Malware Analysis Report

2024-12-07 16:59

Sample ID 241113-bevbpatjas
Target c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe
SHA256 c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77f
Tags
defense_evasion discovery evasion persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77f

Threat Level: Known bad

The file c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery evasion persistence privilege_escalation trojan

Modifies WinLogon for persistence

UAC bypass

Disables RegEdit via registry modification

Adds policy Run key to start application

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Impair Defenses: Safe Mode Boot

Adds Run key to start application

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies registry class

Suspicious use of WriteProcessMemory

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 01:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 01:03

Reported

2024-11-13 01:06

Platform

win7-20240903-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znepjdnavjoduygg.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znepjdnavjoduygg.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "znepjdnavjoduygg.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "arlzwtgwultlfmxaqqe.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "arlzwtgwultlfmxaqqe.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "znepjdnavjoduygg.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arlzwtgwultlfmxaqqe.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nryzjt = "nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mnr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arlzwtgwultlfmxaqqe.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zhsxlzdkzh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zhsxlzdkzh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\afnpalm = "nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "znepjdnavjoduygg.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\afnpalm = "gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tvaz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gvnzupaokzfvnsbcq.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfapnlzqphqjemyctujb.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "gvnzupaokzfvnsbcq.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zhsxlzdkzh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "pfylhdpebrypioyapo.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "cvrhgfummfpjfobgyaqjf.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pvehtfhm = "cvrhgfummfpjfobgyaqjf.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfylhdpebrypioyapo.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfylhdpebrypioyapo.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pvehtfhm = "znepjdnavjoduygg.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gvnzupaokzfvnsbcq.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tvaz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arlzwtgwultlfmxaqqe.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pvehtfhm = "pfylhdpebrypioyapo.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zhsxlzdkzh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\afnpalm = "nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "znepjdnavjoduygg.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "nfapnlzqphqjemyctujb.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "pfylhdpebrypioyapo.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tvaz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znepjdnavjoduygg.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znepjdnavjoduygg.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znepjdnavjoduygg.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "znepjdnavjoduygg.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pvehtfhm = "pfylhdpebrypioyapo.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\afnpalm = "pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zhsxlzdkzh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znepjdnavjoduygg.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pvehtfhm = "gvnzupaokzfvnsbcq.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arlzwtgwultlfmxaqqe.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tvaz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfylhdpebrypioyapo.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "gvnzupaokzfvnsbcq.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfapnlzqphqjemyctujb.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "cvrhgfummfpjfobgyaqjf.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\tvaz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arlzwtgwultlfmxaqqe.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zhsxlzdkzh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "nfapnlzqphqjemyctujb.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\afnpalm = "pfylhdpebrypioyapo.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\afnpalm = "cvrhgfummfpjfobgyaqjf.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znepjdnavjoduygg.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pvehtfhm = "nfapnlzqphqjemyctujb.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "znepjdnavjoduygg.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gvnzupaokzfvnsbcq.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arlzwtgwultlfmxaqqe.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "gvnzupaokzfvnsbcq.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\cfllu = "arlzwtgwultlfmxaqqe.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\tvaz = "gvnzupaokzfvnsbcq.exe" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gnxbobeky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arlzwtgwultlfmxaqqe.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pvehtfhm = "nfapnlzqphqjemyctujb.exe ." C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\mnrpwdaaijbdhytggqoptryfc.kld C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File created C:\Windows\SysWOW64\mnrpwdaaijbdhytggqoptryfc.kld C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rdsbtltexjmzoqwufajvktldlwpbergiomxs.ncl C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File created C:\Windows\SysWOW64\rdsbtltexjmzoqwufajvktldlwpbergiomxs.ncl C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File created C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File opened for modification C:\Program Files (x86)\rdsbtltexjmzoqwufajvktldlwpbergiomxs.ncl C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File created C:\Program Files (x86)\rdsbtltexjmzoqwufajvktldlwpbergiomxs.ncl C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\mnrpwdaaijbdhytggqoptryfc.kld C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File created C:\Windows\mnrpwdaaijbdhytggqoptryfc.kld C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File opened for modification C:\Windows\rdsbtltexjmzoqwufajvktldlwpbergiomxs.ncl C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
File created C:\Windows\rdsbtltexjmzoqwufajvktldlwpbergiomxs.ncl C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1740 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe
PID 1740 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe
PID 1740 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe
PID 1740 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe
PID 1740 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe
PID 1740 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe
PID 1740 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe
PID 1740 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe C:\Users\Admin\AppData\Local\Temp\nryzjt.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\nryzjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe

"C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe"

C:\Users\Admin\AppData\Local\Temp\nryzjt.exe

"C:\Users\Admin\AppData\Local\Temp\nryzjt.exe" "-"

C:\Users\Admin\AppData\Local\Temp\nryzjt.exe

"C:\Users\Admin\AppData\Local\Temp\nryzjt.exe" "-"

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 104.27.207.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.27.207.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.27.207.92:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.baidu.com udp
HK 103.235.47.188:80 www.baidu.com tcp
US 8.8.8.8:53 hklgkqwuttn.com udp
IE 34.246.200.160:80 hklgkqwuttn.com tcp
US 8.8.8.8:53 kalyeqp.info udp
US 8.8.8.8:53 osbmfbqinar.net udp
US 8.8.8.8:53 lcfllcilwtmy.net udp
US 8.8.8.8:53 wljsua.net udp
US 8.8.8.8:53 pajqtkf.net udp
US 8.8.8.8:53 yeqsceua.org udp
US 8.8.8.8:53 oezxuigfr.net udp
US 8.8.8.8:53 aedavnmwm.info udp
US 8.8.8.8:53 vnumxtxsgu.info udp
US 8.8.8.8:53 elcafyiivi.net udp
US 8.8.8.8:53 bocrhw.info udp
US 8.8.8.8:53 ratirtqyspss.net udp
US 8.8.8.8:53 pqdzdihyhth.net udp
US 8.8.8.8:53 ocsauw.com udp
US 8.8.8.8:53 xubqyeampj.info udp
US 8.8.8.8:53 qbzmnc.net udp
US 8.8.8.8:53 kecoaaae.org udp
US 8.8.8.8:53 lcsgfob.org udp
US 8.8.8.8:53 easkwgeaqo.com udp
US 8.8.8.8:53 pdqcrl.net udp
US 8.8.8.8:53 kuxajxugfkr.net udp
US 8.8.8.8:53 dtlawq.info udp
US 8.8.8.8:53 hnhefth.net udp
US 8.8.8.8:53 cqeeig.com udp
US 8.8.8.8:53 gegsmeccckwk.com udp
US 8.8.8.8:53 cqiuai.org udp
US 8.8.8.8:53 wqnblevmvyju.net udp
US 8.8.8.8:53 azrakrbzpk.net udp
US 8.8.8.8:53 eqkgoeiuwe.com udp
US 8.8.8.8:53 sapdjozokgt.net udp
US 8.8.8.8:53 vwpjngnalgt.com udp
US 8.8.8.8:53 vjmyxpra.net udp
US 8.8.8.8:53 icaypabua.net udp
US 8.8.8.8:53 qmlgkmn.info udp
US 8.8.8.8:53 ymwyladwrsf.info udp
US 8.8.8.8:53 nxnwpxhqyg.net udp
US 8.8.8.8:53 ewxlzqxkx.net udp
US 8.8.8.8:53 xlfavuzdrub.com udp
US 8.8.8.8:53 xsbcdbbsl.org udp
US 8.8.8.8:53 iiwopszkjef.info udp
US 8.8.8.8:53 hsqgtykojcs.info udp
US 8.8.8.8:53 gmpytayqlsk.info udp
US 8.8.8.8:53 nipcton.info udp
US 8.8.8.8:53 zxfznjjo.net udp
US 8.8.8.8:53 ucdgxvanlw.net udp
US 8.8.8.8:53 vlzmxsiodav.com udp
US 8.8.8.8:53 wayqkqucye.org udp
US 8.8.8.8:53 xwfmlmbmtaz.info udp
DE 85.214.228.140:80 xwfmlmbmtaz.info tcp
US 8.8.8.8:53 tyrfgmksg.org udp
US 8.8.8.8:53 cyjjtlzjuev.info udp
US 8.8.8.8:53 znjqhevfsdxa.net udp
US 8.8.8.8:53 nafodwrwdqd.com udp
US 8.8.8.8:53 hpdecdhc.net udp
US 8.8.8.8:53 wmvisyvgd.info udp
US 8.8.8.8:53 oswuguuawsmo.com udp
US 8.8.8.8:53 wipgwo.net udp
US 8.8.8.8:53 qymcutnuphye.net udp
US 8.8.8.8:53 suyqsisiui.com udp
US 8.8.8.8:53 yajovmrwq.info udp
US 8.8.8.8:53 jkkjvq.net udp
US 8.8.8.8:53 kgwgmwcigysq.org udp
US 8.8.8.8:53 dhueipoh.net udp
US 8.8.8.8:53 txpmselkj.info udp
US 8.8.8.8:53 ydqlnw.info udp
US 208.100.26.245:80 ydqlnw.info tcp
US 8.8.8.8:53 izjtdn.info udp
US 8.8.8.8:53 cavsjeiglxp.info udp
US 8.8.8.8:53 dofmfoaqf.net udp
US 8.8.8.8:53 uncaephtnirx.info udp
US 8.8.8.8:53 jnquwcqy.info udp

Files

\Users\Admin\AppData\Local\Temp\nryzjt.exe

MD5 92f233373fbfaa8e15529c0f0defabbd
SHA1 b5b829da61c59d468b1667548e4a37aecff5d608
SHA256 04783e2335d9891f0a78cb79a6b22472bc965a9358d574d369f1b2bc8cd1220a
SHA512 8cad0c2c3d2154e7481d729ff5adb3639bded42cf221d342d86f3ef4fd9f46be50ae116cda226d396060a2c611187b9e906f761524564b7656c72507c783b7b4

C:\Users\Admin\AppData\Local\rdsbtltexjmzoqwufajvktldlwpbergiomxs.ncl

MD5 9e4959c191cc21500917d94bfa0dd2a3
SHA1 6e6cd855a9a43195d9ea66555019e50e6d14d768
SHA256 bb4a7aa598ffdc5646801abfd50ad116ccf84be956819b42fad3d518386a68b9
SHA512 de98cdb9c524545bce498719a8bfd935e3c241d896305229e62582470eba729009da01c55c4a657cdb1710c68a71251b2fc83eb58b39dd1a6aa872d31bb306af

C:\Users\Admin\AppData\Local\mnrpwdaaijbdhytggqoptryfc.kld

MD5 95060dfa7df1388e6c77ec3716e1f273
SHA1 d379e7eee8bed2f2bf3c773a9370ba1a1fe82715
SHA256 09f1ab13d8d7c41106ed6bc44096b4ba586b121b749219d1fa53c13b74a29869
SHA512 a8d08fc907a6721e0ddcf299be25b89e1218572343fd7a096a6cc45b8e01ef939573441f07fd1e4a52662c253923ecaf3cb5d6608caa82d8ed15cc6fc10faf4a

C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld

MD5 6bae365319aa167e4e8750b6b3f087f0
SHA1 82e045c6b817e3e4b189e89e1f869e11a78a77b7
SHA256 7ffd37c1028cea44621d83cd6e87171be5876149267a28103ec19d5b976dd0f5
SHA512 50ed0d88645df4dc50e03237217ed943cd999ebe3420d5ed1334f3a1de9a660d5b92696eca77120e2c61d0b5bc59ab9e172bddc861cf708846c6b62328b44eb2

C:\Users\Admin\AppData\Local\mnrpwdaaijbdhytggqoptryfc.kld

MD5 370a1cd8ca098c91545f46e2aeb4ab50
SHA1 053d1733c9ad9fcac3b660e6ff4ef1f4fe24439b
SHA256 7a46351053ae8fcce49507e0407565209c5213892222b9734a2de4603c44f44b
SHA512 9e7d6f9bcabd26f827ac0e87782a8942fc2cbf02abd3b026ac10e105520e1efbb3b38847edecb0813886f7e2bf67bc173bef576898894b3f67a87e3cf6564748

C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld

MD5 c82ce69b1117a880fba4382db2735d7e
SHA1 96dbab6a6b8f8c58ccbf27d5bd99b734cabe5058
SHA256 49d16449c0ad145197076195ef81198b200499feb262562d46b6ca130ccd965a
SHA512 32e179844c30159d08a9223262734a14022e5acf5306640bbf0914a06d444dc93d5a5de138ecb1324e2160237e5ba4fb2f55b43852cbfcb158c56c9e8248610d

C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld

MD5 0d6989d87595f517da6abc50f84a845c
SHA1 39a2c635c30afd8b6d178cbff89c66b15f071708
SHA256 a64aca9848eae61af5cda9dd378ea4bd8f1754c3ac5360a40f6a5a5feb713855
SHA512 3fdb22d7752e42bf87d842832e8d90e2dfa78194a1c67d579e93a70ad6a8a884ba8c72a3ee9cd9cdc14eda9eda62bfbdb3a9043dc78ffc0e3bd1bfe013a88ddc

C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld

MD5 83483c53fdeab8632194a8a26f4f3e07
SHA1 dc501dc0f9a988d2795bb7a3a2b11c2bee48bbb3
SHA256 4625b22153da5543b99b5ee91b7e87683d89d03058f596f5f90bbecf809e0cd7
SHA512 95eebdc83b6fe603881b28f26585a7a9f0c88c7c71a267ee5443f8c2e42a13efdc6403e8f97a6c8a7ebff43f1ebdbe674197be29004af290afcc352aef6fac2d

C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld

MD5 efc7780f1415edbc86ee75d9e29ac464
SHA1 a67f3415d8639c597a6da17bfb4796e341a7f2d2
SHA256 ff0c45ac4c4449dc90d2ec6544f437025108bf6e364efcf8f12a46fd8bffeb44
SHA512 6f356222eee92f88146a908ac30e404a94c3a4654bea233f541f2161af4778172277476bfb15ac1e0470a4df189a17fe69c29c6644a9523cab9765fbdd86982a

C:\Program Files (x86)\mnrpwdaaijbdhytggqoptryfc.kld

MD5 8bcd36f237932d771f9800c1a3a88497
SHA1 da403f4bf632ab69c1aaf499636a3cfd65dc99af
SHA256 15093a18785e9222ad32e1af42e82f5d9d86da01db0f8fff71e70ed76023380f
SHA512 a1a163c22c17c8167eb07eb6a53edfb1742b577a878c35df82d8d884ce0ba1fa6fb62301f321c8e13231f8b61b25443fc1b2cdf76a2413125c11339ec6b16b63

