | picviuesvw.info | udp |
| US | 8.8.8.8:53 | qomkegaa.com | udp |
| US | 8.8.8.8:53 | vdubtfqoz.net | udp |
| US | 8.8.8.8:53 | esmiwuggok.com | udp |
| US | 8.8.8.8:53 | dewgvrjsbws.org | udp |
| US | 8.8.8.8:53 | ydbptsffslde.net | udp |
| US | 8.8.8.8:53 | tqazjgqoftf.org | udp |
| US | 8.8.8.8:53 | aiiiegcquaqo.com | udp |
| US | 8.8.8.8:53 | euqscmck.com | udp |
| US | 8.8.8.8:53 | hgzdzjz.org | udp |
| US | 8.8.8.8:53 | hwtgjqnxvk.net | udp |
| US | 8.8.8.8:53 | jsblpjvu.info | udp |
| US | 8.8.8.8:53 | cydnzcjqzgl.net | udp |
| US | 8.8.8.8:53 | kxljhxpasf.info | udp |
| US | 8.8.8.8:53 | vhveha.info | udp |
| US | 8.8.8.8:53 | aueokaicgcck.org | udp |
| US | 8.8.8.8:53 | eklabunbl.net | udp |
| US | 8.8.8.8:53 | tulofl.net | udp |
| US | 8.8.8.8:53 | pyespa.info | udp |
| US | 8.8.8.8:53 | loxqhtax.net | udp |
| US | 8.8.8.8:53 | tlzswhkn.net | udp |
| US | 8.8.8.8:53 | pjarubvs.info | udp |
| US | 8.8.8.8:53 | msgamwwm.com | udp |
| US | 8.8.8.8:53 | zbeyfwbix.net | udp |
| US | 8.8.8.8:53 | pwayhmm.com | udp |
| US | 8.8.8.8:53 | meumgzpu.info | udp |
| US | 8.8.8.8:53 | yufaxxx.net | udp |
| US | 8.8.8.8:53 | tjgpbsal.info | udp |
| US | 8.8.8.8:53 | kowkey.org | udp |
| US | 8.8.8.8:53 | fshhtxpue.org | udp |
| US | 8.8.8.8:53 | pqvklsqepqt.org | udp |
| US | 8.8.8.8:53 | mqrbptagxwm.info | udp |
| US | 8.8.8.8:53 | hlzbndjkim.net | udp |
| US | 8.8.8.8:53 | imluhkyxr.info | udp |
| US | 8.8.8.8:53 | xpvqvjlvz.com | udp |
| US | 8.8.8.8:53 | vqvijqvdd.net | udp |
| US | 8.8.8.8:53 | nwjqcekgx.info | udp |
| US | 8.8.8.8:53 | tbgneuyypcj.org | udp |
| US | 8.8.8.8:53 | lytuefatnbnu.net | udp |
| US | 8.8.8.8:53 | xkpexqblf.org | udp |
| US | 8.8.8.8:53 | ukwkagwkcska.com | udp |
| US | 8.8.8.8:53 | zliszamqnk.net | udp |
| US | 8.8.8.8:53 | zamjrbhatz.net | udp |
| US | 8.8.8.8:53 | lnnvbcdyf.com | udp |
| US | 8.8.8.8:53 | rmhozhkc.net | udp |
| US | 8.8.8.8:53 | qyivdl.net | udp |
| US | 8.8.8.8:53 | zyezpqpizsd.net | udp |
| US | 8.8.8.8:53 | zvecbkrgufyt.net | udp |
| US | 8.8.8.8:53 | javjpwoegkbc.info | udp |
| US | 8.8.8.8:53 | vmzukkz.com | udp |
| US | 8.8.8.8:53 | oahzbczz.info | udp |
| US | 8.8.8.8:53 | riryimhcb.info | udp |
| US | 8.8.8.8:53 | dgvaobl.info | udp |
| LT | 78.63.64.52:40508 | tcp | |
| US | 8.8.8.8:53 | bsxjofye.info | udp |
| US | 8.8.8.8:53 | pdxblcdr.info | udp |
| US | 8.8.8.8:53 | qmtntuhhym.info | udp |
| US | 8.8.8.8:53 | scewoymm.org | udp |
| US | 8.8.8.8:53 | thxcpapcihok.info | udp |
| US | 8.8.8.8:53 | yjdufqkezyf.info | udp |
| US | 8.8.8.8:53 | llmtynj.com | udp |
| US | 8.8.8.8:53 | bqekjoryh.net | udp |
| US | 8.8.8.8:53 | dktzfczo.info | udp |
| US | 8.8.8.8:53 | iiywku.com | udp |
| US | 8.8.8.8:53 | eckycw.org | udp |
| US | 8.8.8.8:53 | tobnvkxqsid.net | udp |
| US | 8.8.8.8:53 | dngfrgoifb.info | udp |
| US | 8.8.8.8:53 | qkfgnrtai.net | udp |
| US | 8.8.8.8:53 | bicrzc.net | udp |
| US | 8.8.8.8:53 | eklqjdouo.info | udp |
| US | 8.8.8.8:53 | siyqvceqj.info | udp |
| US | 8.8.8.8:53 | pvpuzcrhpmf.org | udp |
| US | 8.8.8.8:53 | ipfgvtx.info | udp |
| US | 8.8.8.8:53 | smdqdyath.net | udp |
| US | 8.8.8.8:53 | rtwboi.info | udp |
| US | 8.8.8.8:53 | kobwuadiuqf.info | udp |
| US | 8.8.8.8:53 | ltmundpr.info | udp |
| US | 8.8.8.8:53 | ogqweewyge.com | udp |
| US | 8.8.8.8:53 | tqnqjyh.net | udp |
| US | 8.8.8.8:53 | snhrfhtbnnuf.info | udp |
| US | 8.8.8.8:53 | uinkeet.net | udp |
| US | 8.8.8.8:53 | sfxwvwvef.info | udp |
| US | 8.8.8.8:53 | baiizeh.com | udp |
| US | 8.8.8.8:53 | rkoxsfrgbot.net | udp |
| US | 8.8.8.8:53 | aaysukyqua.org | udp |
| US | 8.8.8.8:53 | nslydxs.info | udp |
| US | 8.8.8.8:53 | dkrwxbmm.info | udp |
| US | 8.8.8.8:53 | nxhzbnskcnbv.info | udp |
| US | 8.8.8.8:53 | jiukygsa.info | udp |
| US | 8.8.8.8:53 | refgowdspun.net | udp |
| US | 8.8.8.8:53 | davutapcntl.org | udp |
| US | 8.8.8.8:53 | kcmxdzjyeozg.info | udp |
| US | 8.8.8.8:53 | knndilvpakie.info | udp |
| US | 8.8.8.8:53 | eopkjrw.net | udp |
| US | 8.8.8.8:53 | leqwbjbs.net | udp |
| US | 8.8.8.8:53 | zxbhbwp.com | udp |
| US | 8.8.8.8:53 | wvhiplldjb.net | udp |
| US | 8.8.8.8:53 | zwycfwpws.org | udp |
| US | 8.8.8.8:53 | uidkczcgxkz.info | udp |
| US | 8.8.8.8:53 | fqfphmqgingl.net | udp |
| US | 8.8.8.8:53 | jppfxadpxerp.net | udp |
| US | 8.8.8.8:53 | vagjxq.net | udp |
| US | 8.8.8.8:53 | puqpxriibrly.net | udp |
| US | 8.8.8.8:53 | aogobal.info | udp |
| US | 8.8.8.8:53 | xqlyjzwgequ.info | udp |
| US | 8.8.8.8:53 | mguggsp.net | udp |
| US | 8.8.8.8:53 | rftgfsvkv.info | udp |
| US | 8.8.8.8:53 | gudechrg.info | udp |
| US | 8.8.8.8:53 | rpffvwdc.net | udp |
