Analysis Overview
SHA256
b6b2b9e959b52d90742beac4f6b23a72e4c2cb5e802bbb9e7da138098d30cd24
Threat Level: Known bad
The file 8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Adds policy Run key to start application
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Adds Run key to start application
Checks whether UAC is enabled
Drops autorun.inf file
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
System policy modification
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 01:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-04 01:49
Reported
2024-11-04 04:10
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqfgrcnp = "bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bamks = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "bqsgecapkgchoklfiujlz.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwpujyntfsfb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "yifohatdtkbbduqf.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmmyuqmzsmgjoihzakx.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe ." | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "maboliftnidhniibdocd.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwpujyntfsfb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwpujyntfsfb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqoysmgriastwolba.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwpujyntfsfb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "zmmyuqmzsmgjoihzakx.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "yifohatdtkbbduqf.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "fqoysmgriastwolba.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "bqsgecapkgchoklfiujlz.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "maboliftnidhniibdocd.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "bqsgecapkgchoklfiujlz.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "fqoysmgriastwolba.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "zmmyuqmzsmgjoihzakx.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yifohatdtkbbduqf.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "fqoysmgriastwolba.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "zmmyuqmzsmgjoihzakx.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "yifohatdtkbbduqf.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwpujyntfsfb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe ." | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yctwjwjnxi = "oazkfavhzslnrkizzi.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwpujyntfsfb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "maboliftnidhniibdocd.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmmyuqmzsmgjoihzakx.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yifohatdtkbbduqf.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oazkfavhzslnrkizzi.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maboliftnidhniibdocd.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "oazkfavhzslnrkizzi.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "zmmyuqmzsmgjoihzakx.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmmyuqmzsmgjoihzakx.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "fqoysmgriastwolba.exe ." | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oazkfavhzslnrkizzi.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "yifohatdtkbbduqf.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiyamyknw = "fqoysmgriastwolba.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tyquiwkpamy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmzyhq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqsgecapkgchoklfiujlz.exe" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zaooyis = "fqoysmgriastwolba.exe ." | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File created | C:\Windows\SysWOW64\qwpujyntfsfbzmepjmslqfujpbobxvialf.ohm | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dygaeimhikmxkmttcupxrvz.yzb | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File created | C:\Windows\SysWOW64\dygaeimhikmxkmttcupxrvz.yzb | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qwpujyntfsfbzmepjmslqfujpbobxvialf.ohm | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\dygaeimhikmxkmttcupxrvz.yzb | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File created | C:\Program Files (x86)\dygaeimhikmxkmttcupxrvz.yzb | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Program Files (x86)\qwpujyntfsfbzmepjmslqfujpbobxvialf.ohm | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File created | C:\Program Files (x86)\qwpujyntfsfbzmepjmslqfujpbobxvialf.ohm | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\qwpujyntfsfbzmepjmslqfujpbobxvialf.ohm | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File created | C:\Windows\qwpujyntfsfbzmepjmslqfujpbobxvialf.ohm | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\zmmyuqmzsmgjoihzakx.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\yifohatdtkbbduqf.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\oazkfavhzslnrkizzi.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\fqoysmgriastwolba.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File created | C:\Windows\dygaeimhikmxkmttcupxrvz.yzb | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\silazyxnjgdjroqlpcsvkj.exe | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| File opened for modification | C:\Windows\maboliftnidhniibdocd.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\bqsgecapkgchoklfiujlz.exe | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| File opened for modification | C:\Windows\dygaeimhikmxkmttcupxrvz.yzb | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe
"C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe" "c:\users\admin\appdata\local\temp\8e8d8dd457411eaf96c3e5f1cf646ec5_jaffacakes118.exe*"
C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe
"C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe" "-C:\Users\Admin\AppData\Local\Temp\yifohatdtkbbduqf.exe"
C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe
"C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe" "-C:\Users\Admin\AppData\Local\Temp\yifohatdtkbbduqf.exe"
C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe
"C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe" "c:\users\admin\appdata\local\temp\8e8d8dd457411eaf96c3e5f1cf646ec5_jaffacakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | 175.155.67.172.in-addr.arpa | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | 79.222.19.104.in-addr.arpa | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | 92.207.27.104.in-addr.arpa | udp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 151.101.128.81:80 | www.bbc.co.uk | tcp |
| BG | 93.155.151.91:34894 | tcp | |
| US | 8.8.8.8:53 | kmeggs.org | udp |
| US | 8.8.8.8:53 | jvptjnty.net | udp |
| US | 8.8.8.8:53 | qeumlfa.net | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.128.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bhvhbe.info | udp |
| US | 8.8.8.8:53 | zibebhlkraht.info | udp |
| US | 8.8.8.8:53 | kavtbvqf.info | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | ierplo.info | udp |
| US | 8.8.8.8:53 | tgdkwbdaxmv.org | udp |
| US | 8.8.8.8:53 | gcloddtv.net | udp |
| US | 8.8.8.8:53 | sejibalqxar.net | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qewcqmsk.com | udp |
| US | 8.8.8.8:53 | fqpovwteh.org | udp |
| US | 8.8.8.8:53 | egksyqv.info | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | hcxckqvel.info | udp |
| US | 8.8.8.8:53 | dgrosevol.net | udp |
| US | 8.8.8.8:53 | olhlrzrio.info | udp |
| US | 8.8.8.8:53 | jehceytil.com | udp |
| US | 8.8.8.8:53 | pnfmjmvwlcx.org | udp |
| US | 8.8.8.8:53 | nwrupajut.info | udp |
| US | 8.8.8.8:53 | rcqtcp.net | udp |
| US | 8.8.8.8:53 | rlwqukwa.info | udp |
| US | 8.8.8.8:53 | ljbwbkk.org | udp |
| US | 8.8.8.8:53 | rzmmecqethzf.net | udp |
| US | 8.8.8.8:53 | zesbssz.info | udp |
| US | 8.8.8.8:53 | aewqus.org | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gsjojkbmxpdc.info | udp |
| US | 8.8.8.8:53 | vqhclzq.org | udp |
| US | 8.8.8.8:53 | mqtahxnejldg.info | udp |
| US | 8.8.8.8:53 | sypwnuv.info | udp |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | fwfsvpot.info | udp |
| US | 8.8.8.8:53 | rzsbhj.net | udp |
| US | 8.8.8.8:53 | tefqfep.com | udp |
| US | 8.8.8.8:53 | oknkzinhu.net | udp |
| US | 8.8.8.8:53 | wkvbhisocfzh.net | udp |
| US | 8.8.8.8:53 | eshqlrz.net | udp |
| US | 8.8.8.8:53 | jkkgpztelop.info | udp |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | etdnrcup.net | udp |
| US | 8.8.8.8:53 | mfuykhwkmi.info | udp |
| US | 8.8.8.8:53 | lpxsddr.org | udp |
| US | 8.8.8.8:53 | jjljlss.info | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | wohkbqx.net | udp |
| US | 8.8.8.8:53 | cmseayag.info | udp |
| US | 8.8.8.8:53 | xdhnthdc.net | udp |
| US | 8.8.8.8:53 | agoeuoqioe.org | udp |
| US | 8.8.8.8:53 | fdawfvcbhzgv.net | udp |
| US | 8.8.8.8:53 | myocswemuq.org | udp |
| US | 8.8.8.8:53 | aiqakccc.com | udp |
| US | 8.8.8.8:53 | xhwheg.info | udp |
| US | 8.8.8.8:53 | jsxbakz.com | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | jkfmwx.net | udp |
| US | 8.8.8.8:53 | kcesou.com | udp |
| US | 8.8.8.8:53 | zdauljodbipa.info | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| US | 8.8.8.8:53 | uycagumomc.com | udp |
| US | 8.8.8.8:53 | uofetabwgeo.info | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 8.8.8.8:53 | zvhjdmqt.info | udp |
| US | 8.8.8.8:53 | skcjfgnuekp.net | udp |
| US | 8.8.8.8:53 | ljufra.info | udp |
| US | 8.8.8.8:53 | ojzuadnwvyi.info | udp |
| US | 8.8.8.8:53 | vljgbupsl.net | udp |
| US | 8.8.8.8:53 | zmdsjmv.info | udp |
| US | 8.8.8.8:53 | iarbjyo.net | udp |
| US | 8.8.8.8:53 | kmsqawowou.com | udp |
| US | 8.8.8.8:53 | qpejngowavjy.info | udp |
| US | 8.8.8.8:53 | gatlekzac.info | udp |
| US | 8.8.8.8:53 | lcbsfiyyz.com | udp |
| US | 8.8.8.8:53 | dmbealkee.net | udp |
| US | 8.8.8.8:53 | qqsssy.org | udp |
| US | 8.8.8.8:53 | yqiweowi.com | udp |
| US | 8.8.8.8:53 | gukvsfghoa.net | udp |
| US | 8.8.8.8:53 | oonipcpkg.info | udp |
| US | 8.8.8.8:53 | llzmqgpxgg.info | udp |
| US | 8.8.8.8:53 | umlvfu.info | udp |
| US | 8.8.8.8:53 | uwyowmyswq.org | udp |
| US | 8.8.8.8:53 | xessbopljbw.com | udp |
| US | 8.8.8.8:53 | fszehlnx.net | udp |
| US | 8.8.8.8:53 | qcsqfmd.info | udp |
| US | 8.8.8.8:53 | gzgajvrzamkn.info | udp |
| US | 8.8.8.8:53 | tqpvxvathx.net | udp |
| US | 8.8.8.8:53 | jkdcdyf.com | udp |
| US | 8.8.8.8:53 | blshwn.info | udp |
| US | 8.8.8.8:53 | ioiwzaynbgy.info | udp |
| US | 8.8.8.8:53 | tqlcfcpeb.com | udp |
| US | 8.8.8.8:53 | gfuvwmjpgb.net | udp |
| US | 8.8.8.8:53 | kgvcldhgdqf.net | udp |
| US | 8.8.8.8:53 | ddwerq.info | udp |
| US | 8.8.8.8:53 | kobhbxtgivem.info | udp |
| US | 8.8.8.8:53 | zsqxejydfpnt.info | udp |
| US | 8.8.8.8:53 | cihwjuw.info | udp |
| US | 8.8.8.8:53 | actajjjwzil.net | udp |
| US | 8.8.8.8:53 | kowciice.org | udp |
| US | 8.8.8.8:53 | yisgcwmw.org | udp |
| US | 8.8.8.8:53 | qudyrmntuow.info | udp |
| US | 8.8.8.8:53 | xzlutppi.info | udp |
| US | 8.8.8.8:53 | iwibxdnxmi.net | udp |
| US | 8.8.8.8:53 | cyqhhcqlktah.info | udp |
| US | 8.8.8.8:53 | lzlrrtbl.info | udp |
| US | 8.8.8.8:53 | wqbqqhaifqs.net | udp |
| US | 8.8.8.8:53 | kejezaluwmr.info | udp |
| US | 8.8.8.8:53 | txlcwgpz.info | udp |
| US | 8.8.8.8:53 | usiikeyy.org | udp |
| US | 8.8.8.8:53 | rozxbwm.com | udp |
| US | 8.8.8.8:53 | uspavcp.net | udp |
| US | 8.8.8.8:53 | ojfyorvwmhz.net | udp |
| US | 8.8.8.8:53 | lavkhqxglte.net | udp |
| US | 8.8.8.8:53 | lftjqi.net | udp |
| US | 8.8.8.8:53 | hrnujmsfph.net | udp |
| US | 8.8.8.8:53 | klfimasblv.net | udp |
| US | 8.8.8.8:53 | qscmuoze.info | udp |
| BG | 95.87.12.145:44765 | tcp | |
| US | 8.8.8.8:53 | ourepitvklx.info | udp |
| US | 8.8.8.8:53 | upjpuayinxt.net | udp |
| US | 8.8.8.8:53 | byvrzihyjof.info | udp |
| US | 8.8.8.8:53 | qskwemmmys.org | udp |
| US | 8.8.8.8:53 | dznklgmted.net | udp |
| US | 8.8.8.8:53 | xhisrub.org | udp |
| US | 8.8.8.8:53 | wahodla.info | udp |
| US | 8.8.8.8:53 | zegbmlgicvim.info | udp |
| US | 8.8.8.8:53 | cyukacieskqq.com | udp |
| US | 8.8.8.8:53 | njfyhw.net | udp |
| US | 8.8.8.8:53 | taohdyakjwtm.net | udp |
| US | 8.8.8.8:53 | octpnmfeveb.net | udp |
| US | 8.8.8.8:53 | zqtgfcnl.info | udp |
| US | 8.8.8.8:53 | rvzbcw.net | udp |
| US | 8.8.8.8:53 | ruksvdctcqr.com | udp |
| US | 8.8.8.8:53 | rposbmjenqfq.net | udp |
| US | 8.8.8.8:53 | mmoyygokmu.org | udp |
| US | 8.8.8.8:53 | egmyym.org | udp |
| US | 8.8.8.8:53 | bsrweqh.net | udp |
| US | 8.8.8.8:53 | bxvmtyhlupuy.info | udp |
| US | 8.8.8.8:53 | qndvxpvkqg.net | udp |
| US | 8.8.8.8:53 | hupmymr.info | udp |
| US | 8.8.8.8:53 | kshgvj.net | udp |
| US | 8.8.8.8:53 | lnxqpendn.info | udp |
| US | 8.8.8.8:53 | iojclrdgb.net | udp |
| US | 8.8.8.8:53 | qwggqmgaogau.com | udp |
| US | 8.8.8.8:53 | xykutplmhmfn.net | udp |
| US | 8.8.8.8:53 | mlgsxflu.net | udp |
| US | 8.8.8.8:53 | ufewjhje.net | udp |
| US | 8.8.8.8:53 | njnrsijmqyx.com | udp |
| US | 8.8.8.8:53 | tihpuq.net | udp |
| US | 8.8.8.8:53 | qoksye.com | udp |
| US | 8.8.8.8:53 | jsbqtrotieem.net | udp |
| US | 8.8.8.8:53 | kmpdjanxcx.info | udp |
| US | 8.8.8.8:53 | zgybfqraa.net | udp |
| US | 8.8.8.8:53 | kpvitcqqt.info | udp |
| US | 8.8.8.8:53 | ofqyzkwfttvv.net | udp |
| US | 8.8.8.8:53 | oqlmnogdse.info | udp |
| US | 8.8.8.8:53 | jljcywgh.info | udp |
