Malware Analysis Report

2025-08-06 02:46

Sample ID 241031-aqzj4sveqm
Target 80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118
SHA256 a7b6fb08d17320632c5a3f97d3f265a5e594035fc2b92585b81d0aba16a46df1
Tags
defense_evasion discovery evasion persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a7b6fb08d17320632c5a3f97d3f265a5e594035fc2b92585b81d0aba16a46df1

Threat Level: Known bad

The file 80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery evasion persistence privilege_escalation trojan

Modifies WinLogon for persistence

UAC bypass

Disables RegEdit via registry modification

Adds policy Run key to start application

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Loads dropped DLL

Checks computer location settings

Checks whether UAC is enabled

Adds Run key to start application

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops autorun.inf file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-31 00:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-31 00:25

Reported

2024-10-31 03:01

Platform

win7-20241023-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "tsfyumkfykhcqaillkx.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "tsfyumkfykhcqaillkx.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kciujulzlqgu = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zoramuitc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "gguoledztgeapajnoocc.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "tsfyumkfykhcqaillkx.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "zwhysiexoytmygmnl.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "igskfwtnfqmgtcjlki.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "gguoledztgeapajnoocc.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "vwlgeyyvqedaqcmrtujkz.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igskfwtnfqmgtcjlki.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nirgymgxmuneouy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gguoledztgeapajnoocc.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "tsfyumkfykhcqaillkx.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "soyohwrjzicufmrr.exe ." C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "zwhysiexoytmygmnl.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\kemarexnbiaqze = "vwlgeyyvqedaqcmrtujkz.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "soyohwrjzicufmrr.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vwlgeyyvqedaqcmrtujkz.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\simwjshtdg = "gguoledztgeapajnoocc.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\soyohwrjzicufmrr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tsfyumkfykhcqaillkx.exe" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\jcjwmyqfsypem = "tsfyumkfykhcqaillkx.exe" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nejuisivgkz = "tsfyumkfykhcqaillkx.exe ." C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created C:\Windows\SysWOW64\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\vgfkswgnsqzggcwlxihsrweisze.lss C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created C:\Windows\SysWOW64\vgfkswgnsqzggcwlxihsrweisze.lss C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\SysWOW64\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\SysWOW64\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Program Files (x86)\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created C:\Program Files (x86)\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created C:\Windows\vgfkswgnsqzggcwlxihsrweisze.lss C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\vwlgeyyvqedaqcmrtujkz.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\vgfkswgnsqzggcwlxihsrweisze.lss C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File created C:\Windows\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\zwhysiexoytmygmnl.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\igskfwtnfqmgtcjlki.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\soyohwrjzicufmrr.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\tsfyumkfykhcqaillkx.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
File opened for modification C:\Windows\moeazuvtpeectgrxacsukg.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
File opened for modification C:\Windows\gguoledztgeapajnoocc.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
PID 2712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
PID 2632 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2632 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2632 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2632 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2632 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2632 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2632 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2632 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe C:\Users\Admin\AppData\Local\Temp\gssyhm.exe
PID 2712 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
PID 2712 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
PID 2712 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe
PID 2712 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gssyhm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe

"C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe*"

C:\Users\Admin\AppData\Local\Temp\gssyhm.exe

"C:\Users\Admin\AppData\Local\Temp\gssyhm.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"

C:\Users\Admin\AppData\Local\Temp\gssyhm.exe

"C:\Users\Admin\AppData\Local\Temp\gssyhm.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"

C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe

"C:\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 104.27.206.92:80 www.whatismyip.com tcp
US 104.27.206.92:80 www.whatismyip.com tcp
US 104.27.206.92:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.27.206.92:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:80 www.youtube.com tcp
LV 78.84.233.161:36438 tcp
US 8.8.8.8:53 kmeggs.org udp
US 8.8.8.8:53 fevdyt.net udp
US 8.8.8.8:53 kavtbvqf.info udp
DE 85.214.228.140:80 kavtbvqf.info tcp
US 8.8.8.8:53 zuxejnv.info udp
US 8.8.8.8:53 ujgfxdqswh.net udp
BG 213.214.73.99:33325 tcp
US 8.8.8.8:53 lmklfsc.info udp
US 8.8.8.8:53 rbdgpmrh.net udp
US 8.8.8.8:53 hejekasms.com udp
LT 78.61.84.108:24963 tcp
US 8.8.8.8:53 nyjric.net udp
US 8.8.8.8:53 hfnzbkxtkgld.net udp
US 8.8.8.8:53 sejibalqxar.net udp
US 54.244.188.177:80 sejibalqxar.net tcp
US 8.8.8.8:53 pzrhjirjbmfy.net udp
US 8.8.8.8:53 zvvaxhjddcgt.info udp
US 8.8.8.8:53 yzybni.info udp
RU 178.207.1.211:22619 tcp
US 8.8.8.8:53 evvqnudc.net udp
US 8.8.8.8:53 qappvxyiorbw.net udp
US 8.8.8.8:53 egksyqv.info udp
US 208.100.26.245:80 egksyqv.info tcp
US 8.8.8.8:53 bvzdziipsnsh.info udp
US 8.8.8.8:53 yokkaqmmwaia.com udp
US 8.8.8.8:53 pnfmjmvwlcx.org udp
US 8.8.8.8:53 hcfedx.net udp
US 8.8.8.8:53 ufdievlbgvre.net udp
US 8.8.8.8:53 rxafbhdvpa.net udp
US 8.8.8.8:53 ilsuhfnamzie.info udp
US 8.8.8.8:53 wclkqrqe.net udp
LT 78.57.171.190:35792 tcp
US 8.8.8.8:53 nntasqfztalr.net udp
US 8.8.8.8:53 wuzqsmnmhhx.info udp
US 8.8.8.8:53 uqickc.com udp
US 8.8.8.8:53 ufnqtxn.net udp
RU 91.147.20.38:33061 tcp
US 8.8.8.8:53 kfnrwavaha.net udp
US 8.8.8.8:53 vqhclzq.org udp
US 8.8.8.8:53 ekqkluhz.info udp
US 8.8.8.8:53 ycomweukeq.org udp
DE 87.121.55.175:34722 tcp
US 8.8.8.8:53 fjutxinsh.org udp
US 8.8.8.8:53 yrdfljh.net udp
RU 149.255.24.250:28502 tcp
US 8.8.8.8:53 ygtojmicykn.info udp
US 8.8.8.8:53 xerqiiou.net udp
US 8.8.8.8:53 mqrjlbfy.net udp
US 8.8.8.8:53 twmmkhcywuj.org udp
BG 46.47.114.153:40131 tcp
US 8.8.8.8:53 miokgksskwum.com udp
US 8.8.8.8:53 mtwsdxguwooo.net udp
US 8.8.8.8:53 gtzrnb.net udp
US 8.8.8.8:53 icgouo.org udp
LT 78.60.253.21:20134 tcp
US 8.8.8.8:53 vlyreqzqrkyl.net udp
US 8.8.8.8:53 bgyidgfizgh.org udp
US 8.8.8.8:53 havbtylo.net udp
US 8.8.8.8:53 aoedmgepfw.info udp
LT 78.57.141.35:32947 tcp
US 8.8.8.8:53 pwkuxqpmisa.net udp
US 8.8.8.8:53 rmnmaithp.net udp
LT 78.57.148.215:29180 tcp
US 8.8.8.8:53 buxfgafferff.net udp
US 8.8.8.8:53 myocswemuq.org udp
US 8.8.8.8:53 zsqdtogdxcvc.net udp
US 8.8.8.8:53 oerpgkncx.info udp
US 8.8.8.8:53 ptxjbjzzqkmh.info udp
US 8.8.8.8:53 catdtirlxee.net udp
US 8.8.8.8:53 oioyoykkmg.com udp
US 88.216.2.72:38356 tcp
US 8.8.8.8:53 keifme.info udp
US 8.8.8.8:53 nfpcylccdcpq.net udp
US 8.8.8.8:53 hedgzgtct.info udp
US 8.8.8.8:53 gotqpsxeq.net udp
LT 77.221.78.114:39059 tcp
US 8.8.8.8:53 wdvqnjtod.net udp
US 8.8.8.8:53 myncofu.net udp
DE 95.88.37.1:16821 tcp
US 8.8.8.8:53 cmzjjlvf.net udp
US 8.8.8.8:53 ekuedqrcp.info udp
US 8.8.8.8:53 aijovytmk.net udp
LT 78.61.71.103:24731 tcp
US 8.8.8.8:53 eyjddab.net udp
US 8.8.8.8:53 docspibisyf.net udp
LT 79.133.246.9:22567 tcp
US 8.8.8.8:53 melevgvmdal.net udp
US 8.8.8.8:53 sktwviqylpo.info udp
US 8.8.8.8:53 jjgctlduma.info udp
US 8.8.8.8:53 jybhnjfutz.net udp
BG 93.123.124.231:32816 tcp
US 8.8.8.8:53 pbaqatgeel.net udp
US 8.8.8.8:53 zmzpambxptva.net udp
US 8.8.8.8:53 vljgbupsl.net udp
US 8.8.8.8:53 gnkwqotxmy.net udp
BG 46.10.166.119:28038 tcp
US 8.8.8.8:53 jesulqrntjs.net udp
US 8.8.8.8:53 qpejngowavjy.info udp
US 8.8.8.8:53 wpumzcv.info udp
N/A 46.72.122.198:45245 tcp

Files

\Users\Admin\AppData\Local\Temp\tgmoojbsdqw.exe

MD5 89ec3461ef4a893428c32f89de78b396
SHA1 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9
SHA256 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b
SHA512 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8

C:\Windows\SysWOW64\igskfwtnfqmgtcjlki.exe

MD5 80cdc7c264ea951dedde8d7cda97fe25
SHA1 9961e22ff166d873068b85f829c0b17f8680c889
SHA256 a7b6fb08d17320632c5a3f97d3f265a5e594035fc2b92585b81d0aba16a46df1
SHA512 1efb232e4569fbb233dd9e60f2d38225cc6e091008a2375f6834e5f0785dddd71970c005b78540123ffb9735df1949933937748d554450e51cd9c302f0d44e53

\Users\Admin\AppData\Local\Temp\gssyhm.exe

MD5 4c43b695391adccdf409c2a1fffe0bce
SHA1 e145fe5b0ff77f2e5e18424bb91de2fa2e79dddf
SHA256 7dbf0715bc46c45e08cd0d171924c45521d27f9f658102aae94484ffd884b6f5
SHA512 d526d0fbb495a0ef248f8cd6fecdddcf692527be0e805c331299cc673efa57f889efd879d67ac87780ac551666422c32b538a489f3d9a0021da5ba5c337e5892

C:\Users\Admin\AppData\Local\vgfkswgnsqzggcwlxihsrweisze.lss

MD5 55aae867e6a6e7e29933077c41111307
SHA1 a1f0fd054c2b87a9d53e3a0f303805919a21cb77
SHA256 081974e1c0e9f73e9d50b2658889a1c82e0656d9475cee67fe9108f094093821
SHA512 b80e3eb75f7de40580230a3c31fafb9cb694f9e0f37b8be47c11153aa2ac37e336be3d2376b7d28e0432b940d40b2abb034258ea8e71c447a7933f961a1ea2ee

C:\Users\Admin\AppData\Local\soyohwrjzicufmrrokuqaqjytlbkewhottqmws.sla

MD5 7ccef092b835bfca8a84526098d4d2f5
SHA1 fa940c0ca5a9082a1007a578a0eec17cbf51d8c9
SHA256 b11ff6c22c1902c8277bce90e6abcca24487fd6a25b6f12f1a88db6b5650ef67
SHA512 9464ec22c6c762816175371c8be58adace9ae8d4899e7df03e1c120dcee5d6308095648184e3d121372ec046915ffab2d208a927d3414ac599b2be1e33ce5db9

C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss

MD5 49835b131243614a275975638559081b
SHA1 870150d801905e6ee2b1a5a5f02dfec6128823d4
SHA256 99ed0a78a37808c4e2b6734884098ce3d23441ade2d1eb18fd63faca76f4678c
SHA512 a6189ef25b179f73efbaaf6d0b271d9c7eb29e5bd14783b0a27d2db5fbe058431da9c122a79eab5f2a749ee4206ea841b5d588969872868cc37d236a1a79885f

C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss

MD5 400fe42db273bcc17fd36c5e93058d3c
SHA1 15ebaa9378c071f2ddb3057a991ed901dd1ea649
SHA256 3e0e4e3078a3317a098d3e981194c9e5a9cbcc3553bf07c322ef7112129fa355
SHA512 69e3779d9fceb1e723aa09e5be38db49070de8a1242e2fc4cc40c92cd45c3148ce4ee5f301da6bd1bac74e903bd3bd6a060545490cb18daeb03c15a687fc5904

C:\Users\Admin\AppData\Local\vgfkswgnsqzggcwlxihsrweisze.lss

MD5 0b268aae6a5b52e3f98bbe949ae280c3
SHA1 42ce8e02252bc97f6eb003d284120b786af4c685
SHA256 b2797a3cbc304aededba0e0531ba3b1afda014c2903f3c8c81c52502f5b14c9d
SHA512 95a1ff3ebc179347464665beb3d993989a908a9aebc7a2eeb3a358c591e075649a50edd7bd13550855fe15eea61addf3b73e96efe8d0452b5e874ba367f2dd8a

C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss

MD5 b105162b5c37cd04f382fb40e316efe1
SHA1 197d3d95597e6276ee575027c8492211fb8c5680
SHA256 f9779815b06d937a1cb0c4bcb040b0d7b56ccb65942c89ab39f45a764399e9ff
SHA512 775cd780ed7a4fe1104e89563bfbaf7b9e02e94cb7f5a9dc11de938e88b4c26aa912f99f24fcb2d47472234c759335d3d5961450cb1f2b37fe2d625af618490a

C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss

MD5 c7141bf3490cc3a6fedb8a61581b80ac
SHA1 71e3cb6cb00e388b0556b11944dd90e56fb9494b
SHA256 16851eb70e0d601cf2ae42aba18b39e058f02a965b3128193f2e8e7246446ffd
SHA512 b57647d20d10fe4cf15a262ba016a3b7d1d5a3e2c8a631a22b938810ab9e3012e0432984fc4ec930153943499a78d8cf118d4cef99f917810090bf64e2193e83

C:\Program Files (x86)\vgfkswgnsqzggcwlxihsrweisze.lss

MD5 fee4953d56b7dd84558e8f9c0799be13
SHA1 332431b03b28c79b653eb7f4effcfbc659560b2e
SHA256 8183288c5bf3e1bbfc2d4d861c06121607ee8a9b016bc59a3d4e34e03a7c1701
SHA512 4e4843fd00880ba99ba189ae72ece5f0d841502b15f0d4410635a6ce0bf3b80db0f55b855b9215d4ae6b03883700e15f0eb638bfb23fe88a85ae04fb5687fc60

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-31 00:25

Reported

2024-10-31 03:09

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jtszeo = "yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ipl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "cxhzpkaohaladofdv.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "cxhzpkaohaladofdv.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "jhupigzqmiwouicdyyfd.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "yxlhbaumjgvovkfhdemlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "lhslcypeyseuykcbus.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "jhupigzqmiwouicdyyfd.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "lhslcypeyseuykcbus.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whhpvgm = "wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "wtfzrogwrmzqvibbvua.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "jhupigzqmiwouicdyyfd.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "lhslcypeyseuykcbus.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "yxlhbaumjgvovkfhdemlz.exe ." C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "yxlhbaumjgvovkfhdemlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "yxlhbaumjgvovkfhdemlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "wtfzrogwrmzqvibbvua.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmxgudkwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhupigzqmiwouicdyyfd.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lxyhoahm = "vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfzrogwrmzqvibbvua.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "yxlhbaumjgvovkfhdemlz.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cprbjwekv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxuz = "wtfzrogwrmzqvibbvua.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxuz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhzpkaohaladofdv.exe" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\yhflp = "vpypeynaskuikukh.exe ." C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File created C:\Windows\SysWOW64\nfmbogteukseemavkefxetgylwmckwwesncw.pwl C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File created C:\Windows\SysWOW64\iplpryaafkhixuxhlukrnrtac.hmj C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\iplpryaafkhixuxhlukrnrtac.hmj C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\nfmbogteukseemavkefxetgylwmckwwesncw.pwl C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\SysWOW64\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File created C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Program Files (x86)\nfmbogteukseemavkefxetgylwmckwwesncw.pwl C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File created C:\Program Files (x86)\nfmbogteukseemavkefxetgylwmckwwesncw.pwl C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\nfmbogteukseemavkefxetgylwmckwwesncw.pwl C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\iplpryaafkhixuxhlukrnrtac.hmj C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File created C:\Windows\nfmbogteukseemavkefxetgylwmckwwesncw.pwl C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\vpypeynaskuikukh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\wtfzrogwrmzqvibbvua.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\yxlhbaumjgvovkfhdemlz.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File created C:\Windows\iplpryaafkhixuxhlukrnrtac.hmj C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\ppebwwrkigwqyoknkmvvkh.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\cxhzpkaohaladofdv.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
File opened for modification C:\Windows\lhslcypeyseuykcbus.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
File opened for modification C:\Windows\jhupigzqmiwouicdyyfd.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4820 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
PID 4820 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
PID 4820 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
PID 4056 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
PID 4056 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
PID 4056 wrote to memory of 1708 N/A C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
PID 4056 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
PID 4056 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
PID 4056 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe C:\Users\Admin\AppData\Local\Temp\jtszeo.exe
PID 4820 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
PID 4820 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe
PID 4820 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\jtszeo.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\80cdc7c264ea951dedde8d7cda97fe25_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe

"C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe*"

C:\Users\Admin\AppData\Local\Temp\jtszeo.exe

"C:\Users\Admin\AppData\Local\Temp\jtszeo.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"

C:\Users\Admin\AppData\Local\Temp\jtszeo.exe

"C:\Users\Admin\AppData\Local\Temp\jtszeo.exe" "-c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"