| US | 8.8.8.8:53 | vzvzbbwfmbpq.info | udp |
| US | 8.8.8.8:53 | ztqdje.info | udp |
| US | 8.8.8.8:53 | hdrlso.info | udp |
| US | 8.8.8.8:53 | edswheekj.net | udp |
| US | 8.8.8.8:53 | nqldnkf.com | udp |
| US | 8.8.8.8:53 | wfauslmm.info | udp |
| US | 8.8.8.8:53 | mepvzoln.net | udp |
| US | 8.8.8.8:53 | rdcstqys.net | udp |
| US | 8.8.8.8:53 | psjgnfdmjwx.net | udp |
| US | 8.8.8.8:53 | ynedokvu.info | udp |
| US | 8.8.8.8:53 | joakcwei.net | udp |
| US | 8.8.8.8:53 | oyqyskcsaoww.com | udp |
| US | 8.8.8.8:53 | rxvdlr.info | udp |
| US | 8.8.8.8:53 | kcwkgc.org | udp |
| US | 8.8.8.8:53 | kmeggs.org | udp |
| US | 8.8.8.8:53 | xegsvguyfyz.org | udp |
| US | 8.8.8.8:53 | bydbtahum.net | udp |
| US | 8.8.8.8:53 | mieagqauwwei.com | udp |
| US | 8.8.8.8:53 | ukgjbsw.net | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | lybwzoanj.org | udp |
| US | 8.8.8.8:53 | ogbzhsjcovr.net | udp |
| US | 8.8.8.8:53 | qsegii.org | udp |
| MD | 188.237.40.175:20925 | tcp | |
| US | 8.8.8.8:53 | qxltam.net | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| US | 8.8.8.8:53 | pzrhjirjbmfy.net | udp |
| US | 8.8.8.8:53 | muugke.org | udp |
| US | 8.8.8.8:53 | zwgnqfhdpwlr.net | udp |
| US | 8.8.8.8:53 | qymomy.com | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | vdjmzjrizkb.org | udp |
| US | 8.8.8.8:53 | ornkdyvmdjx.info | udp |
| US | 8.8.8.8:53 | jcscfnbly.com | udp |
| US | 8.8.8.8:53 | rxukgmgaehxa.info | udp |
| US | 8.8.8.8:53 | pnfmjmvwlcx.org | udp |
| US | 8.8.8.8:53 | xdxafq.info | udp |
| US | 8.8.8.8:53 | reughdtkt.net | udp |
| US | 8.8.8.8:53 | gyaygi.org | udp |
| US | 8.8.8.8:53 | savjxjkwjwr.info | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| US | 8.8.8.8:53 | ivpwjejah.net | udp |
| US | 8.8.8.8:53 | avsrqpxkbz.net | udp |
| US | 8.8.8.8:53 | vqhclzq.org | udp |
| US | 8.8.8.8:53 | oskwmeqwiwuy.org | udp |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | fcbenz.net | udp |
| US | 8.8.8.8:53 | agbofqw.net | udp |
| US | 8.8.8.8:53 | twmmkhcywuj.org | udp |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | tnhsigxd.net | udp |
| US | 8.8.8.8:53 | rgeebyrmeql.info | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | ologud.net | udp |
| US | 8.8.8.8:53 | lvqslsbcaef.info | udp |
| US | 8.8.8.8:53 | xnvycy.net | udp |
| US | 8.8.8.8:53 | vxvtzzfqfq.info | udp |
| US | 8.8.8.8:53 | myocswemuq.org | udp |
| US | 8.8.8.8:53 | goqaii.com | udp |
| US | 8.8.8.8:53 | aoxerks.net | udp |
| US | 8.8.8.8:53 | vmgxfihyh.com | udp |
| US | 8.8.8.8:53 | pvdmlhdm.info | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | hvtdtsgilkr.org | udp |
| US | 8.8.8.8:53 | jrncvlzwiulh.net | udp |
| US | 8.8.8.8:53 | hedgzgtct.info | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| US | 8.8.8.8:53 | skiacmoocwia.com | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 8.8.8.8:53 | uaqoieb.net | udp |
| US | 8.8.8.8:53 | arojwifo.info | udp |
| US | 8.8.8.8:53 | vljgbupsl.net | udp |
| US | 8.8.8.8:53 | pmnzsvigknti.net | udp |
| US | 8.8.8.8:53 | raespau.info | udp |
| US | 8.8.8.8:53 | rfdplqdpcv.net | udp |
| US | 8.8.8.8:53 | bowjiclf.info | udp |
| US | 8.8.8.8:53 | qpejngowavjy.info | udp |
| US | 8.8.8.8:53 | uzeqivztvtzm.net | udp |
| US | 8.8.8.8:53 | vasazdwwgmbg.net | udp |
| US | 8.8.8.8:53 | hfgirllyjlxz.info | udp |
| US | 8.8.8.8:53 | lcbsfiyyz.com | udp |
| US | 8.8.8.8:53 | pvvhcp.net | udp |
| US | 8.8.8.8:53 | bwfzcgdepuz.info | udp |
| US | 8.8.8.8:53 | rjpidt.net | udp |
| US | 8.8.8.8:53 | dmbealkee.net | udp |
| US | 8.8.8.8:53 | lbpahgxfr.net | udp |
| US | 8.8.8.8:53 | rxmoicnaf.com | udp |
| US | 8.8.8.8:53 | imiaiesawsua.com | udp |
| US | 8.8.8.8:53 | jcokutwxzer.org | udp |
| US | 8.8.8.8:53 | yqiweowi.com | udp |
| US | 8.8.8.8:53 | nohbxstoyz.net | udp |
| US | 8.8.8.8:53 | mzejxuqw.net | udp |
| US | 8.8.8.8:53 | zcyghg.net | udp |
| US | 8.8.8.8:53 | gcaaolbrna.info | udp |
| US | 8.8.8.8:53 | waqgcwawyaca.org | udp |
| US | 8.8.8.8:53 | jkdcdyf.com | udp |
| US | 8.8.8.8:53 | ykqwmcigckyy.com | udp |
| US | 8.8.8.8:53 | ayusueyouyck.com | udp |
| US | 8.8.8.8:53 | bibjevtrsn.info | udp |
| US | 8.8.8.8:53 | lemibrxund.info | udp |
| US | 8.8.8.8:53 | kinqrepabkx.info | udp |
| US | 8.8.8.8:53 | ociybcn.net | udp |
| US | 8.8.8.8:53 | riqbtapw.net | udp |
| US | 8.8.8.8:53 | zmsjcmkd.net | udp |
| US | 8.8.8.8:53 | zsqxejydfpnt.info | udp |
| US | 8.8.8.8:53 | otavazqowh.net | udp |
| US | 8.8.8.8:53 | eqbrod.info | udp |
| US | 8.8.8.8:53 | xikpjag.org | udp |
| US | 8.8.8.8:53 | wqmsee.org | udp |
| US | 8.8.8.8:53 | qudyrmntuow.info | udp |