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 01:03

Reported

2024-11-13 01:06

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hor = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\isyakk = "igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\boxcpsdlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\owaa = "uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\boxcpsdlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\boxcpsdlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\boxcpsdlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\owaa = "uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kweiuwgn = "bwnavgzphawleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igaqocyrmihzvstxenec.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "bwnavgzphawleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vslaxkfxrmkbwssvbjz.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kweiuwgn = "vslaxkfxrmkbwssvbjz.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "bwnavgzphawleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\owaa = "kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\owaa = "kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kweiuwgn = "xwrihwtnjggzwuwbjtlkf.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "uoeqkumbskftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\boxcpsdlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kweiuwgn = "kgymiuofyspfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoeqkumbskftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\owaa = "xwrihwtnjggzwuwbjtlkf.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kweiuwgn = "igaqocyrmihzvstxenec.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "xwrihwtnjggzwuwbjtlkf.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "kgymiuofyspfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\boxcpsdlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vslaxkfxrmkbwssvbjz.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwnavgzphawleywxb.exe" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\owaa = "igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owaa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igaqocyrmihzvstxenec.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vslaxkfxrmkbwssvbjz.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "igaqocyrmihzvstxenec.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgnqbcl = "kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\boxcpsdlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "vslaxkfxrmkbwssvbjz.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xglmv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uisymqclwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgymiuofyspfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\uoeqkumbskftlebbejwqgsmwodumhvngddglys.uoy C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File created C:\Windows\SysWOW64\uoeqkumbskftlebbejwqgsmwodumhvngddglys.uoy C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File opened for modification C:\Windows\SysWOW64\xglmvubflscfmugvnhjsxyhgnrx.ory C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File created C:\Windows\SysWOW64\xglmvubflscfmugvnhjsxyhgnrx.ory C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File opened for modification C:\Program Files (x86)\uoeqkumbskftlebbejwqgsmwodumhvngddglys.uoy C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File created C:\Program Files (x86)\uoeqkumbskftlebbejwqgsmwodumhvngddglys.uoy C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File opened for modification C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\xglmvubflscfmugvnhjsxyhgnrx.ory C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File created C:\Windows\xglmvubflscfmugvnhjsxyhgnrx.ory C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File opened for modification C:\Windows\uoeqkumbskftlebbejwqgsmwodumhvngddglys.uoy C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
File created C:\Windows\uoeqkumbskftlebbejwqgsmwodumhvngddglys.uoy C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe

"C:\Users\Admin\AppData\Local\Temp\c49a6d6259d7090608badcb4853eefb1be958577dc417ec124fa313c71f8c77fN.exe"

C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe

"C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe" "-"