C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe

"C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe" "c:\users\admin\appdata\local\temp\80cdc7c264ea951dedde8d7cda97fe25_jaffacakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 79.222.19.104.in-addr.arpa udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 104.27.207.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 92.207.27.104.in-addr.arpa udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.27.207.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.27.207.92:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.27.207.92:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.27.207.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.27.207.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:80 www.blogger.com tcp
MK 31.11.79.216:41752 tcp
US 8.8.8.8:53 kmeggs.org udp
US 8.8.8.8:53 tihgrwqagfk.com udp
US 8.8.8.8:53 fqbyrnqej.com udp
US 8.8.8.8:53 kavtbvqf.info udp
DE 85.214.228.140:80 kavtbvqf.info tcp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 eslkglxsoxno.info udp
US 8.8.8.8:53 ujgfxdqswh.net udp
US 8.8.8.8:53 oqsssgoa.com udp
US 8.8.8.8:53 wycuwq.com udp
US 8.8.8.8:53 tpvsfmvsnrso.info udp
US 8.8.8.8:53 ecsqwackmqys.com udp
US 8.8.8.8:53 hmbjyjz.info udp
US 8.8.8.8:53 sejibalqxar.net udp
US 54.244.188.177:80 sejibalqxar.net tcp
US 8.8.8.8:53 kpnytctyv.info udp
US 8.8.8.8:53 cgihagj.info udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
US 8.8.8.8:53 iqtcrbxi.net udp
US 8.8.8.8:53 iwuwcicm.info udp
US 8.8.8.8:53 ylypyybq.net udp
US 8.8.8.8:53 lynjnajtllk.com udp
US 8.8.8.8:53 retjlcxlprla.info udp
US 8.8.8.8:53 egksyqv.info udp
US 208.100.26.245:80 egksyqv.info tcp
US 8.8.8.8:53 bvzdziipsnsh.info udp
US 8.8.8.8:53 ctzqvet.net udp
US 8.8.8.8:53 nzvpvaditkbf.net udp
US 8.8.8.8:53 uirmjc.info udp
US 8.8.8.8:53 pcmtnypie.com udp
US 8.8.8.8:53 ikeiycao.com udp
US 8.8.8.8:53 pnsdfbklr.com udp
US 8.8.8.8:53 pnfmjmvwlcx.org udp
US 8.8.8.8:53 mqwiqayk.com udp
US 8.8.8.8:53 ptbfaqx.com udp
US 8.8.8.8:53 paxcgclhwjee.net udp
US 8.8.8.8:53 savjxjkwjwr.info udp
US 8.8.8.8:53 wclkqrqe.net udp
US 8.8.8.8:53 jydyhocg.info udp
US 8.8.8.8:53 ugogea.com udp
US 8.8.8.8:53 vqhclzq.org udp
US 8.8.8.8:53 ssbihypcx.info udp
US 8.8.8.8:53 yogdvkmzndeb.info udp
US 8.8.8.8:53 zryucvdu.net udp
US 8.8.8.8:53 frputx.info udp
US 8.8.8.8:53 xerqiiou.net udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 efdumh.net udp
US 8.8.8.8:53 cyyiqywuiu.com udp
US 8.8.8.8:53 wiacookkae.org udp
US 8.8.8.8:53 rrlwpq.info udp
US 8.8.8.8:53 iycsmoyesc.com udp
US 8.8.8.8:53 ruwknvjikcei.net udp
US 8.8.8.8:53 miokgksskwum.com udp
US 8.8.8.8:53 bmvsrozat.info udp
US 8.8.8.8:53 qvmlwe.info udp
US 8.8.8.8:53 yqhcpet.info udp
US 8.8.8.8:53 urpebsd.net udp
US 8.8.8.8:53 vyvusmm.org udp
US 8.8.8.8:53 havbtylo.net udp
US 8.8.8.8:53 ologud.net udp
US 8.8.8.8:53 kafrval.info udp
US 8.8.8.8:53 eqpwnaryq.net udp
US 8.8.8.8:53 bchqvqhlxl.info udp
US 8.8.8.8:53 fhjwmxqqljn.com udp
US 8.8.8.8:53 occzlsyc.net udp
US 8.8.8.8:53 myocswemuq.org udp
US 8.8.8.8:53 lmixcv.info udp
US 8.8.8.8:53 oogavbpszwz.net udp
US 8.8.8.8:53 agqaka.org udp
US 8.8.8.8:53 qpnsvg.net udp
US 8.8.8.8:53 mxiprsbyrdv.info udp
US 8.8.8.8:53 catdtirlxee.net udp
US 8.8.8.8:53 jrncvlzwiulh.net udp
US 8.8.8.8:53 gotqpsxeq.net udp
US 8.8.8.8:53 txhedtkuzzxo.net udp
US 8.8.8.8:53 ggkcseig.org udp
US 8.8.8.8:53 warwvbmaf.net udp
US 8.8.8.8:53 ekuedqrcp.info udp
US 8.8.8.8:53 fxpsummprikg.net udp
US 8.8.8.8:53 rpforapuw.org udp
US 8.8.8.8:53 tlszzpvy.info udp
US 8.8.8.8:53 vljgbupsl.net udp
US 8.8.8.8:53 pakebuhk.info udp
US 8.8.8.8:53 vupwesfcv.info udp
US 8.8.8.8:53 cwesmkki.com udp
US 8.8.8.8:53 qpejngowavjy.info udp
US 8.8.8.8:53 vonozjdumfp.org udp
US 8.8.8.8:53 vasazdwwgmbg.net udp
US 8.8.8.8:53 cmvvlgzybyv.info udp
US 8.8.8.8:53 lcbsfiyyz.com udp
US 8.8.8.8:53 iuokggyy.com udp
US 8.8.8.8:53 ajhiqylf.info udp
US 8.8.8.8:53 oicaqk.org udp
US 8.8.8.8:53 tqznqjobr.org udp
US 8.8.8.8:53 binawa.net udp
US 8.8.8.8:53 dnkyxnwcl.com udp
US 8.8.8.8:53 kwbqfvi.net udp
US 8.8.8.8:53 wcwmthyqlu.info udp
US 8.8.8.8:53 dmbealkee.net udp
US 8.8.8.8:53 ibmkuvfttvtt.info udp
US 8.8.8.8:53 lyjgdwtqjg.info udp
US 8.8.8.8:53 cytnbn.info udp
US 8.8.8.8:53 zztpsiymy.net udp
US 8.8.8.8:53 yqiweowi.com udp
US 8.8.8.8:53 vgcanks.net udp
US 8.8.8.8:53 bbeeoob.org udp
US 8.8.8.8:53 leiduo.net udp
US 8.8.8.8:53 bpeyrxjv.net udp
US 8.8.8.8:53 fszehlnx.net udp
US 8.8.8.8:53 tmaghjvpj.com udp
US 8.8.8.8:53 vfliva.net udp
US 8.8.8.8:53 kcomekcgyq.com udp
US 8.8.8.8:53 zcyghg.net udp
US 8.8.8.8:53 uyccoo.com udp
US 8.8.8.8:53 miwrfnnexdzl.net udp
US 8.8.8.8:53 jkdcdyf.com udp
US 8.8.8.8:53 qcmvqk.info udp
US 8.8.8.8:53 dvyyeptzjv.net udp
US 8.8.8.8:53 amgemu.org udp
US 8.8.8.8:53 gfuvwmjpgb.net udp
US 8.8.8.8:53 mneehleczd.net udp
US 8.8.8.8:53 birobasm.net udp
US 8.8.8.8:53 vfmjwm.info udp
US 8.8.8.8:53 zsqxejydfpnt.info udp
US 88.216.2.72:38356 tcp
US 8.8.8.8:53 zdkypqfkv.net udp
US 8.8.8.8:53 zwdipqj.net udp
US 8.8.8.8:53 wufqpehed.net udp
US 8.8.8.8:53 oslmaiishm.net udp
US 8.8.8.8:53 qudyrmntuow.info udp
US 8.8.8.8:53 lmeemmbbkus.info udp
US 8.8.8.8:53 lsdarobxr.org udp
US 8.8.8.8:53 bgofqv.net udp
US 8.8.8.8:53 tjrwwkdujvu.com udp
US 8.8.8.8:53 usiikeyy.org udp
US 8.8.8.8:53 fwqhdq.net udp
US 8.8.8.8:53 rvafcnxnds.net udp
US 8.8.8.8:53 ohojtynkh.info udp
US 8.8.8.8:53 fxdvziybdid.net udp
US 8.8.8.8:53 uspavcp.net udp
US 8.8.8.8:53 qypjlqlia.info udp
US 8.8.8.8:53 hrnujmsfph.net udp
US 8.8.8.8:53 qreifitmc.net udp
US 8.8.8.8:53 lwblsqkifwh.info udp
US 8.8.8.8:53 zogybsk.com udp
US 8.8.8.8:53 vinbdfrufytx.net udp
US 8.8.8.8:53 ourepitvklx.info udp
US 8.8.8.8:53 uuwygwcmmc.com udp
US 8.8.8.8:53 hntzlysgnlj.net udp
US 8.8.8.8:53 ripbheq.net udp
US 8.8.8.8:53 bautpltmsnj.org udp
US 8.8.8.8:53 xhisrub.org udp
US 8.8.8.8:53 dncrestwe.net udp
US 8.8.8.8:53 tmnojq.net udp
US 8.8.8.8:53 octpnmfeveb.net udp
US 8.8.8.8:53 ueorvkndllkl.info udp
US 8.8.8.8:53 fwwaqwlraa.net udp
US 8.8.8.8:53 glphceiwrt.info udp
US 8.8.8.8:53 ruksvdctcqr.com udp
US 8.8.8.8:53 aalrmp.net udp
US 8.8.8.8:53 znwjjxvv.net udp
US 8.8.8.8:53 kiwkiu.org udp
US 8.8.8.8:53 jfsirixz.net udp
US 8.8.8.8:53 aejudfc.net udp
US 8.8.8.8:53 ukvhnkdptk.info udp
US 8.8.8.8:53 ymtoaovfdbi.net udp
US 8.8.8.8:53 qnzmyexyd.net udp
US 8.8.8.8:53 lqoyvyx.info udp
US 8.8.8.8:53 eshmpsvrrmuj.net udp
US 8.8.8.8:53 qjhljovnka.info udp
US 8.8.8.8:53 bsrweqh.net udp
US 8.8.8.8:53 msldjsn.info udp
US 8.8.8.8:53 dhamsicnlp.info udp
US 8.8.8.8:53 rwefryngvgr.net udp
US 8.8.8.8:53 kshgvj.net udp
US 8.8.8.8:53 vcqzpegbipvo.net udp
US 8.8.8.8:53 wrhkncjdhkv.info udp
US 8.8.8.8:53 btrgypg.org udp
US 8.8.8.8:53 xykutplmhmfn.net udp
US 8.8.8.8:53 akfhhuiir.info udp
US 8.8.8.8:53 akcbdb.info udp
US 8.8.8.8:53 gfzdsgfv.info udp
US 8.8.8.8:53 mlgsxflu.net udp
US 8.8.8.8:53 jcxbqz.info udp
US 8.8.8.8:53 dwcufkeypgb.org udp
US 8.8.8.8:53 xwdslaz.org udp
US 8.8.8.8:53 kmpdjanxcx.info udp
US 8.8.8.8:53 huhfhm.net udp
US 8.8.8.8:53 jljcywgh.info udp
US 8.8.8.8:53 bufklyv.info udp
US 8.8.8.8:53 lbsqishytkk.org udp
US 8.8.8.8:53 cowsakie.org udp
US 8.8.8.8:53 bkdjaxzeuo.net udp
US 8.8.8.8:53 tspkjar.com udp
US 8.8.8.8:53 dgoufmjc.net udp
US 8.8.8.8:53 aptavxszku.info udp
US 8.8.8.8:53 gueaqu.org udp
US 8.8.8.8:53 pkbvzf.info udp
US 8.8.8.8:53 hrwqdmepds.info udp
US 8.8.8.8:53 uofqisl.info udp
US 8.8.8.8:53 oesmaemmgi.com udp
US 8.8.8.8:53 vhawusap.net udp
US 8.8.8.8:53 uubwoir.net udp
US 8.8.8.8:53 wiuasuwsguiy.org udp
US 8.8.8.8:53 jinfugfp.net udp
US 8.8.8.8:53 icagqyegysim.org udp
US 8.8.8.8:53 gmhmwfqwnwsi.info udp
US 8.8.8.8:53 xgsqhhexzb.info udp
US 8.8.8.8:53 wwgcsgyqqc.org udp
US 8.8.8.8:53 gziprspizpxi.net udp
US 8.8.8.8:53 isiium.com udp
US 8.8.8.8:53 ouhnpciy.net udp
US 8.8.8.8:53 zrszstijlq.net udp
US 8.8.8.8:53 tcxyfinsdvpf.net udp
US 8.8.8.8:53 ywucasqc.com udp
US 8.8.8.8:53 mayugs.org udp
US 8.8.8.8:53 qdaqwtlafa.info udp
US 8.8.8.8:53 lopuutpg.info udp
US 8.8.8.8:53 wsnzkowknye.info udp
US 8.8.8.8:53 mynppxlc.info udp
US 8.8.8.8:53 ejkmho.net udp
US 8.8.8.8:53 efrjnekd.net udp
US 8.8.8.8:53 vupvtfxvsupf.net udp
US 8.8.8.8:53 gxjmexojzn.info udp
US 8.8.8.8:53 nzycmig.org udp
US 8.8.8.8:53 bfbwljnnmu.info udp
US 8.8.8.8:53 awwkoy.org udp
US 8.8.8.8:53 cuwaqag.net udp
US 8.8.8.8:53 anubtiye.net udp
US 8.8.8.8:53 ksqoryfwz.net udp
US 8.8.8.8:53 ytuqrsdqprs.net udp
US 8.8.8.8:53 lgmblm.info udp
US 8.8.8.8:53 edkohbninrbz.net udp
US 8.8.8.8:53 miuodaxmhmz.net udp
US 8.8.8.8:53 ggxekal.info udp
US 8.8.8.8:53 ekysuwaiqs.org udp
US 8.8.8.8:53 ljcxfyad.net udp
US 8.8.8.8:53 ucccik.com udp
US 8.8.8.8:53 kwcepczhonjs.info udp
US 8.8.8.8:53 pgthpgsgj.org udp
US 8.8.8.8:53 xvcrhgyd.net udp
US 8.8.8.8:53 mbiiznxdulyh.net udp
US 8.8.8.8:53 jaquminefct.info udp
US 8.8.8.8:53 tihxvsn.net udp
US 8.8.8.8:53 qyuhfue.info udp
US 8.8.8.8:53 rensjsymxwj.org udp
US 8.8.8.8:53 mgpenyluayh.info udp
US 8.8.8.8:53 qpeavxszku.net udp
US 8.8.8.8:53 bkxzwfixd.com udp
US 8.8.8.8:53 alawfyd.net udp
US 8.8.8.8:53 hqtgvburdnbk.net udp
US 8.8.8.8:53 ahbwmb.net udp
US 8.8.8.8:53 dsyiavvy.net udp
US 8.8.8.8:53 fqvopkmiayu.org udp
US 8.8.8.8:53 pdcippnw.info udp
US 8.8.8.8:53 hpfheyyehz.info udp
US 8.8.8.8:53 sjvromvspqq.info udp
US 8.8.8.8:53 vjdkqf.net udp
US 8.8.8.8:53 gvvbrkaiibne.info udp
US 8.8.8.8:53 eargbiv.info udp
US 8.8.8.8:53 oabojeh.info udp
US 8.8.8.8:53 hkowncecbsb.info udp
US 8.8.8.8:53 mytynnbrhspi.info udp
US 8.8.8.8:53 majvxrnkki.net udp
US 8.8.8.8:53 oqhajmtmnmh.info udp
US 8.8.8.8:53 fqdoxzxe.net udp
IT 31.13.194.66:42785 tcp
US 8.8.8.8:53 kbgihzddpd.info udp
US 8.8.8.8:53 esvkde.net udp
US 8.8.8.8:53 wieavxszku.net udp
US 8.8.8.8:53 oiuiiaos.org udp
US 8.8.8.8:53 eozhcmibtrjk.info udp
US 8.8.8.8:53 tqaucin.org udp
US 8.8.8.8:53 qezkmgbwtxd.net udp
US 8.8.8.8:53 rreplnac.info udp
US 8.8.8.8:53 oldcporig.info udp
US 8.8.8.8:53 lkgatfldr.com udp
US 8.8.8.8:53 mphils.info udp
US 8.8.8.8:53 pdyydshqvi.net udp
US 8.8.8.8:53 ckteoaykwib.info udp
US 8.8.8.8:53 hvrmtxjqrmfu.net udp
US 8.8.8.8:53 xqeqvctmsuh.net udp
US 8.8.8.8:53 vrjezeqhecr.info udp
US 8.8.8.8:53 wjasnej.net udp
US 8.8.8.8:53 elnrmttr.info udp
US 8.8.8.8:53 rsnbksh.org udp
US 8.8.8.8:53 qxrwrxkgnrd.net udp
US 8.8.8.8:53 pghiaxrr.net udp
US 8.8.8.8:53 xslxqsls.net udp
US 8.8.8.8:53 cyspwzld.info udp
US 8.8.8.8:53 eyhicjv.net udp
US 8.8.8.8:53 gkxxztxavsg.info udp
US 8.8.8.8:53 tzdahsuuh.info udp
US 8.8.8.8:53 qagoeiyu.org udp
US 8.8.8.8:53 gfhopbomiu.net udp
US 8.8.8.8:53 toiwaux.org udp
US 8.8.8.8:53 ympczhxnodq.info udp
US 8.8.8.8:53 hgxntkm.net udp
US 8.8.8.8:53 aqdehih.net udp
US 8.8.8.8:53 ukekjmlftxrp.info udp
US 8.8.8.8:53 jmledug.com udp
US 8.8.8.8:53 uylsbo.net udp
US 8.8.8.8:53 prpufo.info udp
US 8.8.8.8:53 ebnmjilylqx.net udp
US 8.8.8.8:53 ymndlopgz.net udp
US 8.8.8.8:53 sgsoagiiccyw.com udp
US 8.8.8.8:53 kwnthepwauq.net udp
US 8.8.8.8:53 rkzpufacxejy.net udp
US 8.8.8.8:53 coskocwakk.com udp
US 8.8.8.8:53 qesjrw.info udp
US 8.8.8.8:53 dzskvopmm.info udp
US 8.8.8.8:53 tbdleeffez.net udp
US 8.8.8.8:53 grblyx.net udp
US 8.8.8.8:53 ktjmhxiqwk.net udp
US 8.8.8.8:53 jkocjw.info udp
US 8.8.8.8:53 zmjoagj.info udp
US 8.8.8.8:53 gyayoeqz.net udp
US 8.8.8.8:53 djlicfxk.net udp
US 8.8.8.8:53 qmfavlpfrzb.info udp
US 8.8.8.8:53 fiyktxpf.info udp
US 8.8.8.8:53 caqyrtdwnwl.net udp
US 8.8.8.8:53 dbuguvooxgpt.info udp
US 8.8.8.8:53 nysprahyr.org udp
US 8.8.8.8:53 tbhipopoz.net udp
US 8.8.8.8:53 eiaqad.info udp
US 8.8.8.8:53 ysokokkkmy.com udp
US 8.8.8.8:53 xurrzntnvpr.net udp
US 8.8.8.8:53 yanbdy.info udp
US 8.8.8.8:53 rwbklxfvdgn.net udp
US 8.8.8.8:53 ltkxnavxrc.net udp
US 8.8.8.8:53 qiuowywy.com udp
US 8.8.8.8:53 wttaxtzszuhx.info udp
US 8.8.8.8:53 kajpailpjmp.info udp
US 8.8.8.8:53 rsyucrq.org udp
US 8.8.8.8:53 gwgoqq.com udp
US 8.8.8.8:53 fxbuhlpkmrp.info udp
US 8.8.8.8:53 aeaoqscg.org udp
US 8.8.8.8:53 yqreyx.info udp
US 8.8.8.8:53 cvhyxcvn.net udp
US 8.8.8.8:53 wjcazsxa.net udp
US 8.8.8.8:53 tttbmavnnsp.com udp
US 8.8.8.8:53 aclujyfwp.net udp
US 8.8.8.8:53 fcfanxzsm.org udp
US 8.8.8.8:53 iekyyqwacu.com udp
US 8.8.8.8:53 owhqbcj.net udp
US 8.8.8.8:53 dolcrrza.net udp
US 8.8.8.8:53 nnoydufkrczd.net udp
US 8.8.8.8:53 wedcyvhqvir.net udp
US 8.8.8.8:53 luvyfdptlmr.net udp
US 8.8.8.8:53 dpwoyczy.info udp
US 8.8.8.8:53 dchbtb.net udp
US 8.8.8.8:53 zrfifzwavamo.info udp
US 8.8.8.8:53 mftkjojsesn.info udp
US 8.8.8.8:53 lopogb.info udp
US 8.8.8.8:53 vqrheyzex.net udp
US 8.8.8.8:53 jkegrujevkd.info udp
US 8.8.8.8:53 hdsdsdshs.info udp
US 8.8.8.8:53 erzszznxmmjg.net udp
US 8.8.8.8:53 pdcbgzgydc.info udp
US 8.8.8.8:53 wuyaiqgeqy.com udp
US 8.8.8.8:53 dnlqvgb.info udp
US 8.8.8.8:53 rvvgvhudrpzk.info udp
US 8.8.8.8:53 kiojjl.net udp
US 8.8.8.8:53 yikqjacsi.info udp
US 8.8.8.8:53 uahmrcl.net udp
US 8.8.8.8:53 uhpmrupuasn.net udp
US 8.8.8.8:53 odfdlbrq.net udp
US 8.8.8.8:53 lsvufexetae.org udp
US 8.8.8.8:53 xgvhrm.net udp
US 8.8.8.8:53 eiretgahlch.info udp
US 8.8.8.8:53 ishsjqi.net udp
US 8.8.8.8:53 jrzyrcaozcr.org udp
US 8.8.8.8:53 wwgsnkrvrqx.info udp
US 8.8.8.8:53 asuyko.com udp
US 8.8.8.8:53 cyoqawkoam.com udp
US 8.8.8.8:53 yqtwkthsq.info udp
US 8.8.8.8:53 jndurjar.info udp
US 8.8.8.8:53 qweceiiiuo.com udp
US 8.8.8.8:53 cxlkhikkn.net udp
US 8.8.8.8:53 uezkjspxo.info udp
US 8.8.8.8:53 tyvfjpsipeb.info udp
US 8.8.8.8:53 hqusplden.net udp
US 8.8.8.8:53 iacwswysqowu.com udp
US 8.8.8.8:53 foorpe.info udp
US 8.8.8.8:53 ryxdtsd.net udp
US 8.8.8.8:53 xqzqfrx.net udp
US 8.8.8.8:53 msfmtzx.info udp
US 8.8.8.8:53 prlacqfn.info udp
US 8.8.8.8:53 cikgciaceciq.org udp
US 8.8.8.8:53 bclelijpxcd.info udp
US 8.8.8.8:53 tnvtsi.net udp
US 8.8.8.8:53 ouqoeesiae.org udp
US 8.8.8.8:53 gvdohoqeo.info udp
US 8.8.8.8:53 qubqirdevwh.net udp
US 8.8.8.8:53 ngyfqwd.net udp
US 8.8.8.8:53 peeszgdent.info udp
US 8.8.8.8:53 tkiwebzqb.net udp
US 8.8.8.8:53 reewxp.info udp
US 8.8.8.8:53 otcnwf.info udp
US 8.8.8.8:53 pojqitj.org udp