| US | 8.8.8.8:53 | bhvibmtdzlaj.net | udp |
| US | 8.8.8.8:53 | pomhlyinh.net | udp |
| US | 8.8.8.8:53 | rbxxfshgm.net | udp |
| US | 8.8.8.8:53 | agixfkp.info | udp |
| US | 8.8.8.8:53 | uahyhazqex.net | udp |
| US | 8.8.8.8:53 | usiikeyy.org | udp |
| US | 8.8.8.8:53 | crdswoazdmtr.info | udp |
| US | 8.8.8.8:53 | xazzrkajv.org | udp |
| US | 8.8.8.8:53 | uspavcp.net | udp |
| US | 8.8.8.8:53 | wxasclkyrbqx.net | udp |
| US | 8.8.8.8:53 | jqrcbnxglqf.net | udp |
| US | 8.8.8.8:53 | hrnujmsfph.net | udp |
| US | 8.8.8.8:53 | povvpsbpdgp.com | udp |
| US | 8.8.8.8:53 | eeieem.com | udp |
| US | 8.8.8.8:53 | ourepitvklx.info | udp |
| US | 8.8.8.8:53 | gojewbc.info | udp |
| US | 8.8.8.8:53 | ahzmbnwwrg.net | udp |
| US | 8.8.8.8:53 | ygscuisw.org | udp |
| US | 8.8.8.8:53 | tkbzdkkz.info | udp |
| US | 8.8.8.8:53 | xrarhheg.info | udp |
| US | 8.8.8.8:53 | htjltg.info | udp |
| US | 8.8.8.8:53 | xhisrub.org | udp |
| US | 8.8.8.8:53 | mgscccesmu.com | udp |
| US | 8.8.8.8:53 | iuipbjfj.info | udp |
| US | 8.8.8.8:53 | xfrefwl.info | udp |
| US | 8.8.8.8:53 | ruksvdctcqr.com | udp |
| US | 8.8.8.8:53 | buoqqzlfnx.net | udp |
| US | 8.8.8.8:53 | mskgeeb.info | udp |
| US | 8.8.8.8:53 | ncdyex.info | udp |
| US | 8.8.8.8:53 | rajolyvids.net | udp |
| US | 8.8.8.8:53 | zopkjt.info | udp |
| US | 8.8.8.8:53 | xkryiddkdyg.info | udp |
| US | 8.8.8.8:53 | ymaoie.com | udp |
| US | 8.8.8.8:53 | hugsby.net | udp |
| US | 8.8.8.8:53 | kshgvj.net | udp |
| US | 8.8.8.8:53 | kkkidsd.info | udp |
| US | 8.8.8.8:53 | xykutplmhmfn.net | udp |
| US | 8.8.8.8:53 | mqgiae.org | udp |
| US | 8.8.8.8:53 | qyuugu.com | udp |
| US | 8.8.8.8:53 | rqsufpjmbcf.com | udp |
| US | 8.8.8.8:53 | oegkwuakgo.com | udp |
| US | 8.8.8.8:53 | vydtckofj.info | udp |
| US | 8.8.8.8:53 | mlgsxflu.net | udp |
| US | 8.8.8.8:53 | jvbevul.org | udp |
| US | 8.8.8.8:53 | eaqikw.org | udp |
| US | 8.8.8.8:53 | wqdthgpqjeqt.net | udp |
| US | 8.8.8.8:53 | jqcmijac.info | udp |
| US | 8.8.8.8:53 | bqvkdgx.net | udp |
| US | 8.8.8.8:53 | kmpdjanxcx.info | udp |
| US | 8.8.8.8:53 | pcimugveawx.org | udp |
| US | 8.8.8.8:53 | twbyyqr.info | udp |
| US | 8.8.8.8:53 | uqgams.com | udp |
| US | 8.8.8.8:53 | toknwyjxdff.com | udp |
| US | 8.8.8.8:53 | yqqamuqqyo.org | udp |
| US | 8.8.8.8:53 | rrzavhex.net | udp |
| RU | 149.255.24.250:28502 | tcp | |
| US | 8.8.8.8:53 | gkisfo.info | udp |
| US | 8.8.8.8:53 | jljcywgh.info | udp |
| US | 8.8.8.8:53 | zyjzbrajbwr.info | udp |
| US | 8.8.8.8:53 | zitpbgnujnl.info | udp |
| US | 8.8.8.8:53 | qsviits.info | udp |
| US | 8.8.8.8:53 | chtdew.info | udp |
| US | 8.8.8.8:53 | voeknleer.com | udp |
| US | 8.8.8.8:53 | aptavxszku.info | udp |
| US | 8.8.8.8:53 | qqkkwqbj.net | udp |
| US | 8.8.8.8:53 | niddig.net | udp |
| US | 8.8.8.8:53 | tqihqynmu.net | udp |
| US | 8.8.8.8:53 | iulnngvkvhe.info | udp |
| US | 8.8.8.8:53 | aakims.org | udp |
| US | 8.8.8.8:53 | giwkayoqgkig.com | udp |
| US | 8.8.8.8:53 | iaeycesaok.com | udp |
| US | 8.8.8.8:53 | tylevshafnlm.net | udp |
| US | 8.8.8.8:53 | jinfugfp.net | udp |
| US | 8.8.8.8:53 | xhyirilhl.com | udp |
| US | 8.8.8.8:53 | phybky.info | udp |
| US | 8.8.8.8:53 | rutkzlqej.com | udp |
| US | 8.8.8.8:53 | isiium.com | udp |
| US | 8.8.8.8:53 | nydwaixrwal.net | udp |
| US | 8.8.8.8:53 | qfvjhzl.net | udp |
| US | 8.8.8.8:53 | febszel.info | udp |
| US | 8.8.8.8:53 | qdaqwtlafa.info | udp |
| US | 8.8.8.8:53 | hrxppmrqx.net | udp |
| US | 8.8.8.8:53 | gxjmexojzn.info | udp |
| US | 8.8.8.8:53 | jwrchldciap.info | udp |
| US | 8.8.8.8:53 | pdnakhfafspz.info | udp |
| US | 8.8.8.8:53 | lgmblm.info | udp |
| US | 8.8.8.8:53 | xjqbyubdsl.info | udp |
| US | 8.8.8.8:53 | duscxlc.org | udp |
| US | 8.8.8.8:53 | teeqdurcumje.info | udp |
| US | 8.8.8.8:53 | ekysuwaiqs.org | udp |
| US | 8.8.8.8:53 | zdkddhnyzbzq.net | udp |
| US | 8.8.8.8:53 | lliizg.net | udp |
| US | 8.8.8.8:53 | qrbuzauoyry.net | udp |
| US | 8.8.8.8:53 | leqhah.net | udp |
| US | 8.8.8.8:53 | aedbgosdvt.info | udp |
| US | 8.8.8.8:53 | gifgvajrpwyq.info | udp |
| US | 8.8.8.8:53 | mbiiznxdulyh.net | udp |
| US | 8.8.8.8:53 | nxpceoc.com | udp |
| US | 8.8.8.8:53 | bkbseenvsfm.com | udp |
| US | 8.8.8.8:53 | qpeavxszku.net | udp |
| US | 8.8.8.8:53 | prtohgxcc.info | udp |
| US | 8.8.8.8:53 | zmjswitzvw.net | udp |
| US | 8.8.8.8:53 | lszothkejnl.net | udp |
| US | 8.8.8.8:53 | zfqyte.info | udp |
| US | 8.8.8.8:53 | nvqhtsfzlm.info | udp |
| US | 8.8.8.8:53 | gbzcriduc.net | udp |
| US | 8.8.8.8:53 | ssyljfqc.info | udp |
| US | 8.8.8.8:53 | ropgxxgku.com | udp |
| US | 8.8.8.8:53 | fqvopkmiayu.org | udp |