C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe

"C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe" "-"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 79.222.19.104.in-addr.arpa udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.com udp
US 104.27.206.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 92.206.27.104.in-addr.arpa udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.27.206.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 175.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.27.206.92:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.blogger.com udp
GB 216.58.201.105:80 www.blogger.com tcp
US 8.8.8.8:53 hklgkqwuttn.com udp
IE 34.246.200.160:80 hklgkqwuttn.com tcp
US 8.8.8.8:53 ifwmihamw.info udp
US 8.8.8.8:53 bwakyoheys.info udp
US 8.8.8.8:53 djjmoiwef.net udp
US 8.8.8.8:53 ooyuaddkd.net udp
US 8.8.8.8:53 wljsua.net udp
US 8.8.8.8:53 osyezefntox.info udp
US 8.8.8.8:53 igique.com udp
US 8.8.8.8:53 bobvyquf.net udp
US 8.8.8.8:53 sevuaqoar.net udp
US 8.8.8.8:53 yeqsceua.org udp
US 8.8.8.8:53 ooqkmgas.com udp
US 8.8.8.8:53 cmsswcee.org udp
US 8.8.8.8:53 105.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 ratirtqyspss.net udp
US 8.8.8.8:53 ceqcco.org udp
US 8.8.8.8:53 xubqyeampj.info udp
US 8.8.8.8:53 ekmmsayeiq.org udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 rbrvrurtemet.net udp
US 8.8.8.8:53 jkowqlnq.net udp
US 8.8.8.8:53 lcsgfob.org udp
US 8.8.8.8:53 sqoiacau.com udp
US 8.8.8.8:53 apzpil.net udp
US 8.8.8.8:53 jbrfvdlzkw.info udp
US 8.8.8.8:53 kuxajxugfkr.net udp
US 8.8.8.8:53 rcfyvkbmlm.net udp
US 8.8.8.8:53 ludkwlbzh.org udp
US 8.8.8.8:53 syjbaodopep.net udp
US 8.8.8.8:53 gadwfsskv.info udp
US 8.8.8.8:53 cegvxqe.net udp
US 8.8.8.8:53 cqiuai.org udp
US 8.8.8.8:53 asxzrcjixfz.info udp
US 8.8.8.8:53 nodheyoppr.info udp
US 8.8.8.8:53 btzgymm.net udp
US 8.8.8.8:53 azrakrbzpk.net udp
US 8.8.8.8:53 vcqalugzlpf.com udp
US 8.8.8.8:53 xqiscudmtvp.org udp
US 8.8.8.8:53 ussoqumeqw.com udp
US 8.8.8.8:53 eqkgoeiuwe.com udp
US 8.8.8.8:53 nkbnfax.net udp
US 8.8.8.8:53 nebsjehgzvd.info udp
US 8.8.8.8:53 vjmyxpra.net udp
US 8.8.8.8:53 lbnslq.info udp
US 8.8.8.8:53 nicavazvx.org udp
US 8.8.8.8:53 nxnwpxhqyg.net udp
US 8.8.8.8:53 nprity.info udp
US 8.8.8.8:53 rqhzsmbqga.net udp
US 8.8.8.8:53 rhhqjdk.com udp
US 8.8.8.8:53 sevfobleno.info udp
US 8.8.8.8:53 iiwopszkjef.info udp
US 8.8.8.8:53 ewowpywkt.info udp
US 8.8.8.8:53 zxfznjjo.net udp
US 8.8.8.8:53 zwhhrq.info udp
US 8.8.8.8:53 xmemjpyckl.info udp
US 8.8.8.8:53 xwfmlmbmtaz.info udp
DE 85.214.228.140:80 xwfmlmbmtaz.info tcp
US 8.8.8.8:53 gzhboo.info udp
US 8.8.8.8:53 augoesqaye.org udp
US 8.8.8.8:53 shvvnecvzhka.info udp
US 8.8.8.8:53 nafodwrwdqd.com udp
US 8.8.8.8:53 kymaqoacwmsi.com udp
US 8.8.8.8:53 tphdrl.net udp
US 8.8.8.8:53 yaimuc.org udp
US 8.8.8.8:53 gywmkgmukq.com udp
US 8.8.8.8:53 jkkjvq.net udp
US 8.8.8.8:53 chwwok.info udp
US 8.8.8.8:53 carzlrl.info udp
US 8.8.8.8:53 jyxshwnl.net udp
US 8.8.8.8:53 pmasroxwz.com udp
US 8.8.8.8:53 xnevexwojuzq.info udp
US 8.8.8.8:53 lwiklaz.info udp
US 8.8.8.8:53 ubbwxessv.info udp
US 8.8.8.8:53 vpbnpofvbr.net udp
US 8.8.8.8:53 scuwvyz.net udp
US 8.8.8.8:53 aalczsobt.info udp
US 8.8.8.8:53 ydqlnw.info udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 208.100.26.245:80 ydqlnw.info tcp
US 8.8.8.8:53 hzupgo.net udp
US 8.8.8.8:53 nwuvzsad.info udp
US 8.8.8.8:53 qehozpy.info udp
US 8.8.8.8:53 uncaephtnirx.info udp
US 8.8.8.8:53 tyxvdegacg.info udp
US 8.8.8.8:53 jlvexozzzuxh.info udp
US 8.8.8.8:53 zhfsxb.net udp
US 8.8.8.8:53 oattep.info udp
US 8.8.8.8:53 tnxivajml.com udp
US 8.8.8.8:53 tfddbftd.net udp
US 8.8.8.8:53 inbqnmxjndf.net udp
US 8.8.8.8:53 eivkqapqd.net udp
US 8.8.8.8:53 rkcpfhb.org udp
US 8.8.8.8:53 scmkcdlrlpil.info udp
US 8.8.8.8:53 nafxot.net udp
US 8.8.8.8:53 wobcrkuoy.info udp
US 8.8.8.8:53 wecswommee.com udp
US 8.8.8.8:53 hypudcrcbkp.org udp
US 8.8.8.8:53 issutcamheh.net udp
US 8.8.8.8:53 ywquuu.org udp
US 8.8.8.8:53 dfkvgzihh.org udp
US 8.8.8.8:53 xudkxouid.net udp
US 8.8.8.8:53 pencxrvurgl.net udp
US 8.8.8.8:53 xxzhcw.net udp
US 8.8.8.8:53 parrndweuec.net udp
US 8.8.8.8:53 ewwquu.org udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 pzbfklfj.net udp
US 8.8.8.8:53 cgocmmaksqkm.org udp
US 8.8.8.8:53 nzkibs.info udp
US 8.8.8.8:53 wehcrbbvjhl.net udp
US 8.8.8.8:53 gqkockscskay.com udp
US 8.8.8.8:53 jyjdcqwrxx.net udp
US 8.8.8.8:53 eqzkripjcvn.net udp
US 8.8.8.8:53 xrabyexuo.com udp
US 8.8.8.8:53 pysfwixbih.info udp
US 8.8.8.8:53 hidudbvlpp.info udp
US 8.8.8.8:53 ohujmjmy.net udp
US 8.8.8.8:53 xcrabwwkdky.net udp
US 8.8.8.8:53 lgswzqbvc.org udp
US 8.8.8.8:53 vwruvqn.net udp
US 8.8.8.8:53 znbmhmkarc.info udp
US 8.8.8.8:53 bojqpad.org udp
US 8.8.8.8:53 hcvcguhfl.net udp
US 8.8.8.8:53 pkoztbztnp.info udp
US 8.8.8.8:53 duhopvaqdy.net udp
US 8.8.8.8:53 cikefqvitjps.net udp
US 8.8.8.8:53 cgfnfejd.info udp
US 8.8.8.8:53 eqkmnqr.net udp
US 8.8.8.8:53 siewtsrkrgq.info udp
US 8.8.8.8:53 tlhpnkj.com udp
US 8.8.8.8:53 hyewapk.info udp
US 8.8.8.8:53 xofyhmwvlzb.net udp
US 8.8.8.8:53 pdzxft.net udp
US 8.8.8.8:53 yrfvpcel.info udp
US 8.8.8.8:53 qgumyciy.com udp
US 8.8.8.8:53 kuqivfxmgsql.net udp
US 8.8.8.8:53 zabvdclm.net udp
US 8.8.8.8:53 okmosoac.com udp
US 8.8.8.8:53 aelxvivwnsg.info udp
US 8.8.8.8:53 xabejlmvhpf.net udp
US 8.8.8.8:53 kalebboirg.net udp
US 8.8.8.8:53 qhaojrfcdyc.net udp
US 8.8.8.8:53 neyizica.net udp
US 8.8.8.8:53 gucqyzvjj.info udp
US 8.8.8.8:53 kajlsxb.info udp
US 8.8.8.8:53 vuxypjbph.com udp
US 8.8.8.8:53 gavujclrhuim.net udp
US 8.8.8.8:53 kprjijuyyakp.info udp
US 8.8.8.8:53 uvzigfdvbr.info udp
US 8.8.8.8:53 vlszkn.info udp
US 8.8.8.8:53 dzdrfvbc.net udp
US 8.8.8.8:53 wwdhtkwlnbhy.info udp
US 8.8.8.8:53 ekuffx.net udp
US 8.8.8.8:53 qscigc.org udp
US 8.8.8.8:53 thtyww.net udp
US 8.8.8.8:53 ckmuucoccg.com udp
US 8.8.8.8:53 zabhnekkco.net udp
US 8.8.8.8:53 fcyjkhf.net udp
US 8.8.8.8:53 ltlxgvmu.net udp
US 8.8.8.8:53 aelubcv.info udp
US 8.8.8.8:53 neppydd.com udp
US 8.8.8.8:53 ntedjeclfxlc.net udp
US 8.8.8.8:53 grjgraoeefhx.info udp
US 8.8.8.8:53 fxhiadxwhvh.info udp
US 8.8.8.8:53 pzryostgtub.org udp
US 8.8.8.8:53 zalmpgmtc.net udp
US 8.8.8.8:53 wezsexrkb.net udp
US 8.8.8.8:53 lhyzahg.com udp
US 8.8.8.8:53 nsmeaussngu.net udp
US 8.8.8.8:53 vujqbseacoy.net udp
US 8.8.8.8:53 dilmcmz.net udp
US 8.8.8.8:53 biknblc.info udp
US 8.8.8.8:53 vinktxd.info udp
US 8.8.8.8:53 dhsiyriwda.info udp
US 8.8.8.8:53 rxzovhuugl.net udp
US 8.8.8.8:53 tepnzlwrbfpl.net udp
US 8.8.8.8:53 xemhrecozbv.org udp
US 8.8.8.8:53 aammcs.com udp
US 8.8.8.8:53 tapazhgsq.net udp
US 8.8.8.8:53 rqvqkxzpa.net udp
US 8.8.8.8:53 ygwoiigsiq.com udp
US 8.8.8.8:53 akjruaqknkfs.net udp
US 8.8.8.8:53 krqqsrk.info udp
US 8.8.8.8:53 yczzlymjo.net udp
US 8.8.8.8:53 vmylheoy.info udp
US 8.8.8.8:53 okmeweimsu.com udp
US 8.8.8.8:53 qqyumkmw.org udp
US 8.8.8.8:53 cmsisw.org udp
US 8.8.8.8:53 fejrauxktudl.info udp
US 8.8.8.8:53 yutorem.info udp
US 8.8.8.8:53 qljmzl.net udp
US 8.8.8.8:53 ygcccweuuggc.org udp
US 8.8.8.8:53 stxapuuba.info udp
US 8.8.8.8:53 bbtknwotmred.net udp
US 8.8.8.8:53 yaqmzkmax.net udp
US 8.8.8.8:53 ekouqagyuoyo.com udp
US 8.8.8.8:53 scgqmcckgeoi.org udp
US 8.8.8.8:53 gwleqpds.net udp
US 8.8.8.8:53 dklfdu.net udp
US 8.8.8.8:53 yavekefqtco.net udp
US 8.8.8.8:53 guiqzj.net udp
US 8.8.8.8:53 zlzqbidi.net udp
US 8.8.8.8:53 nafpvuxzgf.info udp
US 8.8.8.8:53 owkqkc.com udp
US 8.8.8.8:53 penkbyumdj.net udp
US 8.8.8.8:53 cwqoie.org udp
US 8.8.8.8:53 oihfbkhcx.info udp
US 8.8.8.8:53 bavewjuc.info udp
US 8.8.8.8:53 adxkcadg.info udp
US 8.8.8.8:53 nftinalyuef.com udp
US 8.8.8.8:53 vmtrlxfwf.org udp
US 8.8.8.8:53 kpyvvmntqn.net udp
US 8.8.8.8:53 exxayny.net udp
US 8.8.8.8:53 dbnsgzvs.net udp
US 8.8.8.8:53 bkbnmwfib.org udp
US 8.8.8.8:53 msxgxytecov.net udp
US 8.8.8.8:53 nudslgskvez.com udp
US 8.8.8.8:53 kmwaavslle.net udp
US 8.8.8.8:53 yaukcyu.net udp
US 8.8.8.8:53 norxwtv.net udp
US 8.8.8.8:53 xoverr.net udp
US 184.95.40.186:80 xoverr.net tcp
US 8.8.8.8:53 rixkdktie.com udp
US 8.8.8.8:53 jkqchdvc.net udp
US 8.8.8.8:53 hrsmxow.com udp
US 8.8.8.8:53 btpypfipmac.info udp
US 8.8.8.8:53 rmnglgcry.info udp
US 8.8.8.8:53 mhhvhanetcl.net udp
US 8.8.8.8:53 sjzbdvpd.net udp
US 8.8.8.8:53 vmtqfgxol.net udp
US 8.8.8.8:53 oagunomqr.info udp
US 8.8.8.8:53 qdnczevvcef.info udp
US 8.8.8.8:53 vaqymva.org udp
US 8.8.8.8:53 ibtbwocs.net udp
US 8.8.8.8:53 wsrtswcx.info udp
US 8.8.8.8:53 kqqcdiurz.info udp
US 8.8.8.8:53 cidbbd.info udp
US 8.8.8.8:53 weaquoegacic.com udp
US 8.8.8.8:53 pobpaf.info udp
US 8.8.8.8:53 ktbtwzwt.net udp
US 8.8.8.8:53 vciwesffk.info udp
US 8.8.8.8:53 tlvars.net udp
US 8.8.8.8:53 pikyhpboz.org udp
US 8.8.8.8:53 sygcxixolt.info udp
US 8.8.8.8:53 hggwddv.org udp
US 8.8.8.8:53 rahkxvq.com udp
US 8.8.8.8:53 uyitealqwsx.net udp
US 8.8.8.8:53 brkzng.net udp
US 8.8.8.8:53 suxazegtfph.net udp
US 8.8.8.8:53 ggihogkfvspm.net udp
US 8.8.8.8:53 nsakmtoeyhte.info udp
US 8.8.8.8:53 jilbwqlziqo.org udp
US 8.8.8.8:53 186.40.95.184.in-addr.arpa udp
US 8.8.8.8:53 luvnzcjivjt.org udp
US 8.8.8.8:53 ccmeucsi.org udp
US 8.8.8.8:53 tcjklvneg.org udp
N/A 192.168.28.2:445 tcp
US 8.8.8.8:53 hitovapsg.com udp
US 8.8.8.8:53 xjmppymcait.net udp