| US | 8.8.8.8:53 | xxrylwu.info | udp |
| US | 8.8.8.8:53 | bnxgviz.info | udp |
| US | 8.8.8.8:53 | cedgaat.info | udp |
| US | 8.8.8.8:53 | ykumoaao.org | udp |
| US | 8.8.8.8:53 | aptavxszku.info | udp |
| US | 8.8.8.8:53 | xgrcwkhxljv.info | udp |
| US | 8.8.8.8:53 | qhqqnb.info | udp |
| US | 8.8.8.8:53 | nlfpdhafhbro.info | udp |
| US | 8.8.8.8:53 | skuggzfjfqdp.info | udp |
| US | 8.8.8.8:53 | fvhrfg.net | udp |
| US | 8.8.8.8:53 | oesmaemmgi.com | udp |
| US | 8.8.8.8:53 | kpxupwszqz.info | udp |
| US | 8.8.8.8:53 | dqsqlsaqcgf.com | udp |
| US | 8.8.8.8:53 | ssoowu.org | udp |
| US | 8.8.8.8:53 | mslilefyzw.net | udp |
| US | 8.8.8.8:53 | pxnyvqrxx.info | udp |
| US | 8.8.8.8:53 | suquowiiqg.org | udp |
| US | 8.8.8.8:53 | jinfugfp.net | udp |
| US | 8.8.8.8:53 | oejxvcplmedu.net | udp |
| US | 8.8.8.8:53 | isiium.com | udp |
| US | 8.8.8.8:53 | hebreh.net | udp |
| US | 8.8.8.8:53 | kycqwmn.net | udp |
| US | 8.8.8.8:53 | bscctglfuae.info | udp |
| US | 8.8.8.8:53 | qdaqwtlafa.info | udp |
| US | 8.8.8.8:53 | gweoaocu.com | udp |
| US | 8.8.8.8:53 | docbqspqbe.net | udp |
| US | 8.8.8.8:53 | ltkolby.com | udp |
| US | 8.8.8.8:53 | gxjmexojzn.info | udp |
| US | 8.8.8.8:53 | zsbwjrlqas.info | udp |
| US | 8.8.8.8:53 | uxkxpbvaxq.net | udp |
| US | 8.8.8.8:53 | brdmjwrvfx.net | udp |
| US | 8.8.8.8:53 | lgmblm.info | udp |
| US | 8.8.8.8:53 | yomyem.com | udp |
| US | 8.8.8.8:53 | qicaaacagcmc.com | udp |
| US | 8.8.8.8:53 | ekysuwaiqs.org | udp |
| US | 8.8.8.8:53 | lyesaavpybh.info | udp |
| US | 8.8.8.8:53 | znagrsgm.info | udp |
| US | 8.8.8.8:53 | vcfsuorinou.net | udp |
| US | 8.8.8.8:53 | mbiiznxdulyh.net | udp |
| US | 8.8.8.8:53 | uqcsycycie.com | udp |
| US | 8.8.8.8:53 | iffkruzakup.info | udp |
| US | 8.8.8.8:53 | zmgudafcb.org | udp |
| US | 8.8.8.8:53 | oggayuwc.org | udp |
| US | 8.8.8.8:53 | qpeavxszku.net | udp |
| US | 8.8.8.8:53 | nyzwvetcpcz.org | udp |
| US | 8.8.8.8:53 | kkoazsjsrut.info | udp |
| US | 8.8.8.8:53 | udkrkeibod.info | udp |
| US | 8.8.8.8:53 | phfvmjwvbt.info | udp |
| US | 8.8.8.8:53 | oiwfrsd.info | udp |
| US | 8.8.8.8:53 | bwdqfoh.info | udp |
| US | 8.8.8.8:53 | nvqhtsfzlm.info | udp |
| US | 8.8.8.8:53 | qcgohphg.info | udp |
| US | 8.8.8.8:53 | vaxjcaw.org | udp |
| US | 8.8.8.8:53 | lszrvnyezbbk.net | udp |
| US | 8.8.8.8:53 | qyoccsigickm.org | udp |
| US | 8.8.8.8:53 | wihaqyhbr.net | udp |
| US | 8.8.8.8:53 | wudcbzqgq.info | udp |
| US | 8.8.8.8:53 | laxnyxdr.net | udp |
| US | 8.8.8.8:53 | fqvopkmiayu.org | udp |
| US | 8.8.8.8:53 | vzkhrntivj.net | udp |
| US | 8.8.8.8:53 | rbzdforeqip.org | udp |
| US | 8.8.8.8:53 | qgcagg.com | udp |
| US | 8.8.8.8:53 | cuyeos.org | udp |
| US | 8.8.8.8:53 | oqhajmtmnmh.info | udp |
| US | 8.8.8.8:53 | qakwayoiwg.org | udp |
| US | 8.8.8.8:53 | jlnvhp.net | udp |
| US | 8.8.8.8:53 | mgnnlttb.info | udp |
| US | 8.8.8.8:53 | epliekjwixe.info | udp |
| US | 8.8.8.8:53 | wieavxszku.net | udp |
| US | 8.8.8.8:53 | wzfeivqb.net | udp |
| US | 8.8.8.8:53 | knhxtw.info | udp |
| US | 8.8.8.8:53 | ykiswqiy.com | udp |
| US | 8.8.8.8:53 | qwqixrv.net | udp |
| US | 8.8.8.8:53 | yuuusu.org | udp |
| US | 8.8.8.8:53 | uwokgu.org | udp |
| US | 8.8.8.8:53 | rreplnac.info | udp |
| US | 8.8.8.8:53 | qqwwmaugki.com | udp |
| US | 8.8.8.8:53 | xqeqvctmsuh.net | udp |
| US | 8.8.8.8:53 | pbrghqtzh.com | udp |
| US | 8.8.8.8:53 | kcoqscuy.com | udp |
| US | 8.8.8.8:53 | bojutgj.org | udp |
| US | 8.8.8.8:53 | qxrwrxkgnrd.net | udp |
| US | 8.8.8.8:53 | brskaapvrsor.net | udp |
| US | 8.8.8.8:53 | wkdutcxkj.net | udp |
| US | 8.8.8.8:53 | cvnixbdjusq.info | udp |
| US | 8.8.8.8:53 | woogwiukgu.com | udp |
| US | 8.8.8.8:53 | oqlglirqdmz.info | udp |
| US | 8.8.8.8:53 | qagoeiyu.org | udp |
| US | 8.8.8.8:53 | royttjbz.info | udp |
| US | 8.8.8.8:53 | sxpwulihoitd.net | udp |
| US | 8.8.8.8:53 | ltnucaxcs.com | udp |
| US | 8.8.8.8:53 | osrwzajgbij.net | udp |
| US | 8.8.8.8:53 | vjorjt.net | udp |
| US | 8.8.8.8:53 | hgxntkm.net | udp |
| US | 8.8.8.8:53 | vxsewyhggmd.org | udp |
| US | 8.8.8.8:53 | vhsnmdzy.net | udp |
| US | 8.8.8.8:53 | nmvyasbkw.org | udp |
| US | 8.8.8.8:53 | wofwjcada.info | udp |
| US | 8.8.8.8:53 | aasgceynhjmf.net | udp |
| US | 8.8.8.8:53 | iihiop.info | udp |
| US | 8.8.8.8:53 | akdxbpu.net | udp |
| US | 8.8.8.8:53 | grblyx.net | udp |
| US | 8.8.8.8:53 | ftvflbsv.net | udp |
| US | 8.8.8.8:53 | djlicfxk.net | udp |
| US | 8.8.8.8:53 | soyqyoyyewia.org | udp |
| US | 8.8.8.8:53 | majazub.info | udp |
| US | 8.8.8.8:53 | hkgalquzn.com | udp |
| US | 8.8.8.8:53 | fblfme.net | udp |
| US | 8.8.8.8:53 | aokmgeqksc.org | udp |
| US | 8.8.8.8:53 | dbuguvooxgpt.info | udp |
| US | 8.8.8.8:53 | rakehurfqh.info | udp |
| US | 8.8.8.8:53 | xoqguyrt.info | udp |
| US | 8.8.8.8:53 | wycacmmaca.com | udp |
| US | 8.8.8.8:53 | kimafhidcsub.info | udp |
| US | 8.8.8.8:53 | qoqrljvuh.info | udp |
| US | 8.8.8.8:53 | fyoxviovoyzq.info | udp |
| US | 8.8.8.8:53 | rhvhzmim.info | udp |
| US | 8.8.8.8:53 | gqgysunwqgo.info | udp |
| US | 8.8.8.8:53 | rwbklxfvdgn.net | udp |
| US | 8.8.8.8:53 | zkjhrehmp.com | udp |
| US | 8.8.8.8:53 | gtdbmdlyvn.net | udp |
| US | 8.8.8.8:53 | feakvgj.com | udp |
| US | 8.8.8.8:53 | kajpailpjmp.info | udp |
| US | 8.8.8.8:53 | oaxejotyhxqv.info | udp |
| US | 8.8.8.8:53 | wkzqzab.info | udp |
| US | 8.8.8.8:53 | vfzyxmacbmh.net | udp |
| US | 8.8.8.8:53 | qcvqrojbvsyw.info | udp |
| US | 8.8.8.8:53 | ubsrgizu.info | udp |
| US | 8.8.8.8:53 | gwgoqq.com | udp |
| US | 8.8.8.8:53 | nnfbjqa.com | udp |
| US | 8.8.8.8:53 | nqcxtkbyver.info | udp |
| US | 8.8.8.8:53 | fobyjuw.info | udp |
| US | 8.8.8.8:53 | ggkuiorql.net | udp |
| US | 8.8.8.8:53 | rrxsrtdja.net | udp |
| US | 8.8.8.8:53 | scvelns.info | udp |
| US | 8.8.8.8:53 | svymktrkoq.net | udp |
| US | 8.8.8.8:53 | aiwoyqei.com | udp |
| US | 8.8.8.8:53 | cvhyxcvn.net | udp |
| US | 8.8.8.8:53 | bcitly.info | udp |
| US | 8.8.8.8:53 | kmqqimks.com | udp |
| US | 8.8.8.8:53 | nxlsol.info | udp |
| US | 8.8.8.8:53 | gislpxktd.info | udp |
| US | 8.8.8.8:53 | guykkoaaqukq.org | udp |
| US | 8.8.8.8:53 | eakqqkss.org | udp |
| US | 8.8.8.8:53 | baxgymj.com | udp |
| US | 8.8.8.8:53 | zrrwdtvowir.net | udp |
| US | 8.8.8.8:53 | dpwoyczy.info | udp |
| US | 8.8.8.8:53 | xegtgw.net | udp |
| US | 8.8.8.8:53 | toxuvapx.net | udp |
| US | 8.8.8.8:53 | vqrheyzex.net | udp |
| US | 8.8.8.8:53 | quvnbuqhe.net | udp |
| US | 8.8.8.8:53 | usvglcpczosh.info | udp |
| US | 8.8.8.8:53 | sydtxituqgi.net | udp |
| BG | 77.71.16.138:30711 | tcp | |
| US | 8.8.8.8:53 | lvvadkc.org | udp |
| US | 8.8.8.8:53 | erjaraq.info | udp |
| US | 8.8.8.8:53 | wuqnvsfc.info | udp |
| US | 8.8.8.8:53 | pctsaevsu.info | udp |
| US | 8.8.8.8:53 | jkegrujevkd.info | udp |
| US | 8.8.8.8:53 | fofgmkmv.net | udp |
| US | 8.8.8.8:53 | frzjryvctoy.net | udp |
| US | 8.8.8.8:53 | kedpnc.info | udp |
| US | 8.8.8.8:53 | ymkomm.org | udp |
| US | 8.8.8.8:53 | igkiseequs.org | udp |
| US | 8.8.8.8:53 | wuyaiqgeqy.com | udp |
| US | 8.8.8.8:53 | cerjhfvteb.info | udp |
| US | 8.8.8.8:53 | uhpmrupuasn.net | udp |
| US | 8.8.8.8:53 | phgxftmiyimk.net | udp |
| US | 8.8.8.8:53 | ascbvuvgkpmi.net | udp |
| US | 8.8.8.8:53 | jrzyrcaozcr.org | udp |
| US | 8.8.8.8:53 | xmejsn.net | udp |
| US | 8.8.8.8:53 | okhapkd.net | udp |
| US | 8.8.8.8:53 | eckkgewgcw.com | udp |
| US | 8.8.8.8:53 | iymgeqcmaeue.org | udp |
| US | 8.8.8.8:53 | oujjvx.net | udp |
| US | 8.8.8.8:53 | uzszsobef.info | udp |
| US | 8.8.8.8:53 | cxlkhikkn.net | udp |
| US | 8.8.8.8:53 | djjnnxegyrdb.net | udp |
| US | 8.8.8.8:53 | kmtrnjzqayax.net | udp |
| US | 8.8.8.8:53 | fqpiujlip.com | udp |
| US | 8.8.8.8:53 | fakvjfiets.net | udp |
| US | 8.8.8.8:53 | dolyxmxonvd.com | udp |
| US | 8.8.8.8:53 | ryxdtsd.net | udp |
| US | 8.8.8.8:53 | mpnqjigb.info | udp |
| US | 8.8.8.8:53 | hifehij.net | udp |
| US | 8.8.8.8:53 | nqvulqocbon.org | udp |
| US | 8.8.8.8:53 | zluntm.net | udp |
| US | 8.8.8.8:53 | msfmtzx.info | udp |
| US | 8.8.8.8:53 | bpfggma.com | udp |
| US | 8.8.8.8:53 | acjuiyxksux.info | udp |
| US | 8.8.8.8:53 | ehfstubmz.info | udp |
| US | 8.8.8.8:53 | ouqoeesiae.org | udp |
| US | 8.8.8.8:53 | bprejkfznem.info | udp |
| US | 8.8.8.8:53 | qubqirdevwh.net | udp |
| US | 8.8.8.8:53 | owfkvav.info | udp |
| US | 8.8.8.8:53 | qqyiwgwiuq.org | udp |
| US | 8.8.8.8:53 | yqhezndol.net | udp |
| US | 8.8.8.8:53 | dojnzcvsnx.info | udp |
| US | 8.8.8.8:53 | ugeoks.com | udp |
| US | 8.8.8.8:53 | sknexdv.info | udp |
| US | 8.8.8.8:53 | jtwogtx.com | udp |
| US | 8.8.8.8:53 | reewxp.info | udp |
| US | 8.8.8.8:53 | rsfymwftf.com | udp |
| US | 8.8.8.8:53 | fmfmlt.info | udp |
| US | 8.8.8.8:53 | ecyseaugcw.com | udp |
| US | 8.8.8.8:53 | xerjgqfnqtap.info | udp |
| US | 8.8.8.8:53 | vycytp.info | udp |
| US | 8.8.8.8:53 | gqdcpxf.net | udp |
| US | 8.8.8.8:53 | jfrenmxp.net | udp |
| US | 8.8.8.8:53 | yarcvvjucsq.info | udp |
| US | 8.8.8.8:53 | xlpvpm.net | udp |
| US | 8.8.8.8:53 | mjdqfnmiyj.net | udp |
| US | 8.8.8.8:53 | iwgkcvacgrbf.info | udp |
| US | 8.8.8.8:53 | tvvgrdt.info | udp |
| US | 8.8.8.8:53 | qplanhzstim.net | udp |
| US | 8.8.8.8:53 | dunolqrmder.net | udp |
| US | 8.8.8.8:53 | qsymycm.info | udp |
| US | 8.8.8.8:53 | zehpzyljh.com | udp |
| US | 8.8.8.8:53 | rwgyakbzhsy.org | udp |
| US | 8.8.8.8:53 | hhsurs.info | udp |
| US | 8.8.8.8:53 | dubpppn.org | udp |
| US | 8.8.8.8:53 | mshzgeikwz.net | udp |
| US | 8.8.8.8:53 | ajeufitgtoe.info | udp |
| US | 8.8.8.8:53 | mkcftxy.net | udp |
| US | 8.8.8.8:53 | qljywekokjqr.info | udp |
| US | 8.8.8.8:53 | puhqgij.com | udp |
| US | 8.8.8.8:53 | jkdyhhqbrxvw.net | udp |
| US | 8.8.8.8:53 | ditynqlth.com | udp |
| US | 8.8.8.8:53 | oesaeigqwuki.com | udp |
| US | 8.8.8.8:53 | timyhevd.net | udp |
| US | 8.8.8.8:53 | xvydueqdgnk.org | udp |
| US | 8.8.8.8:53 | hhbibsteqcn.info | udp |
| US | 8.8.8.8:53 | qynpzsyhoj.info | udp |
| US | 8.8.8.8:53 | mumqpsj.info | udp |
| US | 8.8.8.8:53 | sgfjuemgbwx.info | udp |
| US | 8.8.8.8:53 | metnpnh.net | udp |
| US | 8.8.8.8:53 | qcaequgeic.org | udp |
| US | 8.8.8.8:53 | jnfdzykbt.org | udp |
| US | 8.8.8.8:53 | fdjcbspqz.net | udp |
| US | 8.8.8.8:53 | guzqubh.net | udp |
| US | 8.8.8.8:53 | dmwxdehfcst.net | udp |
| US | 8.8.8.8:53 | zvbflq.net | udp |
| US | 8.8.8.8:53 | slskdgn.net | udp |
| US | 8.8.8.8:53 | teaacdtqjap.net | udp |
| US | 8.8.8.8:53 | tyqubpdqnuh.org | udp |
| US | 8.8.8.8:53 | bcvkhnx.info | udp |
| US | 8.8.8.8:53 | wmdmaahttsz.net | udp |
| US | 8.8.8.8:53 | tkghfgfob.org | udp |
| US | 8.8.8.8:53 | tgezcimdsujg.net | udp |
| US | 8.8.8.8:53 | zilyrjvuskt.com | udp |
| US | 8.8.8.8:53 | mdainrbbifun.net | udp |
| US | 8.8.8.8:53 | juurvqnmpp.net | udp |
| US | 8.8.8.8:53 | guzhtaa.info | udp |
| US | 8.8.8.8:53 | hzjclxpbejhd.info | udp |
| US | 8.8.8.8:53 | ssywwsui.com | udp |
| US | 8.8.8.8:53 | hllqrgvanbf.org | udp |
| US | 8.8.8.8:53 | xgjjsggrrkxb.net | udp |
| US | 8.8.8.8:53 | kcpgxb.info | udp |
| US | 8.8.8.8:53 | pkwxpl.net | udp |
| US | 8.8.8.8:53 | mmdmxymcmr.info | udp |
| US | 8.8.8.8:53 | aewknyxgpqu.net | udp |
| US | 8.8.8.8:53 | zozgcobcaq.net | udp |
| US | 8.8.8.8:53 | tksyyev.info | udp |
| US | 8.8.8.8:53 | nuyqhm.net | udp |
| US | 8.8.8.8:53 | xqltjcj.com | udp |
| US | 8.8.8.8:53 | hjjakml.com | udp |
| US | 8.8.8.8:53 | niompldgvdq.info | udp |
| US | 8.8.8.8:53 | pntkebfrddv.org | udp |
| US | 8.8.8.8:53 | mvrlhhspnj.info | udp |
| US | 8.8.8.8:53 | syndjvyqs.net | udp |
| US | 8.8.8.8:53 | joeutivqlgl.org | udp |
| US | 8.8.8.8:53 | pubdtrzkyif.com | udp |
| US | 8.8.8.8:53 | ngpgccpqya.net | udp |
| US | 8.8.8.8:53 | zerfia.info | udp |
| US | 8.8.8.8:53 | zvrujdej.net | udp |
| US | 8.8.8.8:53 | scxinem.info | udp |
| US | 8.8.8.8:53 | zitaawsahxtz.net | udp |
| US | 8.8.8.8:53 | zdnpdktlco.info | udp |
| US | 8.8.8.8:53 | rxhxfw.net | udp |
| US | 8.8.8.8:53 | yeukuk.com | udp |
| US | 8.8.8.8:53 | fxvojez.com | udp |
| US | 8.8.8.8:53 | gktkrk.net | udp |
| HK | 156.244.121.142:80 | gktkrk.net | tcp |
| GB | 89.116.101.9:45613 | tcp | |
| US | 8.8.8.8:53 | uhhireljv.info | udp |
| US | 8.8.8.8:53 | qckkwe.com | udp |
| US | 8.8.8.8:53 | zkykjxrhzafp.net | udp |
| US | 8.8.8.8:53 | cuhgslo.net | udp |
| US | 8.8.8.8:53 | bfvzpptceko.com | udp |
| US | 8.8.8.8:53 | ctdbtypyi.info | udp |
| US | 8.8.8.8:53 | qswswwoycc.org | udp |
| US | 8.8.8.8:53 | mexsbsbhjgq.info | udp |
| US | 8.8.8.8:53 | jmdmtub.info | udp |
| US | 8.8.8.8:53 | xocwpj.net | udp |
| US | 8.8.8.8:53 | xyaspkq.org | udp |
| US | 8.8.8.8:53 | yxlppdfp.net | udp |
| US | 8.8.8.8:53 | uvcodihahbp.net | udp |
| US | 8.8.8.8:53 | uysuiuqaycwy.org | udp |
| US | 8.8.8.8:53 | lnvwoqghfcz.info | udp |
| US | 8.8.8.8:53 | tismdach.info | udp |
| US | 8.8.8.8:53 | pcmstpku.info | udp |
| US | 8.8.8.8:53 | fulkophhwa.info | udp |
| US | 8.8.8.8:53 | pdofzkk.com | udp |
| US | 8.8.8.8:53 | hlqltge.net | udp |
| US | 8.8.8.8:53 | kmbsmklhlo.info | udp |
| US | 8.8.8.8:53 | duxjsit.com | udp |
| US | 8.8.8.8:53 | uuueieukoagm.com | udp |
| US | 8.8.8.8:53 | 142.121.244.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cuiqskkecewa.org | udp |
| US | 8.8.8.8:53 | vlsqekixshcp.net | udp |
| US | 8.8.8.8:53 | xufgdjjl.info | udp |
| US | 8.8.8.8:53 | muhrxvkmz.info | udp |
| US | 8.8.8.8:53 | oskwykgwkkmo.org | udp |
| US | 8.8.8.8:53 | xohwxxafqrta.info | udp |
| US | 8.8.8.8:53 | iwwmiiga.org | udp |