| US | 8.8.8.8:53 | kwhqlsf.net | udp |
| US | 8.8.8.8:53 | vccndjifr.net | udp |
| US | 8.8.8.8:53 | carregbyt.net | udp |
| US | 8.8.8.8:53 | kwwqqeawim.com | udp |
| US | 8.8.8.8:53 | oqhajmtmnmh.info | udp |
| US | 8.8.8.8:53 | zomakewo.net | udp |
| US | 8.8.8.8:53 | wieavxszku.net | udp |
| US | 8.8.8.8:53 | cxxgfkl.net | udp |
| US | 8.8.8.8:53 | sksuwe.org | udp |
| US | 8.8.8.8:53 | wkseeykjzplj.net | udp |
| US | 8.8.8.8:53 | cjyyowvh.net | udp |
| US | 8.8.8.8:53 | rreplnac.info | udp |
| US | 8.8.8.8:53 | ulsbdun.info | udp |
| US | 8.8.8.8:53 | oehcurfauxn.net | udp |
| US | 8.8.8.8:53 | wimmysse.com | udp |
| US | 8.8.8.8:53 | eyuaxvr.net | udp |
| US | 8.8.8.8:53 | migomokqciue.com | udp |
| US | 8.8.8.8:53 | tipwbma.org | udp |
| US | 8.8.8.8:53 | uagesgceoe.org | udp |
| US | 8.8.8.8:53 | qxrwrxkgnrd.net | udp |
| US | 8.8.8.8:53 | gjywnedij.info | udp |
| US | 8.8.8.8:53 | vvnzzbhf.info | udp |
| US | 8.8.8.8:53 | qagoeiyu.org | udp |
| US | 8.8.8.8:53 | dvuybnwrht.net | udp |
| US | 8.8.8.8:53 | ncnvlwdcvuf.info | udp |
| US | 8.8.8.8:53 | toiwaux.org | udp |
| US | 8.8.8.8:53 | hgxntkm.net | udp |
| US | 8.8.8.8:53 | kanmbmrkn.net | udp |
| US | 8.8.8.8:53 | rmljdyhy.net | udp |
| US | 8.8.8.8:53 | sgsoagiiccyw.com | udp |
| US | 8.8.8.8:53 | nseymvnqf.com | udp |
| US | 8.8.8.8:53 | rsirhhve.info | udp |
| US | 8.8.8.8:53 | tayhcoabzfmv.net | udp |
| US | 8.8.8.8:53 | gsftwcq.net | udp |
| US | 8.8.8.8:53 | gskqsoasoq.org | udp |
| US | 8.8.8.8:53 | grblyx.net | udp |
| US | 8.8.8.8:53 | cwksnpe.info | udp |
| US | 8.8.8.8:53 | djlicfxk.net | udp |
| US | 8.8.8.8:53 | skgqma.net | udp |
| US | 8.8.8.8:53 | bmrzbk.net | udp |
| US | 8.8.8.8:53 | pntfkjdgnp.net | udp |
| US | 8.8.8.8:53 | ljuxgwxst.com | udp |
| US | 8.8.8.8:53 | eufhysed.info | udp |
| US | 8.8.8.8:53 | dbuguvooxgpt.info | udp |
| US | 8.8.8.8:53 | nqbpjgon.net | udp |
| US | 8.8.8.8:53 | bagdslh.org | udp |
| US | 8.8.8.8:53 | qwtqjrthicn.net | udp |
| US | 8.8.8.8:53 | wuvwspp.info | udp |
| US | 8.8.8.8:53 | euscfitxtaj.info | udp |
| US | 8.8.8.8:53 | omkgden.net | udp |
| US | 8.8.8.8:53 | rwbklxfvdgn.net | udp |
| US | 8.8.8.8:53 | jrtymyf.org | udp |
| US | 8.8.8.8:53 | wovupuzhvuhj.net | udp |
| US | 8.8.8.8:53 | kajpailpjmp.info | udp |
| US | 8.8.8.8:53 | qmljnabs.info | udp |
| US | 8.8.8.8:53 | dqmrjcjnz.org | udp |
| US | 8.8.8.8:53 | omxzqopvp.info | udp |
| US | 8.8.8.8:53 | cmmootr.info | udp |
| US | 8.8.8.8:53 | ryodddaobeg.info | udp |
| US | 8.8.8.8:53 | ccuimeh.info | udp |
| US | 8.8.8.8:53 | gwgoqq.com | udp |
| US | 8.8.8.8:53 | ldczny.info | udp |
| US | 8.8.8.8:53 | shaijhznbz.info | udp |
| US | 8.8.8.8:53 | wgjsxoa.info | udp |
| US | 8.8.8.8:53 | dhksnik.org | udp |
| US | 8.8.8.8:53 | pssoqtdakwn.org | udp |
| US | 8.8.8.8:53 | pugbsv.net | udp |
| US | 8.8.8.8:53 | cvhyxcvn.net | udp |
| US | 8.8.8.8:53 | bleygeqeiojn.net | udp |
| US | 8.8.8.8:53 | cauqakigqmmy.org | udp |
| US | 8.8.8.8:53 | hygqnw.net | udp |
| US | 8.8.8.8:53 | ngrgvjg.com | udp |
| US | 8.8.8.8:53 | gislpxktd.info | udp |
| US | 8.8.8.8:53 | oesmpyy.net | udp |
| US | 8.8.8.8:53 | dcpopmtez.com | udp |
| US | 8.8.8.8:53 | ttfvbabznx.net | udp |
| US | 8.8.8.8:53 | dpwoyczy.info | udp |
| US | 8.8.8.8:53 | yxnrqaojzu.net | udp |
| US | 8.8.8.8:53 | sltuocikv.net | udp |
| US | 8.8.8.8:53 | aijqzcyeriy.info | udp |
| US | 8.8.8.8:53 | rvtnorgccbby.info | udp |
| US | 8.8.8.8:53 | ngtcfxuncc.info | udp |
| US | 8.8.8.8:53 | vqrheyzex.net | udp |
| US | 8.8.8.8:53 | iffvcnul.info | udp |
| US | 8.8.8.8:53 | lqibpevyaex.org | udp |
| US | 8.8.8.8:53 | gnnfil.info | udp |
| US | 8.8.8.8:53 | jkegrujevkd.info | udp |
| US | 8.8.8.8:53 | jsvknbpqdprg.net | udp |
| US | 8.8.8.8:53 | jorkxwafh.com | udp |
| US | 8.8.8.8:53 | lprvyos.info | udp |
| US | 8.8.8.8:53 | wuyaiqgeqy.com | udp |
| US | 8.8.8.8:53 | dgfakonugxp.info | udp |
| US | 8.8.8.8:53 | rhhvts.net | udp |
| RU | 46.72.122.198:45245 | tcp | |
| US | 8.8.8.8:53 | yikqjacsi.info | udp |
| US | 8.8.8.8:53 | aweggucoqcaq.com | udp |
| US | 8.8.8.8:53 | uhpmrupuasn.net | udp |
| US | 8.8.8.8:53 | frmdxwuxkz.info | udp |
| US | 8.8.8.8:53 | tooppuczf.net | udp |
| US | 8.8.8.8:53 | bedwkwewmgnc.net | udp |
| US | 8.8.8.8:53 | zajxwcgfwoex.net | udp |
| US | 8.8.8.8:53 | scqeeqgsci.org | udp |
| US | 8.8.8.8:53 | lzppplvncb.info | udp |
| US | 8.8.8.8:53 | woakku.org | udp |
| US | 8.8.8.8:53 | cyoqawkoam.com | udp |
| US | 8.8.8.8:53 | cxlkhikkn.net | udp |
| US | 8.8.8.8:53 | uboxmv.net | udp |
| US | 8.8.8.8:53 | iakdqzhqfnig.net | udp |
| US | 8.8.8.8:53 | ryxdtsd.net | udp |