US 8.8.8.8:53 lddwtvdntu.net udp
US 8.8.8.8:53 dbvcgcynnmmk.net udp
US 8.8.8.8:53 lfnmtqm.net udp
US 8.8.8.8:53 sjfgnzvkawh.net udp
US 8.8.8.8:53 bojyzgrklki.info udp
US 8.8.8.8:53 qmbwxclgd.info udp
US 8.8.8.8:53 qycveuncgrqb.info udp
US 8.8.8.8:53 liewhmuwlzwg.net udp
US 8.8.8.8:53 fefszdn.info udp
US 8.8.8.8:53 pczdyxkwx.net udp
US 8.8.8.8:53 depfbed.net udp
US 8.8.8.8:53 ihmiezn.net udp
US 8.8.8.8:53 exhbhsiyq.net udp
US 8.8.8.8:53 egjbayga.net udp
US 8.8.8.8:53 aammyo.com udp
US 8.8.8.8:53 fmbjtpzwir.net udp
US 8.8.8.8:53 twaalvhjlcod.info udp
US 8.8.8.8:53 hhdcno.info udp
US 8.8.8.8:53 hllerrk.info udp
US 8.8.8.8:53 qevgbuofl.net udp
US 8.8.8.8:53 vclbncxnz.com udp
US 8.8.8.8:53 cclxeithcl.info udp
US 8.8.8.8:53 oisfxztxhv.info udp
US 8.8.8.8:53 aquocoay.com udp
US 8.8.8.8:53 aykofqkczge.info udp
US 8.8.8.8:53 ghpuvqreysb.info udp
US 8.8.8.8:53 wlwsdx.info udp
US 8.8.8.8:53 xsrotcd.org udp
N/A 192.168.28.2:139 tcp
US 8.8.8.8:53 lcsvvzkkns.info udp
US 8.8.8.8:53 lqalbthox.net udp
US 8.8.8.8:53 wozenubob.net udp
US 8.8.8.8:53 mgoemc.org udp
US 8.8.8.8:53 ttmjnt.net udp
US 8.8.8.8:53 slwxlq.net udp
US 8.8.8.8:53 lmyupkx.org udp
US 8.8.8.8:53 llbvdwjqfxxi.net udp
US 8.8.8.8:53 rqgezhvw.net udp
US 8.8.8.8:53 dcxdlypj.net udp
US 8.8.8.8:53 ndrkrdlatjnv.net udp
US 8.8.8.8:53 acaeiwei.com udp
US 8.8.8.8:53 wcmimo.org udp
US 8.8.8.8:53 kymnwzzivpdl.net udp
US 8.8.8.8:53 mqjgwhr.net udp
US 8.8.8.8:53 qtbtjoufwdte.net udp
US 8.8.8.8:53 fuhslox.com udp
US 8.8.8.8:53 wbtdhv.info udp
US 8.8.8.8:53 uepwdilhzqh.net udp
US 8.8.8.8:53 kigiqiuu.org udp
US 8.8.8.8:53 acbxcmcdn.info udp
US 8.8.8.8:53 zimmxaruzop.com udp
US 8.8.8.8:53 iepvja.info udp
US 8.8.8.8:53 rcheoipeq.org udp
US 8.8.8.8:53 vnlslckqfzu.org udp
US 8.8.8.8:53 dqhetgaa.info udp
US 8.8.8.8:53 peeywjoj.net udp
US 8.8.8.8:53 egzkpol.net udp
US 8.8.8.8:53 nnbebsssxvul.net udp
US 8.8.8.8:53 oifatfv.net udp
US 8.8.8.8:53 szenlgkkna.info udp
US 8.8.8.8:53 bbtbbofqujwe.net udp
US 8.8.8.8:53 tzbocqevrpze.net udp
US 8.8.8.8:53 jxfjaf.net udp
US 8.8.8.8:53 eamiwqog.com udp
US 8.8.8.8:53 uwyewequqkii.com udp
US 8.8.8.8:53 hzitchpq.net udp
US 8.8.8.8:53 pzekkmld.info udp
US 8.8.8.8:53 hfbieturus.net udp
US 8.8.8.8:53 butyonop.info udp
US 8.8.8.8:53 tzwflmeio.net udp
US 8.8.8.8:53 qadgzkl.info udp
US 8.8.8.8:53 csfexc.net udp
US 8.8.8.8:53 fydwhccelch.info udp
US 8.8.8.8:53 lklahmjyf.com udp
US 8.8.8.8:53 ejobylns.info udp
US 8.8.8.8:53 ziperifgxmw.info udp
US 8.8.8.8:53 ukiouggi.com udp
US 8.8.8.8:53 wesjdq.net udp
US 8.8.8.8:53 tvkvmwhx.info udp
US 8.8.8.8:53 koyyccyawm.com udp
US 8.8.8.8:53 uppxajxn.net udp
US 8.8.8.8:53 rahnqeiicef.com udp
US 8.8.8.8:53 xampjxacceng.info udp
US 8.8.8.8:53 eqymum.com udp
US 8.8.8.8:53 aknvtdmihz.info udp
US 8.8.8.8:53 swuynjfkbnv.net udp
US 8.8.8.8:53 zujaytpay.org udp
US 8.8.8.8:53 cmeltqig.info udp
US 8.8.8.8:53 ktpsbkodseh.net udp
US 8.8.8.8:53 xthnja.net udp
US 8.8.8.8:53 mdrdvyv.net udp
US 8.8.8.8:53 ncxqok.info udp
US 8.8.8.8:53 vdnopujwk.info udp
US 8.8.8.8:53 dfbgcwdv.info udp
US 8.8.8.8:53 euuqaq.org udp
US 8.8.8.8:53 jgufibeybs.info udp
US 8.8.8.8:53 eaookwmcawqg.com udp
US 8.8.8.8:53 zqgewctiuah.org udp
US 8.8.8.8:53 xkypvkd.info udp
US 8.8.8.8:53 habesibat.org udp
US 8.8.8.8:53 jjsgcch.info udp
US 8.8.8.8:53 yveovmlrlid.info udp
US 8.8.8.8:53 qdpugj.net udp
US 8.8.8.8:53 eeikmo.org udp
US 8.8.8.8:53 tuugtorx.info udp
US 8.8.8.8:53 dkkbctrkjrp.org udp
US 8.8.8.8:53 xcxxvvmr.info udp
US 8.8.8.8:53 tmzjhmaahmz.info udp
US 8.8.8.8:53 aolqpoqsfwf.info udp
US 8.8.8.8:53 kmcioo.org udp
US 8.8.8.8:53 syqsak.org udp
US 8.8.8.8:53 ysrdzppy.net udp
US 8.8.8.8:53 fpvilghmn.org udp
US 8.8.8.8:53 feoqcyw.net udp
US 8.8.8.8:53 veiwnxeu.info udp
US 8.8.8.8:53 bjdixupafob.net udp
US 8.8.8.8:53 gonprdri.net udp
US 8.8.8.8:53 dymincoifib.info udp
US 8.8.8.8:53 qsquamsi.org udp
US 8.8.8.8:53 cqpihsmuf.net udp
US 8.8.8.8:53 lyvlbq.net udp
US 8.8.8.8:53 rusjpt.info udp
US 8.8.8.8:53 dyskrkjkv.info udp
US 8.8.8.8:53 ywymfumib.info udp
US 8.8.8.8:53 bmuqenhwc.org udp
US 8.8.8.8:53 phplqexhpqjw.info udp
US 8.8.8.8:53 bxpqdwrqx.net udp
US 8.8.8.8:53 jwtyviy.info udp
US 8.8.8.8:53 hwbuwa.info udp
US 8.8.8.8:53 sovgagdst.net udp
US 8.8.8.8:53 oqodlh.net udp
US 8.8.8.8:53 ziralf.net udp
US 8.8.8.8:53 wqrvrtugx.net udp
US 8.8.8.8:53 ipsgemxfxxp.info udp
US 8.8.8.8:53 bfxhxfxxiruy.info udp
US 8.8.8.8:53 eegxpqopfkd.net udp
US 8.8.8.8:53 kmjugkp.info udp
US 8.8.8.8:53 jeskfcg.org udp
US 8.8.8.8:53 qowwwy.org udp
US 8.8.8.8:53 odnwlqp.info udp
US 8.8.8.8:53 gusgymcccc.com udp
US 8.8.8.8:53 eptuhfi.info udp
US 8.8.8.8:53 dwrhwc.net udp
US 8.8.8.8:53 bxxqoa.info udp
US 8.8.8.8:53 ooseig.org udp
US 8.8.8.8:53 tqxytmw.net udp
US 8.8.8.8:53 jimlppmo.net udp
US 8.8.8.8:53 feyjrv.net udp
US 8.8.8.8:53 pujspth.com udp
US 8.8.8.8:53 stzcdepg.net udp
US 8.8.8.8:53 fpllrhavrl.info udp
US 8.8.8.8:53 rmzrhow.org udp
US 8.8.8.8:53 xwepdvwkesnq.net udp
US 8.8.8.8:53 xutobygt.info udp
US 8.8.8.8:53 kegwiq.com udp
US 8.8.8.8:53 fgjwdazyr.net udp
US 8.8.8.8:53 rxrhmylqamf.info udp
US 8.8.8.8:53 xtfcdojpmksh.net udp
US 8.8.8.8:53 ytuuoevew.info udp
US 8.8.8.8:53 kskjlt.info udp
US 8.8.8.8:53 wokyyoqk.com udp
US 8.8.8.8:53 eurdxxsjgr.info udp
US 8.8.8.8:53 uqkkgoqswcco.com udp
US 8.8.8.8:53 wccsiaih.info udp
US 8.8.8.8:53 xrfirv.info udp
US 8.8.8.8:53 uphjjffbbx.net udp
US 8.8.8.8:53 timwiynwd.info udp
US 8.8.8.8:53 renmuav.net udp
US 8.8.8.8:53 eqmqzskmu.net udp
US 8.8.8.8:53 rlkahk.net udp
US 8.8.8.8:53 kyegeyqi.org udp
US 8.8.8.8:53 fmwtlpttto.net udp
US 8.8.8.8:53 aksrgnlgvpde.net udp
US 8.8.8.8:53 lqxudkv.com udp
US 8.8.8.8:53 bolzbyxt.net udp
US 8.8.8.8:53 rbbkjypuipj.net udp
US 8.8.8.8:53 ylzonnir.info udp
US 8.8.8.8:53 vqxkmyleqas.info udp
US 8.8.8.8:53 wbdovmlrlid.info udp
US 8.8.8.8:53 pelsfwg.info udp
US 8.8.8.8:53 wyzyvhzgl.info udp
US 8.8.8.8:53 wsrknssb.info udp
US 8.8.8.8:53 mmdglqgyt.info udp
US 8.8.8.8:53 ouddkbxcjg.info udp
US 8.8.8.8:53 ulubbyihiczb.info udp
US 8.8.8.8:53 xfounma.org udp
US 8.8.8.8:53 hghifclbjmx.net udp
US 8.8.8.8:53 wsnxrixkbmf.info udp
US 8.8.8.8:53 sqiquyks.com udp
US 8.8.8.8:53 zpimmgrdzshd.net udp
US 8.8.8.8:53 sdvlex.net udp
US 8.8.8.8:53 kioeebngfib.info udp
US 8.8.8.8:53 mmdkkpwus.net udp
US 8.8.8.8:53 jkckpmdwk.net udp
US 8.8.8.8:53 imeatcd.net udp
US 8.8.8.8:53 msderxkoyalu.net udp
US 8.8.8.8:53 dfvudx.net udp
US 8.8.8.8:53 piifawa.net udp
US 8.8.8.8:53 qjxoggj.info udp
US 8.8.8.8:53 wujdpqzy.net udp
US 8.8.8.8:53 rqcjorbuzh.info udp
US 8.8.8.8:53 dgdflwqddkf.net udp
US 8.8.8.8:53 aoqemwcywo.com udp
US 8.8.8.8:53 gmuilbpln.info udp
US 8.8.8.8:53 cuwsee.com udp
US 8.8.8.8:53 rafbfgfcjqx.net udp
US 8.8.8.8:53 oqkeousm.com udp
US 8.8.8.8:53 nqrwnoigu.org udp
US 8.8.8.8:53 migddsjsjc.info udp
US 8.8.8.8:53 oodunofqr.net udp
US 8.8.8.8:53 galoywlov.info udp
US 8.8.8.8:53 ekrcsevlp.net udp
US 8.8.8.8:53 dudqnb.info udp
US 8.8.8.8:53 ldmarkyukir.info udp
US 8.8.8.8:53 bmzlzmpumie.com udp
US 8.8.8.8:53 iubqves.net udp
US 8.8.8.8:53 tavqhoijv.org udp
US 8.8.8.8:53 xkncznbot.net udp
US 8.8.8.8:53 acdcjmfwj.info udp
US 8.8.8.8:53 sldzvunxaf.net udp
US 8.8.8.8:53 bocxqln.info udp
US 8.8.8.8:53 hruqompu.net udp
US 8.8.8.8:53 zxlglmh.net udp
US 8.8.8.8:53 htvalke.com udp
US 8.8.8.8:53 xfzwlhwnsipj.net udp
US 8.8.8.8:53 hjykheryc.info udp
US 8.8.8.8:53 iakomckqegqi.com udp
US 8.8.8.8:53 qfqogkvydix.net udp
US 8.8.8.8:53 hhbwrwcmfu.net udp
US 8.8.8.8:53 qmisgs.org udp
US 8.8.8.8:53 kalifavej.net udp
US 8.8.8.8:53 wgdzob.net udp
US 8.8.8.8:53 xtkkatqabm.net udp
US 8.8.8.8:53 mkbhhfp.net udp
US 8.8.8.8:53 yrhktfdgw.net udp
US 8.8.8.8:53 jwpcniulign.net udp
US 8.8.8.8:53 jblajmzur.com udp
US 8.8.8.8:53 tzrwzszc.net udp
US 8.8.8.8:53 vlqthkz.info udp
US 8.8.8.8:53 lwtqpdxenqr.com udp
US 8.8.8.8:53 snzcabfi.net udp
US 8.8.8.8:53 iuswqkcw.org udp
US 8.8.8.8:53 xatgvhtqn.info udp
US 8.8.8.8:53 wcooqoewkcqs.com udp
US 8.8.8.8:53 koooacoyiiak.com udp
US 8.8.8.8:53 zgakjyfvk.org udp
US 8.8.8.8:53 oelqhkx.info udp
US 8.8.8.8:53 xmnkxnqgdwp.net udp
US 8.8.8.8:53 oipsxoj.net udp
US 8.8.8.8:53 mgtsgnz.net udp
US 8.8.8.8:53 nyobgct.info udp
US 8.8.8.8:53 txluzuxwpgm.net udp
US 8.8.8.8:53 uuocfitia.net udp
US 8.8.8.8:53 lqlndzo.com udp
US 8.8.8.8:53 lcjhovvaxwhi.net udp
US 8.8.8.8:53 imeopcxlnc.net udp
US 8.8.8.8:53 rgikhkb.net udp
US 8.8.8.8:53 aerdilpadro.info udp
US 8.8.8.8:53 mnpyegnjck.info udp
US 8.8.8.8:53 tylcsrfl.info udp
US 8.8.8.8:53 hnfvivknfiiz.net udp
US 8.8.8.8:53 uyworel.net udp
US 8.8.8.8:53 oicqocrvbc.info udp
US 8.8.8.8:53 mgqkher.info udp
US 8.8.8.8:53 qsuswiv.info udp
US 8.8.8.8:53 wfhzzdeg.net udp
US 8.8.8.8:53 pcrmqcjyhtt.info udp
US 8.8.8.8:53 fkdtxddcdlf.info udp
US 8.8.8.8:53 ltkixpej.info udp
US 8.8.8.8:53 jeddpyceavfk.info udp
US 8.8.8.8:53 zuqwjelkp.com udp
US 8.8.8.8:53 xgxiece.net udp
US 8.8.8.8:53 rmtalyz.org udp
US 8.8.8.8:53 yvryql.info udp
US 8.8.8.8:53 rsdedvzsngk.org udp
US 8.8.8.8:53 aomehme.info udp
US 8.8.8.8:53 hnjxytbzve.info udp
US 8.8.8.8:53 vwnkdcjet.com udp
US 8.8.8.8:53 fybatwnwqui.net udp
US 8.8.8.8:53 damjfutozebh.info udp
US 8.8.8.8:53 tbqcpu.net udp
US 8.8.8.8:53 egdhxsg.net udp
US 8.8.8.8:53 osguanrtleof.net udp
US 8.8.8.8:53 fgtehyicfb.net udp
US 8.8.8.8:53 mwmmywoc.com udp