| US | 8.8.8.8:53 | dsfbefnpvdij.info | udp |
| US | 8.8.8.8:53 | ycjnwotyn.net | udp |
| US | 8.8.8.8:53 | jgzbxllqdecg.net | udp |
| US | 8.8.8.8:53 | kshhluzk.net | udp |
| US | 8.8.8.8:53 | brbieci.net | udp |
| US | 8.8.8.8:53 | asecuyemymyi.org | udp |
| US | 8.8.8.8:53 | kzugkyh.info | udp |
| US | 8.8.8.8:53 | ndqlju.info | udp |
| US | 8.8.8.8:53 | iydedutix.net | udp |
| US | 8.8.8.8:53 | ucmkoy.org | udp |
| US | 8.8.8.8:53 | yqiyuo.org | udp |
| US | 8.8.8.8:53 | zmrarczuld.net | udp |
| US | 8.8.8.8:53 | gkhevhjp.info | udp |
| US | 8.8.8.8:53 | kgxtxpykvw.info | udp |
| US | 8.8.8.8:53 | wkqsuksa.com | udp |
| US | 8.8.8.8:53 | fnqcwe.info | udp |
| US | 8.8.8.8:53 | uwioiygqoi.org | udp |
| US | 8.8.8.8:53 | lzggxgeon.org | udp |
| US | 8.8.8.8:53 | dwpkzhv.com | udp |
| US | 8.8.8.8:53 | nptrubve.info | udp |
| US | 8.8.8.8:53 | ewgucgkw.com | udp |
| US | 8.8.8.8:53 | tixwdlqmrrs.com | udp |
| US | 8.8.8.8:53 | rltwexojzn.net | udp |
| US | 8.8.8.8:53 | dghirhnfajwp.net | udp |
| US | 8.8.8.8:53 | cammok.org | udp |
| US | 8.8.8.8:53 | xyknowh.net | udp |
| US | 8.8.8.8:53 | aeyeygaysmaw.com | udp |
| US | 8.8.8.8:53 | dayucgzmwkv.net | udp |
| US | 8.8.8.8:53 | qifnppqjswa.info | udp |
| US | 8.8.8.8:53 | fymdmebkrt.info | udp |
| US | 8.8.8.8:53 | yzfrncfgc.info | udp |
| US | 8.8.8.8:53 | scciekyi.org | udp |
| US | 8.8.8.8:53 | vsfweif.info | udp |
| US | 8.8.8.8:53 | azimre.info | udp |
| US | 8.8.8.8:53 | nfgwdmdyi.info | udp |
| US | 8.8.8.8:53 | acosua.com | udp |
| US | 8.8.8.8:53 | wuybayvsmwt.info | udp |
| US | 8.8.8.8:53 | gofsrfhjzxdl.net | udp |
| US | 8.8.8.8:53 | urcuvtrvmrsh.info | udp |
| US | 8.8.8.8:53 | gclflneiu.net | udp |
| US | 8.8.8.8:53 | zzyakmiatsdd.net | udp |
| US | 8.8.8.8:53 | qisakqeiecqu.org | udp |
| US | 8.8.8.8:53 | xxdddqp.net | udp |
| US | 8.8.8.8:53 | zgnsodxksa.info | udp |
| US | 8.8.8.8:53 | rfxtnv.net | udp |
| US | 8.8.8.8:53 | aajultxoq.info | udp |
| US | 8.8.8.8:53 | iggcfwpytwa.net | udp |
| US | 8.8.8.8:53 | wvvpdnviqbr.info | udp |
| US | 8.8.8.8:53 | wkgcyasasy.com | udp |
| US | 8.8.8.8:53 | tuaxjj.net | udp |
| US | 8.8.8.8:53 | nxvccohqni.net | udp |
| US | 8.8.8.8:53 | dnffyhkf.net | udp |
| US | 8.8.8.8:53 | dbtymsgtno.info | udp |
| US | 8.8.8.8:53 | nydkabxcr.com | udp |
| US | 8.8.8.8:53 | mokmcwyoawaa.com | udp |
| US | 8.8.8.8:53 | asuoww.com | udp |
| US | 8.8.8.8:53 | hdaukbcmhi.info | udp |
| US | 8.8.8.8:53 | emouxorlte.net | udp |
| US | 8.8.8.8:53 | awaieu.com | udp |
| US | 8.8.8.8:53 | nrfirwn.com | udp |
| US | 8.8.8.8:53 | oyqivyzel.info | udp |
| US | 8.8.8.8:53 | ushkxbyxdgg.net | udp |
| US | 8.8.8.8:53 | wwikekf.info | udp |
| US | 8.8.8.8:53 | istshedof.info | udp |
| US | 8.8.8.8:53 | vuvxhzoraw.info | udp |
| US | 8.8.8.8:53 | jalkbr.info | udp |
| US | 8.8.8.8:53 | bonehnrstljv.info | udp |
| US | 8.8.8.8:53 | istmbnpgbal.info | udp |
| US | 8.8.8.8:53 | ccfhrkclkf.net | udp |
| US | 8.8.8.8:53 | cxffzmlflm.info | udp |
| US | 8.8.8.8:53 | ssjyzivargf.info | udp |
| US | 8.8.8.8:53 | qsvfnqlmnyp.info | udp |
| US | 8.8.8.8:53 | wakgxtzc.net | udp |
| US | 8.8.8.8:53 | iokgeoyqkiia.org | udp |
| US | 8.8.8.8:53 | yinrzik.net | udp |
| US | 8.8.8.8:53 | maltyz.net | udp |
| US | 8.8.8.8:53 | uanpdav.net | udp |
| US | 8.8.8.8:53 | zgnqtmtkv.info | udp |
| US | 8.8.8.8:53 | uktwxdlsj.info | udp |
| US | 8.8.8.8:53 | pepnfeegluf.info | udp |
| US | 8.8.8.8:53 | nypamyjbjw.info | udp |
| US | 8.8.8.8:53 | usztsauxtyh.net | udp |
| US | 8.8.8.8:53 | ntdcrcfszsx.com | udp |
| US | 8.8.8.8:53 | dzxhxuy.net | udp |
| US | 8.8.8.8:53 | cqtwskhmu.net | udp |
| US | 8.8.8.8:53 | zpdzlruk.info | udp |
| US | 8.8.8.8:53 | bktpfwsl.net | udp |
| US | 8.8.8.8:53 | qmqipjp.info | udp |
| US | 8.8.8.8:53 | gkyeieqq.com | udp |
| US | 8.8.8.8:53 | wkhyvwxnikc.info | udp |
| US | 8.8.8.8:53 | uerbwwbfwr.net | udp |
| US | 8.8.8.8:53 | rzskrijhptkd.info | udp |
| US | 8.8.8.8:53 | syyaqwugyuys.org | udp |
| US | 8.8.8.8:53 | drjwdgjed.info | udp |
| US | 8.8.8.8:53 | uupetlqtlq.info | udp |
| US | 8.8.8.8:53 | meaocm.org | udp |
| US | 8.8.8.8:53 | ceuhzwneubbq.net | udp |
| US | 8.8.8.8:53 | yeseee.com | udp |
| HK | 156.237.207.232:80 | yeseee.com | tcp |
| US | 8.8.8.8:53 | aeecseyu.org | udp |
| US | 8.8.8.8:53 | yarmphvupzqy.info | udp |
| LT | 88.222.145.117:40213 | tcp | |
| US | 8.8.8.8:53 | xgtduz.info | udp |
| US | 8.8.8.8:53 | rhpvbghin.org | udp |
| US | 8.8.8.8:53 | jupejihn.info | udp |
| US | 8.8.8.8:53 | cthmumbav.net | udp |
| US | 8.8.8.8:53 | dptriplgppqi.net | udp |
| US | 8.8.8.8:53 | bzgaawwmgr.info | udp |
| US | 8.8.8.8:53 | nybltwljfa.info | udp |
| US | 8.8.8.8:53 | xbpgnqb.org | udp |
| US | 8.8.8.8:53 | uuwdgvd.net | udp |
| US | 8.8.8.8:53 | oybijmw.info | udp |
| US | 8.8.8.8:53 | xmtxzsvwpmh.info | udp |
| US | 8.8.8.8:53 | taxsnux.com | udp |
| US | 8.8.8.8:53 | jbrareb.org | udp |
| US | 8.8.8.8:53 | 232.207.237.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmngfobehch.info | udp |
| US | 8.8.8.8:53 | dkkcdd.net | udp |
| US | 8.8.8.8:53 | gvrguoprn.info | udp |
| US | 8.8.8.8:53 | iqpwmks.net | udp |
| US | 8.8.8.8:53 | vkqcrwpvliw.org | udp |
| US | 8.8.8.8:53 | iwlpzasaqq.net | udp |
| US | 8.8.8.8:53 | bakfznqyjrsl.net | udp |
| US | 8.8.8.8:53 | swnhquq.info | udp |
| US | 8.8.8.8:53 | vpliiujwmqd.net | udp |
| US | 8.8.8.8:53 | tsxauoqgjzf.net | udp |
| US | 8.8.8.8:53 | uupyyufruex.info | udp |
| US | 8.8.8.8:53 | mazmxoi.net | udp |
| US | 8.8.8.8:53 | nusnxezpzkdu.net | udp |
| US | 8.8.8.8:53 | beklnku.com | udp |
| US | 8.8.8.8:53 | bghtvymy.net | udp |
| US | 8.8.8.8:53 | eayyqoqqouig.com | udp |
| US | 8.8.8.8:53 | nicxrmrxya.net | udp |
| US | 8.8.8.8:53 | rbrrvtddzotj.info | udp |
| US | 8.8.8.8:53 | bnkzvy.info | udp |
| US | 8.8.8.8:53 | qmvygc.net | udp |
| US | 8.8.8.8:53 | dewtra.net | udp |
| US | 8.8.8.8:53 | zvcufbuav.info | udp |
| US | 8.8.8.8:53 | cqaikgawsc.org | udp |
| US | 8.8.8.8:53 | vdinsezipu.net | udp |
| US | 8.8.8.8:53 | yuqcyygeck.org | udp |
| US | 8.8.8.8:53 | gqmcyw.com | udp |
| US | 8.8.8.8:53 | sglmhyxkd.info | udp |
| US | 8.8.8.8:53 | rvmonfphd.org | udp |
| US | 8.8.8.8:53 | wisyekoi.org | udp |
| US | 8.8.8.8:53 | snnmznnzepnp.info | udp |
| US | 8.8.8.8:53 | mfxmirp.net | udp |
| US | 8.8.8.8:53 | jlxjhjvb.net | udp |
| US | 8.8.8.8:53 | dnhpfyzwlkln.net | udp |
| US | 8.8.8.8:53 | obkbuajsbddu.net | udp |
| US | 8.8.8.8:53 | bcksphj.net | udp |
| US | 8.8.8.8:53 | prpbjuyelick.info | udp |
| US | 8.8.8.8:53 | kblemvt.net | udp |
| US | 8.8.8.8:53 | zwdqyej.info | udp |
| US | 8.8.8.8:53 | xanwqkg.info | udp |
| US | 8.8.8.8:53 | binayqzmn.info | udp |
| US | 8.8.8.8:53 | ckzmhe.net | udp |
| US | 8.8.8.8:53 | ayemumkeys.org | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | asgttdjqux.info | udp |
| US | 8.8.8.8:53 | vppxof.net | udp |
| US | 8.8.8.8:53 | zrcibwtpoer.info | udp |
| US | 8.8.8.8:53 | fofcgchur.net | udp |
| US | 8.8.8.8:53 | jsakoyhilhm.net | udp |
| US | 8.8.8.8:53 | dzxuzlujtv.net | udp |
| US | 8.8.8.8:53 | uphxqtbb.net | udp |
| US | 8.8.8.8:53 | apdqzazgabc.net | udp |
| US | 8.8.8.8:53 | vnliyftihhx.info | udp |
| US | 8.8.8.8:53 | icaijmduf.net | udp |
| US | 8.8.8.8:53 | czlmpgkaosoz.net | udp |
| US | 8.8.8.8:53 | scswom.com | udp |
| US | 8.8.8.8:53 | xbksrjpkjmd.info | udp |
| US | 8.8.8.8:53 | uczpngw.info | udp |
| US | 8.8.8.8:53 | xsofzoznkq.info | udp |
| US | 8.8.8.8:53 | muqekogm.org | udp |
| US | 8.8.8.8:53 | wenwbipos.info | udp |
| US | 8.8.8.8:53 | cfwjbujktq.info | udp |
| US | 8.8.8.8:53 | patdhmamvsr.info | udp |
| US | 8.8.8.8:53 | tcvzmrpxvtuc.info | udp |
| US | 8.8.8.8:53 | gkspoijdzjfz.info | udp |
| US | 8.8.8.8:53 | secsckss.org | udp |
| US | 8.8.8.8:53 | stfhbwifvy.info | udp |
| US | 8.8.8.8:53 | gvlwemjtdqp.info | udp |
| US | 8.8.8.8:53 | dhfuawbmlx.net | udp |
| US | 8.8.8.8:53 | fgyojpnggd.info | udp |
| US | 8.8.8.8:53 | xhhmbwwa.info | udp |
| US | 8.8.8.8:53 | wimkatn.net | udp |
| US | 8.8.8.8:53 | ggcwrov.info | udp |
| US | 8.8.8.8:53 | efdlohhy.info | udp |
| US | 8.8.8.8:53 | mwiyyuwceouq.com | udp |
| US | 8.8.8.8:53 | ywfuybm.info | udp |
| US | 8.8.8.8:53 | pvauutznnmts.net | udp |
| US | 8.8.8.8:53 | znrwknnzxrjh.info | udp |
| US | 8.8.8.8:53 | zitiqkxzo.info | udp |
| US | 8.8.8.8:53 | rkdqxahvk.com | udp |
| US | 8.8.8.8:53 | bcnfahqmravu.net | udp |
| US | 8.8.8.8:53 | pmvwlcgtpsd.com | udp |
| US | 8.8.8.8:53 | kvwxvb.net | udp |
| US | 8.8.8.8:53 | ixbajeahxdwv.info | udp |
| US | 8.8.8.8:53 | oppxcmj.info | udp |
| US | 8.8.8.8:53 | bgdqgf.net | udp |
| US | 8.8.8.8:53 | fmwcpwok.net | udp |
| US | 8.8.8.8:53 | gibofqrqsmz.info | udp |
| US | 8.8.8.8:53 | uhsxmkbsra.net | udp |
| US | 8.8.8.8:53 | dqhiohizmsxx.net | udp |
| US | 8.8.8.8:53 | qfykzed.info | udp |
| US | 8.8.8.8:53 | cgkcui.org | udp |
| US | 8.8.8.8:53 | dkuhttdv.net | udp |
| US | 8.8.8.8:53 | gszsphni.info | udp |
| US | 8.8.8.8:53 | lywfpqyw.net | udp |
| US | 8.8.8.8:53 | ycxvrvto.info | udp |
| US | 8.8.8.8:53 | vugapghkq.net | udp |
| US | 8.8.8.8:53 | hzjbnnkzoqux.net | udp |
| US | 8.8.8.8:53 | wkwgrahwlpkc.info | udp |
| US | 8.8.8.8:53 | zzxqxwhd.net | udp |
| US | 8.8.8.8:53 | vwhuipt.info | udp |
| US | 8.8.8.8:53 | bcylgke.info | udp |
| US | 8.8.8.8:53 | ciwemwysqqgg.org | udp |
| US | 8.8.8.8:53 | eqwkxorsw.net | udp |
| US | 8.8.8.8:53 | mumqawqwma.org | udp |
| US | 8.8.8.8:53 | jqlalend.info | udp |
| US | 8.8.8.8:53 | amvbrfhisy.info | udp |
| US | 8.8.8.8:53 | uksjhmkkqk.net | udp |
| US | 8.8.8.8:53 | sqoiuikkcgkg.com | udp |
| US | 8.8.8.8:53 | petxyw.info | udp |
| US | 8.8.8.8:53 | htrttwqkj.org | udp |
| US | 8.8.8.8:53 | sbablr.net | udp |
| US | 8.8.8.8:53 | ayubix.net | udp |
| US | 8.8.8.8:53 | talwpvcyzu.info | udp |
| US | 8.8.8.8:53 | lsrgrotffyl.info | udp |
| US | 8.8.8.8:53 | aubgzylblcd.info | udp |
| US | 8.8.8.8:53 | rlogjsm.info | udp |
| US | 8.8.8.8:53 | bvrcqwsoxwp.org | udp |
| US | 8.8.8.8:53 | xyzjjqgqwzyb.info | udp |
| US | 8.8.8.8:53 | uacoqg.org | udp |
| US | 8.8.8.8:53 | lvldjuz.info | udp |
| US | 8.8.8.8:53 | htluvwdedqj.net | udp |
| LT | 78.60.212.169:13548 | tcp | |
| US | 8.8.8.8:53 | khrruuls.net | udp |
| US | 8.8.8.8:53 | uagwflmr.info | udp |
| US | 8.8.8.8:53 | haprfabjrusx.net | udp |
| US | 8.8.8.8:53 | oszktctlpjts.info | udp |
| US | 8.8.8.8:53 | rcrcrbxww.net | udp |
| US | 8.8.8.8:53 | rmjjigfs.net | udp |
| US | 8.8.8.8:53 | qjggrtqdjp.net | udp |
| US | 8.8.8.8:53 | egmqqmqwgy.org | udp |
| US | 8.8.8.8:53 | ostfvi.info | udp |
| US | 8.8.8.8:53 | whoefvasqbju.info | udp |
| US | 8.8.8.8:53 | ocmwkuug.com | udp |
| US | 8.8.8.8:53 | vnpctoz.info | udp |
| US | 8.8.8.8:53 | nwbwekr.com | udp |
| US | 8.8.8.8:53 | dbhzrynuehwz.info | udp |
| US | 8.8.8.8:53 | cypapqnhvag.info | udp |
| US | 8.8.8.8:53 | mlfcdejcu.net | udp |
| US | 8.8.8.8:53 | szemvhix.net | udp |
| US | 8.8.8.8:53 | nsvpprmkdjil.info | udp |
| US | 8.8.8.8:53 | ndvenixqpoi.org | udp |
| US | 8.8.8.8:53 | jgbqzufyr.net | udp |
| US | 8.8.8.8:53 | ptbxyixaqem.info | udp |
| US | 8.8.8.8:53 | jjujha.info | udp |
| US | 8.8.8.8:53 | kastemrs.net | udp |
| US | 8.8.8.8:53 | kxtshb.info | udp |
| US | 8.8.8.8:53 | xefdxc.net | udp |
| US | 8.8.8.8:53 | dwsikogj.info | udp |
| US | 8.8.8.8:53 | xjcfda.info | udp |
| US | 8.8.8.8:53 | xsedpl.net | udp |
| US | 8.8.8.8:53 | eunaqlbjnntx.net | udp |
| US | 8.8.8.8:53 | xgnijggfclh.com | udp |
| US | 8.8.8.8:53 | goaabnunvu.net | udp |
| US | 8.8.8.8:53 | zqvcvyxmhap.com | udp |
| US | 8.8.8.8:53 | xykijz.info | udp |
| US | 8.8.8.8:53 | fqiyvdbd.net | udp |
| US | 8.8.8.8:53 | lyssmcrmzbt.info | udp |
| US | 8.8.8.8:53 | qudcskmtgv.net | udp |
| US | 8.8.8.8:53 | unqeconkkck.net | udp |
| US | 8.8.8.8:53 | cosnjshcp.info | udp |
| US | 8.8.8.8:53 | wsyqzjzsjih.info | udp |
| US | 8.8.8.8:53 | fcxrfneuzoe.net | udp |
| US | 8.8.8.8:53 | iefklejecnp.net | udp |
| US | 8.8.8.8:53 | unpeic.info | udp |
| US | 8.8.8.8:53 | iuecpck.info | udp |
| US | 8.8.8.8:53 | jodbfhvn.info | udp |
| US | 8.8.8.8:53 | nmlgrwfkuijs.net | udp |
| US | 8.8.8.8:53 | eegciwieiuqq.com | udp |
| US | 8.8.8.8:53 | xkdopy.net | udp |
| US | 8.8.8.8:53 | eqzvzdsmom.net | udp |
| US | 8.8.8.8:53 | oyyeas.org | udp |
| US | 8.8.8.8:53 | vairzyznr.net | udp |
| US | 8.8.8.8:53 | hfgkacxqinla.net | udp |
| US | 8.8.8.8:53 | iinmbipgfqt.info | udp |
| US | 8.8.8.8:53 | miowkk.com | udp |
| US | 8.8.8.8:53 | huvkpee.net | udp |
| US | 8.8.8.8:53 | fsnzoy.net | udp |
| US | 8.8.8.8:53 | mxvvcalsljs.net | udp |
| US | 8.8.8.8:53 | iusiogeeos.org | udp |
| US | 8.8.8.8:53 | wkvytsvxjf.info | udp |
| US | 8.8.8.8:53 | riviuaiqduu.info | udp |
| US | 8.8.8.8:53 | lrowcjkt.net | udp |
| US | 8.8.8.8:53 | haromy.net | udp |
| US | 8.8.8.8:53 | ubjsthoidv.info | udp |
| US | 8.8.8.8:53 | rqtuscv.com | udp |
| US | 8.8.8.8:53 | topxsiki.net | udp |
| US | 8.8.8.8:53 | rakdvp.net | udp |
| US | 8.8.8.8:53 | rctecqj.info | udp |
| US | 8.8.8.8:53 | tinyjzn.net | udp |
| US | 8.8.8.8:53 | fjswfmxs.net | udp |
| US | 8.8.8.8:53 | pwhjteldkqxk.info | udp |
| US | 8.8.8.8:53 | yciaiwb.net | udp |
| US | 8.8.8.8:53 | vanjpyu.com | udp |
| US | 8.8.8.8:53 | zcjinora.info | udp |
| US | 8.8.8.8:53 | oklwmhsexc.net | udp |
| US | 8.8.8.8:53 | itdpty.info | udp |
| US | 8.8.8.8:53 | eqbknchkt.info | udp |
| US | 8.8.8.8:53 | ugdmtph.net | udp |
| US | 8.8.8.8:53 | gkmwjoeseqh.net | udp |