US 8.8.8.8:53 jfrenmxp.net udp
US 8.8.8.8:53 okdwtk.net udp
US 8.8.8.8:53 gquuksom.com udp
US 8.8.8.8:53 kcnanfdb.info udp
US 8.8.8.8:53 gxuoigloa.net udp
US 8.8.8.8:53 bcfclsv.com udp
US 8.8.8.8:53 zxhjpeunqdj.org udp
US 8.8.8.8:53 dunolqrmder.net udp
US 8.8.8.8:53 pempqdt.com udp
US 8.8.8.8:53 zjyunb.net udp
US 8.8.8.8:53 flrgnicbbfti.net udp
US 8.8.8.8:53 rbiieeeaaw.info udp
US 8.8.8.8:53 ajeufitgtoe.info udp
US 8.8.8.8:53 gysukcf.net udp
US 8.8.8.8:53 gjjibgjpfvz.info udp
US 8.8.8.8:53 oesaeigqwuki.com udp
US 8.8.8.8:53 owggrwlie.info udp
US 8.8.8.8:53 oaaiesqwks.com udp
US 8.8.8.8:53 kgmgmyx.net udp
US 8.8.8.8:53 hhbibsteqcn.info udp
US 8.8.8.8:53 pahoyrkovwl.info udp
US 8.8.8.8:53 ymmfuk.info udp
US 8.8.8.8:53 tbtthvcxpi.net udp
US 8.8.8.8:53 eggsdeaqdgk.info udp
US 8.8.8.8:53 iyysmcgaoq.com udp
US 8.8.8.8:53 uajybit.info udp
US 8.8.8.8:53 qcaequgeic.org udp
US 8.8.8.8:53 gubhcuoh.info udp
US 8.8.8.8:53 tcdxpetiwvq.net udp
US 8.8.8.8:53 xzvqhei.net udp
US 8.8.8.8:53 teaacdtqjap.net udp
US 8.8.8.8:53 thfpsrkg.net udp
US 8.8.8.8:53 uplqpgffv.net udp
US 8.8.8.8:53 vmnzaauww.com udp
US 8.8.8.8:53 nozozyp.info udp
US 8.8.8.8:53 xwqowmqjhuy.info udp
US 8.8.8.8:53 utxlxul.info udp
US 8.8.8.8:53 kcdmpzd.info udp
US 8.8.8.8:53 gyqghevjsah.info udp
US 8.8.8.8:53 rqzyiujilw.net udp
US 8.8.8.8:53 okeiemwy.org udp
US 8.8.8.8:53 sabpylqwmhwr.net udp
US 8.8.8.8:53 ssywwsui.com udp
US 8.8.8.8:53 burknwdor.com udp
US 8.8.8.8:53 oyookvxpbanw.info udp
US 8.8.8.8:53 nkpxbwhinql.com udp
US 8.8.8.8:53 ruqgvfx.org udp
US 8.8.8.8:53 zozgcobcaq.net udp
US 8.8.8.8:53 kcslgoll.info udp
US 8.8.8.8:53 zecovv.info udp
LT 87.247.65.131:41927 tcp
US 8.8.8.8:53 hjjakml.com udp
US 8.8.8.8:53 tvzrkn.net udp
US 8.8.8.8:53 iqogkeqm.com udp
US 8.8.8.8:53 umeszbdhi.info udp
US 8.8.8.8:53 dcvygkv.org udp
US 8.8.8.8:53 lhvyev.net udp
US 8.8.8.8:53 ljfgeynu.net udp
US 8.8.8.8:53 mvrlhhspnj.info udp
US 8.8.8.8:53 pubdtrzkyif.com udp
US 8.8.8.8:53 iegemk.com udp
US 8.8.8.8:53 seghjqrmn.net udp
US 8.8.8.8:53 royidr.info udp
US 8.8.8.8:53 rxhxfw.net udp
US 8.8.8.8:53 bifggqrkn.net udp
US 8.8.8.8:53 ejhaxwolmr.net udp
US 8.8.8.8:53 lyewvfmqdwzh.net udp
US 8.8.8.8:53 shhqfhsmcw.net udp
US 8.8.8.8:53 oqldzpz.net udp
US 8.8.8.8:53 ybhevkhywst.info udp
US 8.8.8.8:53 mbjrzorf.net udp
US 8.8.8.8:53 wbpglgmpvf.info udp
US 8.8.8.8:53 lsfqogasdtt.net udp
US 8.8.8.8:53 umbqfpzfw.info udp
US 8.8.8.8:53 ykwggc.com udp
US 8.8.8.8:53 ucawmoumiysg.com udp
US 8.8.8.8:53 tsasuukkf.net udp
US 8.8.8.8:53 wbmgiwzhcu.net udp
US 8.8.8.8:53 yrecgmoyvxh.net udp
US 8.8.8.8:53 mexsbsbhjgq.info udp
US 8.8.8.8:53 jlffbn.net udp
US 8.8.8.8:53 eowawwmkei.org udp
US 8.8.8.8:53 uvcodihahbp.net udp
US 8.8.8.8:53 jozypulgtcq.com udp
US 8.8.8.8:53 rkbwpalgr.net udp
US 8.8.8.8:53 kiocamoemkgo.org udp
US 8.8.8.8:53 siekzyqkd.info udp
US 8.8.8.8:53 ylaxujjvpzdt.info udp
US 8.8.8.8:53 koiqio.org udp
US 8.8.8.8:53 htqiugaqhcb.org udp
US 8.8.8.8:53 mldbdcbn.info udp
US 8.8.8.8:53 hlqltge.net udp
US 8.8.8.8:53 skqichhuy.net udp
US 8.8.8.8:53 pedxzbrhzb.info udp
US 8.8.8.8:53 icaecugi.com udp
US 8.8.8.8:53 elrmjqoskpgo.net udp
US 8.8.8.8:53 iomunypmc.info udp
US 8.8.8.8:53 vlsqekixshcp.net udp
US 8.8.8.8:53 lszahmfkt.net udp
US 8.8.8.8:53 gusyys.org udp
US 8.8.8.8:53 bksknnrazerp.info udp
US 8.8.8.8:53 xhwtmfujbani.net udp
US 8.8.8.8:53 iwwmiiga.org udp
US 8.8.8.8:53 wuqsnaq.info udp
US 8.8.8.8:53 feawjoykmt.info udp
US 8.8.8.8:53 jgzbxllqdecg.net udp
US 8.8.8.8:53 xigozx.info udp
US 8.8.8.8:53 wtigijfy.info udp
US 8.8.8.8:53 xazbfnbxwans.net udp
US 8.8.8.8:53 hvhmyofneur.info udp
US 8.8.8.8:53 thbjldcrxt.net udp
US 8.8.8.8:53 hpltuulfrbtg.net udp
US 8.8.8.8:53 asecuyemymyi.org udp
US 8.8.8.8:53 yywgnwbwzs.net udp
US 8.8.8.8:53 lkbiigbnkir.net udp
US 8.8.8.8:53 yarxnoq.info udp
US 8.8.8.8:53 jswmnalgvlx.org udp
US 8.8.8.8:53 fbjfdkrr.net udp
US 8.8.8.8:53 nmvxnr.net udp
US 8.8.8.8:53 zmrarczuld.net udp
US 8.8.8.8:53 soxotpwkd.info udp
US 8.8.8.8:53 dwpkzhv.com udp
US 8.8.8.8:53 amriowjldlc.info udp
US 8.8.8.8:53 fsnqjwv.info udp
US 8.8.8.8:53 aayeieoamcqe.org udp
US 8.8.8.8:53 ipusvbgbzw.net udp
US 8.8.8.8:53 rltwexojzn.net udp
US 8.8.8.8:53 mokckeae.org udp
US 8.8.8.8:53 uwzhgmzuv.net udp
US 8.8.8.8:53 fzomamzqlovg.info udp
US 8.8.8.8:53 dayucgzmwkv.net udp
US 8.8.8.8:53 uadxlfbhtrby.net udp
US 8.8.8.8:53 lqzrecgexgn.com udp
US 8.8.8.8:53 mvnpomqx.info udp
US 8.8.8.8:53 wuybayvsmwt.info udp
US 8.8.8.8:53 acvijwfis.info udp
US 8.8.8.8:53 cxlwpyglvdcc.net udp
US 8.8.8.8:53 smbehcrvtuf.info udp
US 8.8.8.8:53 qisakqeiecqu.org udp
US 8.8.8.8:53 ddnypysoj.org udp
US 8.8.8.8:53 mtxstcq.info udp
US 8.8.8.8:53 iggcfwpytwa.net udp
US 8.8.8.8:53 cewkaoeqii.org udp
US 8.8.8.8:53 agtjxghkrq.net udp
US 8.8.8.8:53 aaxgnmwcb.net udp
US 8.8.8.8:53 tuaxjj.net udp
US 8.8.8.8:53 gnxurajd.net udp
US 8.8.8.8:53 drdyjtiz.info udp
US 8.8.8.8:53 ckrqlgvagoz.net udp
US 8.8.8.8:53 csrxwxlmx.net udp
US 8.8.8.8:53 vkylhtylchns.net udp
US 8.8.8.8:53 ushkxbyxdgg.net udp
US 8.8.8.8:53 zhksvcsp.net udp
US 8.8.8.8:53 hmofrznh.info udp
US 8.8.8.8:53 aoyvfv.info udp
US 8.8.8.8:53 aycmjgp.net udp
US 8.8.8.8:53 rhjqoghezh.info udp
US 8.8.8.8:53 jalkbr.info udp
US 8.8.8.8:53 uldeyb.info udp
US 8.8.8.8:53 azhyqhhpfqp.net udp
US 8.8.8.8:53 cxffzmlflm.info udp
US 8.8.8.8:53 jbcvjgvwyjs.com udp
US 8.8.8.8:53 qauwoj.info udp
US 8.8.8.8:53 oarmayvufrf.info udp
US 8.8.8.8:53 fwadvrcw.info udp
US 8.8.8.8:53 hjcutzth.net udp
US 8.8.8.8:53 maltyz.net udp
US 8.8.8.8:53 zmrtxdjw.info udp
US 8.8.8.8:53 qqispynns.info udp
US 8.8.8.8:53 tintjhdhp.info udp
US 8.8.8.8:53 znpodz.net udp
US 8.8.8.8:53 fcvuvkyohfv.org udp
US 8.8.8.8:53 usztsauxtyh.net udp
US 8.8.8.8:53 dwfebekyt.org udp
US 8.8.8.8:53 vebczah.com udp
US 8.8.8.8:53 ppgkzw.info udp
US 8.8.8.8:53 dujnret.org udp
US 8.8.8.8:53 yuucbetns.info udp
US 8.8.8.8:53 bktpfwsl.net udp
US 8.8.8.8:53 rstojpg.net udp
US 8.8.8.8:53 zhdxyujpzudd.info udp
US 8.8.8.8:53 dlwqdu.info udp
US 8.8.8.8:53 gofwtqg.info udp
US 8.8.8.8:53 hegsmwj.org udp
US 8.8.8.8:53 iplqdlbmaiyt.info udp
US 8.8.8.8:53 yyuaoeumqmki.com udp
US 8.8.8.8:53 sqeaccmaqa.org udp
US 8.8.8.8:53 nsdbsgdrvhn.info udp
HK 156.237.207.232:80 yeseee.com tcp
BY 178.125.249.3:19589 tcp
US 8.8.8.8:53 gvrfpip.info udp
US 8.8.8.8:53 iyjjvddp.info udp
US 8.8.8.8:53 ggrqolzyoy.net udp
US 8.8.8.8:53 kyiqacma.com udp
US 8.8.8.8:53 jupejihn.info udp
US 8.8.8.8:53 hrodiovgffm.net udp
US 8.8.8.8:53 dqlpfiwwkepz.net udp
US 8.8.8.8:53 zijhhgbgy.org udp
US 8.8.8.8:53 bylihqpez.info udp
US 8.8.8.8:53 232.207.237.156.in-addr.arpa udp
US 8.8.8.8:53 taxsnux.com udp
US 8.8.8.8:53 jrfhtodifg.info udp
US 8.8.8.8:53 vynafnjux.org udp
US 8.8.8.8:53 mnfpekhmdcza.net udp
US 8.8.8.8:53 hxtsvvg.org udp
US 8.8.8.8:53 ytdetyvev.info udp
US 8.8.8.8:53 iwlpzasaqq.net udp
US 8.8.8.8:53 suewikoywsuo.org udp
US 8.8.8.8:53 luxnouxdfuf.net udp
US 8.8.8.8:53 qqjmgxmb.net udp
US 8.8.8.8:53 iwkqqwaoqaeq.com udp
US 8.8.8.8:53 bakfznqyjrsl.net udp
US 8.8.8.8:53 jolbnynrzeeu.info udp
US 8.8.8.8:53 fxawtfy.info udp
US 8.8.8.8:53 mcpmajvv.net udp
US 8.8.8.8:53 waxuvktcirec.info udp
US 8.8.8.8:53 tsxauoqgjzf.net udp
US 8.8.8.8:53 rblcgst.org udp
US 8.8.8.8:53 cfpsrc.net udp
US 8.8.8.8:53 jlzatxz.info udp
US 8.8.8.8:53 wwmqtih.net udp
US 8.8.8.8:53 jidupfr.org udp
US 8.8.8.8:53 cynwpvlg.info udp
US 8.8.8.8:53 beklnku.com udp
US 8.8.8.8:53 zwgxrkq.org udp
US 8.8.8.8:53 jrfepop.org udp
US 8.8.8.8:53 qqzkbofsp.net udp
US 8.8.8.8:53 nicxrmrxya.net udp
US 8.8.8.8:53 lwjpkg.info udp
US 8.8.8.8:53 wgaogaqiku.org udp
US 8.8.8.8:53 bjteet.info udp
US 8.8.8.8:53 qmvygc.net udp
US 8.8.8.8:53 swyueylxlve.info udp
US 8.8.8.8:53 lgfexnbsblf.info udp
US 8.8.8.8:53 ftizam.info udp
US 8.8.8.8:53 vdinsezipu.net udp
US 8.8.8.8:53 sattmarij.net udp
US 8.8.8.8:53 elmsfcnviaha.net udp
US 8.8.8.8:53 meqyvqaagpws.info udp
US 8.8.8.8:53 egqkaykymuwy.com udp
US 8.8.8.8:53 rvmonfphd.org udp
US 8.8.8.8:53 afxgnqb.net udp
US 8.8.8.8:53 kacmqaekoq.com udp
US 8.8.8.8:53 cggoawui.org udp
US 8.8.8.8:53 qywgwgyq.com udp
US 8.8.8.8:53 nofljiwg.info udp
US 8.8.8.8:53 mfxmirp.net udp
US 8.8.8.8:53 cnsqroz.net udp
US 8.8.8.8:53 ugxzpkqsvwl.net udp
US 8.8.8.8:53 jcbhfkvmz.org udp
US 8.8.8.8:53 bcksphj.net udp
US 8.8.8.8:53 agimwqqayw.com udp
US 8.8.8.8:53 egvmisianow.info udp
US 8.8.8.8:53 xanwqkg.info udp
US 8.8.8.8:53 carniqb.net udp
US 8.8.8.8:53 sokqegqqaayc.org udp
US 8.8.8.8:53 zivytptdz.com udp
US 8.8.8.8:53 rqdkyeowgcx.net udp
US 8.8.8.8:53 xygbdoqlv.org udp
US 8.8.8.8:53 djnklkzedcg.org udp
US 8.8.8.8:53 lhbghq.net udp
US 8.8.8.8:53 fofcgchur.net udp
US 8.8.8.8:53 kmaocqew.org udp
US 8.8.8.8:53 agiwfgdsu.net udp
US 8.8.8.8:53 lwxoxtiuqit.net udp
US 8.8.8.8:53 vsrkronqxqc.net udp
US 8.8.8.8:53 qgqvid.info udp
US 8.8.8.8:53 ymwomwegsy.org udp
US 8.8.8.8:53 icaijmduf.net udp
US 8.8.8.8:53 qccqwqqi.org udp
US 8.8.8.8:53 vefevexgg.net udp
US 8.8.8.8:53 kazyicyavtoq.info udp
US 8.8.8.8:53 cqoycgwuqi.com udp
US 8.8.8.8:53 qcqmqaku.org udp
US 8.8.8.8:53 cfwjbujktq.info udp
US 8.8.8.8:53 sijvuqcud.net udp
LT 77.221.78.114:39059 tcp
US 8.8.8.8:53 stfhbwifvy.info udp
US 8.8.8.8:53 fzqwtokyrnsr.net udp
US 8.8.8.8:53 fgyojpnggd.info udp
US 8.8.8.8:53 lemhdf.info udp
US 8.8.8.8:53 ywociuosey.org udp
US 8.8.8.8:53 efdlohhy.info udp
US 8.8.8.8:53 kjtyfem.info udp
US 8.8.8.8:53 zitiqkxzo.info udp
US 8.8.8.8:53 hxjezkaaj.net udp
US 8.8.8.8:53 ymxkblgll.net udp
US 8.8.8.8:53 itabjj.net udp
US 8.8.8.8:53 scaoec.com udp
US 8.8.8.8:53 pcvoxmrujpuz.net udp
US 8.8.8.8:53 pmvwlcgtpsd.com udp
US 8.8.8.8:53 raeoprklqc.info udp
US 8.8.8.8:53 shnpzwyodof.net udp
US 8.8.8.8:53 bgdqgf.net udp
US 8.8.8.8:53 ucxmvkjahpn.info udp
US 8.8.8.8:53 gsderkaso.info udp
US 8.8.8.8:53 ginyfyj.info udp
US 8.8.8.8:53 pionfeze.info udp
US 8.8.8.8:53 cgkcui.org udp
US 8.8.8.8:53 xzfgaacnmmfu.net udp
US 8.8.8.8:53 lzrasizmj.net udp
US 8.8.8.8:53 zvznxf.info udp
US 8.8.8.8:53 yilpmh.info udp
US 8.8.8.8:53 ycxvrvto.info udp
US 8.8.8.8:53 cuuwxsykwea.info udp
US 8.8.8.8:53 squqkm.org udp
US 8.8.8.8:53 eacqsw.org udp
US 8.8.8.8:53 eqwkxorsw.net udp
US 8.8.8.8:53 xwtmlinof.net udp
US 8.8.8.8:53 tithjmlb.net udp
US 8.8.8.8:53 vpnwlqdqeauj.net udp
US 8.8.8.8:53 cmaakgskgoqk.com udp
US 8.8.8.8:53 amvbrfhisy.info udp
US 8.8.8.8:53 rzohmurstn.info udp
US 8.8.8.8:53 dhdgtd.info udp
US 8.8.8.8:53 njkkkqukgji.org udp
US 8.8.8.8:53 ehtrbdxwnwt.net udp
US 8.8.8.8:53 aufqflf.info udp
US 8.8.8.8:53 sbablr.net udp
US 8.8.8.8:53 onvipnl.net udp
US 8.8.8.8:53 yamiyu.org udp
US 8.8.8.8:53 oezfxoxed.info udp
US 8.8.8.8:53 aubgzylblcd.info udp
US 8.8.8.8:53 uuecll.net udp
US 8.8.8.8:53 rwhudyf.org udp
US 8.8.8.8:53 lpwyvujofcm.net udp
US 8.8.8.8:53 dvnfddco.info udp
US 8.8.8.8:53 hkzfeunqft.net udp
US 8.8.8.8:53 suncjsvmr.info udp
US 8.8.8.8:53 tokgsgnnaceo.info udp
US 8.8.8.8:53 uacoqg.org udp
US 8.8.8.8:53 yokmnx.info udp
US 8.8.8.8:53 ijdtcyej.net udp
US 8.8.8.8:53 kvjyvchozgq.net udp
US 8.8.8.8:53 thgxfl.info udp
US 8.8.8.8:53 rcrcrbxww.net udp
US 8.8.8.8:53 mkqqeoys.org udp
US 8.8.8.8:53 cgzizmeq.info udp
US 8.8.8.8:53 hmvqzix.com udp
US 8.8.8.8:53 ocmwkuug.com udp
US 8.8.8.8:53 ucpvxszpb.info udp
US 8.8.8.8:53 ivemnxnb.info udp
US 8.8.8.8:53 mlfcdejcu.net udp
US 8.8.8.8:53 hwkgtysv.info udp
US 8.8.8.8:53 zkdrzmqgrk.net udp
US 8.8.8.8:53 cysggooo.org udp
US 8.8.8.8:53 nflpfx.info udp
US 8.8.8.8:53 wacysgigcaey.org udp
US 8.8.8.8:53 ujicnpxsnl.net udp
US 8.8.8.8:53 xtnhdkldhi.info udp
US 8.8.8.8:53 qxggvgl.info udp
US 8.8.8.8:53 igqztsawouj.net udp
US 8.8.8.8:53 dwsikogj.info udp
US 8.8.8.8:53 tyxufrnp.info udp
US 8.8.8.8:53 yoimsyai.org udp
US 8.8.8.8:53 uawwuoeowmuw.com udp
US 8.8.8.8:53 vsouzbxgt.info udp
US 8.8.8.8:53 xgnijggfclh.com udp
US 8.8.8.8:53 wjdqglpu.net udp
US 8.8.8.8:53 lldutkvyr.com udp
US 8.8.8.8:53 xykijz.info udp
US 8.8.8.8:53 nmlmtevvo.info udp
US 8.8.8.8:53 azvutebjec.net udp
US 8.8.8.8:53 rqbmtixdpcb.info udp
US 8.8.8.8:53 axkyjh.net udp
US 8.8.8.8:53 gtpmumq.net udp
US 8.8.8.8:53 wsyqzjzsjih.info udp
US 8.8.8.8:53 rigifehun.net udp
US 8.8.8.8:53 itdiivurgl.net udp
US 8.8.8.8:53 frspdwnj.net udp
US 8.8.8.8:53 tmayxmurogi.org udp
US 8.8.8.8:53 ylzbkowkvn.info udp
US 8.8.8.8:53 iuecpck.info udp
US 8.8.8.8:53 nmloxwrxo.net udp
US 8.8.8.8:53 ecvecmvlfgx.net udp
US 8.8.8.8:53 ksgkugkgkgii.com udp
US 8.8.8.8:53 zzkzhrlo.info udp
US 8.8.8.8:53 hfgkacxqinla.net udp
US 8.8.8.8:53 pkbpbyz.org udp
US 8.8.8.8:53 gaguoqkmmm.org udp
US 8.8.8.8:53 vgzuvzgdwn.net udp
US 8.8.8.8:53 xizjfuqnvubh.info udp
US 8.8.8.8:53 daxwxmiwnis.com udp
US 8.8.8.8:53 savqpwhqr.info udp
US 8.8.8.8:53 iusiogeeos.org udp
US 8.8.8.8:53 idlffowv.info udp
US 8.8.8.8:53 aemnosge.net udp
US 8.8.8.8:53 yajpyqiudrkm.info udp
US 8.8.8.8:53 lrowcjkt.net udp
US 8.8.8.8:53 qmgokg.com udp
US 8.8.8.8:53 yocauycg.org udp
US 8.8.8.8:53 mfrlyp.info udp
US 8.8.8.8:53 rqtuscv.com udp
US 8.8.8.8:53 xbxlmfybwlcm.net udp
US 8.8.8.8:53 acxqaei.net udp
US 8.8.8.8:53 ocsacumo.org udp
US 8.8.8.8:53 qqejldixywih.info udp
US 8.8.8.8:53 firqntlbjs.info udp
US 8.8.8.8:53 fjswfmxs.net udp
US 8.8.8.8:53 seftvq.info udp
US 8.8.8.8:53 uyhxtmjmzzn.net udp
US 8.8.8.8:53 vanjpyu.com udp
US 8.8.8.8:53 ipusxl.info udp
US 8.8.8.8:53 ikjeggcrbq.net udp
US 8.8.8.8:53 oklwmhsexc.net udp
US 8.8.8.8:53 uchymef.net udp
US 8.8.8.8:53 hehdlebkhif.info udp
US 8.8.8.8:53 tatcntpljz.info udp
US 8.8.8.8:53 lexthisfyv.info udp
US 8.8.8.8:53 ugdmtph.net udp
GR 94.69.80.118:44227 tcp
US 8.8.8.8:53 rvwmjyzodabt.info udp
US 8.8.8.8:53 dhqyoyayy.info udp
US 8.8.8.8:53 amksoweiuc.com udp
US 8.8.8.8:53 roejsuia.net udp
US 8.8.8.8:53 jzhmdjb.info udp
US 8.8.8.8:53 kcgmcc.com udp
US 8.8.8.8:53 ywbmxtjsfezl.info udp
US 8.8.8.8:53 hvjjjigqvij.info udp
US 8.8.8.8:53 buvogivgp.org udp
US 8.8.8.8:53 fytqtdparf.net udp
US 8.8.8.8:53 fxbpxdej.net udp
US 8.8.8.8:53 ygaayqgs.com udp
US 8.8.8.8:53 kvbeztme.info udp
US 8.8.8.8:53 koxgcrrtnuk.net udp
US 8.8.8.8:53 dbxytamqyr.info udp
US 8.8.8.8:53 uxrmbazwdnqf.net udp