US 8.8.8.8:53 szjzruhv.net udp
US 8.8.8.8:53 dmzxlfvzkpva.net udp
US 8.8.8.8:53 zllohgdqx.info udp
US 8.8.8.8:53 ofuadtd.net udp
US 8.8.8.8:53 zenlhunerdx.org udp
US 8.8.8.8:53 swggusaooeki.org udp
US 8.8.8.8:53 pjipgaug.info udp
US 8.8.8.8:53 cvgluen.info udp
US 8.8.8.8:53 ixkavkeir.info udp
US 8.8.8.8:53 qguouy.com udp
US 8.8.8.8:53 coftquiqkk.net udp
US 8.8.8.8:53 imgstrbtgtw.net udp
US 8.8.8.8:53 vxyofhnkzabu.info udp
US 8.8.8.8:53 mhmpzqntmlzv.info udp
US 8.8.8.8:53 ckwykgceccgg.com udp
US 8.8.8.8:53 eaggequqscyu.com udp
US 8.8.8.8:53 rynpdw.info udp
US 8.8.8.8:53 gvfozip.info udp
US 8.8.8.8:53 yyogcqkw.org udp
US 8.8.8.8:53 vtmknyfzzmi.org udp
US 8.8.8.8:53 vzyuffzk.net udp
US 8.8.8.8:53 tsoneriiysb.net udp
US 8.8.8.8:53 pjqetmwywuup.net udp
US 8.8.8.8:53 xplapqbl.info udp
US 8.8.8.8:53 yensgeomr.net udp
US 8.8.8.8:53 xciuho.net udp
US 8.8.8.8:53 ougsze.net udp
US 8.8.8.8:53 oqmcwg.org udp
US 8.8.8.8:53 noxfjeab.info udp
US 8.8.8.8:53 xzghyafprq.info udp
US 8.8.8.8:53 ecyiyscwgc.org udp
US 8.8.8.8:53 fonfqeeas.net udp
US 8.8.8.8:53 wukmqskc.org udp
US 8.8.8.8:53 aojhhybivqp.info udp
US 8.8.8.8:53 wefpdrj.info udp
US 8.8.8.8:53 msmcdkdoc.info udp
US 8.8.8.8:53 nwfzbthwpoa.org udp
US 8.8.8.8:53 teejbp.info udp
US 8.8.8.8:53 sgcjdkjrdbzn.info udp
US 8.8.8.8:53 qyqgugcg.org udp
US 8.8.8.8:53 gmxgxchcc.info udp
US 8.8.8.8:53 kgykki.org udp
US 8.8.8.8:53 vaiugcjqb.org udp
US 8.8.8.8:53 hahmtynehqj.com udp
US 8.8.8.8:53 graaiu.net udp
US 8.8.8.8:53 lgzgngvmrse.org udp
US 8.8.8.8:53 zivifcvadpr.net udp
US 8.8.8.8:53 foeiwblmlm.info udp
US 8.8.8.8:53 carqij.net udp
US 8.8.8.8:53 cwitdkbgttic.net udp
US 8.8.8.8:53 lqsfgclgxar.org udp
US 8.8.8.8:53 hwocrovlgyt.net udp
US 8.8.8.8:53 umgosmooecyc.com udp
US 8.8.8.8:53 huoxlenc.net udp
US 8.8.8.8:53 vikuzqf.com udp
US 8.8.8.8:53 datmxebonqi.com udp
US 8.8.8.8:53 nolerqmih.com udp
US 8.8.8.8:53 nubzrwrxtu.net udp
US 8.8.8.8:53 tcayfviap.com udp
US 8.8.8.8:53 aodctjrovpk.net udp
US 8.8.8.8:53 ycgktymgb.info udp
US 8.8.8.8:53 msfkygoqpo.net udp
US 8.8.8.8:53 huulbzjpml.net udp
US 8.8.8.8:53 gnzfjcag.net udp
US 8.8.8.8:53 lspuwhva.info udp
US 8.8.8.8:53 artozmfwzn.net udp
US 8.8.8.8:53 jcoxtq.net udp
US 8.8.8.8:53 iquwcqigqqsw.com udp
US 8.8.8.8:53 iqyseqqwgu.org udp
US 8.8.8.8:53 pnaooq.info udp
US 8.8.8.8:53 douwsmlqrfs.org udp
US 8.8.8.8:53 knenkdhn.net udp
US 8.8.8.8:53 jgnwdrpgqz.info udp
US 8.8.8.8:53 leulcjxdb.com udp
US 8.8.8.8:53 xvvowfqa.net udp
US 8.8.8.8:53 kqusequkyuqo.com udp
US 8.8.8.8:53 qkmgeyiyay.com udp
US 8.8.8.8:53 bxbkerygva.info udp
US 8.8.8.8:53 bdojtwjuvcke.info udp
US 8.8.8.8:53 surdhruaik.net udp
US 8.8.8.8:53 pkbetz.net udp
US 162.255.119.137:80 pkbetz.net tcp
US 8.8.8.8:53 nkicpmfsz.net udp
US 8.8.8.8:53 vuniuyd.com udp
US 8.8.8.8:53 hrpyxrzfju.net udp
US 8.8.8.8:53 agxqctkbr.net udp
US 8.8.8.8:53 paymtvnc.net udp
US 8.8.8.8:53 vchyrelua.org udp
US 8.8.8.8:53 lihktctaj.net udp
US 8.8.8.8:53 uiebywpja.info udp
US 8.8.8.8:53 oeaktwxek.net udp
US 8.8.8.8:53 camskmbnedq.info udp
US 8.8.8.8:53 aoaqaemueu.org udp
US 8.8.8.8:53 mblitxgotr.info udp
US 8.8.8.8:53 sbtcqpoj.net udp
US 8.8.8.8:53 yoqqqysi.org udp
US 8.8.8.8:53 137.119.255.162.in-addr.arpa udp
US 8.8.8.8:53 offwpreutyn.info udp
US 8.8.8.8:53 pmsvht.net udp
US 8.8.8.8:53 qcaksywqeo.org udp
US 8.8.8.8:53 psqipiv.net udp
US 8.8.8.8:53 uoeuas.com udp
US 8.8.8.8:53 tsxpkl.info udp
US 8.8.8.8:53 cmakveth.net udp
US 8.8.8.8:53 dktxztbs.info udp
US 8.8.8.8:53 uusajts.net udp
US 8.8.8.8:53 vgctnargv.net udp
US 8.8.8.8:53 idtitmbnhi.net udp
US 8.8.8.8:53 dchspxphwk.net udp
US 8.8.8.8:53 wmgoskoksiqw.org udp
US 8.8.8.8:53 iwbvddfw.net udp
US 8.8.8.8:53 kkwmwy.com udp
US 8.8.8.8:53 rexbaqmap.org udp
US 8.8.8.8:53 aeouwcwg.org udp
US 8.8.8.8:53 ngtowgxztaq.org udp
US 8.8.8.8:53 cadbfbpcghhg.info udp
US 8.8.8.8:53 jifixuufm.net udp
US 8.8.8.8:53 mcxnufec.info udp
US 8.8.8.8:53 uuocwocwsaqo.com udp
US 8.8.8.8:53 zjxwwxyu.net udp
US 8.8.8.8:53 cmzoxaj.net udp
US 8.8.8.8:53 nmlfykvgyqz.info udp
US 8.8.8.8:53 jelzhlivcg.net udp
US 8.8.8.8:53 bkpjlyisy.com udp
US 8.8.8.8:53 kqnwfctoqxn.info udp
US 8.8.8.8:53 qutmggnbx.info udp
US 8.8.8.8:53 krdddejopuz.info udp
US 8.8.8.8:53 ljlklzk.com udp
US 8.8.8.8:53 xelelqhlcgr.net udp
US 8.8.8.8:53 ugewwckwia.org udp
US 8.8.8.8:53 cwwwmyyisk.org udp
US 8.8.8.8:53 iuskaweqoecw.org udp
US 8.8.8.8:53 qwgfsuqqz.net udp
US 8.8.8.8:53 guhxvqcon.info udp
US 8.8.8.8:53 mppylgvcvp.net udp
US 8.8.8.8:53 rcuuschbna.info udp
US 8.8.8.8:53 qusrhxnw.info udp
US 8.8.8.8:53 yeiuzscce.info udp
US 8.8.8.8:53 sjyqxac.info udp
US 8.8.8.8:53 gqyfhejwztj.info udp
US 8.8.8.8:53 fbiuwwvmdwl.net udp
US 8.8.8.8:53 fwrkrwl.info udp
US 8.8.8.8:53 iwhanlklcka.info udp
US 8.8.8.8:53 icyycyaioo.com udp
US 8.8.8.8:53 cyawegasmm.com udp
US 8.8.8.8:53 hwwefaco.info udp
US 8.8.8.8:53 xsvifqmwf.net udp
US 8.8.8.8:53 pbxxtcddoycw.net udp
US 8.8.8.8:53 jmqdmind.net udp
US 8.8.8.8:53 cseaceya.com udp
US 8.8.8.8:53 xkhmelaaf.info udp
US 8.8.8.8:53 ciekyx.info udp
US 8.8.8.8:53 hubpis.net udp
US 8.8.8.8:53 znaltk.net udp
US 8.8.8.8:53 ickicwos.com udp
US 8.8.8.8:53 ommocgoqec.org udp
US 8.8.8.8:53 vnjfna.info udp
US 8.8.8.8:53 yewium.com udp
US 8.8.8.8:53 nawytawtii.info udp
US 8.8.8.8:53 iibtjemc.info udp
US 8.8.8.8:53 ycekcmammaus.org udp
US 8.8.8.8:53 twddgmsywp.net udp
US 8.8.8.8:53 egmookkmoyky.org udp
US 8.8.8.8:53 yudyhox.net udp
US 8.8.8.8:53 tunsdefcaod.net udp
US 8.8.8.8:53 kikowkseos.com udp
US 8.8.8.8:53 cyrgtjbengb.net udp
US 8.8.8.8:53 timwfizizqh.net udp
US 8.8.8.8:53 wuiuwsicuc.com udp
US 8.8.8.8:53 xybgrsdkkif.com udp
US 8.8.8.8:53 hvapjj.net udp
US 8.8.8.8:53 shthbguwulfs.net udp
US 8.8.8.8:53 dovmzu.info udp
US 8.8.8.8:53 zmncuac.info udp
US 8.8.8.8:53 xfdyvea.com udp
US 8.8.8.8:53 trtrgzzk.net udp
US 8.8.8.8:53 drokdz.info udp
US 8.8.8.8:53 lpjdnvvu.net udp
US 8.8.8.8:53 oylwrhv.info udp
US 8.8.8.8:53 cqwgheu.net udp
US 8.8.8.8:53 zsfhbm.info udp
US 8.8.8.8:53 sceommucuy.org udp
US 8.8.8.8:53 bvluvppj.info udp
US 8.8.8.8:53 snzulpst.net udp
US 8.8.8.8:53 xelydsn.org udp
US 8.8.8.8:53 rgqikccxnaqt.net udp
US 8.8.8.8:53 pkjalzxk.info udp
US 8.8.8.8:53 jkaasgv.info udp
US 8.8.8.8:53 rqtslc.net udp
US 8.8.8.8:53 waxolkesf.net udp
US 8.8.8.8:53 aotvlylyvmi.net udp
US 8.8.8.8:53 mjepbanl.info udp
US 8.8.8.8:53 kvlzmivodj.info udp
US 8.8.8.8:53 eayacokbim.info udp
US 8.8.8.8:53 vsfammkc.info udp
US 8.8.8.8:53 jgwwkmnhblx.org udp
US 8.8.8.8:53 fzkihccbzip.org udp
US 8.8.8.8:53 xezsgyqpi.com udp
US 8.8.8.8:53 tjxmnebyhsj.info udp
US 8.8.8.8:53 kufqvwt.net udp
US 8.8.8.8:53 vjfcghucykwk.net udp
US 8.8.8.8:53 ppqcyvqpja.net udp
US 8.8.8.8:53 ffkopoh.info udp
US 8.8.8.8:53 yyquokaugswy.org udp
US 8.8.8.8:53 hwcswmbip.org udp
US 8.8.8.8:53 utnwgtten.info udp
US 8.8.8.8:53 wmaaywwmqk.org udp
US 8.8.8.8:53 pkvurkx.info udp
US 8.8.8.8:53 agvuuqvwo.info udp
US 8.8.8.8:53 afygeqnlsclx.info udp
US 8.8.8.8:53 pobkxgt.org udp
US 8.8.8.8:53 pnnoffl.net udp
US 8.8.8.8:53 aimcoqomaw.org udp
US 8.8.8.8:53 hddurwnzf.info udp
US 8.8.8.8:53 imofcpjrocgv.info udp
US 8.8.8.8:53 zxsezgcl.net udp
US 8.8.8.8:53 kacwimoykcqi.com udp
US 8.8.8.8:53 pswagoquh.org udp
US 8.8.8.8:53 wydsxoeilmu.net udp
US 8.8.8.8:53 gytkywwfz.net udp
US 8.8.8.8:53 zyfuvex.org udp
US 8.8.8.8:53 bpssjktdowxb.info udp
US 8.8.8.8:53 vmkjvsns.info udp
US 8.8.8.8:53 higrmxnzdrls.info udp
US 8.8.8.8:53 jazejwtkz.info udp
US 8.8.8.8:53 baqsericro.info udp
US 8.8.8.8:53 sykhhhspie.info udp
US 8.8.8.8:53 aerqxormd.info udp
US 8.8.8.8:53 rftqog.net udp
US 8.8.8.8:53 xwlubt.net udp
US 8.8.8.8:53 lrxsrg.info udp
US 8.8.8.8:53 duzfkv.net udp
US 8.8.8.8:53 usmueehulch.net udp
US 8.8.8.8:53 borvdw.info udp
US 8.8.8.8:53 hbqfxawlhox.info udp
US 8.8.8.8:53 faaobzh.com udp
US 8.8.8.8:53 zaxaxsyt.net udp
US 8.8.8.8:53 fwvmhqa.org udp
US 8.8.8.8:53 jvblxjtbha.net udp
US 8.8.8.8:53 dhdywhyea.com udp
US 8.8.8.8:53 kmxknajhv.info udp
US 8.8.8.8:53 rtaiidjpd.info udp
US 8.8.8.8:53 xiaczapmc.org udp
US 8.8.8.8:53 rqkajd.info udp
US 8.8.8.8:53 moqgjmjyh.info udp
US 8.8.8.8:53 gxfiudz.info udp
US 8.8.8.8:53 dctcjuxyilq.com udp
US 8.8.8.8:53 xivvfgn.com udp
US 8.8.8.8:53 gyxifouuvol.net udp
US 8.8.8.8:53 bayxpcplbrla.info udp
US 8.8.8.8:53 iqfdbdr.info udp
US 8.8.8.8:53 kgklgudeaihe.net udp
US 8.8.8.8:53 acsrnscsnal.info udp
US 8.8.8.8:53 maqsjgdehiz.net udp
US 8.8.8.8:53 fstkxcthh.org udp
US 8.8.8.8:53 rthdvkcmydxt.info udp
US 8.8.8.8:53 ikmcmoiuaoma.org udp
US 8.8.8.8:53 lcvwtqxgy.info udp
US 8.8.8.8:53 igcueecskauq.org udp
US 8.8.8.8:53 twponmx.info udp
US 8.8.8.8:53 owspxellpu.net udp
US 8.8.8.8:53 jkuhbitoimzg.net udp
US 8.8.8.8:53 auexdebb.info udp
US 8.8.8.8:53 vgkudot.org udp
US 8.8.8.8:53 mlxoyzkjvclv.info udp
US 8.8.8.8:53 suuymagy.org udp
US 8.8.8.8:53 guagbxfcjyey.info udp
US 8.8.8.8:53 lldjjo.net udp
US 8.8.8.8:53 rzqmjkea.net udp
US 8.8.8.8:53 lgxwlyhtlmc.com udp
US 8.8.8.8:53 ekbbpqt.net udp
US 8.8.8.8:53 ucsiasomckwm.org udp
US 8.8.8.8:53 nilypwv.net udp
US 8.8.8.8:53 ewoagyqs.com udp
US 8.8.8.8:53 iwdmtrn.net udp
US 8.8.8.8:53 kksyueicikma.org udp
US 8.8.8.8:53 vqznflzmtyc.com udp
US 8.8.8.8:53 wbvfjzbs.info udp
US 8.8.8.8:53 dqsbkazxjt.net udp
US 8.8.8.8:53 pspblt.net udp
US 8.8.8.8:53 oeoskghzmnti.net udp