| US | 8.8.8.8:53 | udrmzqjtq.net | udp |
| US | 8.8.8.8:53 | ygaueoxtiwt.net | udp |
| US | 8.8.8.8:53 | ywbmxtjsfezl.info | udp |
| US | 8.8.8.8:53 | hwuswwkejph.info | udp |
| US | 8.8.8.8:53 | mtufshmchfis.net | udp |
| US | 8.8.8.8:53 | oourkpfpxx.info | udp |
| US | 8.8.8.8:53 | xcjoaismx.org | udp |
| US | 8.8.8.8:53 | akbhbbj.net | udp |
| US | 8.8.8.8:53 | krbgpwc.net | udp |
| US | 8.8.8.8:53 | eaouwg.org | udp |
| US | 8.8.8.8:53 | exavicrgjv.net | udp |
| US | 8.8.8.8:53 | oqqiwi.org | udp |
| US | 8.8.8.8:53 | ygaayqgs.com | udp |
| US | 8.8.8.8:53 | jsdukwmyoam.org | udp |
| US | 8.8.8.8:53 | mwmomxnujgyg.net | udp |
| US | 8.8.8.8:53 | osiukecg.org | udp |
| US | 8.8.8.8:53 | rwvatwp.org | udp |
| US | 8.8.8.8:53 | dqdgwgvkvvy.org | udp |
| US | 8.8.8.8:53 | edsmtgyw.net | udp |
| US | 8.8.8.8:53 | qunsptr.net | udp |
| US | 8.8.8.8:53 | rqdmvohgkwm.org | udp |
| US | 8.8.8.8:53 | upzuxuvucjk.net | udp |
| US | 8.8.8.8:53 | ssmxzo.info | udp |
| US | 8.8.8.8:53 | jenulrvkb.net | udp |
| US | 8.8.8.8:53 | ccqcmhpuqtd.info | udp |
| US | 8.8.8.8:53 | kemsjcz.net | udp |
| US | 8.8.8.8:53 | xqdlhxfsjrir.net | udp |
| US | 8.8.8.8:53 | tboyrtniuyn.net | udp |
| US | 8.8.8.8:53 | ggasci.com | udp |
| US | 8.8.8.8:53 | rxgkikqf.net | udp |
| US | 8.8.8.8:53 | macuaiyeuqqe.org | udp |
| US | 8.8.8.8:53 | auzwwim.info | udp |
| US | 8.8.8.8:53 | luusrqjkdey.com | udp |
| US | 8.8.8.8:53 | nkfyqzd.org | udp |
| US | 8.8.8.8:53 | iqjkiytxpcb.net | udp |
| US | 8.8.8.8:53 | ytzyzhxrzs.info | udp |
| US | 8.8.8.8:53 | ieholmils.net | udp |
| US | 8.8.8.8:53 | qynatqek.net | udp |
| US | 8.8.8.8:53 | mwycqayuwe.com | udp |
| US | 8.8.8.8:53 | eiggmwpbpjnd.info | udp |
| US | 8.8.8.8:53 | wrbsnlazv.net | udp |
| US | 8.8.8.8:53 | oupski.net | udp |
| US | 8.8.8.8:53 | pwxqqupgjin.net | udp |
| US | 8.8.8.8:53 | fvljsbupim.net | udp |
| US | 8.8.8.8:53 | giiauw.info | udp |
| US | 8.8.8.8:53 | jdywje.net | udp |
| US | 8.8.8.8:53 | skeslejeaah.net | udp |
| US | 8.8.8.8:53 | yuamcsuooiik.com | udp |
| US | 8.8.8.8:53 | atpsjmvhsmb.net | udp |
| US | 8.8.8.8:53 | rcatzr.net | udp |
| US | 8.8.8.8:53 | djzqlh.info | udp |
| US | 8.8.8.8:53 | hcrtuez.org | udp |
| US | 8.8.8.8:53 | uhrpfkam.net | udp |
| US | 8.8.8.8:53 | egzunqk.info | udp |
| US | 8.8.8.8:53 | hmzuogpis.info | udp |
| US | 8.8.8.8:53 | jctcjcnqd.org | udp |
| US | 8.8.8.8:53 | myhmvomcc.info | udp |
| US | 8.8.8.8:53 | rjufna.info | udp |
| US | 8.8.8.8:53 | dewgvrjsbws.org | udp |
| US | 8.8.8.8:53 | soecksuukeqw.org | udp |
| US | 8.8.8.8:53 | adgifnnyp.net | udp |
| US | 8.8.8.8:53 | sjwcqzzu.info | udp |
| US | 8.8.8.8:53 | cgkakoog.org | udp |
| US | 8.8.8.8:53 | khhklxsj.net | udp |
| US | 8.8.8.8:53 | eazerazey.net | udp |
| US | 8.8.8.8:53 | kimkquamak.org | udp |
| US | 8.8.8.8:53 | dibhvcd.net | udp |
| US | 8.8.8.8:53 | bogepgnd.net | udp |
| BG | 109.199.138.63:35651 | tcp | |
| US | 8.8.8.8:53 | nmsbjz.info | udp |
| US | 8.8.8.8:53 | cydnzcjqzgl.net | udp |
| US | 8.8.8.8:53 | bmycuy.info | udp |
| US | 8.8.8.8:53 | sufbwf.net | udp |
| US | 8.8.8.8:53 | vhveha.info | udp |
| US | 8.8.8.8:53 | rqvfriatlxjf.net | udp |
| US | 8.8.8.8:53 | xurbnsm.com | udp |
| US | 8.8.8.8:53 | uodknlj.net | udp |
| US | 8.8.8.8:53 | zdughyxizk.net | udp |
| US | 8.8.8.8:53 | sqqumgekumeo.org | udp |
| US | 8.8.8.8:53 | amscyqguqu.org | udp |
| US | 8.8.8.8:53 | medadkkyv.net | udp |
| US | 8.8.8.8:53 | qxbczpcohl.net | udp |
| US | 8.8.8.8:53 | meumgzpu.info | udp |
| US | 8.8.8.8:53 | fvpeuobkktfb.net | udp |
| US | 8.8.8.8:53 | sigquupenj.net | udp |
| US | 8.8.8.8:53 | gwqkqa.org | udp |
| US | 8.8.8.8:53 | euuosyia.org | udp |
| US | 8.8.8.8:53 | jorxjhdvfeym.info | udp |
| US | 8.8.8.8:53 | fshhtxpue.org | udp |
| US | 8.8.8.8:53 | meajisaiz.net | udp |
| US | 8.8.8.8:53 | rkmjxtigtca.com | udp |
| US | 8.8.8.8:53 | qywguyugeees.com | udp |
| US | 8.8.8.8:53 | okxafppsld.net | udp |
| US | 8.8.8.8:53 | lytuefatnbnu.net | udp |
| US | 8.8.8.8:53 | kzduhntwmafs.info | udp |
| US | 8.8.8.8:53 | xauefwr.info | udp |
| US | 8.8.8.8:53 | erfjsttclx.net | udp |
| US | 8.8.8.8:53 | lnnvbcdyf.com | udp |
| US | 8.8.8.8:53 | pzzhln.net | udp |
| US | 8.8.8.8:53 | vylknimffsb.org | udp |
| US | 8.8.8.8:53 | nttbndx.net | udp |
| US | 8.8.8.8:53 | wggqsyyuwq.org | udp |
| US | 8.8.8.8:53 | jmbupatrt.net | udp |
| US | 8.8.8.8:53 | nqovxbzezd.net | udp |
| US | 8.8.8.8:53 | javjpwoegkbc.info | udp |
| US | 8.8.8.8:53 | zsvvkxvi.info | udp |
| US | 8.8.8.8:53 | rojwzffvsi.info | udp |
| US | 8.8.8.8:53 | oahzbczz.info | udp |
| US | 8.8.8.8:53 | snksihzmpvot.info | udp |
| US | 8.8.8.8:53 | bsxjofye.info | udp |
| US | 8.8.8.8:53 | fjqapxnskek.com | udp |
| US | 8.8.8.8:53 | muwassaasg.com | udp |
| US | 8.8.8.8:53 | oeuyxonktff.info | udp |
| US | 8.8.8.8:53 | llmtynj.com | udp |
| US | 8.8.8.8:53 | pthooogkklgc.net | udp |
| US | 8.8.8.8:53 | fskxdhbf.info | udp |
| US | 8.8.8.8:53 | unsnbu.net | udp |
| US | 8.8.8.8:53 | oqemuukg.com | udp |
| US | 8.8.8.8:53 | gestcigcjqo.net | udp |
| US | 8.8.8.8:53 | dngfrgoifb.info | udp |
| US | 8.8.8.8:53 | smvgvexsryy.net | udp |
| US | 8.8.8.8:53 | gpdwfcvwqqt.net | udp |
| US | 8.8.8.8:53 | osikuiuyuy.com | udp |
| US | 8.8.8.8:53 | umkooyusqi.com | udp |
| US | 8.8.8.8:53 | siyqvceqj.info | udp |
| US | 8.8.8.8:53 | sewcocqe.org | udp |
| US | 8.8.8.8:53 | iyecsugicu.com | udp |
| US | 8.8.8.8:53 | ltmundpr.info | udp |
| US | 8.8.8.8:53 | imqqjqcndyl.info | udp |
| US | 8.8.8.8:53 | iusdldvq.info | udp |
| US | 8.8.8.8:53 | uozhkftddcp.net | udp |
| US | 8.8.8.8:53 | baiizeh.com | udp |
| US | 8.8.8.8:53 | hurocdunscxh.net | udp |
| US | 8.8.8.8:53 | neyqyhnvxylj.info | udp |
| US | 8.8.8.8:53 | wglxbeyixsg.info | udp |
| US | 8.8.8.8:53 | eizctcsqv.info | udp |
| US | 8.8.8.8:53 | tjgkvcxgez.net | udp |
| US | 8.8.8.8:53 | vhecdzzdfj.info | udp |
| US | 8.8.8.8:53 | leqwbjbs.net | udp |
| US | 8.8.8.8:53 | pinxnd.info | udp |
| US | 8.8.8.8:53 | aogobal.info | udp |
| US | 8.8.8.8:53 | yrnhih.net | udp |
| US | 8.8.8.8:53 | gndmoqgzms.net | udp |
| US | 8.8.8.8:53 | qfgthkb.info | udp |
| US | 8.8.8.8:53 | gudechrg.info | udp |
| US | 8.8.8.8:53 | cclwysb.net | udp |
| US | 8.8.8.8:53 | egwzmexpemvl.info | udp |
| US | 8.8.8.8:53 | ntthxe.net | udp |
| US | 8.8.8.8:53 | ztqdje.info | udp |
| US | 8.8.8.8:53 | mmmagd.info | udp |
| US | 8.8.8.8:53 | nqldnkf.com | udp |
| US | 8.8.8.8:53 | uecmddncual.net | udp |
| US | 8.8.8.8:53 | iwwmuoakem.com | udp |
| US | 8.8.8.8:53 | icekegiksg.org | udp |
| US | 8.8.8.8:53 | psjgnfdmjwx.net | udp |
| US | 8.8.8.8:53 | kwtdqoeixpno.net | udp |
| US | 8.8.8.8:53 | berczsf.info | udp |
| US | 8.8.8.8:53 | zvtznvac.net | udp |
| US | 8.8.8.8:53 | uiwietxwrhcy.info | udp |
| US | 8.8.8.8:53 | vmvafgn.org | udp |
| US | 8.8.8.8:53 | yfvenmhkkcm.info | udp |
| US | 8.8.8.8:53 | xtccfwsulsde.info | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | tenaqcakluy.com | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| US | 8.8.8.8:53 | dshgjgtat.info | udp |
| US | 8.8.8.8:53 | uoridip.net | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | hgokjvawhkv.net | udp |
| US | 8.8.8.8:53 | fxxhvedq.info | udp |
| US | 8.8.8.8:53 | xlcpdyodnw.info | udp |
| US | 8.8.8.8:53 | hqocflgevk.info | udp |
| US | 8.8.8.8:53 | ctbzik.net | udp |
| US | 8.8.8.8:53 | ecgosoki.org | udp |
| US | 8.8.8.8:53 | aqiisqco.com | udp |
| US | 8.8.8.8:53 | nwxohgp.org | udp |
| US | 8.8.8.8:53 | qyfweutwbky.info | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| US | 8.8.8.8:53 | uyjytes.net | udp |
| US | 8.8.8.8:53 | kjujyvxu.info | udp |
| US | 8.8.8.8:53 | fcdcntrsngsb.net | udp |
| US | 8.8.8.8:53 | lvktngsvyjim.net | udp |
| US | 8.8.8.8:53 | kylywvwynlnd.info | udp |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | qchbdojgp.info | udp |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | zwgfehzxdh.info | udp |
| US | 8.8.8.8:53 | jrqstcnvak.info | udp |
| US | 8.8.8.8:53 | imauaqqi.com | udp |
| US | 8.8.8.8:53 | kcikociw.com | udp |
| US | 8.8.8.8:53 | fukkllhamqd.info | udp |
| US | 8.8.8.8:53 | twjqoibxeu.net | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | ccdijlo.net | udp |
| US | 8.8.8.8:53 | ukuoygqkaoeu.org | udp |
| US | 8.8.8.8:53 | okwicocu.com | udp |
| US | 8.8.8.8:53 | ioyhxid.net | udp |
| US | 8.8.8.8:53 | xkmyyoncc.net | udp |
| US | 8.8.8.8:53 | neesbvxitkx.info | udp |
| US | 8.8.8.8:53 | xscfjj.info | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | lkooqxfoo.info | udp |
| US | 8.8.8.8:53 | zdauljodbipa.info | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 8.8.8.8:53 | uzsypdyp.info | udp |
| US | 8.8.8.8:53 | bbziyafywct.net | udp |
| US | 8.8.8.8:53 | acnglnjfiwf.net | udp |
| US | 8.8.8.8:53 | gkouokkg.com | udp |
| US | 8.8.8.8:53 | vljgbupsl.net | udp |
| US | 8.8.8.8:53 | sooceomsek.com | udp |
| US | 8.8.8.8:53 | fxsxxr.net | udp |
| US | 8.8.8.8:53 | dzrlgmvhljzb.info | udp |
| US | 8.8.8.8:53 | qpejngowavjy.info | udp |
| US | 8.8.8.8:53 | nulqril.net | udp |
| US | 8.8.8.8:53 | ilbwsfzmptj.net | udp |
| US | 8.8.8.8:53 | qqpgkonsesd.info | udp |
| US | 8.8.8.8:53 | lcbsfiyyz.com | udp |
| US | 8.8.8.8:53 | qswbtulxrc.net | udp |
| US | 8.8.8.8:53 | wkdmngmqq.info | udp |
| US | 8.8.8.8:53 | uuqgcg.org | udp |
| US | 8.8.8.8:53 | ljjdqm.info | udp |
| US | 8.8.8.8:53 | stomdlb.net | udp |
| US | 8.8.8.8:53 | meljvbkie.net | udp |
| US | 8.8.8.8:53 | dmbealkee.net | udp |
| US | 8.8.8.8:53 | biiergctgak.info | udp |
| US | 8.8.8.8:53 | efjpkeykqt.info | udp |
| US | 8.8.8.8:53 | gqnygwlee.net | udp |
| US | 8.8.8.8:53 | yqiweowi.com | udp |
| US | 8.8.8.8:53 | owcctxlizcq.info | udp |
| US | 8.8.8.8:53 | vzjqrcncwbd.com | udp |
| US | 8.8.8.8:53 | fszehlnx.net | udp |
| US | 8.8.8.8:53 | jegnubyuplln.net | udp |
| US | 8.8.8.8:53 | dadsvly.com | udp |
| US | 8.8.8.8:53 | jkdcdyf.com | udp |
| US | 8.8.8.8:53 | hrrwvonsvmc.net | udp |
| US | 8.8.8.8:53 | cswksy.com | udp |
| US | 8.8.8.8:53 | tbaclryvrdaw.net | udp |
| US | 8.8.8.8:53 | bgxotaaplv.info | udp |
| US | 8.8.8.8:53 | gfuvwmjpgb.net | udp |
| US | 8.8.8.8:53 | qemawyamwgwa.org | udp |
| US | 8.8.8.8:53 | ddwerq.info | udp |
| US | 8.8.8.8:53 | skgcgm.com | udp |
| US | 8.8.8.8:53 | hehffihi.info | udp |
| US | 8.8.8.8:53 | qcjypmlkz.info | udp |
| US | 8.8.8.8:53 | zsqxejydfpnt.info | udp |
| US | 8.8.8.8:53 | wyllzw.info | udp |
| US | 8.8.8.8:53 | ntfjkltu.info | udp |
| US | 8.8.8.8:53 | rmsrfjrc.net | udp |
| US | 8.8.8.8:53 | hjzgaiqz.net | udp |
| US | 8.8.8.8:53 | siwgwwgameau.com | udp |
| US | 8.8.8.8:53 | vjphcyaorl.net | udp |
| US | 8.8.8.8:53 | fxguda.info | udp |
| US | 8.8.8.8:53 | qudyrmntuow.info | udp |
| US | 8.8.8.8:53 | nsskdyw.com | udp |
| US | 8.8.8.8:53 | kikgsgyqgaos.com | udp |
| US | 8.8.8.8:53 | fuliriegxes.com | udp |
| US | 8.8.8.8:53 | guijhin.info | udp |
| US | 8.8.8.8:53 | uspavcp.net | udp |
| US | 8.8.8.8:53 | fltyepso.info | udp |
| US | 8.8.8.8:53 | hrnujmsfph.net | udp |
| US | 8.8.8.8:53 | rfhabyw.info | udp |
| US | 8.8.8.8:53 | ghmcbx.net | udp |
| US | 8.8.8.8:53 | ourepitvklx.info | udp |
| US | 8.8.8.8:53 | fwzmfdwa.net | udp |
| US | 8.8.8.8:53 | rgxgprj.net | udp |
| US | 8.8.8.8:53 | hcvhrevmt.com | udp |
| US | 8.8.8.8:53 | qelnxqxq.net | udp |
| US | 8.8.8.8:53 | wmlwnfxul.net | udp |
| US | 8.8.8.8:53 | octpnmfeveb.net | udp |
| US | 8.8.8.8:53 | stkmld.net | udp |
| US | 8.8.8.8:53 | htoobdilro.info | udp |
| US | 8.8.8.8:53 | eahahipclfk.net | udp |
| US | 8.8.8.8:53 | ruksvdctcqr.com | udp |
| US | 8.8.8.8:53 | nejapsjqnupo.net | udp |
| US | 8.8.8.8:53 | ybpcjev.info | udp |
| US | 8.8.8.8:53 | biyyicbpv.info | udp |
| US | 8.8.8.8:53 | pvlmwmv.net | udp |
| US | 8.8.8.8:53 | egmyym.org | udp |
| US | 8.8.8.8:53 | oywhfgrc.info | udp |
| US | 8.8.8.8:53 | bsrweqh.net | udp |
| US | 8.8.8.8:53 | hbfwtoxnsndk.info | udp |
| US | 8.8.8.8:53 | lrsfuqpkxj.info | udp |
| US | 8.8.8.8:53 | ewssdnmpxiz.info | udp |
| US | 8.8.8.8:53 | kbcbkhde.net | udp |
| US | 8.8.8.8:53 | lcnsotnp.net | udp |
| US | 8.8.8.8:53 | eslqdnhpxa.net | udp |
| US | 8.8.8.8:53 | xahqzn.net | udp |
| US | 8.8.8.8:53 | yvqerp.info | udp |
| US | 8.8.8.8:53 | kshgvj.net | udp |
| US | 8.8.8.8:53 | bslamujijah.com | udp |
| US | 8.8.8.8:53 | opdegzxyx.info | udp |
| US | 8.8.8.8:53 | zwrtterox.org | udp |
| US | 8.8.8.8:53 | ltnmtwgf.info | udp |
| US | 8.8.8.8:53 | csvwjspndnq.info | udp |
| US | 8.8.8.8:53 | xykutplmhmfn.net | udp |
| US | 8.8.8.8:53 | dusssofoz.org | udp |
| US | 8.8.8.8:53 | uuequk.com | udp |
| US | 8.8.8.8:53 | mcszjsw.net | udp |
| US | 8.8.8.8:53 | mlgsxflu.net | udp |
| US | 8.8.8.8:53 | nrjmdetmv.info | udp |
| US | 8.8.8.8:53 | qewcvdx.info | udp |
| US | 8.8.8.8:53 | pekbydmcd.com | udp |
| US | 8.8.8.8:53 | yoskua.org | udp |
| US | 8.8.8.8:53 | iqsgcmioew.com | udp |
| US | 8.8.8.8:53 | kmpdjanxcx.info | udp |
| US | 8.8.8.8:53 | ebtqhpvvpd.info | udp |
| US | 8.8.8.8:53 | jljcywgh.info | udp |
| US | 8.8.8.8:53 | cedgaat.info | udp |
| US | 8.8.8.8:53 | prhtdrab.info | udp |
| US | 8.8.8.8:53 | aptavxszku.info | udp |
| US | 8.8.8.8:53 | whouoiq.info | udp |
| US | 8.8.8.8:53 | jnwrggtgxl.info | udp |
| US | 8.8.8.8:53 | fizwtyn.org | udp |
| US | 8.8.8.8:53 | wmmsbag.info | udp |
| US | 8.8.8.8:53 | oesmaemmgi.com | udp |
| US | 8.8.8.8:53 | kpxupwszqz.info | udp |
| US | 8.8.8.8:53 | wbtonypio.net | udp |