| US | 8.8.8.8:53 | pqjblqi.org | udp |
| US | 8.8.8.8:53 | vxrehozpsk.net | udp |
| US | 8.8.8.8:53 | ysouexnovwh.info | udp |
| US | 8.8.8.8:53 | msfmtzx.info | udp |
| US | 8.8.8.8:53 | hcjcfkproin.info | udp |
| US | 8.8.8.8:53 | emmurxv.net | udp |
| US | 8.8.8.8:53 | auzirc.info | udp |
| US | 8.8.8.8:53 | zvlybsn.net | udp |
| US | 8.8.8.8:53 | orbijgrf.net | udp |
| US | 8.8.8.8:53 | mrchlw.net | udp |
| US | 8.8.8.8:53 | oktozigwb.info | udp |
| US | 8.8.8.8:53 | vklopmo.com | udp |
| US | 8.8.8.8:53 | dezgpeow.info | udp |
| US | 8.8.8.8:53 | cuqywgww.org | udp |
| US | 8.8.8.8:53 | ouqoeesiae.org | udp |
| US | 8.8.8.8:53 | mzbdwxth.info | udp |
| US | 8.8.8.8:53 | fpfyehmx.net | udp |
| US | 8.8.8.8:53 | xzhfpnlzkxfh.info | udp |
| US | 8.8.8.8:53 | swlsesnyo.net | udp |
| US | 8.8.8.8:53 | usjlvoxujdl.net | udp |
| US | 8.8.8.8:53 | qubqirdevwh.net | udp |
| US | 8.8.8.8:53 | xwbnlfewu.net | udp |
| US | 8.8.8.8:53 | reewxp.info | udp |
| US | 8.8.8.8:53 | zklqdyz.info | udp |
| US | 8.8.8.8:53 | rwhcfwsnguf.info | udp |
| US | 8.8.8.8:53 | coeicu.com | udp |
| US | 8.8.8.8:53 | jfrenmxp.net | udp |
| US | 8.8.8.8:53 | dunolqrmder.net | udp |
| US | 8.8.8.8:53 | sebgahhsh.info | udp |
| US | 8.8.8.8:53 | qwmgsisouk.org | udp |
| US | 8.8.8.8:53 | ajeufitgtoe.info | udp |
| US | 8.8.8.8:53 | mrpgbqlzd.info | udp |
| US | 8.8.8.8:53 | canoase.net | udp |
| US | 8.8.8.8:53 | xkwucyh.com | udp |
| US | 8.8.8.8:53 | tikikewkmyxj.info | udp |
| US | 8.8.8.8:53 | oesaeigqwuki.com | udp |
| US | 8.8.8.8:53 | wlxdcwmn.info | udp |
| US | 8.8.8.8:53 | srttit.info | udp |
| US | 8.8.8.8:53 | ecmsoqkk.com | udp |
| US | 8.8.8.8:53 | ukqyasyg.org | udp |
| US | 8.8.8.8:53 | hhbibsteqcn.info | udp |
| US | 8.8.8.8:53 | nvkgpj.info | udp |
| US | 8.8.8.8:53 | ciuuucqoiqss.com | udp |
| US | 8.8.8.8:53 | fewfzy.net | udp |
| US | 8.8.8.8:53 | vfdylqsvno.net | udp |
| US | 8.8.8.8:53 | ykqeusiouc.com | udp |
| US | 8.8.8.8:53 | qhktjptk.net | udp |
| US | 8.8.8.8:53 | anzgtqseq.info | udp |
| US | 8.8.8.8:53 | lsxqdunybnz.net | udp |
| US | 8.8.8.8:53 | teaacdtqjap.net | udp |
| US | 8.8.8.8:53 | tahinpiwdur.info | udp |
| US | 8.8.8.8:53 | xwqowmqjhuy.info | udp |
| US | 8.8.8.8:53 | pxxawyf.com | udp |
| US | 8.8.8.8:53 | njklqkawdeml.info | udp |
| US | 8.8.8.8:53 | mdainrbbifun.net | udp |
| US | 8.8.8.8:53 | xzjreuokj.net | udp |
| US | 8.8.8.8:53 | inbihbvqhff.info | udp |
| US | 8.8.8.8:53 | fstscwe.com | udp |
| US | 8.8.8.8:53 | gywygqy.info | udp |
| US | 8.8.8.8:53 | bchulsweazg.net | udp |
| US | 8.8.8.8:53 | cgyumeeq.com | udp |
| US | 8.8.8.8:53 | ssywwsui.com | udp |
| US | 8.8.8.8:53 | swtbrqhnhcl.net | udp |
| US | 8.8.8.8:53 | szlqyihwn.net | udp |
| US | 8.8.8.8:53 | sdfxtsj.net | udp |
| US | 8.8.8.8:53 | xfjghcsarmk.com | udp |
| US | 8.8.8.8:53 | putrdqexoixf.net | udp |
| US | 8.8.8.8:53 | vbgziypuqgla.info | udp |
| US | 8.8.8.8:53 | yibyhlp.net | udp |
| US | 8.8.8.8:53 | zozgcobcaq.net | udp |
| US | 8.8.8.8:53 | tnovlv.info | udp |
| US | 8.8.8.8:53 | oqaspmrylkil.net | udp |
| US | 8.8.8.8:53 | skqgwosk.com | udp |
| US | 8.8.8.8:53 | wugikqaioy.org | udp |
| US | 8.8.8.8:53 | akmiaeyaio.org | udp |
| US | 8.8.8.8:53 | hjjakml.com | udp |
| US | 8.8.8.8:53 | mvrlhhspnj.info | udp |
| US | 8.8.8.8:53 | tuvkhjfq.info | udp |
| US | 8.8.8.8:53 | ympscypadnq.info | udp |
| US | 8.8.8.8:53 | ysspjetdtzyr.net | udp |
| US | 8.8.8.8:53 | tvyylczw.info | udp |
| US | 8.8.8.8:53 | mhuuxbxm.info | udp |
| US | 8.8.8.8:53 | okisya.org | udp |
| US | 8.8.8.8:53 | kadqpkblpux.info | udp |
| US | 8.8.8.8:53 | rxhxfw.net | udp |
| US | 8.8.8.8:53 | kbzytwof.info | udp |
| US | 8.8.8.8:53 | xkqkgkjid.info | udp |
| US | 8.8.8.8:53 | segmokwcyiqc.com | udp |
| US | 8.8.8.8:53 | fmvidhimgkj.info | udp |
| US | 8.8.8.8:53 | ucawmoumiysg.com | udp |
| US | 8.8.8.8:53 | mexsbsbhjgq.info | udp |
| US | 8.8.8.8:53 | worfgkv.net | udp |
| US | 8.8.8.8:53 | pezidjrvpf.net | udp |
| US | 8.8.8.8:53 | qyjtmq.net | udp |
| US | 8.8.8.8:53 | rvridwvey.net | udp |
| US | 8.8.8.8:53 | msvazjbkbd.info | udp |
| US | 8.8.8.8:53 | rabiqdapulh.info | udp |
| US | 8.8.8.8:53 | mtbwgsbvsf.info | udp |
| US | 8.8.8.8:53 | lhrrxsd.com | udp |
| US | 8.8.8.8:53 | veogdsdjx.com | udp |
| US | 8.8.8.8:53 | fyrgph.info | udp |
| US | 8.8.8.8:53 | hlqltge.net | udp |
| US | 8.8.8.8:53 | tstccodw.info | udp |
| US | 8.8.8.8:53 | smsmaoso.com | udp |
| US | 8.8.8.8:53 | cjlstin.net | udp |
| US | 8.8.8.8:53 | mdarfgvffeq.net | udp |
| US | 8.8.8.8:53 | iwwmiiga.org | udp |
| US | 8.8.8.8:53 | znkkrcio.net | udp |