US 8.8.8.8:53 nxnahrmg.info udp
US 8.8.8.8:53 pdrmdlf.net udp
US 8.8.8.8:53 tgpghs.info udp
US 8.8.8.8:53 qtzafrbdd.net udp
US 8.8.8.8:53 mumnui.info udp
US 8.8.8.8:53 wqfhmkhoa.info udp
US 8.8.8.8:53 fdysgrwivohi.info udp
US 8.8.8.8:53 pavfzkrx.net udp
US 8.8.8.8:53 vkhsdgk.net udp
US 8.8.8.8:53 bezlabjefm.net udp
US 8.8.8.8:53 elmuvhwiq.net udp
US 8.8.8.8:53 ooufnlfpgog.net udp
US 8.8.8.8:53 jeljim.info udp
US 8.8.8.8:53 mcwqkmoyka.com udp
US 8.8.8.8:53 trjiplackh.info udp
US 8.8.8.8:53 qpnqtszfyk.net udp
US 8.8.8.8:53 ovhpfagxnuek.info udp
US 8.8.8.8:53 mkowgucqemsw.org udp
US 8.8.8.8:53 oqmcrhvgx.net udp
US 8.8.8.8:53 edwxhexuyuvp.net udp
US 8.8.8.8:53 uvbmxd.info udp
US 8.8.8.8:53 rdwtne.net udp
US 8.8.8.8:53 jspwestx.net udp
US 8.8.8.8:53 hbcfiyuhrcbv.net udp
US 8.8.8.8:53 ynfmvpkk.net udp
US 8.8.8.8:53 nakgdgwoaay.net udp
US 8.8.8.8:53 xyaump.info udp
US 8.8.8.8:53 aknkzgyofdr.net udp
US 8.8.8.8:53 eiitzlwdid.net udp
US 8.8.8.8:53 aaeoqa.com udp
US 8.8.8.8:53 gixyamw.info udp
US 8.8.8.8:53 zdfqnhhpnw.info udp
US 8.8.8.8:53 pktfja.info udp
US 8.8.8.8:53 cqgikyqi.com udp
US 8.8.8.8:53 wssecmqecqui.org udp
US 8.8.8.8:53 nsbnvffi.net udp
US 8.8.8.8:53 pziaxyhojmu.org udp
US 8.8.8.8:53 gmcuvrw.net udp
US 8.8.8.8:53 ubpxnf.net udp
US 8.8.8.8:53 fvfufam.net udp
US 8.8.8.8:53 tkxmip.net udp
US 8.8.8.8:53 yyuewqrhuuj.net udp
US 8.8.8.8:53 usyswygoac.com udp
US 8.8.8.8:53 nvyrqyxbhl.net udp
US 8.8.8.8:53 ysjnxutcolr.net udp
US 8.8.8.8:53 sqzbbcvky.info udp
US 8.8.8.8:53 wpihbtkbkq.info udp
US 8.8.8.8:53 xwyfpit.net udp
US 8.8.8.8:53 tuoellge.info udp
US 8.8.8.8:53 lzkuzesjzq.info udp
US 8.8.8.8:53 ccsoic.com udp
US 8.8.8.8:53 metehwvuaqn.info udp
US 8.8.8.8:53 zgnkbw.info udp
US 8.8.8.8:53 uzjmfwzzhoh.info udp
US 8.8.8.8:53 cdsgayvr.info udp
US 8.8.8.8:53 zthkqotyf.com udp
US 8.8.8.8:53 mlgqvlcryrkg.net udp
US 8.8.8.8:53 hyoyrmxljxq.org udp
US 8.8.8.8:53 oukgqyaococa.org udp
US 8.8.8.8:53 jxphlheq.info udp
US 8.8.8.8:53 nixyhbpicm.net udp
US 8.8.8.8:53 pqeswifga.net udp
US 8.8.8.8:53 hsnarcfbr.net udp
US 8.8.8.8:53 suwyeksous.org udp
US 8.8.8.8:53 tjhjjmmxfvdb.net udp
US 8.8.8.8:53 nwpulqbuilz.info udp
US 8.8.8.8:53 lwsmrwymlcr.com udp
US 8.8.8.8:53 pahczxpd.net udp
US 8.8.8.8:53 quaujvt.net udp
US 8.8.8.8:53 hknnpuv.info udp
US 8.8.8.8:53 vcethqpkncvu.net udp
US 8.8.8.8:53 cubdesjkr.info udp
US 8.8.8.8:53 qdoybwmsbncj.info udp
US 8.8.8.8:53 pkvazospd.info udp
US 8.8.8.8:53 kkhmomoat.net udp
US 8.8.8.8:53 iknvxkbyxej.net udp
US 8.8.8.8:53 ucqovwtlbs.info udp
US 8.8.8.8:53 amitfiuqake.info udp
US 8.8.8.8:53 uamikc.org udp
US 8.8.8.8:53 vqvquzxfbph.com udp
US 8.8.8.8:53 snhqhjfhxnbj.net udp
US 8.8.8.8:53 bbpdrqzrvi.net udp
US 8.8.8.8:53 cdafbxgoimfv.info udp
US 8.8.8.8:53 ccyorebitaj.net udp
US 8.8.8.8:53 issnsbtr.info udp
US 8.8.8.8:53 hgthdrddnejk.info udp
US 8.8.8.8:53 rgxnfh.info udp
US 8.8.8.8:53 nprhvu.net udp
US 8.8.8.8:53 kyualyn.net udp
US 8.8.8.8:53 cpzxhlvupq.net udp
US 8.8.8.8:53 svjbjrvhxn.info udp
US 8.8.8.8:53 ucerfbrprqtp.info udp
US 8.8.8.8:53 hsbezipyd.info udp
US 8.8.8.8:53 aeuoeiemwmaw.com udp
US 8.8.8.8:53 wmyowwgo.org udp
US 8.8.8.8:53 rnvmaytah.net udp
US 8.8.8.8:53 uycqxynymoq.net udp
US 8.8.8.8:53 vojbzvcasa.info udp
US 8.8.8.8:53 nkpyub.net udp
US 8.8.8.8:53 iqronap.net udp
US 8.8.8.8:53 ptuqlyhwucj.net udp
US 8.8.8.8:53 znifaddnyhrj.net udp
US 8.8.8.8:53 umiakyeayo.com udp
US 8.8.8.8:53 vxzvuoxbbrnt.info udp
US 8.8.8.8:53 fentnqvcc.com udp
US 8.8.8.8:53 hlzbwox.org udp
US 8.8.8.8:53 okscrq.info udp
US 8.8.8.8:53 ndcsjydqckd.net udp
US 8.8.8.8:53 qwpwnsfgr.info udp
US 8.8.8.8:53 ayawbzhst.net udp
US 8.8.8.8:53 zmqmautayeb.net udp
US 8.8.8.8:53 gxnfrpna.info udp
US 8.8.8.8:53 puvitfogh.net udp
US 8.8.8.8:53 gsskgg.com udp
US 8.8.8.8:53 aibvzynyqoi.net udp
US 8.8.8.8:53 hmhnnojk.net udp
US 8.8.8.8:53 qcgcbklrn.info udp
US 8.8.8.8:53 wkiyys.com udp
US 8.8.8.8:53 uoeajcrnp.info udp
US 8.8.8.8:53 rtaqkyz.net udp
US 8.8.8.8:53 rqsqxlgdid.net udp
US 8.8.8.8:53 wyykkgggcwek.org udp
US 8.8.8.8:53 wbjnov.net udp
US 8.8.8.8:53 zuzwot.info udp
US 8.8.8.8:53 nzgrvmzhapis.info udp
US 8.8.8.8:53 pajopkhy.net udp
US 8.8.8.8:53 nujtvgz.net udp
US 8.8.8.8:53 tgqeovszaexs.net udp
US 8.8.8.8:53 psvaltsupo.net udp
US 8.8.8.8:53 dopbmtfpm.net udp
US 8.8.8.8:53 liqideouh.net udp
US 8.8.8.8:53 gyzyju.info udp
US 8.8.8.8:53 oetclszet.info udp
US 8.8.8.8:53 roroldvbmi.info udp
US 8.8.8.8:53 wydmnzxjbu.net udp
US 8.8.8.8:53 sdkohfu.info udp
US 8.8.8.8:53 uoocewemseuu.com udp
US 8.8.8.8:53 ukamdwl.info udp
US 8.8.8.8:53 wasiil.info udp
US 8.8.8.8:53 mpepzsfid.info udp
US 8.8.8.8:53 yedkxgkqe.info udp
US 8.8.8.8:53 fvrydepfhh.info udp
US 8.8.8.8:53 jiekspjl.net udp
US 8.8.8.8:53 knpsdqi.net udp
US 8.8.8.8:53 qolbwrqzsspf.net udp
US 8.8.8.8:53 vhnevocmh.info udp
US 8.8.8.8:53 wfbsfmylz.info udp
US 8.8.8.8:53 ezjrds.info udp
US 8.8.8.8:53 ximgibsiwv.net udp
US 8.8.8.8:53 kbdefe.info udp
US 8.8.8.8:53 kwcisikwqa.com udp
US 8.8.8.8:53 ciosgseo.org udp
US 8.8.8.8:53 luzsjmb.com udp
US 8.8.8.8:53 ugbiruw.info udp
US 8.8.8.8:53 aosfzch.net udp
US 8.8.8.8:53 cjozzchpoonz.net udp
US 8.8.8.8:53 eiekli.net udp
US 8.8.8.8:53 hyeutip.net udp
US 8.8.8.8:53 lrjajhdat.info udp
US 8.8.8.8:53 yhmuqtfepao.net udp
US 8.8.8.8:53 nyrefalogod.org udp
US 8.8.8.8:53 mbvytuubh.net udp
US 8.8.8.8:53 uikoziv.info udp
US 8.8.8.8:53 unzjvl.info udp
US 8.8.8.8:53 obfmfq.info udp
US 8.8.8.8:53 ywcaixolnukp.info udp
US 8.8.8.8:53 rqtgvm.info udp
US 8.8.8.8:53 rmpiatlnne.info udp
US 8.8.8.8:53 oynwdcfcx.net udp
US 8.8.8.8:53 jdfpycqcf.net udp
US 8.8.8.8:53 dyvywoqfd.org udp
US 8.8.8.8:53 ixcjdxnwopbe.info udp
US 8.8.8.8:53 bkxonzbir.info udp
US 8.8.8.8:53 itklzhcxoe.info udp
US 8.8.8.8:53 umbecdbihyr.net udp
US 8.8.8.8:53 pgssyxpfdmo.net udp
US 8.8.8.8:53 yelfuevaxj.net udp
US 8.8.8.8:53 gppivj.info udp
US 8.8.8.8:53 hezwrtv.com udp
US 8.8.8.8:53 rqacws.info udp
US 8.8.8.8:53 riqnmxrxdz.net udp
US 8.8.8.8:53 vxanwclatz.info udp
US 8.8.8.8:53 xsroifeqtop.net udp
US 8.8.8.8:53 yoiooaceai.com udp
US 8.8.8.8:53 kcomioc.net udp
US 8.8.8.8:53 myasmq.org udp
US 8.8.8.8:53 qjzabsyzlcx.info udp
US 8.8.8.8:53 tqwavhgyap.info udp
US 8.8.8.8:53 tfgqea.info udp
US 8.8.8.8:53 bkvpdqpq.net udp
US 8.8.8.8:53 nnvoqk.info udp
US 8.8.8.8:53 qkbkrqbhjxy.net udp
US 8.8.8.8:53 iwaekc.org udp
US 8.8.8.8:53 ckmykiiwsika.com udp
US 8.8.8.8:53 qkauwacg.com udp
US 8.8.8.8:53 tymiyuti.info udp
US 8.8.8.8:53 smiagu.com udp
US 8.8.8.8:53 upstxkh.net udp
US 8.8.8.8:53 ywpcxcy.info udp
US 8.8.8.8:53 ijhzkxuqz.info udp
US 8.8.8.8:53 wcchtayopmd.info udp
US 8.8.8.8:53 ownvgqngixb.net udp
US 8.8.8.8:53 tulqfwjgvxf.net udp
US 8.8.8.8:53 eyefvgvmadsi.info udp
US 8.8.8.8:53 cknwdmpsulx.info udp
US 8.8.8.8:53 oapukmr.net udp
US 8.8.8.8:53 azrqvs.info udp
US 8.8.8.8:53 rzzhtufznb.info udp
US 8.8.8.8:53 rekzoyncfj.info udp
US 8.8.8.8:53 qopxdyydqlyd.info udp
US 8.8.8.8:53 fpybjumwcjri.net udp
US 8.8.8.8:53 xsnnbbvi.net udp
US 8.8.8.8:53 btlilhs.net udp
US 8.8.8.8:53 hupqaupqdzb.com udp
US 8.8.8.8:53 acguigok.org udp
US 8.8.8.8:53 wqsawmym.org udp
US 8.8.8.8:53 ioiqnfqpkt.net udp
US 8.8.8.8:53 ykqsysmqgqsm.com udp
US 8.8.8.8:53 hinhtwxsl.org udp
US 8.8.8.8:53 fhaxhquwql.info udp
US 8.8.8.8:53 onpiishnfahe.net udp
US 8.8.8.8:53 lsvuhbhoc.org udp
US 8.8.8.8:53 abtvzsiqbpp.net udp
US 8.8.8.8:53 dmjvxh.net udp
US 8.8.8.8:53 iucxjd.net udp
US 8.8.8.8:53 nsnpakhho.org udp
US 8.8.8.8:53 iubztqvop.info udp
US 8.8.8.8:53 gnztxajpan.net udp
US 8.8.8.8:53 pyhvdgpgi.net udp
US 8.8.8.8:53 hokabgyydgw.org udp
US 8.8.8.8:53 vsujuphvyr.info udp
US 8.8.8.8:53 kwrvrqk.net udp
US 8.8.8.8:53 obgivic.info udp
IE 34.246.200.160:80 hklgkqwuttn.com tcp
US 8.8.8.8:53 vvjwkipcbzht.net udp
US 8.8.8.8:53 gprokyq.net udp
US 8.8.8.8:53 coimxcawkhk.info udp
US 8.8.8.8:53 wljsua.net udp
US 8.8.8.8:53 uzxvhhkmhn.info udp
US 8.8.8.8:53 gmzijurol.net udp
US 8.8.8.8:53 xezermozlyf.org udp
US 8.8.8.8:53 cmsswcee.org udp
US 8.8.8.8:53 tipznzio.net udp
US 8.8.8.8:53 kwqkcwgica.com udp
US 8.8.8.8:53 xnqvzbhhlw.net udp
US 8.8.8.8:53 frchrjlg.info udp
US 8.8.8.8:53 ratirtqyspss.net udp
US 8.8.8.8:53 noimzm.info udp
US 8.8.8.8:53 ceqcco.org udp
US 8.8.8.8:53 tycgdwjozqc.com udp
US 8.8.8.8:53 keeciuqw.org udp
US 8.8.8.8:53 dltldmx.com udp
US 8.8.8.8:53 kecoaaae.org udp
US 8.8.8.8:53 ceyyqakpd.info udp
US 8.8.8.8:53 eafjpcqqjs.info udp
US 8.8.8.8:53 kuxajxugfkr.net udp
US 8.8.8.8:53 xqneoelzwgv.org udp
US 8.8.8.8:53 zhhyquxqwg.info udp
US 8.8.8.8:53 gezaspz.net udp
US 8.8.8.8:53 hpyxnxjl.info udp
US 8.8.8.8:53 bqmicddjazra.net udp
US 8.8.8.8:53 zqqbvlyih.net udp
US 8.8.8.8:53 wpuknkdi.info udp
US 8.8.8.8:53 azrakrbzpk.net udp
US 8.8.8.8:53 ripyfet.net udp
US 8.8.8.8:53 vcvnbzktlavp.info udp
US 8.8.8.8:53 iivuqtezuqdc.info udp
US 8.8.8.8:53 nkdstcu.com udp
US 8.8.8.8:53 vjmyxpra.net udp
US 8.8.8.8:53 bsuoetduv.info udp
US 8.8.8.8:53 cmfgba.info udp
US 8.8.8.8:53 kgqaucas.com udp
US 8.8.8.8:53 gclovk.net udp
US 8.8.8.8:53 nxnwpxhqyg.net udp
US 8.8.8.8:53 zorbhqpcywp.info udp
US 8.8.8.8:53 gnyqlcvlfaj.net udp
US 8.8.8.8:53 tpveomqylan.com udp
US 8.8.8.8:53 zxfznjjo.net udp
US 8.8.8.8:53 kzfkomv.net udp
US 8.8.8.8:53 zidyjgxubav.info udp
DE 85.214.228.140:80 xwfmlmbmtaz.info tcp