| US | 8.8.8.8:53 | wavqwalul.info | udp |
| US | 8.8.8.8:53 | dbpnqjoo.info | udp |
| US | 8.8.8.8:53 | jinfugfp.net | udp |
| US | 8.8.8.8:53 | embpcdqtnwx.info | udp |
| US | 8.8.8.8:53 | qqmgiqukucac.com | udp |
| US | 8.8.8.8:53 | rtkkjtts.net | udp |
| US | 8.8.8.8:53 | oajcnl.net | udp |
| US | 8.8.8.8:53 | ovsgpskb.info | udp |
| US | 8.8.8.8:53 | tqcgkeeu.info | udp |
| US | 8.8.8.8:53 | vmbelrpp.net | udp |
| US | 8.8.8.8:53 | xwdooadwcj.net | udp |
| US | 8.8.8.8:53 | isiium.com | udp |
| US | 8.8.8.8:53 | jdlsjd.info | udp |
| US | 8.8.8.8:53 | ejzlccsvzn.info | udp |
| US | 8.8.8.8:53 | kupiaccip.info | udp |
| US | 8.8.8.8:53 | qdaqwtlafa.info | udp |
| US | 8.8.8.8:53 | ihfvsiykwtcp.net | udp |
| US | 8.8.8.8:53 | vppjzgfzfigd.info | udp |
| US | 8.8.8.8:53 | julotdrew.com | udp |
| US | 8.8.8.8:53 | gxjmexojzn.info | udp |
| US | 8.8.8.8:53 | fwbyjvh.info | udp |
| US | 8.8.8.8:53 | wyirluzizor.info | udp |
| US | 8.8.8.8:53 | fbhuvmh.info | udp |
| US | 8.8.8.8:53 | rfvszdvmmw.net | udp |
| US | 8.8.8.8:53 | lgmblm.info | udp |
| US | 8.8.8.8:53 | lkorukptqtkn.info | udp |
| US | 8.8.8.8:53 | cprwgqzsq.info | udp |
| US | 8.8.8.8:53 | ddzumm.net | udp |
| US | 8.8.8.8:53 | sbziuuwqzok.info | udp |
| US | 8.8.8.8:53 | vcfsuorinou.net | udp |
| US | 8.8.8.8:53 | mbiiznxdulyh.net | udp |
| US | 8.8.8.8:53 | kyekey.com | udp |
| US | 8.8.8.8:53 | ehdnhu.info | udp |
| US | 8.8.8.8:53 | qcrdzkn.net | udp |
| US | 8.8.8.8:53 | qpeavxszku.net | udp |
| US | 8.8.8.8:53 | ewvewopwn.net | udp |
| US | 8.8.8.8:53 | swccfoiouxom.net | udp |
| US | 8.8.8.8:53 | nvqhtsfzlm.info | udp |
| US | 8.8.8.8:53 | rfuhzwhcx.com | udp |
| US | 8.8.8.8:53 | befmgly.com | udp |
| US | 8.8.8.8:53 | qeqccmewssmq.org | udp |
| US | 8.8.8.8:53 | kprijwvcpiq.net | udp |
| US | 8.8.8.8:53 | danfxzx.info | udp |
| US | 8.8.8.8:53 | laxnyxdr.net | udp |
| US | 8.8.8.8:53 | owjlhzlydoz.net | udp |
| US | 8.8.8.8:53 | fkfkmbucpi.info | udp |
| US | 8.8.8.8:53 | wqcioymuyqey.com | udp |
| US | 8.8.8.8:53 | vwrsabk.info | udp |
| US | 8.8.8.8:53 | usnsuev.info | udp |
| US | 8.8.8.8:53 | oqhajmtmnmh.info | udp |
| US | 8.8.8.8:53 | iyioppfap.net | udp |
| US | 8.8.8.8:53 | mkosuw.com | udp |
| SG | 43.134.113.12:80 | mkosuw.com | tcp |
| BG | 89.215.166.51:44448 | tcp | |
| FR | 80.243.28.224:13659 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| BG | 85.14.48.134:39100 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | rqfdrupmm.net | udp |
| US | 8.8.8.8:53 | tihtdj.net | udp |
| US | 8.8.8.8:53 | xrfidgjmfm.net | udp |
| US | 8.8.8.8:53 | huklyo.net | udp |
| US | 8.8.8.8:53 | wieavxszku.net | udp |
| US | 8.8.8.8:53 | ssfojevmrmi.net | udp |
| US | 8.8.8.8:53 | kouucm.org | udp |
| US | 8.8.8.8:53 | qabsnyrwr.info | udp |
| US | 8.8.8.8:53 | aiyacugsyamg.com | udp |
| US | 8.8.8.8:53 | xdvylbbrdcn.org | udp |
| US | 8.8.8.8:53 | dedfgm.info | udp |
| US | 8.8.8.8:53 | yfzflzqpzv.info | udp |
| US | 8.8.8.8:53 | lmzaxmtkq.com | udp |
| US | 8.8.8.8:53 | xqeqvctmsuh.net | udp |
| US | 8.8.8.8:53 | ggcsci.com | udp |
| US | 8.8.8.8:53 | jyaotcpctq.info | udp |
| US | 8.8.8.8:53 | qxrwrxkgnrd.net | udp |
| US | 8.8.8.8:53 | kmciagqyqo.com | udp |
| US | 8.8.8.8:53 | gtlcjvcuebw.info | udp |
| US | 8.8.8.8:53 | kmxanyxlyah.net | udp |
| US | 8.8.8.8:53 | esnghaigj.info | udp |
| US | 8.8.8.8:53 | qagoeiyu.org | udp |
| US | 8.8.8.8:53 | pbbnco.info | udp |
| US | 8.8.8.8:53 | nzvcpdymnyh.net | udp |
| US | 8.8.8.8:53 | utuwdb.info | udp |
| US | 8.8.8.8:53 | hgxntkm.net | udp |
| US | 8.8.8.8:53 | aekuysquuiyq.org | udp |
| US | 8.8.8.8:53 | xmuqjgp.com | udp |
| US | 8.8.8.8:53 | qcptdeej.info | udp |
| LT | 81.29.25.60:32550 | tcp | |
| US | 8.8.8.8:53 | sgsoagiiccyw.com | udp |
| US | 8.8.8.8:53 | wuduaueqg.net | udp |
| US | 8.8.8.8:53 | ykbsjsnebof.net | udp |
| US | 8.8.8.8:53 | sqkwegauueec.org | udp |
| US | 8.8.8.8:53 | zkppdyl.net | udp |
| US | 8.8.8.8:53 | grblyx.net | udp |
| US | 8.8.8.8:53 | qjwljnfbkq.net | udp |
| US | 8.8.8.8:53 | djlicfxk.net | udp |
| US | 8.8.8.8:53 | vgfrryv.net | udp |
| US | 8.8.8.8:53 | txqjtydlden.info | udp |
| US | 8.8.8.8:53 | xntwhrl.com | udp |
| US | 8.8.8.8:53 | dbuguvooxgpt.info | udp |
| US | 8.8.8.8:53 | wugikfso.net | udp |
| US | 8.8.8.8:53 | mlldlwjp.info | udp |
| US | 8.8.8.8:53 | antyhcv.info | udp |
| US | 8.8.8.8:53 | rwbklxfvdgn.net | udp |
| US | 8.8.8.8:53 | qeoumoos.com | udp |
| US | 8.8.8.8:53 | kajpailpjmp.info | udp |
| US | 8.8.8.8:53 | zozfvssqd.net | udp |
| US | 8.8.8.8:53 | oieamaacgseu.com | udp |
| US | 8.8.8.8:53 | iluonc.net | udp |
| US | 8.8.8.8:53 | gwgoqq.com | udp |
| US | 8.8.8.8:53 | nqcxtkbyver.info | udp |
| US | 8.8.8.8:53 | brpljbxb.net | udp |
| US | 8.8.8.8:53 | jpeodevsdku.info | udp |
| US | 8.8.8.8:53 | hfwcbwvqpo.info | udp |
| US | 8.8.8.8:53 | cvhyxcvn.net | udp |
| US | 8.8.8.8:53 | caqrmaj.info | udp |
| US | 8.8.8.8:53 | hmnprhuy.net | udp |
| US | 8.8.8.8:53 | gislpxktd.info | udp |
| US | 8.8.8.8:53 | ekopipwgtq.info | udp |
| US | 8.8.8.8:53 | qsgmtnpkbwg.net | udp |
| US | 8.8.8.8:53 | baxgymj.com | udp |
| US | 8.8.8.8:53 | lketlps.org | udp |
| US | 8.8.8.8:53 | zvxikox.net | udp |
| US | 8.8.8.8:53 | dpwoyczy.info | udp |
| US | 8.8.8.8:53 | evakvcj.info | udp |
| US | 8.8.8.8:53 | vqrheyzex.net | udp |
| US | 8.8.8.8:53 | uujovqxul.info | udp |
| US | 8.8.8.8:53 | lvvadkc.org | udp |
| US | 8.8.8.8:53 | qeooaucuccao.org | udp |
| US | 8.8.8.8:53 | wuqnvsfc.info | udp |
| US | 8.8.8.8:53 | dnokfey.info | udp |
| US | 8.8.8.8:53 | jkegrujevkd.info | udp |
| US | 8.8.8.8:53 | rgtgggvsmmn.com | udp |
| US | 8.8.8.8:53 | yysiqeokew.org | udp |
| US | 8.8.8.8:53 | jkzkeo.net | udp |
| US | 8.8.8.8:53 | bmmvbzkexr.net | udp |
| US | 8.8.8.8:53 | qgmwweumwg.com | udp |
| US | 8.8.8.8:53 | wtheheoejmd.info | udp |
| US | 8.8.8.8:53 | wuyaiqgeqy.com | udp |
| US | 8.8.8.8:53 | ykvehuzgjxdr.net | udp |
| US | 8.8.8.8:53 | tnnnacmynn.info | udp |
| US | 8.8.8.8:53 | sgdrbhfajvnt.net | udp |
| US | 8.8.8.8:53 | htoxadmmobxi.net | udp |
| US | 8.8.8.8:53 | hglwxixl.info | udp |
| US | 8.8.8.8:53 | nenfkecw.net | udp |
| US | 8.8.8.8:53 | uhpmrupuasn.net | udp |
| US | 8.8.8.8:53 | rukiaid.info | udp |
| US | 8.8.8.8:53 | vttceet.net | udp |
| US | 8.8.8.8:53 | jiuasyhgs.net | udp |
| US | 8.8.8.8:53 | jrzyrcaozcr.org | udp |
| US | 8.8.8.8:53 | ismymdyah.info | udp |
| US | 8.8.8.8:53 | xydpzvtgqc.net | udp |
| US | 8.8.8.8:53 | caewonhpf.info | udp |
| US | 8.8.8.8:53 | cxlkhikkn.net | udp |
| US | 8.8.8.8:53 | omuaheut.info | udp |
| US | 8.8.8.8:53 | sqdxbct.info | udp |
| US | 8.8.8.8:53 | fnekqj.info | udp |
| US | 8.8.8.8:53 | ahpkedygf.net | udp |
| US | 8.8.8.8:53 | ryxdtsd.net | udp |
| US | 8.8.8.8:53 | icrsnwvjjcw.net | udp |
| US | 8.8.8.8:53 | lsxmlrx.info | udp |
| US | 8.8.8.8:53 | msfmtzx.info | udp |
| US | 8.8.8.8:53 | bmbpromqlsr.org | udp |
| US | 8.8.8.8:53 | pjhjwatons.net | udp |
| US | 8.8.8.8:53 | kqcbrg.info | udp |
| US | 8.8.8.8:53 | bazrzqjfqr.info | udp |
| US | 8.8.8.8:53 | ouqoeesiae.org | udp |
| US | 8.8.8.8:53 | xunmdom.net | udp |
| US | 8.8.8.8:53 | xetqrqn.org | udp |
| US | 8.8.8.8:53 | wijqwfsztg.info | udp |
| US | 8.8.8.8:53 | dhepek.net | udp |
| US | 8.8.8.8:53 | reewxp.info | udp |
| US | 8.8.8.8:53 | xdhxnfhn.info | udp |
| US | 8.8.8.8:53 | rgzhhuezesz.com | udp |
| US | 8.8.8.8:53 | hsapniz.org | udp |
| US | 8.8.8.8:53 | jfrenmxp.net | udp |
| US | 8.8.8.8:53 | nupsrelixel.com | udp |
| US | 8.8.8.8:53 | ipphzmsgpcvs.info | udp |
| US | 8.8.8.8:53 | jvkbtwoms.info | udp |
| US | 8.8.8.8:53 | xcrkgs.info | udp |
| US | 8.8.8.8:53 | dunolqrmder.net | udp |
| US | 8.8.8.8:53 | fddojiokamm.org | udp |
| US | 8.8.8.8:53 | xkvchqtezqb.net | udp |
| US | 8.8.8.8:53 | qyxkhcp.info | udp |
| US | 8.8.8.8:53 | jkdyhhqbrxvw.net | udp |
| US | 8.8.8.8:53 | oesaeigqwuki.com | udp |
| US | 8.8.8.8:53 | vyvddsymlbh.com | udp |
| US | 8.8.8.8:53 | xbxwjzxmqogo.info | udp |
| US | 8.8.8.8:53 | hhbibsteqcn.info | udp |
| US | 8.8.8.8:53 | gwdqihr.info | udp |
| US | 8.8.8.8:53 | vrhmemdczwd.info | udp |
| US | 8.8.8.8:53 | biogrvfyqb.net | udp |
| US | 8.8.8.8:53 | metnpnh.net | udp |
| US | 8.8.8.8:53 | qcaequgeic.org | udp |
| US | 8.8.8.8:53 | ukxalhnii.info | udp |
| US | 8.8.8.8:53 | swyqcwwomy.com | udp |
| US | 8.8.8.8:53 | cjzshjrwr.net | udp |
| US | 8.8.8.8:53 | gwiwucg.info | udp |
| US | 8.8.8.8:53 | teaacdtqjap.net | udp |
| US | 8.8.8.8:53 | bulwakbiw.info | udp |
| US | 8.8.8.8:53 | iudxoixiu.net | udp |
| US | 8.8.8.8:53 | ssnkococu.info | udp |
| US | 8.8.8.8:53 | ikpirrh.info | udp |
| US | 8.8.8.8:53 | hfgjrvzhhx.net | udp |
| US | 8.8.8.8:53 | boyvrklsui.info | udp |
| US | 8.8.8.8:53 | fthwhgf.net | udp |
| US | 8.8.8.8:53 | tgezcimdsujg.net | udp |
| US | 8.8.8.8:53 | ryidhz.net | udp |
| US | 8.8.8.8:53 | dsrchnmv.net | udp |
| US | 8.8.8.8:53 | gvvzaphxckt.net | udp |
| US | 8.8.8.8:53 | mdainrbbifun.net | udp |
| US | 8.8.8.8:53 | nulqeiz.info | udp |
| ES | 81.202.3.163:27333 | tcp | |
| US | 8.8.8.8:53 | nqavnanh.net | udp |
| US | 8.8.8.8:53 | okggsoicmggw.com | udp |
| US | 8.8.8.8:53 | tooinonsl.com | udp |
| US | 8.8.8.8:53 | uosevevexqf.net | udp |
| US | 8.8.8.8:53 | oysmewuk.com | udp |
| US | 8.8.8.8:53 | vjzadwgkhsq.org | udp |
| US | 8.8.8.8:53 | lkfqiedsxhy.org | udp |
| US | 8.8.8.8:53 | dkrmjufyuad.org | udp |
| US | 8.8.8.8:53 | zozgcobcaq.net | udp |
| US | 8.8.8.8:53 | nuzshdptjip.info | udp |
| US | 8.8.8.8:53 | faivhxfp.net | udp |
| US | 8.8.8.8:53 | usgiyissuseu.org | udp |
| US | 8.8.8.8:53 | hjjakml.com | udp |
| US | 8.8.8.8:53 | uqrltwr.info | udp |
| US | 8.8.8.8:53 | pcpbtvbtop.net | udp |
| US | 8.8.8.8:53 | mvrlhhspnj.info | udp |
| US | 8.8.8.8:53 | mgxipcvkxkf.net | udp |
| US | 8.8.8.8:53 | pubdtrzkyif.com | udp |
| US | 8.8.8.8:53 | ovsqzayw.info | udp |
| US | 8.8.8.8:53 | mljwhintolpn.net | udp |
| US | 8.8.8.8:53 | pfazcm.net | udp |
| US | 8.8.8.8:53 | ydtsbd.net | udp |
| US | 8.8.8.8:53 | rxhxfw.net | udp |
| US | 8.8.8.8:53 | cwqooweoyi.com | udp |
| US | 8.8.8.8:53 | srbggev.info | udp |
| US | 8.8.8.8:53 | ceqhpfrsjiqa.info | udp |
| US | 8.8.8.8:53 | yeeqdgews.net | udp |
| US | 8.8.8.8:53 | jkrneqt.org | udp |
| US | 8.8.8.8:53 | mhrtxn.info | udp |
| US | 8.8.8.8:53 | zkykjxrhzafp.net | udp |
| US | 8.8.8.8:53 | oeaukk.org | udp |
| US | 8.8.8.8:53 | oceuqusk.org | udp |
| US | 8.8.8.8:53 | mexsbsbhjgq.info | udp |
| US | 8.8.8.8:53 | jlioiuq.net | udp |
| US | 8.8.8.8:53 | gkyokeoi.org | udp |
| US | 8.8.8.8:53 | uvcodihahbp.net | udp |
| US | 8.8.8.8:53 | zrkxdpeqpmrg.net | udp |
| US | 8.8.8.8:53 | bwxsleytvwn.info | udp |
| US | 8.8.8.8:53 | budklucmbbro.net | udp |
| US | 8.8.8.8:53 | jmlidnngazyw.net | udp |
| US | 8.8.8.8:53 | pfnqqyhvw.net | udp |
| US | 8.8.8.8:53 | lurddnmdthsq.info | udp |
| US | 8.8.8.8:53 | hlqltge.net | udp |
| US | 8.8.8.8:53 | aijekuf.info | udp |
| US | 8.8.8.8:53 | suhexgbbhxj.info | udp |
| US | 8.8.8.8:53 | xoicvj.net | udp |
| US | 8.8.8.8:53 | ommoqu.com | udp |
| US | 8.8.8.8:53 | hcyxqogm.info | udp |
| US | 8.8.8.8:53 | etuerbjfvlbh.info | udp |
| US | 8.8.8.8:53 | nttgegv.com | udp |
| US | 8.8.8.8:53 | vlsqekixshcp.net | udp |
| US | 8.8.8.8:53 | rvfdlopfwt.info | udp |
| US | 8.8.8.8:53 | gfxgjdynlp.info | udp |
| US | 8.8.8.8:53 | iwwmiiga.org | udp |
| US | 8.8.8.8:53 | hwsjasd.com | udp |
| US | 8.8.8.8:53 | zedffnjjrftp.net | udp |
| US | 8.8.8.8:53 | fadovmuxat.info | udp |
| US | 8.8.8.8:53 | ycjnwotyn.net | udp |
| US | 8.8.8.8:53 | rywuhcwkljz.net | udp |
| US | 8.8.8.8:53 | wijltsqjd.info | udp |
| US | 8.8.8.8:53 | bhmlcf.info | udp |
| US | 8.8.8.8:53 | lblmbcsnctbz.info | udp |
| US | 8.8.8.8:53 | gilbzat.net | udp |
| US | 8.8.8.8:53 | jgzbxllqdecg.net | udp |
| US | 8.8.8.8:53 | bpcerengexg.org | udp |
| US | 8.8.8.8:53 | owitngg.info | udp |
| US | 8.8.8.8:53 | vuoohjnpij.net | udp |
| US | 8.8.8.8:53 | cgwwkkewsugy.org | udp |
| US | 8.8.8.8:53 | asecuyemymyi.org | udp |
| US | 8.8.8.8:53 | errepqnpjvhb.net | udp |
| US | 8.8.8.8:53 | xyokrc.info | udp |
| US | 8.8.8.8:53 | qksigokmky.com | udp |
| US | 8.8.8.8:53 | riporybyubb.net | udp |
| US | 8.8.8.8:53 | wsqieqkogwqk.org | udp |
| US | 8.8.8.8:53 | zmrarczuld.net | udp |
| US | 8.8.8.8:53 | lylbzjjm.net | udp |
| US | 8.8.8.8:53 | evzovywtr.net | udp |
| US | 8.8.8.8:53 | ybevcsvz.net | udp |
| US | 8.8.8.8:53 | htyaxz.net | udp |
| US | 8.8.8.8:53 | hqdsnxiwvyt.info | udp |
| US | 8.8.8.8:53 | dwpkzhv.com | udp |
| US | 8.8.8.8:53 | frveqk.net | udp |
| US | 8.8.8.8:53 | qaogec.org | udp |
| US | 8.8.8.8:53 | iqawnjomrgv.info | udp |
| US | 8.8.8.8:53 | hstyfgmw.info | udp |
| US | 8.8.8.8:53 | pmcqdgh.com | udp |
| US | 8.8.8.8:53 | jufnld.net | udp |
| US | 8.8.8.8:53 | igaeig.com | udp |
| US | 8.8.8.8:53 | iucislba.net | udp |
| US | 8.8.8.8:53 | dayucgzmwkv.net | udp |
| US | 8.8.8.8:53 | hwunsgx.org | udp |
| US | 8.8.8.8:53 | bqxiojvmjqc.org | udp |
| US | 8.8.8.8:53 | xytggorep.com | udp |
| US | 8.8.8.8:53 | lwuwkt.net | udp |
| US | 8.8.8.8:53 | wuybayvsmwt.info | udp |
| US | 8.8.8.8:53 | fjunougg.info | udp |
| US | 8.8.8.8:53 | uxzlnqrvk.info | udp |
| US | 8.8.8.8:53 | uubfjmrez.info | udp |
| US | 8.8.8.8:53 | vafyrpjm.net | udp |
| US | 8.8.8.8:53 | tgjtzrq.org | udp |
| US | 8.8.8.8:53 | qisakqeiecqu.org | udp |
| US | 8.8.8.8:53 | vpvkkv.net | udp |
| US | 8.8.8.8:53 | aayeua.org | udp |
| US | 8.8.8.8:53 | mgyyquugmkgg.org | udp |