US 8.8.8.8:53 ckakygew.com udp
US 8.8.8.8:53 raazpygl.net udp
US 8.8.8.8:53 walbskjn.info udp
US 8.8.8.8:53 zynxzvkowl.info udp
US 8.8.8.8:53 fbuwnvjv.info udp
US 8.8.8.8:53 ssmxzo.info udp
US 8.8.8.8:53 xvryjoayrev.info udp
US 8.8.8.8:53 pwkovrjiq.com udp
US 8.8.8.8:53 pmqgqnyy.net udp
US 8.8.8.8:53 ykkcji.net udp
US 8.8.8.8:53 oggazxlcfsfe.net udp
US 8.8.8.8:53 rgiklh.info udp
US 8.8.8.8:53 brdoxdos.info udp
US 8.8.8.8:53 tboyrtniuyn.net udp
US 8.8.8.8:53 dzdqif.net udp
US 8.8.8.8:53 pxhqcg.info udp
US 8.8.8.8:53 hjfkrp.net udp
US 8.8.8.8:53 qfvhzf.net udp
US 8.8.8.8:53 hdcbymtpjotb.net udp
US 8.8.8.8:53 macuaiyeuqqe.org udp
US 8.8.8.8:53 qciscqym.org udp
US 8.8.8.8:53 fmpqpmkofcy.net udp
US 8.8.8.8:53 ymmyqbztclxr.info udp
US 8.8.8.8:53 wmbuhyrvcon.info udp
US 8.8.8.8:53 iqjkiytxpcb.net udp
US 8.8.8.8:53 haddjeg.net udp
US 8.8.8.8:53 kusiwm.org udp
US 8.8.8.8:53 mwycqayuwe.com udp
US 8.8.8.8:53 ckgqqyaw.com udp
US 8.8.8.8:53 vgciuofoq.net udp
US 8.8.8.8:53 bklmbonrp.org udp
US 8.8.8.8:53 ngvlpyey.net udp
US 8.8.8.8:53 mutctc.net udp
US 8.8.8.8:53 fvljsbupim.net udp
US 8.8.8.8:53 eegyiyso.org udp
US 8.8.8.8:53 waymomyo.org udp
US 8.8.8.8:53 xwsavip.net udp
US 8.8.8.8:53 atpsjmvhsmb.net udp
US 8.8.8.8:53 hcionq.info udp
US 8.8.8.8:53 mmzzozjw.info udp
US 8.8.8.8:53 mkxejqwf.info udp
US 8.8.8.8:53 noxrtgs.org udp
US 8.8.8.8:53 iqteicdl.net udp
US 8.8.8.8:53 hmzuogpis.info udp
US 8.8.8.8:53 lipononon.info udp
US 8.8.8.8:53 dewgvrjsbws.org udp
US 8.8.8.8:53 julkryi.info udp
US 8.8.8.8:53 rbaypnpuzol.org udp
US 8.8.8.8:53 rqwquc.net udp
US 8.8.8.8:53 owggbafsvuj.info udp
US 8.8.8.8:53 xfrrgutv.net udp
US 8.8.8.8:53 eazerazey.net udp
US 8.8.8.8:53 diumcyxuvir.com udp
US 8.8.8.8:53 cydnzcjqzgl.net udp
US 8.8.8.8:53 yzhatlbh.info udp
US 8.8.8.8:53 vhveha.info udp
US 8.8.8.8:53 ywykekseiegk.com udp
US 8.8.8.8:53 sqqumgekumeo.org udp
US 8.8.8.8:53 ikccgk.com udp
US 8.8.8.8:53 wyzgpatjx.info udp
US 8.8.8.8:53 amegia.org udp
US 8.8.8.8:53 orhgnmihiizh.info udp
US 8.8.8.8:53 mqdujgx.info udp
US 8.8.8.8:53 meumgzpu.info udp
US 8.8.8.8:53 pqpsdqt.org udp
US 8.8.8.8:53 mecfrprlvw.net udp
US 8.8.8.8:53 emjqqmtql.info udp
US 8.8.8.8:53 nmyavgmcg.com udp
US 8.8.8.8:53 fshhtxpue.org udp
US 8.8.8.8:53 imluhkyxr.info udp
US 8.8.8.8:53 aycsigaiskoo.org udp
US 8.8.8.8:53 skiqugtsht.info udp
US 8.8.8.8:53 lytuefatnbnu.net udp
US 8.8.8.8:53 tlrgdipevar.net udp
US 8.8.8.8:53 etzapfaojii.net udp
US 8.8.8.8:53 lnnvbcdyf.com udp
US 8.8.8.8:53 qlfqexn.info udp
US 8.8.8.8:53 pbgsxnywj.info udp
US 8.8.8.8:53 sfkgeqzvgj.info udp
US 8.8.8.8:53 qcggkayw.com udp
US 8.8.8.8:53 rendya.info udp
US 8.8.8.8:53 xgcmtnr.net udp
US 8.8.8.8:53 jczubghuf.com udp
US 8.8.8.8:53 lgjply.net udp
US 8.8.8.8:53 vkvfqucw.info udp
US 8.8.8.8:53 duxxxrpmyz.info udp
US 8.8.8.8:53 qdfcjrr.net udp
US 8.8.8.8:53 oahzbczz.info udp
US 8.8.8.8:53 fuyzsxp.org udp
US 8.8.8.8:53 mmgeec.com udp
US 8.8.8.8:53 dkgxbaxz.net udp
US 8.8.8.8:53 lelxray.net udp
US 8.8.8.8:53 bsxjofye.info udp
US 8.8.8.8:53 puvtjiaya.net udp
US 8.8.8.8:53 sabffwd.net udp
US 8.8.8.8:53 llmtynj.com udp
US 8.8.8.8:53 huxeyxqoh.org udp
US 8.8.8.8:53 dtprub.info udp
US 8.8.8.8:53 lzkeoaqml.com udp
US 8.8.8.8:53 imvgzn.net udp
US 8.8.8.8:53 pwmnodbphh.info udp
US 8.8.8.8:53 zumwrx.info udp
US 8.8.8.8:53 xhtzec.info udp
US 8.8.8.8:53 dngfrgoifb.info udp
US 8.8.8.8:53 pifxhrj.info udp
US 8.8.8.8:53 yqymqm.com udp
US 8.8.8.8:53 aezafqv.net udp
US 8.8.8.8:53 siyqvceqj.info udp
US 8.8.8.8:53 wzpltpziuu.net udp
US 8.8.8.8:53 fhqyde.info udp
US 8.8.8.8:53 wqbnjuesscl.net udp
US 8.8.8.8:53 jyknbtfah.com udp
US 8.8.8.8:53 ltmundpr.info udp
US 8.8.8.8:53 wjgdlmtoumn.net udp
US 8.8.8.8:53 accywyvwx.info udp
US 8.8.8.8:53 lozcpehcnox.org udp
US 8.8.8.8:53 baiizeh.com udp
US 8.8.8.8:53 zmpdhstkfdw.org udp
US 8.8.8.8:53 hdswvm.net udp
US 8.8.8.8:53 ueqfqooc.net udp
US 8.8.8.8:53 urjcmidspk.net udp
US 8.8.8.8:53 wglxbeyixsg.info udp
US 8.8.8.8:53 csaomkgeme.com udp
US 8.8.8.8:53 lfworg.net udp
US 8.8.8.8:53 iieeoaic.com udp
US 8.8.8.8:53 zsxjbahsp.org udp
US 8.8.8.8:53 vagjxq.net udp
US 8.8.8.8:53 aogobal.info udp
US 8.8.8.8:53 nhwpjsxbjzbj.info udp
US 8.8.8.8:53 buvavsv.com udp
US 8.8.8.8:53 ewayyggaeg.org udp
US 8.8.8.8:53 gudechrg.info udp
US 8.8.8.8:53 rpffvwdc.net udp
US 8.8.8.8:53 kpjadylsba.net udp
US 8.8.8.8:53 elnapul.info udp
BG 46.47.114.153:40131 tcp
US 8.8.8.8:53 ztqdje.info udp
US 8.8.8.8:53 rcbljousb.com udp
US 8.8.8.8:53 hdecxtp.org udp
US 8.8.8.8:53 keisreo.info udp
US 8.8.8.8:53 creyhbxohm.info udp
US 8.8.8.8:53 njburqdcd.com udp
US 8.8.8.8:53 tbxultccmj.info udp
US 8.8.8.8:53 nqldnkf.com udp
US 8.8.8.8:53 bcntgndccmru.net udp
US 8.8.8.8:53 kecocmgu.com udp
US 8.8.8.8:53 migkig.org udp
US 8.8.8.8:53 fbsaaimnsmgv.info udp
US 8.8.8.8:53 kyswflejd.net udp
US 8.8.8.8:53 psjgnfdmjwx.net udp
US 8.8.8.8:53 hmbtrmsnydae.info udp
US 8.8.8.8:53 wsgrvobrq.net udp
US 8.8.8.8:53 uyokqw.com udp
US 8.8.8.8:53 bydbtahum.net udp
US 8.8.8.8:53 vqjudurgv.net udp
US 8.8.8.8:53 pygdlsz.com udp
DE 85.214.228.140:80 kavtbvqf.info tcp
US 8.8.8.8:53 zuxejnv.info udp
US 8.8.8.8:53 tpvsfmvsnrso.info udp
US 8.8.8.8:53 ogbzhsjcovr.net udp
US 8.8.8.8:53 eimwiiomsq.org udp
US 8.8.8.8:53 xpxfxdqswh.info udp
US 54.244.188.177:80 sejibalqxar.net tcp
US 8.8.8.8:53 wevgoov.info udp
US 8.8.8.8:53 nujmtindoh.info udp
US 8.8.8.8:53 htrplv.info udp
US 8.8.8.8:53 nbdztrqh.net udp
US 8.8.8.8:53 udylpipwz.net udp
US 8.8.8.8:53 pctomggbraj.com udp
US 8.8.8.8:53 eitnmjxwv.net udp
US 8.8.8.8:53 lbgaxfb.com udp
US 208.100.26.245:80 egksyqv.info tcp
US 8.8.8.8:53 shomipvf.net udp
US 8.8.8.8:53 xjqippo.org udp
US 8.8.8.8:53 nzvpvaditkbf.net udp
US 8.8.8.8:53 gqhcduvihrh.info udp
US 8.8.8.8:53 igxmmap.net udp
US 8.8.8.8:53 pnsdfbklr.com udp
US 8.8.8.8:53 gyvqwcxtyk.info udp
US 8.8.8.8:53 twaszbkemsp.net udp
US 8.8.8.8:53 wclkqrqe.net udp
US 8.8.8.8:53 aqnotuhi.info udp
US 8.8.8.8:53 uylheqvecsf.info udp
US 8.8.8.8:53 dqomjupjyi.info udp
US 8.8.8.8:53 hsksignnoewk.net udp
US 8.8.8.8:53 rodgfhnztueb.info udp
US 8.8.8.8:53 xerqiiou.net udp
US 8.8.8.8:53 lqeuqrlvbef.net udp
US 8.8.8.8:53 smkigimkgwwq.org udp
US 8.8.8.8:53 phqaumrnf.com udp
US 8.8.8.8:53 miokgksskwum.com udp
US 8.8.8.8:53 goimsayscows.com udp
US 8.8.8.8:53 wxxyfgierv.net udp
US 8.8.8.8:53 pwarhvzx.net udp
US 8.8.8.8:53 havbtylo.net udp
US 8.8.8.8:53 qiisxre.net udp
US 8.8.8.8:53 rriepvuthz.info udp
US 8.8.8.8:53 nbjrecsg.net udp
US 8.8.8.8:53 occzlsyc.net udp
US 8.8.8.8:53 ptxjbjzzqkmh.info udp
US 8.8.8.8:53 rwhipqp.org udp
US 8.8.8.8:53 vmgxfihyh.com udp
US 8.8.8.8:53 ekquuwag.com udp
US 8.8.8.8:53 catdtirlxee.net udp
US 8.8.8.8:53 rtuyhjjj.info udp
US 8.8.8.8:53 hvtdtsgilkr.org udp
US 8.8.8.8:53 gotqpsxeq.net udp
US 8.8.8.8:53 xmnmhchgm.net udp
US 8.8.8.8:53 cmzjjlvf.net udp
US 8.8.8.8:53 ekuedqrcp.info udp
US 8.8.8.8:53 cwuwjvqr.info udp
US 8.8.8.8:53 ocbmjefhvqj.info udp
US 8.8.8.8:53 vljgbupsl.net udp
US 8.8.8.8:53 bsieldyd.info udp
US 8.8.8.8:53 tmoebn.net udp
US 8.8.8.8:53 dyjzbs.net udp
US 8.8.8.8:53 vivsjwxcrnj.org udp
US 8.8.8.8:53 cwesmkki.com udp
US 8.8.8.8:53 eefmqcw.net udp
US 8.8.8.8:53 iaattusoh.info udp
US 8.8.8.8:53 qpejngowavjy.info udp
US 8.8.8.8:53 vozpebnh.info udp
US 8.8.8.8:53 moenscmecw.net udp
US 8.8.8.8:53 zoxadhrur.com udp
US 8.8.8.8:53 lcbsfiyyz.com udp
US 8.8.8.8:53 birepoq.com udp
US 8.8.8.8:53 vpwcwhdpom.info udp
US 8.8.8.8:53 lttmba.net udp
US 8.8.8.8:53 ajhiqylf.info udp
US 8.8.8.8:53 dmbealkee.net udp
US 8.8.8.8:53 bafefq.net udp
US 8.8.8.8:53 vzjhcolkz.info udp
US 8.8.8.8:53 juhldclic.com udp
US 8.8.8.8:53 yqiweowi.com udp
US 8.8.8.8:53 brargk.info udp
US 8.8.8.8:53 vgcanks.net udp
US 8.8.8.8:53 buoytrytcc.info udp
US 8.8.8.8:53 azdhbhstwfkh.info udp
US 8.8.8.8:53 fszehlnx.net udp
US 8.8.8.8:53 pjlfqvazbsjo.net udp
US 8.8.8.8:53 rfntjbxs.info udp
US 8.8.8.8:53 aimuusuaao.org udp
US 8.8.8.8:53 qegcqcceeyke.com udp
US 8.8.8.8:53 gzcwnopqd.info udp
US 8.8.8.8:53 jkdcdyf.com udp
US 8.8.8.8:53 ysdiviayz.info udp
US 8.8.8.8:53 czvgxitbxg.net udp
US 8.8.8.8:53 snmlbztkwkqv.net udp
US 8.8.8.8:53 gfuvwmjpgb.net udp
US 8.8.8.8:53 mneehleczd.net udp
US 8.8.8.8:53 ugabhufak.net udp
US 8.8.8.8:53 zsqxejydfpnt.info udp
US 8.8.8.8:53 touwnu.info udp
GR 62.169.208.44:26222 tcp
US 8.8.8.8:53 dswpog.net udp
US 8.8.8.8:53 pomhlyinh.net udp
US 8.8.8.8:53 ithaweln.info udp
US 8.8.8.8:53 xdzmrft.org udp
US 8.8.8.8:53 uspavcp.net udp
US 8.8.8.8:53 ecoqtke.net udp
US 8.8.8.8:53 hrnujmsfph.net udp
US 8.8.8.8:53 ourepitvklx.info udp
US 8.8.8.8:53 eooswcouec.com udp
US 8.8.8.8:53 fsczualcjk.info udp
US 8.8.8.8:53 nmwnbosecp.info udp
US 8.8.8.8:53 bsvtdu.net udp
US 8.8.8.8:53 uuwygwcmmc.com udp
US 8.8.8.8:53 fifqlpb.org udp
US 8.8.8.8:53 ripbheq.net udp
US 8.8.8.8:53 mnhhpwrtdai.info udp
US 8.8.8.8:53 mcunzkr.net udp
US 8.8.8.8:53 jnzrnrhadt.info udp
US 8.8.8.8:53 octpnmfeveb.net udp
US 8.8.8.8:53 xfrefwl.info udp
US 8.8.8.8:53 kasabx.net udp
US 8.8.8.8:53 cnnkoyjwprx.info udp
US 8.8.8.8:53 yqvxspny.net udp
US 8.8.8.8:53 cwbobcrni.info udp
US 8.8.8.8:53 tcxdgup.org udp
US 8.8.8.8:53 ruksvdctcqr.com udp
US 8.8.8.8:53 aalrmp.net udp
US 8.8.8.8:53 mskgeeb.info udp
US 8.8.8.8:53 oeewfmk.net udp
US 8.8.8.8:53 lqoyvyx.info udp
US 8.8.8.8:53 qsssec.com udp
US 8.8.8.8:53 bsrweqh.net udp
US 8.8.8.8:53 fyqrkpnbuw.net udp
US 8.8.8.8:53 pptjrvfokbr.net udp
US 8.8.8.8:53 jyzepuh.org udp
US 8.8.8.8:53 juhdvcwd.info udp
US 8.8.8.8:53 kshgvj.net udp
US 8.8.8.8:53 yzyzhfwp.net udp
US 8.8.8.8:53 xykutplmhmfn.net udp
US 8.8.8.8:53 sqqypacmjwg.net udp
US 8.8.8.8:53 ausggnptzkhy.net udp
US 8.8.8.8:53 hqicbsebx.net udp
US 8.8.8.8:53 vfosjdtu.net udp
US 8.8.8.8:53 dajxtuf.org udp
US 8.8.8.8:53 hwxxdb.net udp
US 8.8.8.8:53 mlgsxflu.net udp
US 8.8.8.8:53 mwpundwwgqf.info udp
US 8.8.8.8:53 llmylvqrvc.info udp
US 8.8.8.8:53 kmpdjanxcx.info udp
US 8.8.8.8:53 ayaisqusmc.com udp
US 8.8.8.8:53 smlorkx.net udp
US 8.8.8.8:53 xqcyxif.info udp
US 8.8.8.8:53 pevbsci.com udp
US 8.8.8.8:53 jljcywgh.info udp
US 8.8.8.8:53 cenavclyjvz.net udp
US 8.8.8.8:53 wykkis.org udp
US 8.8.8.8:53 nszgvcoej.net udp
US 8.8.8.8:53 aptavxszku.info udp
US 8.8.8.8:53 cseckqqekoic.com udp
US 8.8.8.8:53 oesmaemmgi.com udp
US 8.8.8.8:53 emzpnpjytdi.info udp
US 8.8.8.8:53 jfmxfzrurlvj.net udp
US 8.8.8.8:53 rvpimiew.info udp
US 8.8.8.8:53 jinfugfp.net udp
US 8.8.8.8:53 icagqyegysim.org udp
US 8.8.8.8:53 siqmoyggcq.org udp
US 8.8.8.8:53 ajpowcjojvl.net udp
US 8.8.8.8:53 cywumaqcoa.org udp
US 8.8.8.8:53 tjqryxbhdomh.net udp
US 8.8.8.8:53 isiium.com udp
US 8.8.8.8:53 uycmtvuz.info udp
US 8.8.8.8:53 qdaqwtlafa.info udp
US 8.8.8.8:53 qcimyu.org udp
US 8.8.8.8:53 urvgrtjlwxx.info udp
US 8.8.8.8:53 gteghdjchdr.info udp
US 8.8.8.8:53 gulazqdhbey.info udp
US 8.8.8.8:53 hirultsib.info udp
US 8.8.8.8:53 gxjmexojzn.info udp
US 8.8.8.8:53 jxdasrpmhurk.info udp
US 8.8.8.8:53 btnaaytgsfj.info udp
US 8.8.8.8:53 oqbrfifgv.net udp
US 8.8.8.8:53 pdnakhfafspz.info udp
US 8.8.8.8:53 dqvyxrbch.net udp
US 8.8.8.8:53 fmgkkih.com udp
US 8.8.8.8:53 nnbxpgfvjitu.info udp
US 8.8.8.8:53 vehihtg.info udp
US 8.8.8.8:53 mbiiznxdulyh.net udp
US 8.8.8.8:53 iewieqieoq.org udp
US 8.8.8.8:53 umnyzdn.net udp
US 8.8.8.8:53 jaquminefct.info udp
US 8.8.8.8:53 sahrbstroek.net udp
US 8.8.8.8:53 rgnhewpuhig.net udp
US 8.8.8.8:53 qpeavxszku.net udp
US 8.8.8.8:53 mygcsuwesmwm.com udp
US 8.8.8.8:53 rgjetfbdsewq.info udp
US 8.8.8.8:53 knykwdex.net udp
US 8.8.8.8:53 vmdhdpoe.net udp
US 8.8.8.8:53 lgnpzslkftim.net udp
US 8.8.8.8:53 nvqhtsfzlm.info udp
US 8.8.8.8:53 ugwstuhdomv.info udp
US 8.8.8.8:53 kwhqlsf.net udp
US 8.8.8.8:53 kdxkczbux.net udp
US 8.8.8.8:53 aekgyvebddls.net udp
US 8.8.8.8:53 oqhajmtmnmh.info udp
US 8.8.8.8:53 eqzirgalxqr.info udp
US 8.8.8.8:53 wieavxszku.net udp
US 8.8.8.8:53 kcyask.com udp
US 8.8.8.8:53 gxvrnexi.info udp
US 8.8.8.8:53 qrdabwdgw.info udp
US 8.8.8.8:53 kjzcwqq.net udp
US 8.8.8.8:53 rreplnac.info udp
US 8.8.8.8:53 zqmibxhaj.org udp
US 8.8.8.8:53 pozydco.com udp
US 8.8.8.8:53 dmnxpitmx.org udp
US 8.8.8.8:53 rugdhelmt.net udp
US 8.8.8.8:53 iyjndxxu.net udp
US 8.8.8.8:53 xqeqvctmsuh.net udp
US 8.8.8.8:53 wjasnej.net udp
US 8.8.8.8:53 jmtnzgcazlrn.net udp
US 8.8.8.8:53 scempivbz.net udp
US 8.8.8.8:53 qxrwrxkgnrd.net udp
US 8.8.8.8:53 rxlmehyn.info udp
US 8.8.8.8:53 blrududc.net udp
US 8.8.8.8:53 ariaui.info udp
US 8.8.8.8:53 wgwtnn.info udp
PL 84.38.209.39:29389 tcp
US 8.8.8.8:53 wuwdpawsrohg.net udp
US 8.8.8.8:53 xkdtdwpsgk.info udp
US 8.8.8.8:53 xghygzsuyad.net udp
US 8.8.8.8:53 hgxntkm.net udp
US 8.8.8.8:53 eqrxvaygczvk.info udp
US 8.8.8.8:53 otttjaek.info udp
US 8.8.8.8:53 yyookkkg.org udp
US 8.8.8.8:53 pbrhfkpfkygt.info udp
US 8.8.8.8:53 sgsoagiiccyw.com udp
US 8.8.8.8:53 sgiseo.org udp
US 8.8.8.8:53 okecgq.com udp
US 8.8.8.8:53 nslpvomst.com udp
US 8.8.8.8:53 kwacjtx.net udp
US 8.8.8.8:53 fgxnxhxoitsr.info udp
US 8.8.8.8:53 djlicfxk.net udp
US 8.8.8.8:53 fodcfyd.net udp
US 8.8.8.8:53 ykznheipxvr.net udp
US 8.8.8.8:53 dbuguvooxgpt.info udp
US 8.8.8.8:53 kmkkoeacmm.com udp
US 8.8.8.8:53 kyocycssciyc.com udp
US 8.8.8.8:53 legyllgar.net udp
US 8.8.8.8:53 cyoaccuagi.com udp
US 8.8.8.8:53 lobshdxqrbv.org udp
US 8.8.8.8:53 rwbklxfvdgn.net udp
US 8.8.8.8:53 swwuwkka.org udp
US 8.8.8.8:53 ptyxvofusy.info udp
US 8.8.8.8:53 lpobxcz.com udp
US 8.8.8.8:53 kajpailpjmp.info udp
US 8.8.8.8:53 mccyjpxaz.info udp
US 8.8.8.8:53 rsgokoftgc.net udp
US 8.8.8.8:53 sajtvebwz.net udp
US 8.8.8.8:53 gwgoqq.com udp
US 8.8.8.8:53 kccgucgu.org udp
US 8.8.8.8:53 xpfmxyhdon.net udp
US 8.8.8.8:53 qwnkvqlmgym.net udp
US 8.8.8.8:53 rbyfak.net udp
US 8.8.8.8:53 cvhyxcvn.net udp
US 8.8.8.8:53 wjcazsxa.net udp
US 8.8.8.8:53 fiepvwpivef.com udp
US 8.8.8.8:53 miokqo.com udp
US 8.8.8.8:53 aclujyfwp.net udp
US 8.8.8.8:53 gislpxktd.info udp
US 8.8.8.8:53 htrrzpijsd.net udp
US 8.8.8.8:53 ewegpmxz.info udp
US 8.8.8.8:53 xffemswh.info udp
US 8.8.8.8:53 syvytcc.info udp
US 8.8.8.8:53 pzwwrlewwj.net udp
US 8.8.8.8:53 ylqefiw.info udp