| US | 8.8.8.8:53 | fwflvyduuqr.info | udp |
| US | 8.8.8.8:53 | aecsck.com | udp |
| US | 8.8.8.8:53 | jgzbxllqdecg.net | udp |
| US | 8.8.8.8:53 | ltlabiniv.info | udp |
| US | 8.8.8.8:53 | wlbtdr.info | udp |
| US | 8.8.8.8:53 | yjmmhwzescmb.net | udp |
| US | 8.8.8.8:53 | qgfzbqtt.net | udp |
| US | 8.8.8.8:53 | xxnowor.net | udp |
| US | 8.8.8.8:53 | asecuyemymyi.org | udp |
| US | 8.8.8.8:53 | wgaoym.com | udp |
| US | 8.8.8.8:53 | yarxnoq.info | udp |
| US | 8.8.8.8:53 | msnulspcf.info | udp |
| US | 8.8.8.8:53 | clcphrwjstgk.info | udp |
| US | 8.8.8.8:53 | tkrbajoockf.com | udp |
| US | 8.8.8.8:53 | fbjfdkrr.net | udp |
| US | 8.8.8.8:53 | xwmeqg.net | udp |
| US | 8.8.8.8:53 | rahgvwx.info | udp |
| US | 8.8.8.8:53 | mpeqesukv.info | udp |
| US | 8.8.8.8:53 | yqqwsyikeu.org | udp |
| US | 8.8.8.8:53 | dwpkzhv.com | udp |
| US | 8.8.8.8:53 | uwystwtjtmn.net | udp |
| US | 8.8.8.8:53 | aayeieoamcqe.org | udp |
| US | 8.8.8.8:53 | hanmarsx.net | udp |
| US | 8.8.8.8:53 | ymokei.com | udp |
| US | 8.8.8.8:53 | epbcvizxrkii.net | udp |
| US | 8.8.8.8:53 | pdcsje.net | udp |
| US | 8.8.8.8:53 | xvvjbgzp.info | udp |
| US | 8.8.8.8:53 | dumwfczzvic.info | udp |
| US | 8.8.8.8:53 | kqeiqw.com | udp |
| US | 8.8.8.8:53 | ocmgeeci.org | udp |
| US | 8.8.8.8:53 | cqjkxyftq.net | udp |
| US | 8.8.8.8:53 | dayucgzmwkv.net | udp |
| US | 8.8.8.8:53 | tcxmcnfzkuda.net | udp |
| US | 8.8.8.8:53 | nevqtwfzxk.info | udp |
| US | 8.8.8.8:53 | xegjhyk.info | udp |
| US | 8.8.8.8:53 | bjpbnv.info | udp |
| US | 8.8.8.8:53 | kaudws.net | udp |
| US | 8.8.8.8:53 | qcoktwr.info | udp |
| US | 8.8.8.8:53 | wuybayvsmwt.info | udp |
| US | 8.8.8.8:53 | zgrggcxyjdz.com | udp |
| BG | 88.87.3.159:16074 | tcp | |
| US | 8.8.8.8:53 | aiegaekyac.com | udp |
| US | 8.8.8.8:53 | zwzyuyw.com | udp |
| US | 8.8.8.8:53 | rxpyywenvctj.net | udp |
| US | 8.8.8.8:53 | yiacfsjyz.info | udp |
| US | 8.8.8.8:53 | tkswocncext.net | udp |
| US | 8.8.8.8:53 | iggcfwpytwa.net | udp |
| US | 8.8.8.8:53 | ooykeaucwmie.org | udp |
| US | 8.8.8.8:53 | aaxgnmwcb.net | udp |
| US | 8.8.8.8:53 | jjzgvrlmp.com | udp |
| US | 8.8.8.8:53 | tuaxjj.net | udp |
| US | 8.8.8.8:53 | ihhxtf.info | udp |
| US | 8.8.8.8:53 | sazrjnxl.net | udp |
| US | 8.8.8.8:53 | jwiaekauoqz.org | udp |
| US | 8.8.8.8:53 | gekgoquaya.com | udp |
| US | 8.8.8.8:53 | ushkxbyxdgg.net | udp |
| US | 8.8.8.8:53 | ofvsaojytgx.net | udp |
| US | 8.8.8.8:53 | wfuuowdlpzqf.info | udp |
| US | 8.8.8.8:53 | jalkbr.info | udp |
| US | 8.8.8.8:53 | eaweesawugwu.org | udp |
| US | 8.8.8.8:53 | yaaztdjr.net | udp |
| US | 8.8.8.8:53 | cxffzmlflm.info | udp |
| US | 8.8.8.8:53 | cqbctiqnrpkq.info | udp |
| US | 8.8.8.8:53 | pvmsdylrfj.net | udp |
| US | 8.8.8.8:53 | ebzopvrqmkw.net | udp |
| US | 8.8.8.8:53 | hjcutzth.net | udp |
| US | 8.8.8.8:53 | volevfk.com | udp |
| US | 8.8.8.8:53 | tqebxynkh.info | udp |
| US | 8.8.8.8:53 | aumseyrlcu.info | udp |
| US | 8.8.8.8:53 | prduewrnccd.info | udp |
| US | 8.8.8.8:53 | uogcum.org | udp |
| US | 8.8.8.8:53 | usztsauxtyh.net | udp |
| US | 8.8.8.8:53 | foxunotgt.info | udp |
| US | 8.8.8.8:53 | uhayxopnfnuy.net | udp |
| US | 8.8.8.8:53 | dpjwdwszok.net | udp |
| US | 8.8.8.8:53 | gezyfuldrwi.info | udp |
| US | 8.8.8.8:53 | bktpfwsl.net | udp |
| US | 8.8.8.8:53 | gximhebopajt.net | udp |
| US | 8.8.8.8:53 | umaisoki.org | udp |
| US | 8.8.8.8:53 | iplqdlbmaiyt.info | udp |
| US | 8.8.8.8:53 | zjsvgm.info | udp |
| US | 8.8.8.8:53 | rxwwcoo.info | udp |
| US | 8.8.8.8:53 | embhuybo.net | udp |
| US | 8.8.8.8:53 | tmctfrizbs.net | udp |
| HK | 156.237.207.232:80 | yeseee.com | tcp |
| US | 8.8.8.8:53 | wgdadmdmk.info | udp |
| US | 8.8.8.8:53 | jwpsnskokhb.info | udp |
| US | 8.8.8.8:53 | wihsdoxslhit.info | udp |
| US | 8.8.8.8:53 | bylihqpez.info | udp |
| US | 8.8.8.8:53 | taxsnux.com | udp |
| US | 8.8.8.8:53 | uuwuci.info | udp |
| US | 8.8.8.8:53 | ioigeikmkiia.org | udp |
| US | 8.8.8.8:53 | jlkrfetthk.net | udp |
| US | 8.8.8.8:53 | iwlpzasaqq.net | udp |
| US | 8.8.8.8:53 | dhcotdckbsyv.info | udp |
| US | 8.8.8.8:53 | dxrotlihnylh.info | udp |
| US | 8.8.8.8:53 | jrheid.info | udp |
| US | 8.8.8.8:53 | eeoywock.org | udp |
| US | 8.8.8.8:53 | bakfznqyjrsl.net | udp |
| US | 8.8.8.8:53 | tkmycetgncf.org | udp |
| US | 8.8.8.8:53 | dkjgdwjceov.info | udp |
| US | 8.8.8.8:53 | kiacvtydp.net | udp |
| US | 8.8.8.8:53 | zdjqgtfy.info | udp |
| US | 8.8.8.8:53 | jolbnynrzeeu.info | udp |
| US | 8.8.8.8:53 | mcpmajvv.net | udp |
| US | 8.8.8.8:53 | iqbmysn.net | udp |
| US | 8.8.8.8:53 | zlnsqae.org | udp |
| US | 8.8.8.8:53 | uulikoj.info | udp |