| US | 8.8.8.8:53 | owyemqgs.com | udp |
| US | 8.8.8.8:53 | iggcfwpytwa.net | udp |
| US | 8.8.8.8:53 | wxfdlooa.info | udp |
| US | 8.8.8.8:53 | jwqzfuf.net | udp |
| US | 8.8.8.8:53 | fgtejlzrcgb.org | udp |
| US | 8.8.8.8:53 | pujosa.net | udp |
| US | 8.8.8.8:53 | dnffyhkf.net | udp |
| US | 8.8.8.8:53 | zusydeuuc.info | udp |
| US | 8.8.8.8:53 | ugqyasse.com | udp |
| US | 8.8.8.8:53 | omauuu.com | udp |
| US | 8.8.8.8:53 | gyzpnynmrudz.net | udp |
| US | 8.8.8.8:53 | zwdjvq.info | udp |
| US | 8.8.8.8:53 | ushkxbyxdgg.net | udp |
| US | 8.8.8.8:53 | yspntfrarkf.net | udp |
| US | 8.8.8.8:53 | befofvoeata.org | udp |
| US | 8.8.8.8:53 | vsrzlwbtt.org | udp |
| LT | 88.222.196.34:37018 | tcp | |
| US | 8.8.8.8:53 | jalkbr.info | udp |
| US | 8.8.8.8:53 | dxzyfmuejch.info | udp |
| US | 8.8.8.8:53 | kmnnjnzip.info | udp |
| US | 8.8.8.8:53 | cxffzmlflm.info | udp |
| US | 8.8.8.8:53 | eenclwvqkqv.info | udp |
| US | 8.8.8.8:53 | yaiwjgn.info | udp |
| US | 8.8.8.8:53 | ooxoqjzol.net | udp |
| US | 8.8.8.8:53 | hyvueuxex.info | udp |
| US | 8.8.8.8:53 | voryjoh.info | udp |
| US | 8.8.8.8:53 | maltyz.net | udp |
| US | 8.8.8.8:53 | uktwxdlsj.info | udp |
| US | 8.8.8.8:53 | usztsauxtyh.net | udp |
| US | 8.8.8.8:53 | fbmehwgtk.com | udp |
| US | 8.8.8.8:53 | zsdfwqdutr.net | udp |
| US | 8.8.8.8:53 | uocmysem.org | udp |
| US | 8.8.8.8:53 | raidiulngce.info | udp |
| US | 8.8.8.8:53 | avntak.info | udp |
| US | 8.8.8.8:53 | zpdzlruk.info | udp |
| US | 8.8.8.8:53 | bktpfwsl.net | udp |
| US | 8.8.8.8:53 | kghclugdxhd.info | udp |
| US | 8.8.8.8:53 | vvztzt.net | udp |
| US | 8.8.8.8:53 | bygyvgzsxan.org | udp |
| US | 8.8.8.8:53 | iplqdlbmaiyt.info | udp |
| US | 8.8.8.8:53 | lafyfbyrzs.info | udp |
| US | 8.8.8.8:53 | fydkxsf.info | udp |
| US | 8.8.8.8:53 | uupetlqtlq.info | udp |
| US | 8.8.8.8:53 | fohsbj.info | udp |
| US | 8.8.8.8:53 | uuaocufwcl.info | udp |
| HK | 156.237.207.232:80 | yeseee.com | tcp |
| US | 8.8.8.8:53 | gochjck.net | udp |
| US | 8.8.8.8:53 | pyrefi.net | udp |
| US | 8.8.8.8:53 | axyondcy.info | udp |
| US | 8.8.8.8:53 | jjjklehihwt.com | udp |
| US | 8.8.8.8:53 | adorryiutuzf.net | udp |
| US | 8.8.8.8:53 | geooqk.org | udp |
| US | 8.8.8.8:53 | mangddw.info | udp |
| US | 8.8.8.8:53 | perzsi.info | udp |
| US | 108.163.242.106:80 | perzsi.info | tcp |
| US | 8.8.8.8:53 | acofhxisomc.net | udp |
| US | 8.8.8.8:53 | taxsnux.com | udp |
| US | 8.8.8.8:53 | pkimbmv.net | udp |
| US | 8.8.8.8:53 | ckabiapoqy.info | udp |
| US | 8.8.8.8:53 | auakai.com | udp |
| US | 8.8.8.8:53 | lpitsboh.info | udp |
| US | 8.8.8.8:53 | gjsuzv.net | udp |
| US | 8.8.8.8:53 | meowqg.com | udp |
| US | 8.8.8.8:53 | iwlpzasaqq.net | udp |
| US | 8.8.8.8:53 | vodibarqb.net | udp |
| US | 8.8.8.8:53 | wyemaceq.com | udp |
| US | 8.8.8.8:53 | 106.242.163.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bakfznqyjrsl.net | udp |
| US | 8.8.8.8:53 | vxornflefopi.net | udp |
| US | 8.8.8.8:53 | tsxauoqgjzf.net | udp |
| US | 8.8.8.8:53 | wggugm.com | udp |
| US | 8.8.8.8:53 | kjdwlejiewx.net | udp |
| US | 8.8.8.8:53 | leardaxrdxjq.net | udp |
| US | 8.8.8.8:53 | iyluyuiuz.info | udp |
| US | 8.8.8.8:53 | beklnku.com | udp |
| US | 8.8.8.8:53 | lemewfdrxi.net | udp |
| US | 8.8.8.8:53 | ugrrja.net | udp |
| US | 8.8.8.8:53 | nayjumatzof.info | udp |
| US | 8.8.8.8:53 | eyhkkpxyywm.info | udp |
| US | 8.8.8.8:53 | agczvn.info | udp |
| US | 8.8.8.8:53 | nicxrmrxya.net | udp |
| US | 8.8.8.8:53 | vctofcnsnjj.com | udp |
| US | 8.8.8.8:53 | gsfutshsjyu.info | udp |
| US | 8.8.8.8:53 | cuamiuuaks.com | udp |
| US | 8.8.8.8:53 | pufkudlh.net | udp |
| US | 8.8.8.8:53 | kprkjbqfld.info | udp |
| US | 8.8.8.8:53 | kgguqwscoe.org | udp |
| US | 8.8.8.8:53 | daagxzjgfyx.net | udp |
| US | 8.8.8.8:53 | gqnzlowbjur.info | udp |
| US | 8.8.8.8:53 | tflotvuqbcf.com | udp |
| US | 8.8.8.8:53 | vdinsezipu.net | udp |
| US | 8.8.8.8:53 | saakgigoyssk.com | udp |
| US | 8.8.8.8:53 | csceoyeuma.org | udp |
| US | 8.8.8.8:53 | ialplkxcbyb.info | udp |
| US | 8.8.8.8:53 | rwfktlvh.info | udp |
| US | 8.8.8.8:53 | rvmonfphd.org | udp |
| US | 8.8.8.8:53 | ayvjhies.info | udp |
| US | 8.8.8.8:53 | mnzmxmoonbs.net | udp |
| US | 8.8.8.8:53 | xytojkd.net | udp |
| US | 8.8.8.8:53 | gqmakiac.org | udp |
| US | 8.8.8.8:53 | rwiskguvjftt.net | udp |
| US | 8.8.8.8:53 | mfxmirp.net | udp |
| US | 8.8.8.8:53 | iupuvudcl.info | udp |
| US | 8.8.8.8:53 | qkttndwy.info | udp |
| US | 8.8.8.8:53 | wmscqyigueci.com | udp |
| US | 8.8.8.8:53 | iqugyues.com | udp |
| US | 8.8.8.8:53 | nufiueo.info | udp |
| US | 8.8.8.8:53 | wmiwkyooog.com | udp |
| US | 8.8.8.8:53 | egsuagwkaimw.org | udp |
| US | 8.8.8.8:53 | xanwqkg.info | udp |
| US | 8.8.8.8:53 | qozwdfhoz.net | udp |
| US | 8.8.8.8:53 | hkrhsetmvvpu.net | udp |
| US | 8.8.8.8:53 | ivyldldklwgg.info | udp |
| US | 8.8.8.8:53 | abjeqpkpmetx.info | udp |
| BG | 95.43.4.202:34314 | tcp | |
| US | 8.8.8.8:53 | dqpzaqnenvf.org | udp |
| US | 8.8.8.8:53 | xygbdoqlv.org | udp |
| US | 8.8.8.8:53 | patgfynakkh.org | udp |
| US | 8.8.8.8:53 | jipsvaoqu.com | udp |
| US | 8.8.8.8:53 | lzwcbcd.com | udp |
| US | 8.8.8.8:53 | zphkxle.net | udp |
| US | 8.8.8.8:53 | fofcgchur.net | udp |
| US | 8.8.8.8:53 | nbtsiyiyzol.net | udp |
| US | 8.8.8.8:53 | icaijmduf.net | udp |
| US | 8.8.8.8:53 | dapvcrzylum.org | udp |
| US | 8.8.8.8:53 | kjnlkrii.net | udp |
| US | 8.8.8.8:53 | xrdxgalgps.info | udp |
| US | 8.8.8.8:53 | kcnorszffqi.net | udp |
| US | 8.8.8.8:53 | dnldzgosht.info | udp |
| US | 8.8.8.8:53 | qqksawioyw.org | udp |
| US | 8.8.8.8:53 | bsdwvjgot.org | udp |
| US | 8.8.8.8:53 | xuggpqlmtcll.net | udp |
| US | 8.8.8.8:53 | stfhbwifvy.info | udp |
| US | 8.8.8.8:53 | hnkypqf.info | udp |
| US | 8.8.8.8:53 | skcoyu.com | udp |
| US | 8.8.8.8:53 | dhfuawbmlx.net | udp |
| US | 8.8.8.8:53 | pwdeavbwi.net | udp |
| US | 8.8.8.8:53 | fgyojpnggd.info | udp |
| US | 8.8.8.8:53 | lubynyr.net | udp |
| US | 8.8.8.8:53 | pslwrbzyaian.info | udp |
| US | 8.8.8.8:53 | efdlohhy.info | udp |
| US | 8.8.8.8:53 | manlwksodmu.net | udp |
| US | 8.8.8.8:53 | fblyeqmkoulu.net | udp |
| US | 8.8.8.8:53 | ssgdeqxk.net | udp |
| US | 8.8.8.8:53 | lbmcjav.net | udp |
| US | 8.8.8.8:53 | suxthmwdyvb.net | udp |
| US | 8.8.8.8:53 | zitiqkxzo.info | udp |
| US | 8.8.8.8:53 | rxlepv.info | udp |
| US | 8.8.8.8:53 | iwitykcs.info | udp |
| US | 8.8.8.8:53 | pmvwlcgtpsd.com | udp |
| US | 8.8.8.8:53 | agoguu.com | udp |
| US | 8.8.8.8:53 | qlsshwoh.net | udp |
| US | 8.8.8.8:53 | pvebfevi.net | udp |
| US | 8.8.8.8:53 | bgdqgf.net | udp |
| US | 8.8.8.8:53 | cgkcui.org | udp |
| US | 8.8.8.8:53 | iekoosokwosc.org | udp |
| US | 8.8.8.8:53 | ycxvrvto.info | udp |
| US | 8.8.8.8:53 | lcosned.net | udp |
| US | 8.8.8.8:53 | eqwkxorsw.net | udp |
| US | 8.8.8.8:53 | uxlqxblxi.info | udp |
| US | 8.8.8.8:53 | tvwyod.info | udp |
| US | 8.8.8.8:53 | fdusfprgpcc.com | udp |
| US | 8.8.8.8:53 | amgyoj.net | udp |
| US | 8.8.8.8:53 | moybhwwszd.net | udp |
| US | 8.8.8.8:53 | amvbrfhisy.info | udp |
| US | 8.8.8.8:53 | rtkodt.net | udp |
| US | 8.8.8.8:53 | etxxyy.info | udp |
| US | 8.8.8.8:53 | lczknqjijnr.net | udp |
| US | 8.8.8.8:53 | fmdicw.info | udp |
| US | 8.8.8.8:53 | sbablr.net | udp |
| US | 8.8.8.8:53 | mvwkvmrol.net | udp |
| US | 8.8.8.8:53 | xehdpowkosi.net | udp |
| US | 8.8.8.8:53 | auogaewwmueg.org | udp |
| US | 8.8.8.8:53 | aubgzylblcd.info | udp |
| US | 8.8.8.8:53 | bgbgrltvv.org | udp |
| US | 8.8.8.8:53 | zawicn.net | udp |
| US | 8.8.8.8:53 | xyzjjqgqwzyb.info | udp |
| US | 8.8.8.8:53 | uacoqg.org | udp |
| US | 8.8.8.8:53 | bheyevonrxwq.info | udp |
| US | 8.8.8.8:53 | vtxkiqn.info | udp |
| US | 8.8.8.8:53 | hufulqlqjfv.info | udp |
| US | 8.8.8.8:53 | pekahw.net | udp |
| US | 8.8.8.8:53 | haprfabjrusx.net | udp |
| US | 8.8.8.8:53 | fcugppnzi.info | udp |
| US | 8.8.8.8:53 | wyseff.info | udp |
| US | 8.8.8.8:53 | rcrcrbxww.net | udp |
| US | 8.8.8.8:53 | medeqkuucy.net | udp |
| US | 8.8.8.8:53 | hotjmuouxjx.org | udp |
| US | 8.8.8.8:53 | ocmwkuug.com | udp |
| US | 8.8.8.8:53 | fslcrcvsr.info | udp |
| US | 8.8.8.8:53 | nwbwekr.com | udp |
| US | 8.8.8.8:53 | jslxpafvz.com | udp |
| US | 8.8.8.8:53 | geyjelxqn.net | udp |
| US | 8.8.8.8:53 | irnwppvwl.net | udp |
| US | 8.8.8.8:53 | zvzkvqqcpcb.com | udp |
| US | 8.8.8.8:53 | lzxrjt.info | udp |
| US | 8.8.8.8:53 | mlfcdejcu.net | udp |
| US | 8.8.8.8:53 | syloqtjlxi.info | udp |
| US | 8.8.8.8:53 | qsokqqwi.org | udp |
| US | 8.8.8.8:53 | qzwlrogclep.info | udp |
| US | 8.8.8.8:53 | muvcfxhmi.info | udp |
| US | 8.8.8.8:53 | ptbxyixaqem.info | udp |
| US | 8.8.8.8:53 | yqtolfc.info | udp |
| US | 8.8.8.8:53 | ltlvhlsh.info | udp |
| US | 8.8.8.8:53 | pmupmh.info | udp |
| US | 8.8.8.8:53 | lrgujhbf.net | udp |
| US | 8.8.8.8:53 | wenioqphvgv.info | udp |
| US | 8.8.8.8:53 | ytmirxzwjgfh.info | udp |
| US | 8.8.8.8:53 | fnnnaj.info | udp |
| US | 8.8.8.8:53 | acvmqkd.net | udp |
| US | 8.8.8.8:53 | xgnijggfclh.com | udp |
| US | 8.8.8.8:53 | rfxbbsjqmea.com | udp |
| US | 8.8.8.8:53 | dymhzf.net | udp |
| US | 8.8.8.8:53 | hxhwah.net | udp |
| US | 8.8.8.8:53 | wvctjeatkftp.net | udp |
| US | 8.8.8.8:53 | kghwmwret.info | udp |
| US | 8.8.8.8:53 | dpseva.net | udp |
| US | 8.8.8.8:53 | xykijz.info | udp |
| US | 8.8.8.8:53 | daatjbtpjwtj.net | udp |
| US | 8.8.8.8:53 | cosnjshcp.info | udp |
| US | 8.8.8.8:53 | wsyqzjzsjih.info | udp |
| US | 8.8.8.8:53 | mzhjdurilpt.net | udp |
| US | 8.8.8.8:53 | fcxrfneuzoe.net | udp |
| US | 8.8.8.8:53 | pgzxnocgs.org | udp |
| US | 8.8.8.8:53 | iuecpck.info | udp |
| US | 8.8.8.8:53 | fityza.net | udp |
| US | 8.8.8.8:53 | ehnkvbn.net | udp |
| US | 8.8.8.8:53 | gajvfkq.info | udp |
| US | 8.8.8.8:53 | lbgkni.net | udp |
| US | 8.8.8.8:53 | vywsjbm.org | udp |
| US | 8.8.8.8:53 | zujiqwrkjht.info | udp |
| US | 8.8.8.8:53 | oxoeoagynsj.net | udp |
| US | 8.8.8.8:53 | vucoraihsg.net | udp |
| BG | 79.100.101.240:35478 | tcp | |
| US | 8.8.8.8:53 | mtprtzejpt.info | udp |
| US | 8.8.8.8:53 | xqwcbnlsoacc.info | udp |
| US | 8.8.8.8:53 | iusiogeeos.org | udp |
| US | 8.8.8.8:53 | hxfoydwgldum.info | udp |
| US | 8.8.8.8:53 | ssywvma.net | udp |
| US | 8.8.8.8:53 | zunutxlge.info | udp |
| US | 8.8.8.8:53 | lrowcjkt.net | udp |
| US | 8.8.8.8:53 | pljhyybf.net | udp |
| US | 8.8.8.8:53 | pknwluqmrwn.org | udp |
| US | 8.8.8.8:53 | ztfevnbfgtkp.info | udp |
| US | 8.8.8.8:53 | rqtuscv.com | udp |
| US | 8.8.8.8:53 | jeuqhcdktpm.info | udp |
| US | 8.8.8.8:53 | lotmagbepwh.info | udp |
| US | 8.8.8.8:53 | slayyy.info | udp |
| US | 8.8.8.8:53 | fjswfmxs.net | udp |
| US | 8.8.8.8:53 | maickdqk.net | udp |
| US | 8.8.8.8:53 | vanjpyu.com | udp |
| US | 8.8.8.8:53 | vcuolqniy.org | udp |
| US | 8.8.8.8:53 | oklwmhsexc.net | udp |
| US | 8.8.8.8:53 | usltycpqmpc.info | udp |
| US | 8.8.8.8:53 | jepdqzaw.net | udp |
| US | 8.8.8.8:53 | mugigk.org | udp |
| US | 8.8.8.8:53 | knvfyjwejz.net | udp |
| US | 8.8.8.8:53 | ugdmtph.net | udp |
| US | 8.8.8.8:53 | rflcbi.info | udp |
| US | 8.8.8.8:53 | sauugyyiaqum.org | udp |
| US | 8.8.8.8:53 | ywbmxtjsfezl.info | udp |
| US | 8.8.8.8:53 | arghdtwg.info | udp |
| US | 8.8.8.8:53 | fobecelwgggc.info | udp |
| US | 8.8.8.8:53 | frmqtkv.net | udp |
| US | 8.8.8.8:53 | ygaayqgs.com | udp |
| US | 8.8.8.8:53 | osiukecg.org | udp |
| US | 8.8.8.8:53 | stujacrl.net | udp |
| US | 8.8.8.8:53 | zkjonsd.org | udp |
| US | 8.8.8.8:53 | brzvrwjdxetk.info | udp |
| US | 8.8.8.8:53 | rwfkxgeitawp.info | udp |
| US | 8.8.8.8:53 | rhsqzgrch.info | udp |
| US | 8.8.8.8:53 | qunsptr.net | udp |
| US | 8.8.8.8:53 | rqdmvohgkwm.org | udp |
| US | 8.8.8.8:53 | tepcdxtkrgn.org | udp |
| US | 8.8.8.8:53 | iwyweoc.info | udp |
| US | 8.8.8.8:53 | ossecgycmygu.com | udp |
| US | 8.8.8.8:53 | zvbwne.info | udp |
| US | 8.8.8.8:53 | vquygbg.org | udp |
| US | 8.8.8.8:53 | kfdywcqrda.net | udp |
| US | 8.8.8.8:53 | ssmxzo.info | udp |
| US | 8.8.8.8:53 | palivwtweir.com | udp |
| US | 8.8.8.8:53 | rkkfmdln.net | udp |
| US | 8.8.8.8:53 | tboyrtniuyn.net | udp |
| US | 8.8.8.8:53 | oqydvqf.net | udp |
| US | 8.8.8.8:53 | macuaiyeuqqe.org | udp |
| US | 8.8.8.8:53 | nkfyqzd.org | udp |
| US | 8.8.8.8:53 | gnntvdqopc.info | udp |
| US | 8.8.8.8:53 | oyaymu.org | udp |
| US | 8.8.8.8:53 | iqjkiytxpcb.net | udp |
| US | 8.8.8.8:53 | zpfvgkjefd.info | udp |
| US | 8.8.8.8:53 | hncweijtpb.info | udp |
| US | 8.8.8.8:53 | nhfjfafaz.org | udp |
| US | 8.8.8.8:53 | gaaqoymoei.org | udp |
| US | 8.8.8.8:53 | mwycqayuwe.com | udp |
| US | 8.8.8.8:53 | uwceecuusk.com | udp |
| US | 8.8.8.8:53 | xhvgyqtl.net | udp |
| US | 8.8.8.8:53 | ftjivug.org | udp |
| US | 8.8.8.8:53 | baxiyghelmb.org | udp |
| US | 8.8.8.8:53 | zynopmxefcw.org | udp |
| US | 8.8.8.8:53 | kqfejqf.info | udp |
| US | 8.8.8.8:53 | damidcjcikr.com | udp |
| US | 8.8.8.8:53 | mpurvwesq.info | udp |
| US | 8.8.8.8:53 | qpdcwoxjrf.info | udp |
| US | 8.8.8.8:53 | atpsjmvhsmb.net | udp |
| US | 8.8.8.8:53 | aeuiiw.org | udp |
| US | 8.8.8.8:53 | djzqlh.info | udp |
| US | 8.8.8.8:53 | rkctbjca.info | udp |
| US | 8.8.8.8:53 | jkjexga.org | udp |
| US | 8.8.8.8:53 | zxauxpnh.info | udp |
| US | 8.8.8.8:53 | lieqocaad.org | udp |
| US | 8.8.8.8:53 | blmyhxleh.info | udp |
| US | 8.8.8.8:53 | iaaagqxwf.net | udp |
| US | 8.8.8.8:53 | jgyidi.net | udp |
| US | 8.8.8.8:53 | gkgwhquv.info | udp |
| US | 8.8.8.8:53 | paybki.net | udp |