US 8.8.8.8:53 rztmbuka.info udp
US 8.8.8.8:53 vqrheyzex.net udp
US 8.8.8.8:53 emayrfvnpqus.net udp
US 8.8.8.8:53 rypztbpm.info udp
US 8.8.8.8:53 surkdlbdvgd.net udp
US 8.8.8.8:53 jkegrujevkd.info udp
US 8.8.8.8:53 okjlper.net udp
US 8.8.8.8:53 vadcui.net udp
US 8.8.8.8:53 vvgrkznk.info udp
US 8.8.8.8:53 wuyaiqgeqy.com udp
US 8.8.8.8:53 djnewdjr.net udp
US 8.8.8.8:53 scsccy.org udp
US 8.8.8.8:53 vicyhzdbhj.info udp
US 8.8.8.8:53 uhpmrupuasn.net udp
US 8.8.8.8:53 mwnqjbhtigyx.info udp
US 8.8.8.8:53 kbpbjlcflp.net udp
US 8.8.8.8:53 hbatnfxuzw.net udp
US 8.8.8.8:53 rypnvqgzxmj.info udp
US 8.8.8.8:53 bmzobypil.org udp
US 8.8.8.8:53 oacqsyko.com udp
US 8.8.8.8:53 wsxyxyevf.info udp
US 8.8.8.8:53 dlrwqadxkm.net udp
US 8.8.8.8:53 mwocxdfe.info udp
US 8.8.8.8:53 uoswek.org udp
US 8.8.8.8:53 flsejcp.net udp
US 8.8.8.8:53 iqtkewgpr.info udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 ywkyauss.com udp
US 8.8.8.8:53 ryxdtsd.net udp
US 8.8.8.8:53 iswoqsvkin.net udp
US 8.8.8.8:53 lcpvwifarrdf.net udp
US 8.8.8.8:53 mhpzdgtlrz.net udp
US 8.8.8.8:53 ggznzc.info udp
US 8.8.8.8:53 ommkseqe.com udp
US 8.8.8.8:53 horqbxcnvarq.info udp
US 8.8.8.8:53 qgegcg.org udp
US 8.8.8.8:53 msfmtzx.info udp
US 8.8.8.8:53 pvoozj.net udp
US 8.8.8.8:53 ewoaomesugas.org udp
US 8.8.8.8:53 xyvyxoplk.net udp
US 8.8.8.8:53 uxieho.net udp
US 8.8.8.8:53 sjcrtokuscv.info udp
US 8.8.8.8:53 tuxyjfg.com udp
US 8.8.8.8:53 emkvxivozfdl.info udp
US 8.8.8.8:53 umlkxqsinck.net udp
US 8.8.8.8:53 xjfhqhjjcsj.net udp
US 8.8.8.8:53 qubqirdevwh.net udp
US 8.8.8.8:53 zzccsnyciuuj.info udp
US 8.8.8.8:53 hmxoux.net udp
US 8.8.8.8:53 reewxp.info udp
US 8.8.8.8:53 bxzouovqrpfq.info udp
RU 92.126.30.117:27344 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 mswmwyay.org udp
US 8.8.8.8:53 ztvrtsrci.com udp
US 8.8.8.8:53 qkhwkypqz.net udp
US 8.8.8.8:53 cuqsikqiuc.org udp
US 8.8.8.8:53 oksapkv.info udp
US 8.8.8.8:53 jfrenmxp.net udp
US 8.8.8.8:53 dunolqrmder.net udp
US 8.8.8.8:53 tmeszklhh.net udp
US 8.8.8.8:53 iuctlijqhzmj.info udp
US 8.8.8.8:53 kgqkcggq.org udp
US 8.8.8.8:53 fbskad.info udp
US 8.8.8.8:53 yzjpjfhanr.info udp
US 8.8.8.8:53 ajeufitgtoe.info udp
US 8.8.8.8:53 svzcnbdifl.net udp
US 8.8.8.8:53 qiwsqoycqigk.com udp
US 8.8.8.8:53 vybmfz.net udp
US 8.8.8.8:53 qxxcro.net udp
US 8.8.8.8:53 oesaeigqwuki.com udp
US 8.8.8.8:53 fylicurel.info udp
US 8.8.8.8:53 kklwvarkjvn.info udp
US 8.8.8.8:53 bsoypkhpfo.net udp
US 8.8.8.8:53 ecmsoqkk.com udp
US 8.8.8.8:53 eqaookusse.com udp
US 8.8.8.8:53 fesilnuez.com udp
US 8.8.8.8:53 uvdbznyfy.net udp
US 8.8.8.8:53 rfjbxyrwhmz.net udp
US 8.8.8.8:53 vvjlizxsewog.info udp
US 8.8.8.8:53 lavexsyscch.com udp
US 8.8.8.8:53 thzjiiqesc.info udp
US 8.8.8.8:53 ahzcyggg.info udp
US 8.8.8.8:53 teaacdtqjap.net udp
US 8.8.8.8:53 meuzbq.net udp
US 8.8.8.8:53 thfpsrkg.net udp
US 8.8.8.8:53 yjlmvoew.net udp
US 8.8.8.8:53 xwqowmqjhuy.info udp
US 8.8.8.8:53 fdukmjxh.net udp
US 8.8.8.8:53 qwfylqpk.net udp
US 8.8.8.8:53 qayakuoiky.org udp
US 8.8.8.8:53 mdainrbbifun.net udp
US 8.8.8.8:53 pcprsjdmpwd.net udp
US 8.8.8.8:53 asajvwgi.net udp
US 8.8.8.8:53 burknwdor.com udp
US 8.8.8.8:53 jqvptazjwg.info udp
US 8.8.8.8:53 aawyswsuak.org udp
US 8.8.8.8:53 nylqckdutge.org udp
US 8.8.8.8:53 mbvpuecj.net udp
US 8.8.8.8:53 gywsawomkaag.com udp
US 8.8.8.8:53 rgnjvtqjsi.info udp
US 8.8.8.8:53 oqamggiewmko.com udp
US 8.8.8.8:53 zozgcobcaq.net udp
US 8.8.8.8:53 lwbjuynoqa.info udp
US 8.8.8.8:53 lkoowajegsm.com udp
US 8.8.8.8:53 ujianpbo.net udp
US 8.8.8.8:53 uwiiwocs.org udp
US 8.8.8.8:53 llvmzokob.com udp
US 8.8.8.8:53 jiisyyq.net udp
US 8.8.8.8:53 gwofpraijm.info udp
US 8.8.8.8:53 smlqyqf.net udp
US 8.8.8.8:53 hjjakml.com udp
US 8.8.8.8:53 kydfpkhv.info udp
US 8.8.8.8:53 owgsuocwks.com udp
US 8.8.8.8:53 synbfy.info udp
US 8.8.8.8:53 mvrlhhspnj.info udp
US 8.8.8.8:53 lwzudqhza.info udp
US 8.8.8.8:53 vkupjvfa.net udp
US 8.8.8.8:53 tpuhqbfg.info udp
US 8.8.8.8:53 ympscypadnq.info udp
US 8.8.8.8:53 pubdtrzkyif.com udp
US 8.8.8.8:53 yclabmdol.net udp
US 8.8.8.8:53 kcyyosmi.com udp
US 8.8.8.8:53 lbashuv.net udp
US 8.8.8.8:53 jooodfuznhj.com udp
US 8.8.8.8:53 lrpflyl.info udp
US 8.8.8.8:53 rxhxfw.net udp
US 8.8.8.8:53 igwqfupyxch.net udp
US 8.8.8.8:53 zkykjxrhzafp.net udp
US 8.8.8.8:53 lupufhtslqh.org udp
US 8.8.8.8:53 gaucggeo.org udp
US 8.8.8.8:53 fsggngt.net udp
US 8.8.8.8:53 renthyl.org udp
US 8.8.8.8:53 lsfqogasdtt.net udp
US 8.8.8.8:53 tldsymbx.info udp
US 8.8.8.8:53 lgtqrspfq.info udp
US 8.8.8.8:53 mexsbsbhjgq.info udp
US 8.8.8.8:53 qgpsucx.net udp
US 8.8.8.8:53 zbjclss.com udp
US 8.8.8.8:53 prrjtbjytutt.info udp
US 8.8.8.8:53 ylaxujjvpzdt.info udp
US 8.8.8.8:53 zsktzm.info udp
US 8.8.8.8:53 zhiscz.net udp
US 8.8.8.8:53 hlqltge.net udp
US 8.8.8.8:53 ggiqwigz.net udp
US 8.8.8.8:53 oemgykmcyoeo.com udp
US 8.8.8.8:53 mnyyga.info udp
US 8.8.8.8:53 biaegfznduyq.net udp
US 8.8.8.8:53 lehtot.info udp
US 8.8.8.8:53 gedidodzbih.net udp
US 8.8.8.8:53 vlsqekixshcp.net udp
US 8.8.8.8:53 xbnwlc.info udp
US 8.8.8.8:53 sukuyiom.com udp
US 8.8.8.8:53 egtikhmy.info udp
US 8.8.8.8:53 wkqigyyi.org udp
US 8.8.8.8:53 hpagitapzd.info udp
KZ 2.132.29.13:30066 tcp
US 8.8.8.8:53 unfirhpk.net udp
US 8.8.8.8:53 bsszmgtwbd.net udp
US 8.8.8.8:53 jgzbxllqdecg.net udp
US 8.8.8.8:53 irytaavwa.net udp
US 8.8.8.8:53 mcaiowaikecc.com udp
US 8.8.8.8:53 thbjldcrxt.net udp
US 8.8.8.8:53 hpltuulfrbtg.net udp
US 8.8.8.8:53 bzcudl.net udp
US 8.8.8.8:53 patltmlplyr.net udp
US 8.8.8.8:53 ykiepahzyloz.net udp
US 8.8.8.8:53 gyxhlip.info udp
US 8.8.8.8:53 zmrarczuld.net udp
US 8.8.8.8:53 xgkynky.info udp
US 8.8.8.8:53 usytrgzmk.info udp
US 8.8.8.8:53 dwpkzhv.com udp
US 8.8.8.8:53 lptydccj.info udp
US 8.8.8.8:53 mluytpsvvs.net udp
US 8.8.8.8:53 imnsqg.info udp
US 8.8.8.8:53 rltwexojzn.net udp
US 8.8.8.8:53 zrpvpvrnly.net udp
US 8.8.8.8:53 tzmldvnbyw.info udp
US 8.8.8.8:53 igsacosi.com udp
US 8.8.8.8:53 mfjqpfww.net udp
US 8.8.8.8:53 dayucgzmwkv.net udp
US 8.8.8.8:53 irsgxcvwi.net udp
US 8.8.8.8:53 acxeql.info udp
US 8.8.8.8:53 rudsxay.org udp
US 8.8.8.8:53 lzasxipvf.net udp
US 8.8.8.8:53 inlklod.net udp
US 8.8.8.8:53 xscnuevuoh.info udp
US 8.8.8.8:53 wuybayvsmwt.info udp
US 8.8.8.8:53 nbzzjywqutlo.net udp
US 8.8.8.8:53 nzabdr.net udp
US 8.8.8.8:53 ixtcwkx.info udp
US 8.8.8.8:53 lfvxxt.info udp
US 8.8.8.8:53 qwuaicog.com udp
US 8.8.8.8:53 iggcfwpytwa.net udp
US 8.8.8.8:53 uvcxju.net udp
US 8.8.8.8:53 fmtkrphjyb.net udp
US 8.8.8.8:53 cjbbfa.info udp
US 8.8.8.8:53 tuaxjj.net udp
US 8.8.8.8:53 gnxurajd.net udp
US 8.8.8.8:53 wcmnjgvsyqd.net udp
US 8.8.8.8:53 wontzvylz.info udp
US 8.8.8.8:53 jbcsgnpp.net udp
US 8.8.8.8:53 ygikaeog.com udp
US 8.8.8.8:53 xwdpma.net udp
US 8.8.8.8:53 jgsuxu.info udp
US 8.8.8.8:53 xcpxbamqdqo.info udp
US 8.8.8.8:53 rdgsneagqr.info udp
US 8.8.8.8:53 zoggrzj.net udp
US 8.8.8.8:53 fsqcrdll.net udp
US 8.8.8.8:53 dagobms.org udp
US 8.8.8.8:53 jalkbr.info udp
US 8.8.8.8:53 zultkqufo.com udp
US 8.8.8.8:53 cxffzmlflm.info udp
US 8.8.8.8:53 wrdoibbxsqiz.net udp
US 8.8.8.8:53 teogwmvktkb.net udp
US 8.8.8.8:53 ebzopvrqmkw.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 wyojvg.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 maltyz.net udp
US 8.8.8.8:53 wrutxa.info udp
US 8.8.8.8:53 nzhiqmukju.net udp
US 8.8.8.8:53 pnagbwf.org udp
US 8.8.8.8:53 lexnfxhauylz.net udp
US 8.8.8.8:53 zucozx.net udp
US 8.8.8.8:53 usztsauxtyh.net udp
US 8.8.8.8:53 yzlwdp.net udp
US 8.8.8.8:53 ppgkzw.info udp
US 8.8.8.8:53 ncgeawziuqr.info udp
US 8.8.8.8:53 bktpfwsl.net udp
US 8.8.8.8:53 licknqqnn.com udp
US 8.8.8.8:53 bgrpfonhx.com udp
US 8.8.8.8:53 iplqdlbmaiyt.info udp
US 8.8.8.8:53 jmeoksvnbqb.info udp
US 8.8.8.8:53 wrpzeszijfe.net udp
US 8.8.8.8:53 qkwskw.com udp
US 8.8.8.8:53 cswwuqgk.org udp
US 8.8.8.8:53 ueiyokkc.org udp
US 8.8.8.8:53 icguwgwkgggw.com udp
HK 156.237.207.232:80 yeseee.com tcp
US 8.8.8.8:53 dgagmwuom.info udp
US 8.8.8.8:53 ixhgstfxzq.net udp
US 8.8.8.8:53 kyiqacma.com udp
US 8.8.8.8:53 jupejihn.info udp
US 8.8.8.8:53 zlhhsbjg.info udp
US 8.8.8.8:53 otzqts.info udp
US 8.8.8.8:53 kakgwssuuiim.com udp
US 8.8.8.8:53 twthcnbu.net udp
US 8.8.8.8:53 taxsnux.com udp
US 8.8.8.8:53 uuwuci.info udp
US 8.8.8.8:53 wrclinyubwwb.info udp
US 8.8.8.8:53 zssmpk.net udp
US 8.8.8.8:53 pgzahlpmengn.info udp
US 8.8.8.8:53 qknyjun.info udp
US 8.8.8.8:53 iwlpzasaqq.net udp
US 8.8.8.8:53 tvfrfyf.net udp
US 8.8.8.8:53 wqlwsh.info udp
US 8.8.8.8:53 ojtqeup.net udp
US 8.8.8.8:53 bakfznqyjrsl.net udp
US 8.8.8.8:53 lwssduo.com udp
US 8.8.8.8:53 zbirgfjdbylb.net udp
US 8.8.8.8:53 rcqkjeisy.net udp
US 8.8.8.8:53 lgyjphrwu.info udp
US 8.8.8.8:53 luompddplgp.info udp
US 8.8.8.8:53 mptxajoylql.info udp
US 8.8.8.8:53 tsxauoqgjzf.net udp
US 8.8.8.8:53 wqjytoqujwv.net udp
US 8.8.8.8:53 msyiemkumw.com udp
US 8.8.8.8:53 wiiywsukweqk.org udp
US 8.8.8.8:53 jrlqbprm.net udp
US 8.8.8.8:53 ywoshqhmx.info udp
US 8.8.8.8:53 ikqvzrhwc.info udp
US 8.8.8.8:53 beklnku.com udp
US 8.8.8.8:53 citbraxc.net udp
US 8.8.8.8:53 ocjjxusykevv.net udp
US 8.8.8.8:53 owlgvejziqh.info udp
US 8.8.8.8:53 nicxrmrxya.net udp
US 8.8.8.8:53 lwqajwzgxkb.info udp
US 8.8.8.8:53 njlyjirqkmn.info udp
US 8.8.8.8:53 lodicuycz.net udp
US 8.8.8.8:53 dcvrznxtve.net udp
US 8.8.8.8:53 iegynym.net udp
US 8.8.8.8:53 sqmcmyiu.com udp
US 8.8.8.8:53 awuswsny.info udp
US 8.8.8.8:53 qmvygc.net udp
US 8.8.8.8:53 liwertlarxh.info udp
US 8.8.8.8:53 tjfxnqiuxuk.net udp
IE 92.251.194.3:27876 tcp
US 8.8.8.8:53 zhhrotqgtf.net udp
US 8.8.8.8:53 aayvly.info udp
US 8.8.8.8:53 pqmopopqh.org udp
US 8.8.8.8:53 eqdycvlqz.net udp
US 8.8.8.8:53 ouiekkckacss.com udp
US 8.8.8.8:53 vdinsezipu.net udp
US 8.8.8.8:53 jzhuzwporqfn.info udp
US 8.8.8.8:53 cggoawui.org udp
US 8.8.8.8:53 gmtnplpuzabf.net udp
US 8.8.8.8:53 sotsbwt.net udp
US 8.8.8.8:53 mfxmirp.net udp
US 8.8.8.8:53 xjxwpmnzn.info udp
US 8.8.8.8:53 pqibcvao.net udp
US 8.8.8.8:53 wavldikgikw.info udp
US 8.8.8.8:53 elplwj.info udp
US 8.8.8.8:53 bcksphj.net udp
US 8.8.8.8:53 uqwumusk.org udp
US 8.8.8.8:53 ztvczb.info udp
US 8.8.8.8:53 xanwqkg.info udp
US 8.8.8.8:53 rqkdii.info udp
US 8.8.8.8:53 mptidmkjd.info udp
US 8.8.8.8:53 wbetpdul.info udp
US 8.8.8.8:53 gkzgeziloxus.net udp
US 8.8.8.8:53 amuiyqmcsm.org udp
US 8.8.8.8:53 kxtttvtubjlx.info udp
US 8.8.8.8:53 zvuethrrrhtb.info udp
US 8.8.8.8:53 fofcgchur.net udp
US 8.8.8.8:53 vodrrrr.org udp
US 8.8.8.8:53 kgbgpalkjgb.net udp
US 8.8.8.8:53 rxhwtatl.info udp
US 8.8.8.8:53 hefmdyj.org udp
US 8.8.8.8:53 yjehnnolzqbq.info udp
US 8.8.8.8:53 icaijmduf.net udp
US 8.8.8.8:53 syfzstfcq.net udp
US 8.8.8.8:53 xkeabyv.com udp
US 8.8.8.8:53 qetoxfl.net udp
US 8.8.8.8:53 cfwjbujktq.info udp
US 8.8.8.8:53 stbslg.info udp
US 8.8.8.8:53 ycbivv.info udp
US 8.8.8.8:53 yaxihtt.info udp
US 8.8.8.8:53 stfhbwifvy.info udp
US 8.8.8.8:53 rjdirb.net udp
US 8.8.8.8:53 fgyojpnggd.info udp
US 8.8.8.8:53 rsuwsvs.com udp
US 8.8.8.8:53 swjevozmaot.info udp
US 8.8.8.8:53 issatkmiey.net udp
US 8.8.8.8:53 efdlohhy.info udp
US 8.8.8.8:53 jnxpzofluqgv.net udp
US 8.8.8.8:53 okuqnmnibaz.info udp
US 8.8.8.8:53 wqrewgs.net udp
US 8.8.8.8:53 lcqpelrt.info udp
US 8.8.8.8:53 oenkpnbczab.net udp
US 8.8.8.8:53 zitiqkxzo.info udp
US 8.8.8.8:53 uehynijurjx.info udp
US 8.8.8.8:53 fvrzjt.net udp
US 8.8.8.8:53 bdjhkwrwlct.net udp
US 8.8.8.8:53 lejqvol.com udp
US 8.8.8.8:53 pmvwlcgtpsd.com udp
US 8.8.8.8:53 sgmaqcoqwaii.com udp
US 8.8.8.8:53 bgdqgf.net udp
US 8.8.8.8:53 ntnatkxsyx.info udp
US 8.8.8.8:53 fctskjhwgynr.net udp
US 8.8.8.8:53 yqxwmiy.net udp
US 8.8.8.8:53 upxkhuzkr.info udp
US 8.8.8.8:53 mcmokiay.org udp
US 8.8.8.8:53 oizefcxwi.info udp
US 8.8.8.8:53 qlrjdo.net udp
US 8.8.8.8:53 ycxvrvto.info udp
US 8.8.8.8:53 kywoho.net udp
US 8.8.8.8:53 opviekt.info udp
US 8.8.8.8:53 hdimlfbvdxpk.net udp
US 8.8.8.8:53 aoykowkgicyy.com udp
US 8.8.8.8:53 iimwsaiuck.com udp
US 8.8.8.8:53 ceybdwd.info udp
US 8.8.8.8:53 qyzoycv.info udp
US 8.8.8.8:53 eqwkxorsw.net udp
US 8.8.8.8:53 gyuaeyauqw.org udp
US 8.8.8.8:53 xjtjvcjqz.net udp
US 8.8.8.8:53 ubgepo.net udp
US 8.8.8.8:53 bstlfoldha.info udp
US 8.8.8.8:53 cmaakgskgoqk.com udp
US 8.8.8.8:53 amvbrfhisy.info udp
US 8.8.8.8:53 tgnqbsmgi.net udp
US 8.8.8.8:53 rzohmurstn.info udp
US 8.8.8.8:53 jogyvbjdxfvb.info udp
US 8.8.8.8:53 yeqqqo.net udp
US 8.8.8.8:53 sbablr.net udp
US 8.8.8.8:53 gyssuswakk.org udp
US 8.8.8.8:53 knqylqhet.info udp
US 8.8.8.8:53 aubgzylblcd.info udp
US 8.8.8.8:53 tjdyzjqo.net udp
US 8.8.8.8:53 blnfdqykka.info udp
US 8.8.8.8:53 rzbgiunhta.info udp
US 8.8.8.8:53 zcydmjuf.net udp
US 8.8.8.8:53 xcjowdreaa.net udp
US 8.8.8.8:53 kyimmoimkeb.info udp
US 8.8.8.8:53 yyyocgkycs.org udp
US 8.8.8.8:53 rcrcrbxww.net udp
US 8.8.8.8:53 zewutfwnnky.net udp
US 8.8.8.8:53 dfumnd.net udp
US 8.8.8.8:53 ocmwkuug.com udp
US 8.8.8.8:53 kspinqtbmss.info udp
US 8.8.8.8:53 rcfnqctg.info udp
US 8.8.8.8:53 hehyqnx.com udp
US 8.8.8.8:53 mlfcdejcu.net udp
US 8.8.8.8:53 wptlreqsrxl.net udp
US 8.8.8.8:53 isphnkjuznx.info udp
US 8.8.8.8:53 uynkpsuvtgz.net udp
US 8.8.8.8:53 yufrrgzwkqt.net udp
US 8.8.8.8:53 wyiatut.info udp
US 8.8.8.8:53 urgczoasfcp.info udp
US 8.8.8.8:53 wqssymym.com udp
US 8.8.8.8:53 zeccfgn.org udp
US 8.8.8.8:53 ompjjqpe.info udp
US 8.8.8.8:53 cmfwhshup.net udp
US 8.8.8.8:53 dwsikogj.info udp
US 8.8.8.8:53 dhioxsr.info udp
US 8.8.8.8:53 eyskai.org udp
US 8.8.8.8:53 xgnijggfclh.com udp
US 8.8.8.8:53 ewsuycsyciqu.com udp
US 8.8.8.8:53 vgziql.net udp
US 8.8.8.8:53 xykijz.info udp
US 8.8.8.8:53 znpyqffgagh.info udp
US 8.8.8.8:53 brlixnjnnz.info udp
US 8.8.8.8:53 eyjyjuzdnmn.info udp
US 8.8.8.8:53 rkkxyyftfre.info udp
US 8.8.8.8:53 esveuz.net udp
US 8.8.8.8:53 wsyqzjzsjih.info udp
US 8.8.8.8:53 qwryahmgy.net udp
US 8.8.8.8:53 laqhcjsc.info udp
BG 89.215.35.152:40235 tcp
US 8.8.8.8:53 bsfwhwgslqb.info udp
US 8.8.8.8:53 ftakawn.net udp
US 8.8.8.8:53 fupjry.net udp
US 8.8.8.8:53 hziuyprisgog.net udp
US 8.8.8.8:53 iuecpck.info udp
US 8.8.8.8:53 himneqri.info udp
US 8.8.8.8:53 aavqtob.info udp
US 8.8.8.8:53 bqngtxwriphe.net udp