US 8.8.8.8:53 jiochntyp.org udp
US 8.8.8.8:53 kjuootclhs.net udp
US 8.8.8.8:53 uqdgpg.net udp
US 8.8.8.8:53 zbhnduvrhmxr.net udp
US 8.8.8.8:53 nafodwrwdqd.com udp
US 8.8.8.8:53 wszitrtlx.info udp
US 8.8.8.8:53 rvdssifyejo.com udp
US 8.8.8.8:53 hqmdfcdbs.net udp
US 8.8.8.8:53 cpiuxxgqpy.net udp
US 8.8.8.8:53 dcrfprduo.info udp
US 208.100.26.245:80 ydqlnw.info tcp
US 8.8.8.8:53 lqxhbsdwbwhj.info udp
US 8.8.8.8:53 ralkvwrkjjl.net udp
US 8.8.8.8:53 uwkqeyqe.org udp
US 8.8.8.8:53 uncaephtnirx.info udp
US 8.8.8.8:53 ludvjqsg.net udp
US 8.8.8.8:53 qewjvslmhcf.info udp
US 8.8.8.8:53 tyxvdegacg.info udp
US 8.8.8.8:53 hysqysud.info udp
US 8.8.8.8:53 rybgbclebgz.com udp
US 8.8.8.8:53 vktofkqsbe.info udp
US 8.8.8.8:53 sgnmxsrax.info udp
US 8.8.8.8:53 eorpiav.info udp
US 8.8.8.8:53 cmkeom.org udp
US 8.8.8.8:53 jpiyti.info udp
US 8.8.8.8:53 nafxot.net udp
US 8.8.8.8:53 khhjtwx.info udp
US 8.8.8.8:53 lvfhxa.net udp
US 8.8.8.8:53 uwrmtl.info udp
US 8.8.8.8:53 jedhxtxhupx.info udp
US 8.8.8.8:53 dzhuztdflr.info udp
US 8.8.8.8:53 pencxrvurgl.net udp
US 8.8.8.8:53 inwdkw.info udp
US 8.8.8.8:53 wigskwkkmk.org udp
US 8.8.8.8:53 oksqgi.com udp
US 8.8.8.8:53 qmlwkxxchgk.net udp
US 8.8.8.8:53 fmmjtqsrn.com udp
US 8.8.8.8:53 btgjbj.net udp
US 8.8.8.8:53 dbkyhyvemyr.org udp
US 8.8.8.8:53 zssdrk.net udp
US 8.8.8.8:53 tmppkcx.info udp
US 8.8.8.8:53 djptaxzi.info udp
US 8.8.8.8:53 typqgupsx.info udp
US 8.8.8.8:53 nzkibs.info udp
US 8.8.8.8:53 mukqsyuqam.com udp
US 8.8.8.8:53 hhyehc.info udp
US 8.8.8.8:53 sphdwerzxe.info udp
US 8.8.8.8:53 gwsgpih.info udp
US 8.8.8.8:53 ltrudk.net udp
US 8.8.8.8:53 pysfwixbih.info udp
US 8.8.8.8:53 delyohjwdrz.info udp
US 8.8.8.8:53 jmlmvwniprxd.info udp
US 8.8.8.8:53 jmaxneffpc.net udp
US 8.8.8.8:53 cikefqvitjps.net udp
US 8.8.8.8:53 ywgqbwrghyb.info udp
US 8.8.8.8:53 icwfbx.net udp
US 8.8.8.8:53 xofyhmwvlzb.net udp
US 8.8.8.8:53 qgumyciy.com udp
US 8.8.8.8:53 nbwbvbkc.net udp
US 8.8.8.8:53 aabgab.net udp
US 8.8.8.8:53 oaqgkk.org udp
US 8.8.8.8:53 lyjyikpaqrz.org udp
US 8.8.8.8:53 aelxvivwnsg.info udp
US 8.8.8.8:53 dgnskmzks.com udp
US 8.8.8.8:53 jpikvwfyrxm.org udp
US 8.8.8.8:53 uoqiucam.com udp
US 8.8.8.8:53 czqwhccl.net udp
US 8.8.8.8:53 xabejlmvhpf.net udp
US 8.8.8.8:53 ywwmgqlpgacg.info udp
US 8.8.8.8:53 qvtstzvn.info udp
US 8.8.8.8:53 neyizica.net udp
US 8.8.8.8:53 tuzhvzdeogvx.net udp
US 8.8.8.8:53 seummuwoqcge.com udp
US 8.8.8.8:53 quodllryl.info udp
US 8.8.8.8:53 kajlsxb.info udp
US 8.8.8.8:53 fzljjkf.org udp
US 8.8.8.8:53 bntrrchovyc.com udp
US 8.8.8.8:53 taqeslbiu.net udp
US 8.8.8.8:53 ilnnecra.net udp
US 8.8.8.8:53 pgfvtyvj.net udp
US 8.8.8.8:53 uvzigfdvbr.info udp
US 8.8.8.8:53 vurudilxl.com udp
US 8.8.8.8:53 fktxnmrlxgzh.info udp
US 8.8.8.8:53 ekuffx.net udp
US 8.8.8.8:53 qidvhwh.info udp
US 8.8.8.8:53 qdbklsxbzqpy.net udp
US 8.8.8.8:53 vtzawxd.com udp
US 8.8.8.8:53 mymalco.net udp
US 8.8.8.8:53 vmcoln.info udp
US 8.8.8.8:53 wmdolef.info udp
US 8.8.8.8:53 aelubcv.info udp
US 8.8.8.8:53 bbfsjtlyak.info udp
US 8.8.8.8:53 rnjagwvkq.com udp
US 8.8.8.8:53 cqjybqrszqx.info udp
US 8.8.8.8:53 grjgraoeefhx.info udp
US 8.8.8.8:53 uajyrnf.net udp
US 8.8.8.8:53 palcxhq.net udp
US 8.8.8.8:53 yccoyy.com udp
US 8.8.8.8:53 eixgviwu.info udp
US 8.8.8.8:53 dodkjjf.info udp
US 8.8.8.8:53 dnwljglqxct.org udp
US 8.8.8.8:53 cepjhztuprh.net udp
US 8.8.8.8:53 wezsexrkb.net udp
US 8.8.8.8:53 dilmcmz.net udp
US 8.8.8.8:53 ihyhggjjcgqk.info udp
US 8.8.8.8:53 pvriqd.net udp
US 8.8.8.8:53 hybrkfvc.net udp
US 8.8.8.8:53 cgapiyxq.net udp
US 8.8.8.8:53 biprwvjgzoic.net udp
US 8.8.8.8:53 awqkwmou.org udp
US 8.8.8.8:53 bfmzrmhixh.info udp
US 8.8.8.8:53 uypglil.net udp
US 8.8.8.8:53 vmylheoy.info udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 vloygu.info udp
N/A 192.168.28.2:445 tcp
US 8.8.8.8:53 copqxgdqqmp.net udp
US 8.8.8.8:53 qkhqaqkex.net udp
US 8.8.8.8:53 mpbcsreq.net udp
US 8.8.8.8:53 sckioqgm.org udp
US 8.8.8.8:53 bcemppu.net udp
US 8.8.8.8:53 ygcccweuuggc.org udp
US 8.8.8.8:53 stxapuuba.info udp
US 8.8.8.8:53 nvzqwtikgbwz.net udp
US 8.8.8.8:53 uuxzzmljcxfb.net udp
US 8.8.8.8:53 ekouqagyuoyo.com udp
US 8.8.8.8:53 djtsnswuco.info udp
US 8.8.8.8:53 yavekefqtco.net udp
US 8.8.8.8:53 rrfyfqjpj.info udp
US 8.8.8.8:53 megqck.com udp
US 8.8.8.8:53 tkvqscntct.net udp
US 8.8.8.8:53 cwqoie.org udp
US 8.8.8.8:53 hyhuxinrbef.info udp
US 8.8.8.8:53 ccdutuazqeq.net udp
US 8.8.8.8:53 nsvrldkkvpj.info udp
US 8.8.8.8:53 ngirnnel.info udp
US 8.8.8.8:53 kpyvvmntqn.net udp
US 8.8.8.8:53 exxayny.net udp
US 8.8.8.8:53 nnbowa.info udp
US 8.8.8.8:53 wwcyackwqq.com udp
US 8.8.8.8:53 dnxzns.info udp
US 8.8.8.8:53 nudslgskvez.com udp
US 8.8.8.8:53 uauskg.org udp
US 8.8.8.8:53 kmwaavslle.net udp
US 8.8.8.8:53 whyykhqn.info udp
N/A 192.168.28.2:139 tcp
US 8.8.8.8:53 yaukcyu.net udp
US 8.8.8.8:53 giiizqq.info udp
US 8.8.8.8:53 lggckiewcghl.info udp
US 8.8.8.8:53 uczeiisoe.net udp
US 8.8.8.8:53 muveyjzqbul.net udp
US 8.8.8.8:53 rixkdktie.com udp
US 8.8.8.8:53 kvafekgeinmo.net udp
US 8.8.8.8:53 bzkbmozxjf.info udp
US 8.8.8.8:53 imjwei.info udp
US 8.8.8.8:53 btpypfipmac.info udp
US 8.8.8.8:53 zvxurkzzvhty.info udp
US 8.8.8.8:53 rdjtqcvg.info udp
US 8.8.8.8:53 oqioukp.info udp
US 8.8.8.8:53 riduyqmas.com udp
US 8.8.8.8:53 sjzbdvpd.net udp
US 8.8.8.8:53 maeweo.com udp
US 8.8.8.8:53 esegsigecc.com udp
US 8.8.8.8:53 pyzgmgxtn.org udp
US 8.8.8.8:53 ohtidllynkh.info udp
US 8.8.8.8:53 kqqcdiurz.info udp
US 8.8.8.8:53 rsybpgjgvz.info udp
US 8.8.8.8:53 zwzjoud.info udp
US 8.8.8.8:53 cidbbd.info udp
US 8.8.8.8:53 evlcpfpchf.net udp
US 8.8.8.8:53 iiikuixmp.info udp
US 8.8.8.8:53 wufibigud.info udp
US 8.8.8.8:53 jyeolvfxj.info udp
US 8.8.8.8:53 brkzng.net udp
US 8.8.8.8:53 rduwgdsx.net udp
US 8.8.8.8:53 wprsxaq.net udp
US 8.8.8.8:53 zlgbmcro.net udp
US 8.8.8.8:53 vizpyenm.info udp
US 8.8.8.8:53 lavugtwn.net udp
US 8.8.8.8:53 vcnocqnixfk.info udp
US 8.8.8.8:53 gmpfphnrucuw.info udp
US 8.8.8.8:53 flktrt.info udp
US 8.8.8.8:53 sjfgnzvkawh.net udp
US 8.8.8.8:53 sfdklyf.info udp
US 8.8.8.8:53 lzknysdp.info udp
US 8.8.8.8:53 laxyuwfkr.info udp
US 8.8.8.8:53 hqgrrur.com udp
US 8.8.8.8:53 bdxqegrcj.org udp
US 8.8.8.8:53 qmbwxclgd.info udp
US 8.8.8.8:53 owzwlvxtzjd.net udp
US 8.8.8.8:53 lejnlo.net udp
US 8.8.8.8:53 depfbed.net udp
US 8.8.8.8:53 vpbatygg.info udp
US 8.8.8.8:53 aammyo.com udp
US 8.8.8.8:53 mwiuiy.com udp
US 8.8.8.8:53 siaoycomcm.org udp
US 8.8.8.8:53 hhdcno.info udp
US 8.8.8.8:53 qptdbd.net udp
US 8.8.8.8:53 pxdggkqeq.info udp
US 8.8.8.8:53 nxlzjwlyqo.info udp
US 8.8.8.8:53 iaswkukt.net udp
US 8.8.8.8:53 sisdngxub.info udp
US 8.8.8.8:53 fswjtwb.info udp
US 8.8.8.8:53 zpdwdio.net udp
US 8.8.8.8:53 vdmtswsdfyl.org udp
US 8.8.8.8:53 bqcahihjd.net udp
US 8.8.8.8:53 rtafph.info udp
US 8.8.8.8:53 oisfxztxhv.info udp
US 8.8.8.8:53 tzivdo.info udp
US 8.8.8.8:53 ccdcbyid.net udp
US 8.8.8.8:53 djzthzazdk.info udp
US 8.8.8.8:53 oionlszijef.net udp
US 8.8.8.8:53 jwarsothfl.net udp
US 8.8.8.8:53 bezxqyajqi.info udp
US 8.8.8.8:53 rqgezhvw.net udp
US 8.8.8.8:53 toqmlit.org udp
US 8.8.8.8:53 gddttosexsj.net udp
US 8.8.8.8:53 skhfnxnbdu.info udp
US 8.8.8.8:53 clblterwxzrq.info udp
US 8.8.8.8:53 twhdeznb.net udp
US 8.8.8.8:53 dbhmzwtzru.info udp
US 8.8.8.8:53 vzhbealsne.net udp
US 8.8.8.8:53 swlkdolzhhb.net udp
US 8.8.8.8:53 acbxcmcdn.info udp
US 8.8.8.8:53 pudutpcsijel.net udp
US 8.8.8.8:53 iepvja.info udp
US 8.8.8.8:53 vnlslckqfzu.org udp
US 8.8.8.8:53 dbfsvvzgtgun.net udp
US 8.8.8.8:53 peeywjoj.net udp
US 8.8.8.8:53 uuiwakqeeq.org udp
US 8.8.8.8:53 bbtbbofqujwe.net udp
US 8.8.8.8:53 awzekopdjm.net udp
US 8.8.8.8:53 rtlvchkdqrar.info udp
US 8.8.8.8:53 sakuogoeisms.org udp
US 8.8.8.8:53 eamiwqog.com udp
US 8.8.8.8:53 mejkcjfjgvcl.info udp
US 8.8.8.8:53 ikarshgc.net udp
US 8.8.8.8:53 tzwflmeio.net udp
US 8.8.8.8:53 jttxnoo.net udp
US 8.8.8.8:53 kwsgqiymok.org udp
US 8.8.8.8:53 zqtcxfkwz.info udp
US 8.8.8.8:53 pgfrirvorzhv.info udp
US 8.8.8.8:53 fydwhccelch.info udp
US 8.8.8.8:53 iixuzgl.info udp
US 8.8.8.8:53 zmrnbhdcqkwi.info udp
US 8.8.8.8:53 zgjyxnyan.org udp
US 8.8.8.8:53 jytfljtgi.info udp
US 8.8.8.8:53 xqdehofhybh.info udp
US 8.8.8.8:53 tvkvmwhx.info udp
US 8.8.8.8:53 hprqzxhugq.info udp
US 8.8.8.8:53 mwrfbtt.net udp
US 8.8.8.8:53 hlhlatnrtn.net udp
US 8.8.8.8:53 lutlsehazuwg.net udp
US 8.8.8.8:53 jdjgtbjsnal.org udp
US 8.8.8.8:53 rahnqeiicef.com udp
US 8.8.8.8:53 nnvxrswophgu.info udp
US 8.8.8.8:53 xvfbxrcikl.info udp
US 8.8.8.8:53 gqdekaz.net udp
US 8.8.8.8:53 kooqmeqcgu.org udp
US 8.8.8.8:53 lzpdvihonv.info udp
US 8.8.8.8:53 baflakbnh.net udp
US 8.8.8.8:53 swuynjfkbnv.net udp
US 8.8.8.8:53 pltkjahkdqn.com udp
US 8.8.8.8:53 hpfmwaexiq.info udp
US 8.8.8.8:53 xthnja.net udp
US 8.8.8.8:53 rmftkwlinbli.info udp
US 8.8.8.8:53 sioeqi.org udp
US 8.8.8.8:53 tuloghrgqii.info udp
US 8.8.8.8:53 jgufibeybs.info udp
US 8.8.8.8:53 dohknb.info udp
US 8.8.8.8:53 euqmuicscw.org udp
US 8.8.8.8:53 llpkgmff.info udp
US 8.8.8.8:53 yveovmlrlid.info udp
US 8.8.8.8:53 rtlqca.info udp
US 8.8.8.8:53 pwoyvhzarqi.net udp
US 8.8.8.8:53 rhduicnwnwb.org udp
US 8.8.8.8:53 okvncarj.info udp
US 8.8.8.8:53 xcxxvvmr.info udp
US 8.8.8.8:53 plvrxbdu.info udp
US 8.8.8.8:53 tqyclsvizas.com udp
US 8.8.8.8:53 tcvpeqjxrsfu.net udp
US 8.8.8.8:53 feoqcyw.net udp