| US | 8.8.8.8:53 | eazerazey.net | udp |
| US | 8.8.8.8:53 | gnaoackhra.info | udp |
| US | 8.8.8.8:53 | ruvtfyxn.info | udp |
| US | 8.8.8.8:53 | cydnzcjqzgl.net | udp |
| US | 8.8.8.8:53 | wjgzojkwqoze.info | udp |
| US | 8.8.8.8:53 | ohandnkp.net | udp |
| US | 8.8.8.8:53 | vuasowgw.net | udp |
| US | 8.8.8.8:53 | nvonbvbshfgq.info | udp |
| BG | 77.85.73.254:40497 | tcp | |
| US | 8.8.8.8:53 | rvewvc.info | udp |
| US | 8.8.8.8:53 | cxyjmpcprupx.net | udp |
| US | 8.8.8.8:53 | vhveha.info | udp |
| US | 8.8.8.8:53 | skiqff.info | udp |
| US | 8.8.8.8:53 | pzvrtbewak.info | udp |
| US | 8.8.8.8:53 | dapgezl.net | udp |
| US | 8.8.8.8:53 | pergbmmwzlmf.net | udp |
| US | 8.8.8.8:53 | qdngrxsxgw.net | udp |
| US | 8.8.8.8:53 | sqqumgekumeo.org | udp |
| US | 8.8.8.8:53 | jsmebfkf.info | udp |
| US | 8.8.8.8:53 | acppyjcged.info | udp |
| US | 8.8.8.8:53 | hfmlwcgfjh.net | udp |
| US | 8.8.8.8:53 | sddsymh.info | udp |
| US | 8.8.8.8:53 | meumgzpu.info | udp |
| US | 8.8.8.8:53 | navtgo.net | udp |
| US | 8.8.8.8:53 | hmhkfkkdbqns.info | udp |
| US | 8.8.8.8:53 | gkwaccwquamg.org | udp |
| US | 8.8.8.8:53 | ryihxzqmms.info | udp |
| US | 8.8.8.8:53 | owhaxyftjz.net | udp |
| US | 8.8.8.8:53 | rslorux.org | udp |
| US | 8.8.8.8:53 | fshhtxpue.org | udp |
| US | 8.8.8.8:53 | tirwnevmz.net | udp |
| US | 8.8.8.8:53 | mqczgmynd.info | udp |
| US | 8.8.8.8:53 | yxntfmtbpftw.info | udp |
| US | 8.8.8.8:53 | oibcjpxzbm.net | udp |
| US | 8.8.8.8:53 | aceyztqsourr.net | udp |
| US | 8.8.8.8:53 | jwfjfkked.info | udp |
| US | 8.8.8.8:53 | lytuefatnbnu.net | udp |
| US | 8.8.8.8:53 | sggirnmhiyuj.info | udp |
| US | 8.8.8.8:53 | rystbexujie.net | udp |
| US | 8.8.8.8:53 | vlicxohgjzfd.net | udp |
| US | 8.8.8.8:53 | gurqfvtsl.info | udp |
| US | 8.8.8.8:53 | qmsapgt.net | udp |
| US | 8.8.8.8:53 | lnnvbcdyf.com | udp |
| US | 8.8.8.8:53 | yereeexdbcp.info | udp |
| US | 8.8.8.8:53 | hwlrdmv.org | udp |
| US | 8.8.8.8:53 | xqpkeij.org | udp |
| US | 8.8.8.8:53 | ylzgncyyewoh.info | udp |
| US | 8.8.8.8:53 | javjpwoegkbc.info | udp |
| US | 8.8.8.8:53 | icxwgivof.info | udp |
| US | 8.8.8.8:53 | gmnoicl.info | udp |
| US | 8.8.8.8:53 | wudcfxgcnmt.net | udp |
| US | 8.8.8.8:53 | ekrebrosoad.net | udp |
| US | 8.8.8.8:53 | oahzbczz.info | udp |
| US | 8.8.8.8:53 | scjzpjnvzwpk.net | udp |
| US | 8.8.8.8:53 | odqolj.net | udp |
| US | 8.8.8.8:53 | gwwizyrvh.info | udp |
| US | 8.8.8.8:53 | bldeafyrw.info | udp |
| US | 8.8.8.8:53 | levjfcpvledd.net | udp |
| US | 8.8.8.8:53 | bsxjofye.info | udp |
| US | 8.8.8.8:53 | nxxfthwphnlh.net | udp |
| US | 8.8.8.8:53 | ocekea.com | udp |
| US | 8.8.8.8:53 | llmtynj.com | udp |
| US | 8.8.8.8:53 | byzgzzwy.net | udp |
| US | 8.8.8.8:53 | jidpfeanrap.net | udp |
| US | 8.8.8.8:53 | dlcuamqbcw.info | udp |
| US | 8.8.8.8:53 | onmrvpctfe.info | udp |
| US | 8.8.8.8:53 | tjxbwwce.info | udp |
| US | 8.8.8.8:53 | dngfrgoifb.info | udp |
| US | 8.8.8.8:53 | ogcsfcfswoc.net | udp |
| US | 8.8.8.8:53 | czmgejeanm.info | udp |
| US | 8.8.8.8:53 | bfjceqzjn.info | udp |
| US | 8.8.8.8:53 | riporilmb.info | udp |
| US | 8.8.8.8:53 | siyqvceqj.info | udp |
| US | 8.8.8.8:53 | erotbvautp.net | udp |
| US | 8.8.8.8:53 | bimixykrh.net | udp |
| US | 8.8.8.8:53 | linhhz.net | udp |
| US | 8.8.8.8:53 | umsrdwtqsob.net | udp |
| US | 8.8.8.8:53 | ltmundpr.info | udp |
| US | 8.8.8.8:53 | fofougtfo.net | udp |
| US | 8.8.8.8:53 | ezagtcuxtrdo.info | udp |
| US | 8.8.8.8:53 | ukscwe.org | udp |
| US | 8.8.8.8:53 | bizoawm.info | udp |
| US | 8.8.8.8:53 | baiizeh.com | udp |
| US | 8.8.8.8:53 | yctexcy.net | udp |
| US | 8.8.8.8:53 | gkukseim.org | udp |
| US | 8.8.8.8:53 | uczinzwgkz.info | udp |
| US | 8.8.8.8:53 | mizyhezyx.net | udp |
| US | 8.8.8.8:53 | wglxbeyixsg.info | udp |
| US | 8.8.8.8:53 | leqwbjbs.net | udp |
| US | 8.8.8.8:53 | parzpqzvg.info | udp |
| US | 8.8.8.8:53 | mzeijx.info | udp |
| US | 8.8.8.8:53 | hmdahmb.com | udp |
| US | 8.8.8.8:53 | ktdgjyn.info | udp |
| US | 8.8.8.8:53 | rtzgob.net | udp |
| US | 8.8.8.8:53 | aogobal.info | udp |
| US | 8.8.8.8:53 | otdghrxzna.info | udp |
| US | 8.8.8.8:53 | hgyzqwvcz.info | udp |
| US | 8.8.8.8:53 | uynavccki.net | udp |
| US | 8.8.8.8:53 | gudechrg.info | udp |
| US | 8.8.8.8:53 | banvsbxbauwd.info | udp |
| US | 8.8.8.8:53 | cxjprfyiyi.info | udp |
| US | 8.8.8.8:53 | vmninobml.org | udp |
| US | 8.8.8.8:53 | erfknkqmo.net | udp |
| US | 8.8.8.8:53 | xibyilbyny.net | udp |
| US | 8.8.8.8:53 | raqzxajxp.info | udp |
| US | 8.8.8.8:53 | qkoogiuwkkwo.org | udp |
| US | 8.8.8.8:53 | ztqdje.info | udp |
| US | 8.8.8.8:53 | uwxgvvxtnnig.net | udp |
| US | 8.8.8.8:53 | nqldnkf.com | udp |
| US | 8.8.8.8:53 | nvgkvkmeh.net | udp |
| US | 8.8.8.8:53 | mcwiare.net | udp |
| US | 8.8.8.8:53 | xcmqic.net | udp |
| US | 8.8.8.8:53 | cscgygysqsoi.org | udp |
| US | 8.8.8.8:53 | yqbtujb.info | udp |
| US | 8.8.8.8:53 | psjgnfdmjwx.net | udp |
| US | 8.8.8.8:53 | tslytw.info | udp |
| US | 8.8.8.8:53 | berczsf.info | udp |
| US | 8.8.8.8:53 | jvaifw.info | udp |
| US | 8.8.8.8:53 | gsplyynqy.info | udp |
| US | 8.8.8.8:53 | kmeggs.org | udp |
| US | 8.8.8.8:53 | yankitjivuz.net | udp |
| US | 8.8.8.8:53 | eelrjsy.net | udp |
| US | 8.8.8.8:53 | qqfmhohaz.net | udp |
| US | 8.8.8.8:53 | tmhdhiu.net | udp |
| US | 8.8.8.8:53 | qeumlfa.net | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | yuccleiwutg.net | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| LT | 212.122.81.55:38712 | tcp | |
| US | 8.8.8.8:53 | bvlugon.org | udp |
| US | 8.8.8.8:53 | fhfhjhdcmsw.info | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | xdxnwkwy.info | udp |
| US | 8.8.8.8:53 | pxdovj.net | udp |
| US | 8.8.8.8:53 | pnfmjmvwlcx.org | udp |
| US | 8.8.8.8:53 | zadanm.info | udp |
| US | 8.8.8.8:53 | wejgcsnvr.net | udp |
| US | 8.8.8.8:53 | cxhsbejnd.net | udp |
| US | 8.8.8.8:53 | fsegwutospr.info | udp |
| US | 8.8.8.8:53 | eyzfqvlh.info | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| US | 8.8.8.8:53 | kkysiu.com | udp |
| US | 8.8.8.8:53 | rwwflaxw.info | udp |
| US | 8.8.8.8:53 | azxgvktktwt.info | udp |
| US | 8.8.8.8:53 | utrmvwlfg.info | udp |
| US | 8.8.8.8:53 | tabctyyquc.net | udp |
| US | 8.8.8.8:53 | vqhclzq.org | udp |
| US | 8.8.8.8:53 | volfungwvq.net | udp |
| US | 8.8.8.8:53 | pjoxtpqa.net | udp |
| US | 8.8.8.8:53 | jixbxok.info | udp |
| US | 8.8.8.8:53 | kqzyvjovph.net | udp |
| US | 8.8.8.8:53 | tixrohvo.info | udp |
| US | 8.8.8.8:53 | vurmzvnuz.net | udp |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | rzsbhj.net | udp |
| US | 8.8.8.8:53 | lpfpuqprtl.info | udp |
| US | 8.8.8.8:53 | qtkpsaqgey.info | udp |
| US | 8.8.8.8:53 | ysoiymcgakki.com | udp |
| US | 8.8.8.8:53 | qarivkh.info | udp |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | gyavjufahcj.info | udp |
| US | 8.8.8.8:53 | waskgcymoeaq.com | udp |
| US | 8.8.8.8:53 | vwflvvlprfgd.net | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | derolt.net | udp |
| US | 8.8.8.8:53 | yryykwpaw.net | udp |
| US | 8.8.8.8:53 | cbxuqetyjkm.info | udp |
| US | 8.8.8.8:53 | yuwewkmsgi.com | udp |
| US | 8.8.8.8:53 | xmkazyplr.net | udp |
| US | 8.8.8.8:53 | myocswemuq.org | udp |
| US | 8.8.8.8:53 | dptqdez.info | udp |
| US | 8.8.8.8:53 | yiceyysmyu.org | udp |
| US | 8.8.8.8:53 | jgufct.net | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | eppftadkb.net | udp |
| US | 8.8.8.8:53 | xigoculsi.net | udp |
| US | 8.8.8.8:53 | bpzkdhdlwrxd.info | udp |
| US | 8.8.8.8:53 | fvftho.net | udp |
| US | 8.8.8.8:53 | cnopvoxbucre.net | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| US | 8.8.8.8:53 | vsydupfxzmmn.info | udp |
| US | 8.8.8.8:53 | enwtmurjjnnj.net | udp |
| US | 8.8.8.8:53 | aglmndgtotkc.net | udp |
| US | 8.8.8.8:53 | usqrozagywto.net | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 8.8.8.8:53 | xczbftm.org | udp |
| US | 8.8.8.8:53 | kwtapbz.info | udp |
| US | 8.8.8.8:53 | ugoyumka.com | udp |
| US | 8.8.8.8:53 | gqasukiksy.com | udp |
| US | 8.8.8.8:53 | dwaovctms.net | udp |
| US | 8.8.8.8:53 | vljgbupsl.net | udp |
| US | 8.8.8.8:53 | uiyqsmyaka.org | udp |
| US | 8.8.8.8:53 | owussgyw.com | udp |
| US | 8.8.8.8:53 | qpejngowavjy.info | udp |
| US | 8.8.8.8:53 | kwlunn.info | udp |
| US | 8.8.8.8:53 | nulqril.net | udp |
| US | 8.8.8.8:53 | klrrbrtent.info | udp |
| US | 8.8.8.8:53 | uqtmbiyk.info | udp |
| US | 8.8.8.8:53 | nxdpicaqxl.net | udp |
| US | 8.8.8.8:53 | lcbsfiyyz.com | udp |
| US | 8.8.8.8:53 | ljjdqm.info | udp |
| US | 8.8.8.8:53 | ggackugkmm.org | udp |
| US | 8.8.8.8:53 | zgfejcg.net | udp |
| US | 8.8.8.8:53 | glkwumicvb.info | udp |
| US | 8.8.8.8:53 | dmbealkee.net | udp |
| US | 8.8.8.8:53 | xqjkoaimijx.net | udp |
| US | 8.8.8.8:53 | kxlzwiim.net | udp |
| US | 8.8.8.8:53 | asaegk.com | udp |
| US | 8.8.8.8:53 | rhkfblzx.net | udp |
| US | 8.8.8.8:53 | bxbutyo.net | udp |
| US | 8.8.8.8:53 | umlvfu.info | udp |
| US | 8.8.8.8:53 | ekqxtpjakk.info | udp |
| US | 8.8.8.8:53 | menfdudihpi.info | udp |
| US | 8.8.8.8:53 | kojuqc.info | udp |
| US | 8.8.8.8:53 | gdkvoful.info | udp |
| US | 8.8.8.8:53 | foycqbsgtu.info | udp |
| US | 8.8.8.8:53 | kkrorjnoz.info | udp |
| US | 8.8.8.8:53 | jkdcdyf.com | udp |
| US | 8.8.8.8:53 | qqrydab.net | udp |
| LT | 78.62.64.39:38101 | tcp | |
| US | 8.8.8.8:53 | satnshe.net | udp |
| US | 8.8.8.8:53 | hofilylwf.info | udp |
| US | 8.8.8.8:53 | etrzcm.info | udp |
| US | 8.8.8.8:53 | gfuvwmjpgb.net | udp |
| US | 8.8.8.8:53 | vvuxlt.net | udp |
| US | 8.8.8.8:53 | dgputtou.net | udp |
| US | 8.8.8.8:53 | zsqxejydfpnt.info | udp |
| US | 8.8.8.8:53 | wsuuuaaa.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\rdyvhyibbni.exe
| MD5 | 89ec3461ef4a893428c32f89de78b396 |
| SHA1 | 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9 |
| SHA256 | 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b |
| SHA512 | 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8 |
C:\Windows\SysWOW64\oazkfavhzslnrkizzi.exe
| MD5 | 8e8d8dd457411eaf96c3e5f1cf646ec5 |
| SHA1 | b03b741382822e3f012bc8d1c87331aaefeff1a4 |
| SHA256 | b6b2b9e959b52d90742beac4f6b23a72e4c2cb5e802bbb9e7da138098d30cd24 |
| SHA512 | e6cf6ea96fbc9befaf59e1b0a876e7afadc5439918ee294dbe584d474310cc79db4ff7091645e29e0f367561a7a3a71cd80ec4200ebbd7809fd5e738bc58878c |
C:\Users\Admin\AppData\Local\Temp\mmzyhq.exe
| MD5 | 9427724fbec4c66729e704d4b0a10e7e |
| SHA1 | b08d9b608e9d36a0d7f9e895e2b191a9b879cf8b |
| SHA256 | ca1861c8eccbcbc9fe74d2b0ce8eab88f6119cd2ce18d89eec5204961a996c25 |
| SHA512 | 5616761f8d2398148d7970d2071137692d8feb7271d15d79cacdc32ac0f7abd0e219a4255d5ce4b7c00c179e568d9c069c3f60669a4ea5bcc37249873a53284b |
C:\Users\Admin\AppData\Local\dygaeimhikmxkmttcupxrvz.yzb
| MD5 | 05190f09ee38a61772bb23e86c5be4a0 |
| SHA1 | 240c1b4963ab189b6b5f4782958cc61b99fef669 |
| SHA256 | e572ee95628466ef878889dc10af8f16d221eede47bc31fa890da94d13836947 |
| SHA512 | 75b25cf204118a8bb3935b826424aa1b8b4f243b380e66f2ae3edb6528534d89e3cb3da53467949454aa5fcd09dc9a2d14d8c9ae0949ddcdb34110d24be2e486 |
C:\Users\Admin\AppData\Local\qwpujyntfsfbzmepjmslqfujpbobxvialf.ohm
| MD5 | a3cebc39acf1b5b58d65c58da405dd75 |
| SHA1 | 2d491a1e3cfe8901f9f935a7dcd743f010512003 |
| SHA256 | fc4635cd23f148139340f9f18d2b376fc1114f88fb14cd6907799d62a097a450 |
| SHA512 | fb82f12c4b83b556629808035c60a50d8b7f0f4f35906d630e0463c3ddcf1973af30cf8018c9382ec0bcda7c5e08792e09ae5d3bbaf0a77b6d5d46aacfd66354 |
C:\Program Files (x86)\dygaeimhikmxkmttcupxrvz.yzb
| MD5 | 061b0dcb3060d6ca66f10ccce7ab61be |
| SHA1 | 1153d1abe74369829ad1e7bd47af925db4e359ae |
| SHA256 | 309ee03438e0163a9e74641168c2f52aad0212d59fd113da0d866d12f99b2e88 |
| SHA512 | abcdfc97c5b271ef096aa5db38141edf267263ae6eba3d0d6fe1968362edc8963a6383135d55208510347e54febb505b922ad471a87a8640bf8b0a71885c174f |
C:\Program Files (x86)\dygaeimhikmxkmttcupxrvz.yzb
| MD5 | 090933cb1b985003f97868500747aef0 |
| SHA1 | 7f9477a2d53eff62f6a372521bbbcca6c4a4dd4d |
| SHA256 | 11ca72a0d2aa6f1d5bf3c48929d560643bf0daf538737920267b258a2d1604f8 |
| SHA512 | 6b5feed19871a7ee66cb821f9d57fb4b3dba4360358f154c87714994f9fea61e637c08fd9d9e586bf25c8d64a6d37c21f15cd7172af54b7a2acbe4ab9d6ce39b |
C:\Program Files (x86)\dygaeimhikmxkmttcupxrvz.yzb
| MD5 | c360240777510807942609591f7898df |
| SHA1 | 371be61eb3c76ad30bf089a8cf5de0907fc0ff8b |
| SHA256 | 3631ffe7906d9cf7bfa7dacf3dee1d1ca889266d1da3b6437a8de3793f533332 |
| SHA512 | da8beaa0703ca360d7e943e449c38bd4a8169a296b7236906942c796b5b360b697e6c5b0dd8c8ec216d68d0913faed41964b8b7c8c78f11d6ef04352a5e80e96 |
C:\Program Files (x86)\dygaeimhikmxkmttcupxrvz.yzb
| MD5 | 6e0e2d3217412caec52ea2c72bbe6c89 |
| SHA1 | 0a507501387046e565ae2f5958cd02d37d1d9e1e |
| SHA256 | 7fa81602da215a8836f11b3dd1b57a0d1a0dff7e9adc641eea420a55692e0644 |
| SHA512 | 661666bac8d46d08759216dcbb355039008d6e75b6b8118ea94e41fd59f708af1a3907930112fd73141973d24a17cc4f5999bf243e6ca07ae77feca824ce2fe4 |
C:\Users\Admin\AppData\Local\dygaeimhikmxkmttcupxrvz.yzb
| MD5 | fc5d0ecde43e2d21db42ab95d4329073 |
| SHA1 | e1f3856c0ddf8738626f40f9dce852410bab7aaa |
| SHA256 | 2ab7ed12d4b9748ffb1b56be1d5c56183299138b86903ece2f07cab5ebfa3b46 |
| SHA512 | 7cb612f9c80619df2c80d9d138d6e5e6bf8d008d38c62c465cc98e708d1f409855a2aef9cf12f35c2cf3b6e652d9472d1f9dace1494bf09eefa23fe182a0beae |
C:\Program Files (x86)\dygaeimhikmxkmttcupxrvz.yzb
| MD5 | 5ab2d671d5424fe84386eaa59176c574 |
| SHA1 | 78698bbf4c8abc06830ee09ee5001232c2293b5c |
| SHA256 | c988d04e54a3510aedc4a357a5354ffb12e2a1632d7c6fb0cb32d8114120b9f3 |