US 8.8.8.8:53 leqbsudb.net udp
US 8.8.8.8:53 wzdqnqmqwjvw.net udp
US 8.8.8.8:53 hfgkacxqinla.net udp
US 8.8.8.8:53 qljqbw.info udp
US 8.8.8.8:53 jflhce.net udp
US 8.8.8.8:53 mijooumcbyl.net udp
US 8.8.8.8:53 snzzgfrcjic.info udp
US 8.8.8.8:53 cycgmsgoeu.org udp
US 8.8.8.8:53 uwougiow.com udp
US 8.8.8.8:53 wutiyo.net udp
US 8.8.8.8:53 xizjfuqnvubh.info udp
US 8.8.8.8:53 mgfznqaw.info udp
US 8.8.8.8:53 savqpwhqr.info udp
US 8.8.8.8:53 tljzkkmbkg.info udp
US 8.8.8.8:53 yajpyqiudrkm.info udp
US 8.8.8.8:53 lrowcjkt.net udp
US 8.8.8.8:53 azlmfogivq.info udp
US 8.8.8.8:53 yocauycg.org udp
US 8.8.8.8:53 tjkudxxmnw.net udp
US 8.8.8.8:53 coceumyqqoeu.com udp
US 8.8.8.8:53 jfxqzq.info udp
US 8.8.8.8:53 xbxlmfybwlcm.net udp
US 8.8.8.8:53 xqhtrgwuopgh.net udp
US 8.8.8.8:53 zyflndtj.net udp
US 8.8.8.8:53 rwpzfdznpdmz.info udp
US 8.8.8.8:53 pvilyq.net udp
US 8.8.8.8:53 vanjpyu.com udp
US 8.8.8.8:53 vmnmbvae.net udp
US 8.8.8.8:53 ipusxl.info udp
US 8.8.8.8:53 iyjlfazy.net udp
US 8.8.8.8:53 qvdvjmnw.net udp
US 8.8.8.8:53 gcyuygyuci.com udp
US 8.8.8.8:53 xvgbxibie.info udp
US 8.8.8.8:53 oklwmhsexc.net udp
US 8.8.8.8:53 jrmrzmpg.info udp
US 8.8.8.8:53 jefyhx.net udp
US 8.8.8.8:53 vccdjb.net udp
US 8.8.8.8:53 vedsuip.info udp
US 8.8.8.8:53 ywbmxtjsfezl.info udp
US 8.8.8.8:53 gaagqkyyskeg.com udp
US 8.8.8.8:53 egfhlomqnizc.info udp
US 8.8.8.8:53 ygaayqgs.com udp
US 8.8.8.8:53 yjcgvy.info udp
US 8.8.8.8:53 ccukoeoyos.com udp
US 8.8.8.8:53 qunsptr.net udp
US 8.8.8.8:53 hejfbgmkec.info udp
US 8.8.8.8:53 ajzoveo.info udp
US 8.8.8.8:53 ssmxzo.info udp
US 8.8.8.8:53 icikstov.info udp
US 8.8.8.8:53 pmqgqnyy.net udp
US 8.8.8.8:53 kuqsca.com udp
US 8.8.8.8:53 jskougrtj.info udp
US 8.8.8.8:53 tboyrtniuyn.net udp
US 8.8.8.8:53 ymsapirqt.info udp
US 8.8.8.8:53 oimwky.com udp
US 8.8.8.8:53 waaawwssso.com udp
US 8.8.8.8:53 omrujip.net udp
US 8.8.8.8:53 pmfgftl.info udp
US 8.8.8.8:53 ehpkcshqfox.net udp
US 8.8.8.8:53 iqjkiytxpcb.net udp
US 8.8.8.8:53 zoihvi.info udp
US 8.8.8.8:53 rocmmj.net udp
US 8.8.8.8:53 mwycqayuwe.com udp
US 8.8.8.8:53 zmnqrt.net udp
US 8.8.8.8:53 ditilpj.info udp
US 8.8.8.8:53 euecceqesg.com udp
US 8.8.8.8:53 yrwzizgs.net udp
US 8.8.8.8:53 gkmaqgeikc.org udp
US 8.8.8.8:53 epjmxcqi.info udp
US 8.8.8.8:53 fvljsbupim.net udp
US 8.8.8.8:53 waymomyo.org udp
US 8.8.8.8:53 evpshiwprexs.info udp
US 8.8.8.8:53 bwsuhntfuq.info udp
US 8.8.8.8:53 tjjayen.info udp
US 8.8.8.8:53 iexcvuieoec.net udp
US 8.8.8.8:53 hmzuogpis.info udp
US 8.8.8.8:53 rcsnqk.net udp
US 8.8.8.8:53 picviuesvw.info udp
US 8.8.8.8:53 qomkegaa.com udp
US 8.8.8.8:53 vdubtfqoz.net udp
US 8.8.8.8:53 esmiwuggok.com udp
US 8.8.8.8:53 dewgvrjsbws.org udp
US 8.8.8.8:53 ydbptsffslde.net udp
US 8.8.8.8:53 tqazjgqoftf.org udp
US 8.8.8.8:53 aiiiegcquaqo.com udp
US 8.8.8.8:53 euqscmck.com udp
US 8.8.8.8:53 hgzdzjz.org udp
US 8.8.8.8:53 hwtgjqnxvk.net udp
US 8.8.8.8:53 jsblpjvu.info udp
US 8.8.8.8:53 cydnzcjqzgl.net udp
US 8.8.8.8:53 kxljhxpasf.info udp
US 8.8.8.8:53 vhveha.info udp
US 8.8.8.8:53 aueokaicgcck.org udp
US 8.8.8.8:53 eklabunbl.net udp
US 8.8.8.8:53 tulofl.net udp
US 8.8.8.8:53 pyespa.info udp
US 8.8.8.8:53 loxqhtax.net udp
US 8.8.8.8:53 tlzswhkn.net udp
US 8.8.8.8:53 pjarubvs.info udp
US 8.8.8.8:53 msgamwwm.com udp
US 8.8.8.8:53 zbeyfwbix.net udp
US 8.8.8.8:53 pwayhmm.com udp
US 8.8.8.8:53 meumgzpu.info udp
US 8.8.8.8:53 yufaxxx.net udp
US 8.8.8.8:53 tjgpbsal.info udp
US 8.8.8.8:53 kowkey.org udp
US 8.8.8.8:53 fshhtxpue.org udp
US 8.8.8.8:53 pqvklsqepqt.org udp
US 8.8.8.8:53 mqrbptagxwm.info udp
US 8.8.8.8:53 hlzbndjkim.net udp
US 8.8.8.8:53 imluhkyxr.info udp
US 8.8.8.8:53 xpvqvjlvz.com udp
US 8.8.8.8:53 vqvijqvdd.net udp
US 8.8.8.8:53 nwjqcekgx.info udp
US 8.8.8.8:53 tbgneuyypcj.org udp
US 8.8.8.8:53 lytuefatnbnu.net udp
US 8.8.8.8:53 xkpexqblf.org udp
US 8.8.8.8:53 ukwkagwkcska.com udp
US 8.8.8.8:53 zliszamqnk.net udp
US 8.8.8.8:53 zamjrbhatz.net udp
US 8.8.8.8:53 lnnvbcdyf.com udp
US 8.8.8.8:53 rmhozhkc.net udp
US 8.8.8.8:53 qyivdl.net udp
US 8.8.8.8:53 zyezpqpizsd.net udp
US 8.8.8.8:53 zvecbkrgufyt.net udp
US 8.8.8.8:53 javjpwoegkbc.info udp
US 8.8.8.8:53 vmzukkz.com udp
US 8.8.8.8:53 oahzbczz.info udp
US 8.8.8.8:53 riryimhcb.info udp
US 8.8.8.8:53 dgvaobl.info udp
LT 78.63.64.52:40508 tcp
US 8.8.8.8:53 bsxjofye.info udp
US 8.8.8.8:53 pdxblcdr.info udp
US 8.8.8.8:53 qmtntuhhym.info udp
US 8.8.8.8:53 scewoymm.org udp
US 8.8.8.8:53 thxcpapcihok.info udp
US 8.8.8.8:53 yjdufqkezyf.info udp
US 8.8.8.8:53 llmtynj.com udp
US 8.8.8.8:53 bqekjoryh.net udp
US 8.8.8.8:53 dktzfczo.info udp
US 8.8.8.8:53 iiywku.com udp
US 8.8.8.8:53 eckycw.org udp
US 8.8.8.8:53 tobnvkxqsid.net udp
US 8.8.8.8:53 dngfrgoifb.info udp
US 8.8.8.8:53 qkfgnrtai.net udp
US 8.8.8.8:53 bicrzc.net udp
US 8.8.8.8:53 eklqjdouo.info udp
US 8.8.8.8:53 siyqvceqj.info udp
US 8.8.8.8:53 pvpuzcrhpmf.org udp
US 8.8.8.8:53 ipfgvtx.info udp
US 8.8.8.8:53 smdqdyath.net udp
US 8.8.8.8:53 rtwboi.info udp
US 8.8.8.8:53 kobwuadiuqf.info udp
US 8.8.8.8:53 ltmundpr.info udp
US 8.8.8.8:53 ogqweewyge.com udp
US 8.8.8.8:53 tqnqjyh.net udp
US 8.8.8.8:53 snhrfhtbnnuf.info udp
US 8.8.8.8:53 uinkeet.net udp
US 8.8.8.8:53 sfxwvwvef.info udp
US 8.8.8.8:53 baiizeh.com udp
US 8.8.8.8:53 rkoxsfrgbot.net udp
US 8.8.8.8:53 aaysukyqua.org udp
US 8.8.8.8:53 nslydxs.info udp
US 8.8.8.8:53 dkrwxbmm.info udp
US 8.8.8.8:53 nxhzbnskcnbv.info udp
US 8.8.8.8:53 jiukygsa.info udp
US 8.8.8.8:53 refgowdspun.net udp
US 8.8.8.8:53 davutapcntl.org udp
US 8.8.8.8:53 kcmxdzjyeozg.info udp
US 8.8.8.8:53 knndilvpakie.info udp
US 8.8.8.8:53 eopkjrw.net udp
US 8.8.8.8:53 leqwbjbs.net udp
US 8.8.8.8:53 zxbhbwp.com udp
US 8.8.8.8:53 wvhiplldjb.net udp
US 8.8.8.8:53 zwycfwpws.org udp
US 8.8.8.8:53 uidkczcgxkz.info udp
US 8.8.8.8:53 fqfphmqgingl.net udp
US 8.8.8.8:53 jppfxadpxerp.net udp
US 8.8.8.8:53 vagjxq.net udp
US 8.8.8.8:53 puqpxriibrly.net udp
US 8.8.8.8:53 aogobal.info udp
US 8.8.8.8:53 xqlyjzwgequ.info udp
US 8.8.8.8:53 mguggsp.net udp
US 8.8.8.8:53 rftgfsvkv.info udp
US 8.8.8.8:53 gudechrg.info udp
US 8.8.8.8:53 rpffvwdc.net udp
US 8.8.8.8:53 vzvzbbwfmbpq.info udp
US 8.8.8.8:53 ztqdje.info udp
US 8.8.8.8:53 hdrlso.info udp
US 8.8.8.8:53 edswheekj.net udp
US 8.8.8.8:53 nqldnkf.com udp
US 8.8.8.8:53 wfauslmm.info udp
US 8.8.8.8:53 mepvzoln.net udp
US 8.8.8.8:53 rdcstqys.net udp
US 8.8.8.8:53 psjgnfdmjwx.net udp
US 8.8.8.8:53 ynedokvu.info udp
US 8.8.8.8:53 joakcwei.net udp
US 8.8.8.8:53 oyqyskcsaoww.com udp
US 8.8.8.8:53 rxvdlr.info udp
US 8.8.8.8:53 kcwkgc.org udp
US 8.8.8.8:53 kmeggs.org udp
US 8.8.8.8:53 xegsvguyfyz.org udp
US 8.8.8.8:53 bydbtahum.net udp
US 8.8.8.8:53 mieagqauwwei.com udp
US 8.8.8.8:53 ukgjbsw.net udp
DE 85.214.228.140:80 kavtbvqf.info tcp
US 8.8.8.8:53 lybwzoanj.org udp
US 8.8.8.8:53 ogbzhsjcovr.net udp
US 8.8.8.8:53 qsegii.org udp
MD 188.237.40.175:20925 tcp
US 8.8.8.8:53 qxltam.net udp
US 54.244.188.177:80 sejibalqxar.net tcp
US 8.8.8.8:53 pzrhjirjbmfy.net udp
US 8.8.8.8:53 muugke.org udp
US 8.8.8.8:53 zwgnqfhdpwlr.net udp
US 8.8.8.8:53 qymomy.com udp
US 208.100.26.245:80 egksyqv.info tcp
US 8.8.8.8:53 vdjmzjrizkb.org udp
US 8.8.8.8:53 ornkdyvmdjx.info udp
US 8.8.8.8:53 jcscfnbly.com udp
US 8.8.8.8:53 rxukgmgaehxa.info udp
US 8.8.8.8:53 pnfmjmvwlcx.org udp
US 8.8.8.8:53 xdxafq.info udp
US 8.8.8.8:53 reughdtkt.net udp
US 8.8.8.8:53 gyaygi.org udp
US 8.8.8.8:53 savjxjkwjwr.info udp
US 8.8.8.8:53 wclkqrqe.net udp
US 8.8.8.8:53 ivpwjejah.net udp
US 8.8.8.8:53 avsrqpxkbz.net udp
US 8.8.8.8:53 vqhclzq.org udp
US 8.8.8.8:53 oskwmeqwiwuy.org udp
US 8.8.8.8:53 xerqiiou.net udp
US 8.8.8.8:53 fcbenz.net udp
US 8.8.8.8:53 agbofqw.net udp
US 8.8.8.8:53 twmmkhcywuj.org udp
US 8.8.8.8:53 miokgksskwum.com udp
US 8.8.8.8:53 tnhsigxd.net udp
US 8.8.8.8:53 rgeebyrmeql.info udp
US 8.8.8.8:53 havbtylo.net udp
US 8.8.8.8:53 ologud.net udp
US 8.8.8.8:53 lvqslsbcaef.info udp
US 8.8.8.8:53 xnvycy.net udp
US 8.8.8.8:53 vxvtzzfqfq.info udp
US 8.8.8.8:53 myocswemuq.org udp
US 8.8.8.8:53 goqaii.com udp
US 8.8.8.8:53 aoxerks.net udp
US 8.8.8.8:53 vmgxfihyh.com udp
US 8.8.8.8:53 pvdmlhdm.info udp
US 8.8.8.8:53 catdtirlxee.net udp
US 8.8.8.8:53 hvtdtsgilkr.org udp
US 8.8.8.8:53 jrncvlzwiulh.net udp
US 8.8.8.8:53 hedgzgtct.info udp
US 8.8.8.8:53 gotqpsxeq.net udp
US 8.8.8.8:53 skiacmoocwia.com udp
US 8.8.8.8:53 ekuedqrcp.info udp
US 8.8.8.8:53 uaqoieb.net udp
US 8.8.8.8:53 arojwifo.info udp
US 8.8.8.8:53 vljgbupsl.net udp
US 8.8.8.8:53 pmnzsvigknti.net udp
US 8.8.8.8:53 raespau.info udp
US 8.8.8.8:53 rfdplqdpcv.net udp
US 8.8.8.8:53 bowjiclf.info udp
US 8.8.8.8:53 qpejngowavjy.info udp
US 8.8.8.8:53 uzeqivztvtzm.net udp
US 8.8.8.8:53 vasazdwwgmbg.net udp
US 8.8.8.8:53 hfgirllyjlxz.info udp
US 8.8.8.8:53 lcbsfiyyz.com udp
US 8.8.8.8:53 pvvhcp.net udp
US 8.8.8.8:53 bwfzcgdepuz.info udp
US 8.8.8.8:53 rjpidt.net udp
US 8.8.8.8:53 dmbealkee.net udp
US 8.8.8.8:53 lbpahgxfr.net udp
US 8.8.8.8:53 rxmoicnaf.com udp
US 8.8.8.8:53 imiaiesawsua.com udp
US 8.8.8.8:53 jcokutwxzer.org udp
US 8.8.8.8:53 yqiweowi.com udp
US 8.8.8.8:53 nohbxstoyz.net udp
US 8.8.8.8:53 mzejxuqw.net udp
US 8.8.8.8:53 zcyghg.net udp
US 8.8.8.8:53 gcaaolbrna.info udp
US 8.8.8.8:53 waqgcwawyaca.org udp
US 8.8.8.8:53 jkdcdyf.com udp
US 8.8.8.8:53 ykqwmcigckyy.com udp
US 8.8.8.8:53 ayusueyouyck.com udp
US 8.8.8.8:53 bibjevtrsn.info udp
US 8.8.8.8:53 lemibrxund.info udp
US 8.8.8.8:53 kinqrepabkx.info udp
US 8.8.8.8:53 ociybcn.net udp
US 8.8.8.8:53 riqbtapw.net udp
US 8.8.8.8:53 zmsjcmkd.net udp
US 8.8.8.8:53 zsqxejydfpnt.info udp
US 8.8.8.8:53 otavazqowh.net udp
US 8.8.8.8:53 eqbrod.info udp
US 8.8.8.8:53 xikpjag.org udp
US 8.8.8.8:53 wqmsee.org udp
US 8.8.8.8:53 qudyrmntuow.info udp
US 8.8.8.8:53 bhvibmtdzlaj.net udp
US 8.8.8.8:53 pomhlyinh.net udp
US 8.8.8.8:53 rbxxfshgm.net udp
US 8.8.8.8:53 agixfkp.info udp
US 8.8.8.8:53 uahyhazqex.net udp
US 8.8.8.8:53 usiikeyy.org udp
US 8.8.8.8:53 crdswoazdmtr.info udp
US 8.8.8.8:53 xazzrkajv.org udp
US 8.8.8.8:53 uspavcp.net udp
US 8.8.8.8:53 wxasclkyrbqx.net udp
US 8.8.8.8:53 jqrcbnxglqf.net udp
US 8.8.8.8:53 hrnujmsfph.net udp
US 8.8.8.8:53 povvpsbpdgp.com udp
US 8.8.8.8:53 eeieem.com udp
US 8.8.8.8:53 ourepitvklx.info udp
US 8.8.8.8:53 gojewbc.info udp
US 8.8.8.8:53 ahzmbnwwrg.net udp
US 8.8.8.8:53 ygscuisw.org udp
US 8.8.8.8:53 tkbzdkkz.info udp
US 8.8.8.8:53 xrarhheg.info udp
US 8.8.8.8:53 htjltg.info udp
US 8.8.8.8:53 xhisrub.org udp
US 8.8.8.8:53 mgscccesmu.com udp
US 8.8.8.8:53 iuipbjfj.info udp
US 8.8.8.8:53 xfrefwl.info udp
US 8.8.8.8:53 ruksvdctcqr.com udp
US 8.8.8.8:53 buoqqzlfnx.net udp
US 8.8.8.8:53 mskgeeb.info udp
US 8.8.8.8:53 ncdyex.info udp
US 8.8.8.8:53 rajolyvids.net udp
US 8.8.8.8:53 zopkjt.info udp
US 8.8.8.8:53 xkryiddkdyg.info udp
US 8.8.8.8:53 ymaoie.com udp
US 8.8.8.8:53 hugsby.net udp
US 8.8.8.8:53 kshgvj.net udp
US 8.8.8.8:53 kkkidsd.info udp
US 8.8.8.8:53 xykutplmhmfn.net udp
US 8.8.8.8:53 mqgiae.org udp
US 8.8.8.8:53 qyuugu.com udp
US 8.8.8.8:53 rqsufpjmbcf.com udp
US 8.8.8.8:53 oegkwuakgo.com udp
US 8.8.8.8:53 vydtckofj.info udp
US 8.8.8.8:53 mlgsxflu.net udp
US 8.8.8.8:53 jvbevul.org udp
US 8.8.8.8:53 eaqikw.org udp
US 8.8.8.8:53 wqdthgpqjeqt.net udp
US 8.8.8.8:53 jqcmijac.info udp
US 8.8.8.8:53 bqvkdgx.net udp
US 8.8.8.8:53 kmpdjanxcx.info udp
US 8.8.8.8:53 pcimugveawx.org udp
US 8.8.8.8:53 twbyyqr.info udp
US 8.8.8.8:53 uqgams.com udp
US 8.8.8.8:53 toknwyjxdff.com udp
US 8.8.8.8:53 yqqamuqqyo.org udp
US 8.8.8.8:53 rrzavhex.net udp
RU 149.255.24.250:28502 tcp
US 8.8.8.8:53 gkisfo.info udp
US 8.8.8.8:53 jljcywgh.info udp
US 8.8.8.8:53 zyjzbrajbwr.info udp
US 8.8.8.8:53 zitpbgnujnl.info udp
US 8.8.8.8:53 qsviits.info udp
US 8.8.8.8:53 chtdew.info udp
US 8.8.8.8:53 voeknleer.com udp
US 8.8.8.8:53 aptavxszku.info udp
US 8.8.8.8:53 qqkkwqbj.net udp
US 8.8.8.8:53 niddig.net udp
US 8.8.8.8:53 tqihqynmu.net udp
US 8.8.8.8:53 iulnngvkvhe.info udp
US 8.8.8.8:53 aakims.org udp
US 8.8.8.8:53 giwkayoqgkig.com udp
US 8.8.8.8:53 iaeycesaok.com udp
US 8.8.8.8:53 tylevshafnlm.net udp
US 8.8.8.8:53 jinfugfp.net udp
US 8.8.8.8:53 xhyirilhl.com udp
US 8.8.8.8:53 phybky.info udp
US 8.8.8.8:53 rutkzlqej.com udp
US 8.8.8.8:53 isiium.com udp
US 8.8.8.8:53 nydwaixrwal.net udp
US 8.8.8.8:53 qfvjhzl.net udp
US 8.8.8.8:53 febszel.info udp
US 8.8.8.8:53 qdaqwtlafa.info udp
US 8.8.8.8:53 hrxppmrqx.net udp
US 8.8.8.8:53 gxjmexojzn.info udp
US 8.8.8.8:53 jwrchldciap.info udp
US 8.8.8.8:53 pdnakhfafspz.info udp
US 8.8.8.8:53 lgmblm.info udp
US 8.8.8.8:53 xjqbyubdsl.info udp
US 8.8.8.8:53 duscxlc.org udp
US 8.8.8.8:53 teeqdurcumje.info udp
US 8.8.8.8:53 ekysuwaiqs.org udp
US 8.8.8.8:53 zdkddhnyzbzq.net udp
US 8.8.8.8:53 lliizg.net udp
US 8.8.8.8:53 qrbuzauoyry.net udp
US 8.8.8.8:53 leqhah.net udp
US 8.8.8.8:53 aedbgosdvt.info udp
US 8.8.8.8:53 gifgvajrpwyq.info udp
US 8.8.8.8:53 mbiiznxdulyh.net udp
US 8.8.8.8:53 nxpceoc.com udp
US 8.8.8.8:53 bkbseenvsfm.com udp
US 8.8.8.8:53 qpeavxszku.net udp
US 8.8.8.8:53 prtohgxcc.info udp
US 8.8.8.8:53 zmjswitzvw.net udp
US 8.8.8.8:53 lszothkejnl.net udp
US 8.8.8.8:53 zfqyte.info udp
US 8.8.8.8:53 nvqhtsfzlm.info udp
US 8.8.8.8:53 gbzcriduc.net udp
US 8.8.8.8:53 ssyljfqc.info udp
US 8.8.8.8:53 ropgxxgku.com udp
US 8.8.8.8:53 fqvopkmiayu.org udp
US 8.8.8.8:53 kwhqlsf.net udp
US 8.8.8.8:53 vccndjifr.net udp
US 8.8.8.8:53 carregbyt.net udp
US 8.8.8.8:53 kwwqqeawim.com udp
US 8.8.8.8:53 oqhajmtmnmh.info udp
US 8.8.8.8:53 zomakewo.net udp
US 8.8.8.8:53 wieavxszku.net udp
US 8.8.8.8:53 cxxgfkl.net udp
US 8.8.8.8:53 sksuwe.org udp
US 8.8.8.8:53 wkseeykjzplj.net udp
US 8.8.8.8:53 cjyyowvh.net udp
US 8.8.8.8:53 rreplnac.info udp
US 8.8.8.8:53 ulsbdun.info udp
US 8.8.8.8:53 oehcurfauxn.net udp
US 8.8.8.8:53 wimmysse.com udp
US 8.8.8.8:53 eyuaxvr.net udp
US 8.8.8.8:53 migomokqciue.com udp
US 8.8.8.8:53 tipwbma.org udp
US 8.8.8.8:53 uagesgceoe.org udp
US 8.8.8.8:53 qxrwrxkgnrd.net udp
US 8.8.8.8:53 gjywnedij.info udp
US 8.8.8.8:53 vvnzzbhf.info udp
US 8.8.8.8:53 qagoeiyu.org udp