| US | 8.8.8.8:53 | covhpnsyrdvz.info | udp |
| US | 8.8.8.8:53 | nixdzg.info | udp |
| US | 8.8.8.8:53 | rulszqn.org | udp |
| US | 8.8.8.8:53 | beklnku.com | udp |
| US | 8.8.8.8:53 | gyamguaq.org | udp |
| US | 8.8.8.8:53 | ocjjxusykevv.net | udp |
| US | 8.8.8.8:53 | gyjspysibox.net | udp |
| US | 8.8.8.8:53 | nicxrmrxya.net | udp |
| US | 8.8.8.8:53 | ktrxkgndhl.net | udp |
| US | 8.8.8.8:53 | jcbiped.info | udp |
| US | 8.8.8.8:53 | pqmopopqh.org | udp |
| US | 8.8.8.8:53 | eqdycvlqz.net | udp |
| US | 8.8.8.8:53 | ejfutea.net | udp |
| US | 8.8.8.8:53 | vdinsezipu.net | udp |
| US | 8.8.8.8:53 | ljykhphpyhjc.info | udp |
| US | 8.8.8.8:53 | vcpsnqa.net | udp |
| US | 8.8.8.8:53 | lzbuomsv.info | udp |
| US | 8.8.8.8:53 | mfxmirp.net | udp |
| US | 8.8.8.8:53 | ayxvwwvloe.net | udp |
| US | 8.8.8.8:53 | wcagsrxey.info | udp |
| US | 8.8.8.8:53 | abinliefrdka.info | udp |
| US | 8.8.8.8:53 | hojspzfuiu.net | udp |
| US | 8.8.8.8:53 | bcksphj.net | udp |
| US | 8.8.8.8:53 | aydkgwbsf.info | udp |
| US | 8.8.8.8:53 | edrzducm.info | udp |
| US | 8.8.8.8:53 | blcadkjxehhx.net | udp |
| US | 8.8.8.8:53 | tgbnhijgyx.net | udp |
| US | 8.8.8.8:53 | xanwqkg.info | udp |
| US | 8.8.8.8:53 | suwmkawsua.com | udp |
| US | 8.8.8.8:53 | atoslq.info | udp |
| US | 8.8.8.8:53 | xygbdoqlv.org | udp |
| US | 8.8.8.8:53 | zqorxqiao.net | udp |
| US | 8.8.8.8:53 | cmtidyskaeh.net | udp |
| US | 8.8.8.8:53 | kxtttvtubjlx.info | udp |
| US | 8.8.8.8:53 | khxrpyyoc.net | udp |
| US | 8.8.8.8:53 | hgwqtropvwn.info | udp |
| US | 8.8.8.8:53 | pgxakab.net | udp |
| US | 8.8.8.8:53 | yywiqgugcceg.org | udp |
| US | 8.8.8.8:53 | vskrxsu.org | udp |
| US | 8.8.8.8:53 | fofcgchur.net | udp |
| US | 8.8.8.8:53 | cohixrgyi.info | udp |
| US | 8.8.8.8:53 | qxbphkxjef.net | udp |
| US | 8.8.8.8:53 | bjdbtblximt.org | udp |
| US | 8.8.8.8:53 | cqoycgwuqi.com | udp |
| US | 8.8.8.8:53 | frzacxml.net | udp |
| US | 8.8.8.8:53 | cfwjbujktq.info | udp |
| US | 8.8.8.8:53 | hcevrpbfjqhe.info | udp |
| US | 8.8.8.8:53 | kmntncwkb.info | udp |
| US | 8.8.8.8:53 | stfhbwifvy.info | udp |
| US | 8.8.8.8:53 | cciageqmqg.org | udp |
| US | 8.8.8.8:53 | rfhpwzug.info | udp |
| US | 8.8.8.8:53 | fgyojpnggd.info | udp |
| US | 8.8.8.8:53 | lemhdf.info | udp |
| US | 8.8.8.8:53 | swexrglixpx.info | udp |
| US | 8.8.8.8:53 | qabhfw.net | udp |
| US | 8.8.8.8:53 | issatkmiey.net | udp |
| US | 8.8.8.8:53 | snjzdtul.info | udp |
| US | 8.8.8.8:53 | efdlohhy.info | udp |
| US | 8.8.8.8:53 | kgqagu.com | udp |
| US | 8.8.8.8:53 | agkbzb.net | udp |
| US | 8.8.8.8:53 | dmirtk.net | udp |
| US | 8.8.8.8:53 | mhxpytwiqes.info | udp |
| US | 8.8.8.8:53 | lcqpelrt.info | udp |
| US | 8.8.8.8:53 | rvrzonbon.org | udp |
| US | 8.8.8.8:53 | jnsctjrb.net | udp |
| US | 8.8.8.8:53 | zitiqkxzo.info | udp |
| US | 8.8.8.8:53 | pmvwlcgtpsd.com | udp |
| US | 8.8.8.8:53 | kaymeqowqwqk.org | udp |
| US | 8.8.8.8:53 | bgdqgf.net | udp |
| US | 8.8.8.8:53 | hnxplyaqqs.net | udp |
| US | 8.8.8.8:53 | cgkcui.org | udp |
| US | 8.8.8.8:53 | poxogqb.info | udp |
| US | 8.8.8.8:53 | rvovwetcroio.net | udp |
| US | 8.8.8.8:53 | lefexqj.com | udp |
| US | 8.8.8.8:53 | pvwrud.net | udp |
| DE | 92.39.57.8:13017 | tcp | |
| US | 8.8.8.8:53 | oitupxvvjlp.info | udp |
| US | 8.8.8.8:53 | qyzoycv.info | udp |
| US | 8.8.8.8:53 | eqwkxorsw.net | udp |
| US | 8.8.8.8:53 | zehaamd.org | udp |
| US | 8.8.8.8:53 | dsbsxud.org | udp |
| US | 8.8.8.8:53 | bzbkni.info | udp |
| US | 8.8.8.8:53 | xpyuvus.com | udp |
| US | 8.8.8.8:53 | benvjcqy.net | udp |
| US | 8.8.8.8:53 | lctajbbff.net | udp |
| US | 8.8.8.8:53 | qwvkhmxkegx.net | udp |
| US | 8.8.8.8:53 | llvrrqof.info | udp |
| US | 8.8.8.8:53 | bbwobfndnfcl.info | udp |
| US | 8.8.8.8:53 | mwhaykml.net | udp |
| US | 8.8.8.8:53 | sbablr.net | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yamiyu.org | udp |
| US | 8.8.8.8:53 | xkvqnibsuup.net | udp |
| US | 8.8.8.8:53 | rmhsuky.net | udp |
| US | 8.8.8.8:53 | wscgjiieh.net | udp |
| US | 8.8.8.8:53 | zsnkgzndrcr.org | udp |
| US | 8.8.8.8:53 | aubgzylblcd.info | udp |
| US | 8.8.8.8:53 | vnnaygb.net | udp |
| US | 8.8.8.8:53 | uovsdrfk.info | udp |
| US | 8.8.8.8:53 | vzasqftohc.net | udp |
| US | 8.8.8.8:53 | yurzsbxwznrn.info | udp |
| US | 8.8.8.8:53 | uacoqg.org | udp |
| US | 8.8.8.8:53 | fjzyxqk.org | udp |
| US | 8.8.8.8:53 | vadydxg.info | udp |
| US | 8.8.8.8:53 | nwdopmf.com | udp |
| US | 8.8.8.8:53 | rcrcrbxww.net | udp |
| US | 8.8.8.8:53 | lzkscytm.net | udp |
| US | 8.8.8.8:53 | iokpqrtkvw.net | udp |
| US | 8.8.8.8:53 | hmvqzix.com | udp |