| SHA512 | 33e8029479b29729f6acaa8a089808042b8e8c5f28c8babe68447adfa78373dcf9891c7b8743f769f006c5de2ec9583ab508d21ef2eb0c485e06b8bb8fdcfbeb |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 01:49
Reported
2024-11-04 04:17
Platform
win7-20240903-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmtahm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aiscmufla = "umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwjwjuirjgre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqmieyvnouoktgldfpjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwjwjuirjgre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwjwjuirjgre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "havqlearrwpkseizajcx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oykwisfneak = "aqiasibpmoewbklzx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oykwisfneak = "jatmfwqfdgxqwgixwd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oykwisfneak = "aqiasibpmoewbklzx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oykwisfneak = "havqlearrwpkseizajcx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwjwjuirjgre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umgaumhxwasmtehxxfx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "aqiasibpmoewbklzx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwjwjuirjgre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqmieyvnouoktgldfpjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "wqmieyvnouoktgldfpjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oykwisfneak = "wqmieyvnouoktgldfpjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "tizqhwobxyneiqqd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwjwjuirjgre = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umgaumhxwasmtehxxfx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oykwisfneak = "umgaumhxwasmtehxxfx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "umgaumhxwasmtehxxfx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jatmfwqfdgxqwgixwd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "aqiasibpmoewbklzx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oykwisfneak = "tizqhwobxyneiqqd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "wqmieyvnouoktgldfpjfb.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "havqlearrwpkseizajcx.exe ." | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe ." | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "umgaumhxwasmtehxxfx.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqiasibpmoewbklzx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\uaiqyen = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\havqlearrwpkseizajcx.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kwkymynxqoaop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tizqhwobxyneiqqd.exe" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umgaumhxwasmtehxxfx.exe ." | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqziryin = "tizqhwobxyneiqqd.exe ." | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnyjselbw = "jatmfwqfdgxqwgixwd.exe" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nqvafiopzorwokyzkdglqvyefp.hme | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | C:\Windows\SysWOW64\nqvafiopzorwokyzkdglqvyefp.hme | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ocsiymdpkkyoryxjfjxndthykfftjmtseaesi.oct | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | C:\Windows\SysWOW64\ocsiymdpkkyoryxjfjxndthykfftjmtseaesi.oct | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ocsiymdpkkyoryxjfjxndthykfftjmtseaesi.oct | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | C:\Program Files (x86)\ocsiymdpkkyoryxjfjxndthykfftjmtseaesi.oct | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | C:\Windows\nqvafiopzorwokyzkdglqvyefp.hme | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\ocsiymdpkkyoryxjfjxndthykfftjmtseaesi.oct | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\nqvafiopzorwokyzkdglqvyefp.hme | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\aqiasibpmoewbklzx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\umgaumhxwasmtehxxfx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File created | C:\Windows\ocsiymdpkkyoryxjfjxndthykfftjmtseaesi.oct | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\havqlearrwpkseizajcx.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\wqmieyvnouoktgldfpjfb.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\tizqhwobxyneiqqd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| File opened for modification | C:\Windows\jatmfwqfdgxqwgixwd.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| File opened for modification | C:\Windows\nifczuslnupmwkqjmxspmj.exe | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8e8d8dd457411eaf96c3e5f1cf646ec5_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe
"C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe" "c:\users\admin\appdata\local\temp\8e8d8dd457411eaf96c3e5f1cf646ec5_jaffacakes118.exe*"
C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe
"C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe" "-C:\Users\Admin\AppData\Local\Temp\tizqhwobxyneiqqd.exe"
C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe
"C:\Users\Admin\AppData\Local\Temp\uaiqyen.exe" "-C:\Users\Admin\AppData\Local\Temp\tizqhwobxyneiqqd.exe"
C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe
"C:\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe" "c:\users\admin\appdata\local\temp\8e8d8dd457411eaf96c3e5f1cf646ec5_jaffacakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.yahoo.com | udp |
| GB | 87.248.114.12:80 | www.yahoo.com | tcp |
| US | 8.8.8.8:53 | kmeggs.org | udp |
| BG | 91.139.235.151:45253 | tcp | |
| US | 8.8.8.8:53 | swxfrax.info | udp |
| US | 8.8.8.8:53 | hqskwog.info | udp |
| US | 8.8.8.8:53 | atfofeasdsh.info | udp |
| US | 8.8.8.8:53 | tovbpkqghpxh.net | udp |
| US | 8.8.8.8:53 | kavtbvqf.info | udp |
| DE | 85.214.228.140:80 | kavtbvqf.info | tcp |
| US | 8.8.8.8:53 | fjehqon.net | udp |
| ES | 81.202.3.163:27333 | tcp | |
| US | 8.8.8.8:53 | ksfmlrecn.info | udp |
| US | 8.8.8.8:53 | sejibalqxar.net | udp |
| US | 54.244.188.177:80 | sejibalqxar.net | tcp |
| US | 8.8.8.8:53 | bbumjwvohpyx.info | udp |
| US | 8.8.8.8:53 | lkxazuyfkpw.info | udp |
| US | 8.8.8.8:53 | egksyqv.info | udp |
| US | 208.100.26.245:80 | egksyqv.info | tcp |
| US | 8.8.8.8:53 | ixxazgbktota.info | udp |
| US | 8.8.8.8:53 | gwpxeilh.net | udp |
| LT | 78.60.212.169:13548 | tcp | |
| US | 8.8.8.8:53 | hephbhd.info | udp |
| US | 8.8.8.8:53 | oqawgqymcu.org | udp |
| LT | 79.132.175.237:41358 | tcp | |
| US | 8.8.8.8:53 | pnfmjmvwlcx.org | udp |
| US | 8.8.8.8:53 | uukawqqgieyk.org | udp |
| US | 8.8.8.8:53 | dhjzbyqgtc.net | udp |
| US | 8.8.8.8:53 | cmjknlt.net | udp |
| US | 8.8.8.8:53 | cmsgmoxcx.info | udp |
| LT | 86.100.211.161:43347 | tcp | |
| US | 8.8.8.8:53 | zesbssz.info | udp |
| US | 8.8.8.8:53 | wclkqrqe.net | udp |
| BG | 95.111.67.251:37592 | tcp | |
| US | 8.8.8.8:53 | oczwxytpncf.net | udp |
| US | 8.8.8.8:53 | aefulae.net | udp |
| US | 8.8.8.8:53 | hypihookz.net | udp |
| LT | 78.60.144.114:34845 | tcp | |
| US | 8.8.8.8:53 | dhkezspards.com | udp |
| US | 8.8.8.8:53 | vqhclzq.org | udp |
| US | 8.8.8.8:53 | rccsdyl.org | udp |
| DK | 83.89.51.15:15274 | tcp | |
| US | 8.8.8.8:53 | mqwqrcr.net | udp |
| US | 8.8.8.8:53 | eghabmyctmz.info | udp |
| US | 8.8.8.8:53 | cfqsdg.info | udp |
| US | 8.8.8.8:53 | vurmzvnuz.net | udp |
| BG | 212.50.77.87:32588 | tcp | |
| US | 8.8.8.8:53 | xerqiiou.net | udp |
| US | 8.8.8.8:53 | ezsdlyartkrv.net | udp |
| US | 8.8.8.8:53 | zicslnwr.info | udp |
| US | 8.8.8.8:53 | wkvbhisocfzh.net | udp |
| US | 8.8.8.8:53 | qukiwsoswuyw.com | udp |
| US | 8.8.8.8:53 | hafjwytftik.net | udp |
| LT | 85.232.129.77:18038 | tcp | |
| US | 8.8.8.8:53 | miokgksskwum.com | udp |
| US | 8.8.8.8:53 | olnajwtqnpvu.net | udp |
| US | 8.8.8.8:53 | tcjonipxgvdd.info | udp |
| US | 8.8.8.8:53 | zmxsnulavke.org | udp |
| US | 8.8.8.8:53 | mfuykhwkmi.info | udp |
| LT | 89.117.133.49:27891 | tcp | |
| US | 8.8.8.8:53 | grpydukbf.net | udp |
| US | 8.8.8.8:53 | ikvswcn.net | udp |
| US | 8.8.8.8:53 | ofqewcdq.net | udp |
| US | 8.8.8.8:53 | havbtylo.net | udp |
| US | 8.8.8.8:53 | yryykwpaw.net | udp |
| US | 8.8.8.8:53 | chptrvqb.net | udp |
| US | 8.8.8.8:53 | bgfmmki.info | udp |
| US | 8.8.8.8:53 | lyzpttnfjjuv.info | udp |
| US | 8.8.8.8:53 | ioyhxid.net | udp |
| US | 8.8.8.8:53 | rnjwdd.info | udp |
| US | 8.8.8.8:53 | myocswemuq.org | udp |
| US | 8.8.8.8:53 | xlaplpmm.net | udp |
| BG | 46.237.86.79:14192 | tcp | |
| US | 8.8.8.8:53 | dptqdez.info | udp |
| US | 8.8.8.8:53 | rmkdmrwdtd.net | udp |
| FR | 85.239.144.254:44998 | tcp | |
| US | 8.8.8.8:53 | wpinquo.info | udp |
| US | 8.8.8.8:53 | byyhnmowp.net | udp |
| US | 8.8.8.8:53 | csnqkwv.net | udp |
| US | 8.8.8.8:53 | vytarafaz.info | udp |
| US | 8.8.8.8:53 | gmiwoe.com | udp |
| US | 8.8.8.8:53 | catdtirlxee.net | udp |
| US | 8.8.8.8:53 | hfercfcaaq.info | udp |
| US | 8.8.8.8:53 | ffqimu.info | udp |
| US | 8.8.8.8:53 | yoxqxslulpk.net | udp |
| US | 8.8.8.8:53 | cnopvoxbucre.net | udp |
| US | 8.8.8.8:53 | gotqpsxeq.net | udp |
| US | 8.8.8.8:53 | mqnknacue.info | udp |
| US | 8.8.8.8:53 | ekuedqrcp.info | udp |
| US | 78.159.143.31:32315 | tcp | |
| US | 8.8.8.8:53 | fowjzztackc.org | udp |
Files
\Users\Admin\AppData\Local\Temp\fpbadygypzl.exe
| MD5 | 89ec3461ef4a893428c32f89de78b396 |
| SHA1 | 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9 |
| SHA256 | 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b |
| SHA512 | 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8 |
C:\Windows\SysWOW64\jatmfwqfdgxqwgixwd.exe
| MD5 | 8e8d8dd457411eaf96c3e5f1cf646ec5 |
| SHA1 | b03b741382822e3f012bc8d1c87331aaefeff1a4 |
| SHA256 | b6b2b9e959b52d90742beac4f6b23a72e4c2cb5e802bbb9e7da138098d30cd24 |
| SHA512 | e6cf6ea96fbc9befaf59e1b0a876e7afadc5439918ee294dbe584d474310cc79db4ff7091645e29e0f367561a7a3a71cd80ec4200ebbd7809fd5e738bc58878c |
\Users\Admin\AppData\Local\Temp\uaiqyen.exe
| MD5 | fc013097dbb4c255478016b15df67f97 |
| SHA1 | 5b48b446353bb1df09b143e07901442cf18c0662 |
| SHA256 | 4e6799862185f6bd77a9715a3748b0cc6a7594d730fecedd5e3736bbf58b7f61 |
| SHA512 | c366f94fcd5340cc6308c535c19dd470eb7b79a3909de8daacd8ac1fc67f3c1ea38c6fdeee750046ced6ecfb552a934088585f1bcc3e6772185205c1be873013 |
C:\Users\Admin\AppData\Local\nqvafiopzorwokyzkdglqvyefp.hme
| MD5 | 1b87b226dcd3c7aff0bdad467faa0d18 |
| SHA1 | 4d22da62b305839fe384af9b6cc0578b004f5f91 |
| SHA256 | be256f4662ad980ffa475ab489785ca70cfbfbff3cdb0df554fd316a7e5cf560 |
| SHA512 | 6b265d736f94ecfe0ab3245e3aa4721015ba5c5dc9c21b1893ce2f6e4809324a9b5880feb6fe8cc882569f2dca7a074f99d5996d3deb70a696cab7fe5230d757 |
C:\Users\Admin\AppData\Local\ocsiymdpkkyoryxjfjxndthykfftjmtseaesi.oct
| MD5 | fdb045e2e1dcc48616e29bc3025ce190 |
| SHA1 | 0fc9224af1fcedd19e0148449e764fded354f4eb |
| SHA256 | 11ce6bb298e9cb10b90438860c781a2f7c505f698c9fd44ad660c6d376bf3338 |
| SHA512 | d61382f07e34bc2234001ab4fbcfa85ed3a158c3ef3764e8a01e3e5c69edc82e044a5b030839760d44f1bcfbc80a13fa375da7763c7264e73fa67e0425ff92e6 |
C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme
| MD5 | bd39d78d7257cad3b57b0cf6852d2459 |
| SHA1 | b756bf07bf0fcc0cb8ddf7b6737df9141167e011 |
| SHA256 | fcb7a2258f089d9f5e46c4d3bceb4f5b35fcc16f59bed7dbcc41c6e5d34bd122 |
| SHA512 | 80c6ee23826c6dbf5e00295656e0f355f96f742b8a73a85a334e0b6e9ac504ee44e923239d7c739b656827db66b201b18ac221275c045b663759343026302793 |
C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme
| MD5 | 3fc0a394b24744c76b7b91a1c10d8216 |
| SHA1 | c5fda7b3b22e94d0cac838f81140fbf1bed64de2 |
| SHA256 | 97be1d6f4501cccdd73226f047d64184481dd20916d9835d0ea42f728db8f42b |
| SHA512 | 5899959af2c785ea64b04f6a26627bcbd3cf9756fdf514de4f15ba9affe0917faa0f0851ede9d825929c3c7637a437779019e5d6e0293552b6f879637357edb8 |
C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme
| MD5 | 866fe1afe131d8c1261d54666cf4461e |
| SHA1 | ae9496f14e1c5125f19b972c69740a4fd99e92b5 |
| SHA256 | 35eaf9bfc1f7baa4f54feec2ed0bf94f920d41499d87e60cee387f651f7549d1 |
| SHA512 | 250726839b7acb471f24e96eea8b69682daeda1eb94c1d9f574877c947b0671938553a1716c7ec627d009438b71fde5ddd493ea465dd591c6ab0a51d5db9da77 |
C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme
| MD5 | afcfeda83189dface8078661956399f0 |
| SHA1 | 70216e651ac58ca32855d7a361e2528a7663824f |
| SHA256 | 8562896a03298191bfae64441e7a7b9d1eb6b8fca82b9e56b056eaf6606ef789 |
| SHA512 | ebb646251eabe7345a4f26330f22914f064ccb9104384b6ddf71ce3dc45e0d08f9bec464b420ca3b55c4672708dc36c58c66e2a3100d422e7daf9e0cb57bec1f |
C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme
| MD5 | 1899d28db807e607993661504212d169 |
| SHA1 | e9c8ac80b89d14963ec923fb8aa71c667a5154e6 |
| SHA256 | 36f0306064b4a8debcee15fe9cb1a936aafa2168c31362433caf71e610b7be8b |
| SHA512 | 39e8864d1a28b5ec8637569d18426261f8ad3a5aa9f389f0af73e9897a437a919d84aba5dc92b0a3998a7be7f7893ff53fcf7258d0b2f596a3f2b0b957c66f55 |
C:\Program Files (x86)\nqvafiopzorwokyzkdglqvyefp.hme
| MD5 | 44acbf916ee6657437ea243c6157ae69 |
| SHA1 | 0dce3dc316cfd0ad192a81e70f1b987616389203 |
| SHA256 | 102d6d89480a5555a0102ca85dd3b3a24a8fbcdf947f0b3c2c76dffc1da614c3 |
| SHA512 | eeead8db0c51d0b9ccdccddc218ac83b65852045c352f8567ae225e34bf4af16ebaf997b21862492dc62d28cb972fbe0f308ff0a946dc0bfc9fc9a73a44ab5e2 |