US 8.8.8.8:53 dvuybnwrht.net udp
US 8.8.8.8:53 ncnvlwdcvuf.info udp
US 8.8.8.8:53 toiwaux.org udp
US 8.8.8.8:53 hgxntkm.net udp
US 8.8.8.8:53 kanmbmrkn.net udp
US 8.8.8.8:53 rmljdyhy.net udp
US 8.8.8.8:53 sgsoagiiccyw.com udp
US 8.8.8.8:53 nseymvnqf.com udp
US 8.8.8.8:53 rsirhhve.info udp
US 8.8.8.8:53 tayhcoabzfmv.net udp
US 8.8.8.8:53 gsftwcq.net udp
US 8.8.8.8:53 gskqsoasoq.org udp
US 8.8.8.8:53 grblyx.net udp
US 8.8.8.8:53 cwksnpe.info udp
US 8.8.8.8:53 djlicfxk.net udp
US 8.8.8.8:53 skgqma.net udp
US 8.8.8.8:53 bmrzbk.net udp
US 8.8.8.8:53 pntfkjdgnp.net udp
US 8.8.8.8:53 ljuxgwxst.com udp
US 8.8.8.8:53 eufhysed.info udp
US 8.8.8.8:53 dbuguvooxgpt.info udp
US 8.8.8.8:53 nqbpjgon.net udp
US 8.8.8.8:53 bagdslh.org udp
US 8.8.8.8:53 qwtqjrthicn.net udp
US 8.8.8.8:53 wuvwspp.info udp
US 8.8.8.8:53 euscfitxtaj.info udp
US 8.8.8.8:53 omkgden.net udp
US 8.8.8.8:53 rwbklxfvdgn.net udp
US 8.8.8.8:53 jrtymyf.org udp
US 8.8.8.8:53 wovupuzhvuhj.net udp
US 8.8.8.8:53 kajpailpjmp.info udp
US 8.8.8.8:53 qmljnabs.info udp
US 8.8.8.8:53 dqmrjcjnz.org udp
US 8.8.8.8:53 omxzqopvp.info udp
US 8.8.8.8:53 cmmootr.info udp
US 8.8.8.8:53 ryodddaobeg.info udp
US 8.8.8.8:53 ccuimeh.info udp
US 8.8.8.8:53 gwgoqq.com udp
US 8.8.8.8:53 ldczny.info udp
US 8.8.8.8:53 shaijhznbz.info udp
US 8.8.8.8:53 wgjsxoa.info udp
US 8.8.8.8:53 dhksnik.org udp
US 8.8.8.8:53 pssoqtdakwn.org udp
US 8.8.8.8:53 pugbsv.net udp
US 8.8.8.8:53 cvhyxcvn.net udp
US 8.8.8.8:53 bleygeqeiojn.net udp
US 8.8.8.8:53 cauqakigqmmy.org udp
US 8.8.8.8:53 hygqnw.net udp
US 8.8.8.8:53 ngrgvjg.com udp
US 8.8.8.8:53 gislpxktd.info udp
US 8.8.8.8:53 oesmpyy.net udp
US 8.8.8.8:53 dcpopmtez.com udp
US 8.8.8.8:53 ttfvbabznx.net udp
US 8.8.8.8:53 dpwoyczy.info udp
US 8.8.8.8:53 yxnrqaojzu.net udp
US 8.8.8.8:53 sltuocikv.net udp
US 8.8.8.8:53 aijqzcyeriy.info udp
US 8.8.8.8:53 rvtnorgccbby.info udp
US 8.8.8.8:53 ngtcfxuncc.info udp
US 8.8.8.8:53 vqrheyzex.net udp
US 8.8.8.8:53 iffvcnul.info udp
US 8.8.8.8:53 lqibpevyaex.org udp
US 8.8.8.8:53 gnnfil.info udp
US 8.8.8.8:53 jkegrujevkd.info udp
US 8.8.8.8:53 jsvknbpqdprg.net udp
US 8.8.8.8:53 jorkxwafh.com udp
US 8.8.8.8:53 lprvyos.info udp
US 8.8.8.8:53 wuyaiqgeqy.com udp
US 8.8.8.8:53 dgfakonugxp.info udp
US 8.8.8.8:53 rhhvts.net udp
RU 46.72.122.198:45245 tcp
US 8.8.8.8:53 yikqjacsi.info udp
US 8.8.8.8:53 aweggucoqcaq.com udp
US 8.8.8.8:53 uhpmrupuasn.net udp
US 8.8.8.8:53 frmdxwuxkz.info udp
US 8.8.8.8:53 tooppuczf.net udp
US 8.8.8.8:53 bedwkwewmgnc.net udp
US 8.8.8.8:53 zajxwcgfwoex.net udp
US 8.8.8.8:53 scqeeqgsci.org udp
US 8.8.8.8:53 lzppplvncb.info udp
US 8.8.8.8:53 woakku.org udp
US 8.8.8.8:53 cyoqawkoam.com udp
US 8.8.8.8:53 cxlkhikkn.net udp
US 8.8.8.8:53 uboxmv.net udp
US 8.8.8.8:53 iakdqzhqfnig.net udp
US 8.8.8.8:53 ryxdtsd.net udp
US 8.8.8.8:53 pqjblqi.org udp
US 8.8.8.8:53 vxrehozpsk.net udp
US 8.8.8.8:53 ysouexnovwh.info udp
US 8.8.8.8:53 msfmtzx.info udp
US 8.8.8.8:53 hcjcfkproin.info udp
US 8.8.8.8:53 emmurxv.net udp
US 8.8.8.8:53 auzirc.info udp
US 8.8.8.8:53 zvlybsn.net udp
US 8.8.8.8:53 orbijgrf.net udp
US 8.8.8.8:53 mrchlw.net udp
US 8.8.8.8:53 oktozigwb.info udp
US 8.8.8.8:53 vklopmo.com udp
US 8.8.8.8:53 dezgpeow.info udp
US 8.8.8.8:53 cuqywgww.org udp
US 8.8.8.8:53 ouqoeesiae.org udp
US 8.8.8.8:53 mzbdwxth.info udp
US 8.8.8.8:53 fpfyehmx.net udp
US 8.8.8.8:53 xzhfpnlzkxfh.info udp
US 8.8.8.8:53 swlsesnyo.net udp
US 8.8.8.8:53 usjlvoxujdl.net udp
US 8.8.8.8:53 qubqirdevwh.net udp
US 8.8.8.8:53 xwbnlfewu.net udp
US 8.8.8.8:53 reewxp.info udp
US 8.8.8.8:53 zklqdyz.info udp
US 8.8.8.8:53 rwhcfwsnguf.info udp
US 8.8.8.8:53 coeicu.com udp
US 8.8.8.8:53 jfrenmxp.net udp
US 8.8.8.8:53 dunolqrmder.net udp
US 8.8.8.8:53 sebgahhsh.info udp
US 8.8.8.8:53 qwmgsisouk.org udp
US 8.8.8.8:53 ajeufitgtoe.info udp
US 8.8.8.8:53 mrpgbqlzd.info udp
US 8.8.8.8:53 canoase.net udp
US 8.8.8.8:53 xkwucyh.com udp
US 8.8.8.8:53 tikikewkmyxj.info udp
US 8.8.8.8:53 oesaeigqwuki.com udp
US 8.8.8.8:53 wlxdcwmn.info udp
US 8.8.8.8:53 srttit.info udp
US 8.8.8.8:53 ecmsoqkk.com udp
US 8.8.8.8:53 ukqyasyg.org udp
US 8.8.8.8:53 hhbibsteqcn.info udp
US 8.8.8.8:53 nvkgpj.info udp
US 8.8.8.8:53 ciuuucqoiqss.com udp
US 8.8.8.8:53 fewfzy.net udp
US 8.8.8.8:53 vfdylqsvno.net udp
US 8.8.8.8:53 ykqeusiouc.com udp
US 8.8.8.8:53 qhktjptk.net udp
US 8.8.8.8:53 anzgtqseq.info udp
US 8.8.8.8:53 lsxqdunybnz.net udp
US 8.8.8.8:53 teaacdtqjap.net udp
US 8.8.8.8:53 tahinpiwdur.info udp
US 8.8.8.8:53 xwqowmqjhuy.info udp
US 8.8.8.8:53 pxxawyf.com udp
US 8.8.8.8:53 njklqkawdeml.info udp
US 8.8.8.8:53 mdainrbbifun.net udp
US 8.8.8.8:53 xzjreuokj.net udp
US 8.8.8.8:53 inbihbvqhff.info udp
US 8.8.8.8:53 fstscwe.com udp
US 8.8.8.8:53 gywygqy.info udp
US 8.8.8.8:53 bchulsweazg.net udp
US 8.8.8.8:53 cgyumeeq.com udp
US 8.8.8.8:53 ssywwsui.com udp
US 8.8.8.8:53 swtbrqhnhcl.net udp
US 8.8.8.8:53 szlqyihwn.net udp
US 8.8.8.8:53 sdfxtsj.net udp
US 8.8.8.8:53 xfjghcsarmk.com udp
US 8.8.8.8:53 putrdqexoixf.net udp
US 8.8.8.8:53 vbgziypuqgla.info udp
US 8.8.8.8:53 yibyhlp.net udp
US 8.8.8.8:53 zozgcobcaq.net udp
US 8.8.8.8:53 tnovlv.info udp
US 8.8.8.8:53 oqaspmrylkil.net udp
US 8.8.8.8:53 skqgwosk.com udp
US 8.8.8.8:53 wugikqaioy.org udp
US 8.8.8.8:53 akmiaeyaio.org udp
US 8.8.8.8:53 hjjakml.com udp
US 8.8.8.8:53 mvrlhhspnj.info udp
US 8.8.8.8:53 tuvkhjfq.info udp
US 8.8.8.8:53 ympscypadnq.info udp
US 8.8.8.8:53 ysspjetdtzyr.net udp
US 8.8.8.8:53 tvyylczw.info udp
US 8.8.8.8:53 mhuuxbxm.info udp
US 8.8.8.8:53 okisya.org udp
US 8.8.8.8:53 kadqpkblpux.info udp
US 8.8.8.8:53 rxhxfw.net udp
US 8.8.8.8:53 kbzytwof.info udp
US 8.8.8.8:53 xkqkgkjid.info udp
US 8.8.8.8:53 segmokwcyiqc.com udp
US 8.8.8.8:53 fmvidhimgkj.info udp
US 8.8.8.8:53 ucawmoumiysg.com udp
US 8.8.8.8:53 mexsbsbhjgq.info udp
US 8.8.8.8:53 worfgkv.net udp
US 8.8.8.8:53 pezidjrvpf.net udp
US 8.8.8.8:53 qyjtmq.net udp
US 8.8.8.8:53 rvridwvey.net udp
US 8.8.8.8:53 msvazjbkbd.info udp
US 8.8.8.8:53 rabiqdapulh.info udp
US 8.8.8.8:53 mtbwgsbvsf.info udp
US 8.8.8.8:53 lhrrxsd.com udp
US 8.8.8.8:53 veogdsdjx.com udp
US 8.8.8.8:53 fyrgph.info udp
US 8.8.8.8:53 hlqltge.net udp
US 8.8.8.8:53 tstccodw.info udp
US 8.8.8.8:53 smsmaoso.com udp
US 8.8.8.8:53 cjlstin.net udp
US 8.8.8.8:53 mdarfgvffeq.net udp
US 8.8.8.8:53 iwwmiiga.org udp
US 8.8.8.8:53 znkkrcio.net udp
US 8.8.8.8:53 fwflvyduuqr.info udp
US 8.8.8.8:53 aecsck.com udp
US 8.8.8.8:53 jgzbxllqdecg.net udp
US 8.8.8.8:53 ltlabiniv.info udp
US 8.8.8.8:53 wlbtdr.info udp
US 8.8.8.8:53 yjmmhwzescmb.net udp
US 8.8.8.8:53 qgfzbqtt.net udp
US 8.8.8.8:53 xxnowor.net udp
US 8.8.8.8:53 asecuyemymyi.org udp
US 8.8.8.8:53 wgaoym.com udp
US 8.8.8.8:53 yarxnoq.info udp
US 8.8.8.8:53 msnulspcf.info udp
US 8.8.8.8:53 clcphrwjstgk.info udp
US 8.8.8.8:53 tkrbajoockf.com udp
US 8.8.8.8:53 fbjfdkrr.net udp
US 8.8.8.8:53 xwmeqg.net udp
US 8.8.8.8:53 rahgvwx.info udp
US 8.8.8.8:53 mpeqesukv.info udp
US 8.8.8.8:53 yqqwsyikeu.org udp
US 8.8.8.8:53 dwpkzhv.com udp
US 8.8.8.8:53 uwystwtjtmn.net udp
US 8.8.8.8:53 aayeieoamcqe.org udp
US 8.8.8.8:53 hanmarsx.net udp
US 8.8.8.8:53 ymokei.com udp
US 8.8.8.8:53 epbcvizxrkii.net udp
US 8.8.8.8:53 pdcsje.net udp
US 8.8.8.8:53 xvvjbgzp.info udp
US 8.8.8.8:53 dumwfczzvic.info udp
US 8.8.8.8:53 kqeiqw.com udp
US 8.8.8.8:53 ocmgeeci.org udp
US 8.8.8.8:53 cqjkxyftq.net udp
US 8.8.8.8:53 dayucgzmwkv.net udp
US 8.8.8.8:53 tcxmcnfzkuda.net udp
US 8.8.8.8:53 nevqtwfzxk.info udp
US 8.8.8.8:53 xegjhyk.info udp
US 8.8.8.8:53 bjpbnv.info udp
US 8.8.8.8:53 kaudws.net udp
US 8.8.8.8:53 qcoktwr.info udp
US 8.8.8.8:53 wuybayvsmwt.info udp
US 8.8.8.8:53 zgrggcxyjdz.com udp
BG 88.87.3.159:16074 tcp
US 8.8.8.8:53 aiegaekyac.com udp
US 8.8.8.8:53 zwzyuyw.com udp
US 8.8.8.8:53 rxpyywenvctj.net udp
US 8.8.8.8:53 yiacfsjyz.info udp
US 8.8.8.8:53 tkswocncext.net udp
US 8.8.8.8:53 iggcfwpytwa.net udp
US 8.8.8.8:53 ooykeaucwmie.org udp
US 8.8.8.8:53 aaxgnmwcb.net udp
US 8.8.8.8:53 jjzgvrlmp.com udp
US 8.8.8.8:53 tuaxjj.net udp
US 8.8.8.8:53 ihhxtf.info udp
US 8.8.8.8:53 sazrjnxl.net udp
US 8.8.8.8:53 jwiaekauoqz.org udp
US 8.8.8.8:53 gekgoquaya.com udp
US 8.8.8.8:53 ushkxbyxdgg.net udp
US 8.8.8.8:53 ofvsaojytgx.net udp
US 8.8.8.8:53 wfuuowdlpzqf.info udp
US 8.8.8.8:53 jalkbr.info udp
US 8.8.8.8:53 eaweesawugwu.org udp
US 8.8.8.8:53 yaaztdjr.net udp
US 8.8.8.8:53 cxffzmlflm.info udp
US 8.8.8.8:53 cqbctiqnrpkq.info udp
US 8.8.8.8:53 pvmsdylrfj.net udp
US 8.8.8.8:53 ebzopvrqmkw.net udp
US 8.8.8.8:53 hjcutzth.net udp
US 8.8.8.8:53 volevfk.com udp
US 8.8.8.8:53 tqebxynkh.info udp
US 8.8.8.8:53 aumseyrlcu.info udp
US 8.8.8.8:53 prduewrnccd.info udp
US 8.8.8.8:53 uogcum.org udp
US 8.8.8.8:53 usztsauxtyh.net udp
US 8.8.8.8:53 foxunotgt.info udp
US 8.8.8.8:53 uhayxopnfnuy.net udp
US 8.8.8.8:53 dpjwdwszok.net udp
US 8.8.8.8:53 gezyfuldrwi.info udp
US 8.8.8.8:53 bktpfwsl.net udp
US 8.8.8.8:53 gximhebopajt.net udp
US 8.8.8.8:53 umaisoki.org udp
US 8.8.8.8:53 iplqdlbmaiyt.info udp
US 8.8.8.8:53 zjsvgm.info udp
US 8.8.8.8:53 rxwwcoo.info udp
US 8.8.8.8:53 embhuybo.net udp
US 8.8.8.8:53 tmctfrizbs.net udp
HK 156.237.207.232:80 yeseee.com tcp
US 8.8.8.8:53 wgdadmdmk.info udp
US 8.8.8.8:53 jwpsnskokhb.info udp
US 8.8.8.8:53 wihsdoxslhit.info udp
US 8.8.8.8:53 bylihqpez.info udp
US 8.8.8.8:53 taxsnux.com udp
US 8.8.8.8:53 uuwuci.info udp
US 8.8.8.8:53 ioigeikmkiia.org udp
US 8.8.8.8:53 jlkrfetthk.net udp
US 8.8.8.8:53 iwlpzasaqq.net udp
US 8.8.8.8:53 dhcotdckbsyv.info udp
US 8.8.8.8:53 dxrotlihnylh.info udp
US 8.8.8.8:53 jrheid.info udp
US 8.8.8.8:53 eeoywock.org udp
US 8.8.8.8:53 bakfznqyjrsl.net udp
US 8.8.8.8:53 tkmycetgncf.org udp
US 8.8.8.8:53 dkjgdwjceov.info udp
US 8.8.8.8:53 kiacvtydp.net udp
US 8.8.8.8:53 zdjqgtfy.info udp
US 8.8.8.8:53 jolbnynrzeeu.info udp
US 8.8.8.8:53 mcpmajvv.net udp
US 8.8.8.8:53 iqbmysn.net udp
US 8.8.8.8:53 zlnsqae.org udp
US 8.8.8.8:53 uulikoj.info udp
US 8.8.8.8:53 covhpnsyrdvz.info udp
US 8.8.8.8:53 nixdzg.info udp
US 8.8.8.8:53 rulszqn.org udp
US 8.8.8.8:53 beklnku.com udp
US 8.8.8.8:53 gyamguaq.org udp
US 8.8.8.8:53 ocjjxusykevv.net udp
US 8.8.8.8:53 gyjspysibox.net udp
US 8.8.8.8:53 nicxrmrxya.net udp
US 8.8.8.8:53 ktrxkgndhl.net udp
US 8.8.8.8:53 jcbiped.info udp
US 8.8.8.8:53 pqmopopqh.org udp
US 8.8.8.8:53 eqdycvlqz.net udp
US 8.8.8.8:53 ejfutea.net udp
US 8.8.8.8:53 vdinsezipu.net udp
US 8.8.8.8:53 ljykhphpyhjc.info udp
US 8.8.8.8:53 vcpsnqa.net udp
US 8.8.8.8:53 lzbuomsv.info udp
US 8.8.8.8:53 mfxmirp.net udp
US 8.8.8.8:53 ayxvwwvloe.net udp
US 8.8.8.8:53 wcagsrxey.info udp
US 8.8.8.8:53 abinliefrdka.info udp
US 8.8.8.8:53 hojspzfuiu.net udp
US 8.8.8.8:53 bcksphj.net udp
US 8.8.8.8:53 aydkgwbsf.info udp
US 8.8.8.8:53 edrzducm.info udp
US 8.8.8.8:53 blcadkjxehhx.net udp
US 8.8.8.8:53 tgbnhijgyx.net udp
US 8.8.8.8:53 xanwqkg.info udp
US 8.8.8.8:53 suwmkawsua.com udp
US 8.8.8.8:53 atoslq.info udp
US 8.8.8.8:53 xygbdoqlv.org udp
US 8.8.8.8:53 zqorxqiao.net udp
US 8.8.8.8:53 cmtidyskaeh.net udp
US 8.8.8.8:53 kxtttvtubjlx.info udp
US 8.8.8.8:53 khxrpyyoc.net udp
US 8.8.8.8:53 hgwqtropvwn.info udp
US 8.8.8.8:53 pgxakab.net udp
US 8.8.8.8:53 yywiqgugcceg.org udp
US 8.8.8.8:53 vskrxsu.org udp
US 8.8.8.8:53 fofcgchur.net udp
US 8.8.8.8:53 cohixrgyi.info udp
US 8.8.8.8:53 qxbphkxjef.net udp
US 8.8.8.8:53 bjdbtblximt.org udp
US 8.8.8.8:53 cqoycgwuqi.com udp
US 8.8.8.8:53 frzacxml.net udp
US 8.8.8.8:53 cfwjbujktq.info udp
US 8.8.8.8:53 hcevrpbfjqhe.info udp
US 8.8.8.8:53 kmntncwkb.info udp
US 8.8.8.8:53 stfhbwifvy.info udp
US 8.8.8.8:53 cciageqmqg.org udp
US 8.8.8.8:53 rfhpwzug.info udp
US 8.8.8.8:53 fgyojpnggd.info udp
US 8.8.8.8:53 lemhdf.info udp
US 8.8.8.8:53 swexrglixpx.info udp
US 8.8.8.8:53 qabhfw.net udp
US 8.8.8.8:53 issatkmiey.net udp
US 8.8.8.8:53 snjzdtul.info udp
US 8.8.8.8:53 efdlohhy.info udp
US 8.8.8.8:53 kgqagu.com udp
US 8.8.8.8:53 agkbzb.net udp
US 8.8.8.8:53 dmirtk.net udp
US 8.8.8.8:53 mhxpytwiqes.info udp
US 8.8.8.8:53 lcqpelrt.info udp
US 8.8.8.8:53 rvrzonbon.org udp
US 8.8.8.8:53 jnsctjrb.net udp
US 8.8.8.8:53 zitiqkxzo.info udp
US 8.8.8.8:53 pmvwlcgtpsd.com udp
US 8.8.8.8:53 kaymeqowqwqk.org udp
US 8.8.8.8:53 bgdqgf.net udp
US 8.8.8.8:53 hnxplyaqqs.net udp
US 8.8.8.8:53 cgkcui.org udp
US 8.8.8.8:53 poxogqb.info udp
US 8.8.8.8:53 rvovwetcroio.net udp
US 8.8.8.8:53 lefexqj.com udp
US 8.8.8.8:53 pvwrud.net udp
DE 92.39.57.8:13017 tcp
US 8.8.8.8:53 oitupxvvjlp.info udp
US 8.8.8.8:53 qyzoycv.info udp
US 8.8.8.8:53 eqwkxorsw.net udp
US 8.8.8.8:53 zehaamd.org udp
US 8.8.8.8:53 dsbsxud.org udp
US 8.8.8.8:53 bzbkni.info udp
US 8.8.8.8:53 xpyuvus.com udp
US 8.8.8.8:53 benvjcqy.net udp
US 8.8.8.8:53 lctajbbff.net udp
US 8.8.8.8:53 qwvkhmxkegx.net udp
US 8.8.8.8:53 llvrrqof.info udp
US 8.8.8.8:53 bbwobfndnfcl.info udp
US 8.8.8.8:53 mwhaykml.net udp
US 8.8.8.8:53 sbablr.net udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 yamiyu.org udp
US 8.8.8.8:53 xkvqnibsuup.net udp
US 8.8.8.8:53 rmhsuky.net udp
US 8.8.8.8:53 wscgjiieh.net udp
US 8.8.8.8:53 zsnkgzndrcr.org udp
US 8.8.8.8:53 aubgzylblcd.info udp
US 8.8.8.8:53 vnnaygb.net udp
US 8.8.8.8:53 uovsdrfk.info udp
US 8.8.8.8:53 vzasqftohc.net udp
US 8.8.8.8:53 yurzsbxwznrn.info udp
US 8.8.8.8:53 uacoqg.org udp
US 8.8.8.8:53 fjzyxqk.org udp
US 8.8.8.8:53 vadydxg.info udp
US 8.8.8.8:53 nwdopmf.com udp
US 8.8.8.8:53 rcrcrbxww.net udp
US 8.8.8.8:53 lzkscytm.net udp
US 8.8.8.8:53 iokpqrtkvw.net udp
US 8.8.8.8:53 hmvqzix.com udp
US 8.8.8.8:53 yocmdemo.net udp
US 8.8.8.8:53 ucpvxszpb.info udp
US 8.8.8.8:53 ketazqtjn.net udp
US 8.8.8.8:53 mlfcdejcu.net udp
US 8.8.8.8:53 eiseqiqc.com udp
US 8.8.8.8:53 ptbxyixaqem.info udp
US 8.8.8.8:53 zkdysithnao.info udp
US 8.8.8.8:53 dwsikogj.info udp
US 8.8.8.8:53 veezqsia.net udp
US 8.8.8.8:53 ioqwawqa.org udp
US 8.8.8.8:53 soenhrpc.net udp
US 8.8.8.8:53 xgnijggfclh.com udp
US 8.8.8.8:53 vduxyhsurt.net udp
US 8.8.8.8:53 nnycbrtaroy.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\lurwhzlcveb.exe