| US | 8.8.8.8:53 | yocmdemo.net | udp |
| US | 8.8.8.8:53 | ucpvxszpb.info | udp |
| US | 8.8.8.8:53 | ketazqtjn.net | udp |
| US | 8.8.8.8:53 | mlfcdejcu.net | udp |
| US | 8.8.8.8:53 | eiseqiqc.com | udp |
| US | 8.8.8.8:53 | ptbxyixaqem.info | udp |
| US | 8.8.8.8:53 | zkdysithnao.info | udp |
| US | 8.8.8.8:53 | dwsikogj.info | udp |
| US | 8.8.8.8:53 | veezqsia.net | udp |
| US | 8.8.8.8:53 | ioqwawqa.org | udp |
| US | 8.8.8.8:53 | soenhrpc.net | udp |
| US | 8.8.8.8:53 | xgnijggfclh.com | udp |
| US | 8.8.8.8:53 | vduxyhsurt.net | udp |
| US | 8.8.8.8:53 | nnycbrtaroy.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
| MD5 | 89ec3461ef4a893428c32f89de78b396 |
| SHA1 | 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9 |
| SHA256 | 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b |
| SHA512 | 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8 |
C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe
| MD5 | 80cdc7c264ea951dedde8d7cda97fe25 |
| SHA1 | 9961e22ff166d873068b85f829c0b17f8680c889 |
| SHA256 | a7b6fb08d17320632c5a3f97d3f265a5e594035fc2b92585b81d0aba16a46df1 |
| SHA512 | 1efb232e4569fbb233dd9e60f2d38225cc6e091008a2375f6834e5f0785dddd71970c005b78540123ffb9735df1949933937748d554450e51cd9c302f0d44e53 |
C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
| MD5 | 49a9c0154cc052271825d57cc922a1dc |
| SHA1 | 6ff64ab519472480cf24e61a0829be7be27c382a |
| SHA256 | 7d084645a008323bc93814434c5225b438caec09e49a17d4efc73711885e2bf5 |
| SHA512 | 909fd7bdadf4b45776d4208f402a3c3971ca7ae69fef3cf569ce362d2328862235dc86ae5a61fecc4acb12bf24a503572e8f6e7b392fca2987a647fb1762c0dc |
C:\Users\Admin\AppData\Local\iplpryaafkhixuxhlukrnrtac.hmj
| MD5 | 49e4ec9898fc7e6919e0cd197a895e2b |
| SHA1 | 59d11dbf1260efcf3bbb3a6410f4474033888b59 |
| SHA256 | 0e242e74664def0e8b61c303f9c67086873c851e31d9eef9492f300d13f84f3c |
| SHA512 | 5fd18be016b410eb175501423da233c4384bac94edb68647dbe9318fcaf3e3308e0b8718e98ebadb9020db078f3cf446573754defabdd05c1bbddeb8d8778d00 |
C:\Users\Admin\AppData\Local\nfmbogteukseemavkefxetgylwmckwwesncw.pwl
| MD5 | 64d1d8ea2e7fd7ff09fafe138ed7c821 |
| SHA1 | 88412af7ba6d5818e27d53db3bc5fe385fa2c47d |
| SHA256 | 04ab8d7737d6a19b2230c66e233751df1ba0ca8c6905b19f09ce8bf45d8bfab8 |
| SHA512 | 78bc906b00da71ab1b4b81db11a21fa6dc87f8f82b24529714eb719dd1a118f0b412709f87091a75dd360a6dc67390be5ab00db499760bb484fab3e48fb7aa72 |
C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj
| MD5 | c34c9f66ab04b38935fe9fce259c6bc9 |
| SHA1 | 2226524afaa327d58b307e39aaf6a7a0c8bd033d |
| SHA256 | 997ba8188035e37b3892d0bb05f8630929241f70b8e4a846ca1836e574bcbfe9 |
| SHA512 | 338a23a4ac35295b567d156ffe533ceb4cc234b6471f088b29948d07b1368eb2529f1811378e67fa885fcf5f4d76ad2fdcedda22b619cdb65ab060a90388be5d |
C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj
| MD5 | 559f3411d6948d8e0d53e455c7c486b5 |
| SHA1 | a843e5c322ded9161602af3b5a9ceb1e38790879 |
| SHA256 | c6e9175af724ab68991198be1b2fdb0dfcb3e3afa0909f9da11c3ec6abbf6385 |
| SHA512 | fee19aee29f5cb651494d966349a3448685ebeb92366dd83bbb02c6e40a4168fe569e8d05c4d7d868f594a43ca854590bbfb4c0f990a067078654eaacb6c2051 |
C:\Users\Admin\AppData\Local\iplpryaafkhixuxhlukrnrtac.hmj
| MD5 | 64c88e6ed3c3eed43e5c7fb3488b82bc |
| SHA1 | a4cb8aa72641a4a47a8e016615bc428df9335629 |
| SHA256 | 2ed767c82dec28166166224327da373f168cddb9a0f87e153d48613640f15836 |
| SHA512 | 5da4af07520c2600ef192b992a22e1f2c709a61c2b01553a6ec1c3c83ebbfcf3c3fbf0feb5a734e047577d25d80653f1068ada023ac36d96385b7bc7927c9ff0 |
C:\Users\Admin\AppData\Local\iplpryaafkhixuxhlukrnrtac.hmj
| MD5 | fab835a6a4d9ca673f823057a995c4ca |
| SHA1 | dc39ebffec735685bf1a2b6adf670493abbfb57c |
| SHA256 | 31cdfe72a78b6c915f12f19d4aff212817dfc1db21b7289db89233b05e2e42b3 |
| SHA512 | 750a68e21c5d44dec81121d496309324d7b60a9fef115792af10e3e4dbfd7795503518cf20c6993c2d413ffc986f3b885b0a3566cf530a9bb14d5d7016d7841b |
C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj
| MD5 | 9432555061f5d97cc4c45427950b56f1 |
| SHA1 | 137ad9bdf40c295f6eecec25ed3127dd96aab382 |
| SHA256 | a94d969c7978aaf67a17e30a9cf9b03295d8770df9f85f11deceabcb84979022 |
| SHA512 | 98a5436f4ef2ee5339f3103d64f09bd532b4f5612f850e2393286b81bd554c5878d78dd2982204050d366ebc013f518254273abf5b3cc99751783380dde26ec5 |
C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj
| MD5 | 2c5849f4cfafaeb74d9c2e01f23b98fc |
| SHA1 | 3dcb85322e0aae26dcc38bb39f00055e6278df74 |
| SHA256 | 34b0c558204a90d66b7fe1a095a36bc770e20271537fbb6ae3dc861d01ccb7ca |
| SHA512 | b66d4ae4fe3efd8b376c25b7b7a66df4ae2673ecc444419be38198e952fea030dc19c6c35c36da8c94ca9c324503c660f0294a2d4e6faef5268b5248da3bc4a8 |