MD5 89ec3461ef4a893428c32f89de78b396
SHA1 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9
SHA256 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b
SHA512 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8

C:\Windows\SysWOW64\lhslcypeyseuykcbus.exe

MD5 80cdc7c264ea951dedde8d7cda97fe25
SHA1 9961e22ff166d873068b85f829c0b17f8680c889
SHA256 a7b6fb08d17320632c5a3f97d3f265a5e594035fc2b92585b81d0aba16a46df1
SHA512 1efb232e4569fbb233dd9e60f2d38225cc6e091008a2375f6834e5f0785dddd71970c005b78540123ffb9735df1949933937748d554450e51cd9c302f0d44e53

C:\Users\Admin\AppData\Local\Temp\jtszeo.exe

MD5 49a9c0154cc052271825d57cc922a1dc
SHA1 6ff64ab519472480cf24e61a0829be7be27c382a
SHA256 7d084645a008323bc93814434c5225b438caec09e49a17d4efc73711885e2bf5
SHA512 909fd7bdadf4b45776d4208f402a3c3971ca7ae69fef3cf569ce362d2328862235dc86ae5a61fecc4acb12bf24a503572e8f6e7b392fca2987a647fb1762c0dc

C:\Users\Admin\AppData\Local\iplpryaafkhixuxhlukrnrtac.hmj

MD5 49e4ec9898fc7e6919e0cd197a895e2b
SHA1 59d11dbf1260efcf3bbb3a6410f4474033888b59
SHA256 0e242e74664def0e8b61c303f9c67086873c851e31d9eef9492f300d13f84f3c
SHA512 5fd18be016b410eb175501423da233c4384bac94edb68647dbe9318fcaf3e3308e0b8718e98ebadb9020db078f3cf446573754defabdd05c1bbddeb8d8778d00

C:\Users\Admin\AppData\Local\nfmbogteukseemavkefxetgylwmckwwesncw.pwl

MD5 64d1d8ea2e7fd7ff09fafe138ed7c821
SHA1 88412af7ba6d5818e27d53db3bc5fe385fa2c47d
SHA256 04ab8d7737d6a19b2230c66e233751df1ba0ca8c6905b19f09ce8bf45d8bfab8
SHA512 78bc906b00da71ab1b4b81db11a21fa6dc87f8f82b24529714eb719dd1a118f0b412709f87091a75dd360a6dc67390be5ab00db499760bb484fab3e48fb7aa72

C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj

MD5 c34c9f66ab04b38935fe9fce259c6bc9
SHA1 2226524afaa327d58b307e39aaf6a7a0c8bd033d
SHA256 997ba8188035e37b3892d0bb05f8630929241f70b8e4a846ca1836e574bcbfe9
SHA512 338a23a4ac35295b567d156ffe533ceb4cc234b6471f088b29948d07b1368eb2529f1811378e67fa885fcf5f4d76ad2fdcedda22b619cdb65ab060a90388be5d

C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj

MD5 559f3411d6948d8e0d53e455c7c486b5
SHA1 a843e5c322ded9161602af3b5a9ceb1e38790879
SHA256 c6e9175af724ab68991198be1b2fdb0dfcb3e3afa0909f9da11c3ec6abbf6385
SHA512 fee19aee29f5cb651494d966349a3448685ebeb92366dd83bbb02c6e40a4168fe569e8d05c4d7d868f594a43ca854590bbfb4c0f990a067078654eaacb6c2051

C:\Users\Admin\AppData\Local\iplpryaafkhixuxhlukrnrtac.hmj

MD5 64c88e6ed3c3eed43e5c7fb3488b82bc
SHA1 a4cb8aa72641a4a47a8e016615bc428df9335629
SHA256 2ed767c82dec28166166224327da373f168cddb9a0f87e153d48613640f15836
SHA512 5da4af07520c2600ef192b992a22e1f2c709a61c2b01553a6ec1c3c83ebbfcf3c3fbf0feb5a734e047577d25d80653f1068ada023ac36d96385b7bc7927c9ff0

C:\Users\Admin\AppData\Local\iplpryaafkhixuxhlukrnrtac.hmj

MD5 fab835a6a4d9ca673f823057a995c4ca
SHA1 dc39ebffec735685bf1a2b6adf670493abbfb57c
SHA256 31cdfe72a78b6c915f12f19d4aff212817dfc1db21b7289db89233b05e2e42b3
SHA512 750a68e21c5d44dec81121d496309324d7b60a9fef115792af10e3e4dbfd7795503518cf20c6993c2d413ffc986f3b885b0a3566cf530a9bb14d5d7016d7841b

C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj

MD5 9432555061f5d97cc4c45427950b56f1
SHA1 137ad9bdf40c295f6eecec25ed3127dd96aab382
SHA256 a94d969c7978aaf67a17e30a9cf9b03295d8770df9f85f11deceabcb84979022
SHA512 98a5436f4ef2ee5339f3103d64f09bd532b4f5612f850e2393286b81bd554c5878d78dd2982204050d366ebc013f518254273abf5b3cc99751783380dde26ec5

C:\Program Files (x86)\iplpryaafkhixuxhlukrnrtac.hmj

MD5 2c5849f4cfafaeb74d9c2e01f23b98fc
SHA1 3dcb85322e0aae26dcc38bb39f00055e6278df74
SHA256 34b0c558204a90d66b7fe1a095a36bc770e20271537fbb6ae3dc861d01ccb7ca
SHA512 b66d4ae4fe3efd8b376c25b7b7a66df4ae2673ecc444419be38198e952fea030dc19c6c35c36da8c94ca9c324503c660f0294a2d4e6faef5268b5248da3bc4a8