US 8.8.8.8:53 lwxurtoxmqqr.info udp
US 8.8.8.8:53 dymincoifib.info udp
US 8.8.8.8:53 cmscsq.com udp
US 8.8.8.8:53 xliitdzy.info udp
US 8.8.8.8:53 igyyrpj.info udp
US 8.8.8.8:53 rghrbi.info udp
US 8.8.8.8:53 nfxwgrqjxesx.net udp
US 8.8.8.8:53 bybvbupud.org udp
US 8.8.8.8:53 svfcyc.net udp
US 8.8.8.8:53 wmwafh.info udp
US 8.8.8.8:53 tusieucsj.org udp
US 8.8.8.8:53 xennlgbezer.com udp
US 8.8.8.8:53 sovgagdst.net udp
US 8.8.8.8:53 hqvybydhnif.net udp
US 8.8.8.8:53 qesweukgiykw.com udp
US 8.8.8.8:53 kugodrmogsj.net udp
US 8.8.8.8:53 wqrvrtugx.net udp
US 8.8.8.8:53 cmoaoir.info udp
US 8.8.8.8:53 kqsikakk.com udp
US 8.8.8.8:53 omhirn.net udp
US 8.8.8.8:53 eegxpqopfkd.net udp
US 8.8.8.8:53 txxcfofhrb.net udp
US 8.8.8.8:53 hqsarmhyxqb.net udp
US 8.8.8.8:53 xwdobmfwrlj.net udp
US 8.8.8.8:53 ltcarx.info udp
US 8.8.8.8:53 uqfcbgt.info udp
US 8.8.8.8:53 nnmsoyjugt.net udp
US 8.8.8.8:53 gzxvdjbuv.info udp
US 8.8.8.8:53 wkfgzpneko.net udp
US 8.8.8.8:53 jvfwtwh.net udp
US 8.8.8.8:53 fgjwdazyr.net udp
US 8.8.8.8:53 raxhzkx.info udp
US 8.8.8.8:53 xtfcdojpmksh.net udp
US 8.8.8.8:53 nejnlgvulct.net udp
US 8.8.8.8:53 wokyyoqk.com udp
US 8.8.8.8:53 aqkuuoukp.info udp
US 8.8.8.8:53 renmuav.net udp
US 8.8.8.8:53 nryjffaqht.net udp
US 8.8.8.8:53 tafgcgfjism.info udp
US 8.8.8.8:53 pxnlvvca.info udp
US 8.8.8.8:53 oknetshzhq.info udp
US 8.8.8.8:53 biferib.org udp
US 8.8.8.8:53 aksrgnlgvpde.net udp
US 8.8.8.8:53 fkfdgulofku.net udp
US 8.8.8.8:53 yyquum.org udp
US 8.8.8.8:53 bkfpjbvftkpb.info udp
US 8.8.8.8:53 wbdovmlrlid.info udp
US 8.8.8.8:53 kluuplvkdmkv.net udp
US 8.8.8.8:53 khogtmxdc.info udp
US 8.8.8.8:53 zyrfidvmccs.org udp
US 8.8.8.8:53 pybyludlx.net udp
US 8.8.8.8:53 xfounma.org udp
US 8.8.8.8:53 hghifclbjmx.net udp
US 8.8.8.8:53 zpzahzvhl.info udp
US 8.8.8.8:53 sgaizdhodg.info udp
US 8.8.8.8:53 mmucwcwc.com udp
US 8.8.8.8:53 kioeebngfib.info udp
US 8.8.8.8:53 ekawygwqwc.org udp
US 8.8.8.8:53 imeatcd.net udp
US 8.8.8.8:53 ktpqbh.info udp
US 8.8.8.8:53 dmuffgwol.com udp
US 8.8.8.8:53 qcfkqis.net udp
US 8.8.8.8:53 dfvudx.net udp
US 8.8.8.8:53 gmaiecgyomie.org udp
US 8.8.8.8:53 tnlhggez.net udp
US 8.8.8.8:53 hgxklubip.com udp
US 8.8.8.8:53 vghyawev.info udp
US 8.8.8.8:53 rqcjorbuzh.info udp
US 8.8.8.8:53 iavxohbi.info udp
US 8.8.8.8:53 akferujhv.info udp
US 8.8.8.8:53 oymxdf.net udp
US 8.8.8.8:53 mwhlburh.info udp
US 8.8.8.8:53 glggyq.info udp
US 8.8.8.8:53 ftouzyjjwf.info udp
US 8.8.8.8:53 rafbfgfcjqx.net udp
US 8.8.8.8:53 plgpjgpfth.net udp
US 8.8.8.8:53 cuyuuw.com udp
US 8.8.8.8:53 iesmsapt.net udp
US 8.8.8.8:53 dudqnb.info udp
US 8.8.8.8:53 qauusome.org udp
US 8.8.8.8:53 geikwagi.org udp
US 8.8.8.8:53 isiiuaeqok.org udp
US 8.8.8.8:53 xkncznbot.net udp
US 8.8.8.8:53 ukihjahlgmng.info udp
US 8.8.8.8:53 eqfjpkh.info udp
US 8.8.8.8:53 zxlglmh.net udp
US 8.8.8.8:53 smqqwe.org udp
US 8.8.8.8:53 htvalke.com udp
US 8.8.8.8:53 geewzahrtej.net udp
US 8.8.8.8:53 iysfbtdmfsr.info udp
US 8.8.8.8:53 xbnhtl.net udp
US 8.8.8.8:53 sxvbhuhaqxrc.info udp
US 8.8.8.8:53 uvbrhbftzyf.net udp
US 8.8.8.8:53 hthjbglwnm.info udp
US 8.8.8.8:53 jwpcniulign.net udp
US 8.8.8.8:53 fgevrv.net udp
US 8.8.8.8:53 sgcaiysqiysy.org udp
US 8.8.8.8:53 wyzcjuyiliic.info udp
US 8.8.8.8:53 xqcrtxuo.net udp
US 8.8.8.8:53 cgqzkgvs.info udp
US 8.8.8.8:53 xxzynboah.info udp
US 8.8.8.8:53 nhqcmxrluat.info udp
US 8.8.8.8:53 kwiqvlm.info udp
US 8.8.8.8:53 oelqhkx.info udp
US 8.8.8.8:53 avrpjhwaazzp.net udp
US 8.8.8.8:53 qskwogugucka.org udp
US 8.8.8.8:53 kepgzplonmx.net udp
US 8.8.8.8:53 tfrnhqtpalpu.net udp
US 8.8.8.8:53 oipsxoj.net udp
US 8.8.8.8:53 engoagiq.info udp
US 8.8.8.8:53 icaexwexap.net udp
US 8.8.8.8:53 txluzuxwpgm.net udp
US 8.8.8.8:53 giiyuguwwyyo.com udp
US 8.8.8.8:53 aerdilpadro.info udp
US 8.8.8.8:53 muyeqksowm.com udp
US 8.8.8.8:53 rxrdzun.info udp
US 8.8.8.8:53 kufshlx.info udp
US 8.8.8.8:53 qsuswiv.info udp
US 8.8.8.8:53 waocljpys.net udp
US 8.8.8.8:53 jeddpyceavfk.info udp
US 8.8.8.8:53 repettx.net udp
US 8.8.8.8:53 mocuwg.com udp
US 8.8.8.8:53 suekoiiucskk.com udp
US 8.8.8.8:53 hnjxytbzve.info udp
US 8.8.8.8:53 fgqyzkrnnbm.com udp
US 8.8.8.8:53 kaodhdbwvrnk.net udp
US 8.8.8.8:53 gczshupmzja.net udp
US 8.8.8.8:53 tmzirhmulsjl.net udp
US 8.8.8.8:53 uekkawmy.org udp
US 8.8.8.8:53 cyjivukdfcd.net udp
US 8.8.8.8:53 oqwuqaoc.org udp
US 8.8.8.8:53 ledudex.net udp
US 8.8.8.8:53 lcyuton.com udp
US 8.8.8.8:53 falnzoman.net udp
US 8.8.8.8:53 ngxshahvncf.info udp
US 8.8.8.8:53 pjipgaug.info udp
US 8.8.8.8:53 wgtmvipiiye.net udp
US 8.8.8.8:53 ohvlqczkcwx.info udp
US 8.8.8.8:53 rsfinrxtsmcl.net udp
US 8.8.8.8:53 kixleeskpyjl.info udp
US 8.8.8.8:53 eaggequqscyu.com udp
US 8.8.8.8:53 xylphb.net udp
US 8.8.8.8:53 darvyyfsqf.net udp
US 8.8.8.8:53 yensgeomr.net udp
US 8.8.8.8:53 warodmnqp.net udp
US 8.8.8.8:53 bonalcz.net udp
US 8.8.8.8:53 huzazix.com udp
US 8.8.8.8:53 yabunofpixc.info udp
US 8.8.8.8:53 zwbtwspqocp.net udp
US 8.8.8.8:53 hchebcxeui.net udp
US 8.8.8.8:53 nfbdxehdtals.info udp
US 8.8.8.8:53 huyzptjn.net udp
US 8.8.8.8:53 xslehj.net udp
US 8.8.8.8:53 zjgatneodv.net udp
US 8.8.8.8:53 txdtdpalwz.net udp
US 8.8.8.8:53 msmcdkdoc.info udp
US 8.8.8.8:53 uizuon.net udp
US 8.8.8.8:53 oxzjhmxxch.info udp
US 8.8.8.8:53 vaiugcjqb.org udp
US 8.8.8.8:53 xrhczmzogxn.org udp
US 8.8.8.8:53 hahmtynehqj.com udp
US 8.8.8.8:53 arpuklfekh.info udp
US 8.8.8.8:53 glhgdensdea.net udp
US 8.8.8.8:53 rmbicyx.org udp
US 8.8.8.8:53 lynrrglfh.info udp
US 8.8.8.8:53 kcijqx.net udp
US 8.8.8.8:53 rlnrcaddiio.info udp
US 8.8.8.8:53 wqewqakqwqoy.com udp
US 8.8.8.8:53 lcrpdlllqxrc.info udp
US 8.8.8.8:53 aodctjrovpk.net udp
US 8.8.8.8:53 pmwnmvkr.net udp
US 8.8.8.8:53 gnzfjcag.net udp
US 8.8.8.8:53 dgvpmdpbvi.info udp
US 8.8.8.8:53 jzdefgko.info udp
US 8.8.8.8:53 jihlwstwdrhm.info udp
US 8.8.8.8:53 vqnficsybg.info udp
US 8.8.8.8:53 qjrgmfydgjrh.net udp
US 8.8.8.8:53 pnaooq.info udp
US 8.8.8.8:53 jsoholco.net udp
US 8.8.8.8:53 twhckkb.net udp
US 8.8.8.8:53 jvejacsbbtzh.info udp
US 8.8.8.8:53 lgkofbioin.info udp
US 8.8.8.8:53 jgnwdrpgqz.info udp
US 8.8.8.8:53 oyimgimume.org udp
US 8.8.8.8:53 wyzwnksgker.net udp
US 8.8.8.8:53 qkmgeyiyay.com udp
US 8.8.8.8:53 qfewfkkc.info udp
US 8.8.8.8:53 ntboeowdju.info udp
US 8.8.8.8:53 ttopkerc.net udp
US 8.8.8.8:53 hrpyxrzfju.net udp
US 8.8.8.8:53 iygoiysecaiq.com udp
US 8.8.8.8:53 paymtvnc.net udp
US 8.8.8.8:53 ezgylnqxfrtb.info udp
US 8.8.8.8:53 zsycaj.net udp
US 8.8.8.8:53 jyisduf.org udp
US 8.8.8.8:53 rmkgquwfe.info udp
US 8.8.8.8:53 mblitxgotr.info udp
US 8.8.8.8:53 ctizfwev.info udp
US 8.8.8.8:53 sbtcqpoj.net udp
US 8.8.8.8:53 aowkrgd.info udp
US 8.8.8.8:53 ngffpgkqtslm.net udp
US 8.8.8.8:53 vcwtpqfgld.info udp
US 8.8.8.8:53 syyggyskmoaw.org udp
US 8.8.8.8:53 ztxajqnqnun.com udp
US 8.8.8.8:53 asiondoov.net udp
US 8.8.8.8:53 psqipiv.net udp
US 8.8.8.8:53 ewqymsscskug.com udp
US 8.8.8.8:53 ykyvtltnha.info udp
US 8.8.8.8:53 iwnmgwh.info udp
US 8.8.8.8:53 rkpwjovrpx.net udp
US 8.8.8.8:53 ymwyjyyzngh.info udp
US 8.8.8.8:53 dchspxphwk.net udp
US 8.8.8.8:53 iuhurfv.info udp
US 8.8.8.8:53 jzzionsjdctv.info udp
US 8.8.8.8:53 yoxnjnzuud.net udp
US 8.8.8.8:53 aomjkapm.info udp
US 8.8.8.8:53 ewmwkynnznhz.net udp
US 8.8.8.8:53 jifixuufm.net udp
US 8.8.8.8:53 fzvzxwrwqr.net udp
US 8.8.8.8:53 olovlvjim.net udp
US 8.8.8.8:53 bujsrqfsbrn.net udp
US 8.8.8.8:53 jelzhlivcg.net udp
US 8.8.8.8:53 hjtibmvprdap.net udp
US 8.8.8.8:53 hbmikdyp.net udp
US 8.8.8.8:53 seknsyl.net udp
US 8.8.8.8:53 guhxvqcon.info udp
US 8.8.8.8:53 fqoqdwhl.net udp
US 8.8.8.8:53 xljiilqrkqha.net udp
US 8.8.8.8:53 amjegyg.info udp
US 8.8.8.8:53 pqfxhfpq.info udp
US 8.8.8.8:53 giikcyewio.com udp
US 8.8.8.8:53 uidusopcjbs.net udp
US 8.8.8.8:53 fwrkrwl.info udp
US 8.8.8.8:53 qemqswyy.org udp
US 8.8.8.8:53 lbxacrmdynov.info udp
US 8.8.8.8:53 xsvifqmwf.net udp
US 8.8.8.8:53 mmteoiyuhvd.info udp
US 8.8.8.8:53 dunpvkpbqjnw.info udp
US 8.8.8.8:53 jmqdmind.net udp
US 8.8.8.8:53 iomhjjqkgprw.net udp
US 8.8.8.8:53 cweqyw.com udp
US 8.8.8.8:53 uayebi.info udp
US 8.8.8.8:53 gmglothfkome.info udp
US 8.8.8.8:53 ickicwos.com udp
US 8.8.8.8:53 lwpzzwslz.org udp
US 8.8.8.8:53 bydsut.net udp
US 8.8.8.8:53 llfsap.info udp
US 8.8.8.8:53 twddgmsywp.net udp
US 8.8.8.8:53 ageiwmcsecwc.org udp
US 8.8.8.8:53 aygerulyrai.info udp
US 8.8.8.8:53 odvhdeouew.info udp
US 8.8.8.8:53 timwfizizqh.net udp
US 8.8.8.8:53 ketwzwzaruk.net udp
US 8.8.8.8:53 iqguuokyci.org udp
US 8.8.8.8:53 hwhgzmkkcig.org udp
US 8.8.8.8:53 hbpgerbm.info udp
US 8.8.8.8:53 pzwabhaogt.net udp
US 8.8.8.8:53 hvapjj.net udp
US 8.8.8.8:53 yuaeiogk.com udp
US 8.8.8.8:53 qyecdwxyq.net udp
US 8.8.8.8:53 whxkpo.info udp
US 8.8.8.8:53 ttujnu.info udp
US 8.8.8.8:53 nyiqnd.info udp
US 8.8.8.8:53 oylwrhv.info udp
US 8.8.8.8:53 vqujdykk.net udp
US 8.8.8.8:53 ykrclyfib.net udp
US 8.8.8.8:53 gqrrsdr.info udp
US 8.8.8.8:53 eaxgfmbsp.net udp
US 8.8.8.8:53 relvrpexowxh.info udp
US 8.8.8.8:53 rgqikccxnaqt.net udp
US 8.8.8.8:53 ejjhutyopo.net udp
US 8.8.8.8:53 jklwgwgmn.com udp
US 8.8.8.8:53 pkjalzxk.info udp
US 8.8.8.8:53 rpohsnsaqtmz.net udp
US 8.8.8.8:53 emusyk.org udp
US 8.8.8.8:53 vlykpwn.com udp
US 8.8.8.8:53 lqdyqbbldmwm.info udp
US 8.8.8.8:53 rqtslc.net udp
US 8.8.8.8:53 waekyo.com udp
US 8.8.8.8:53 eayacokbim.info udp
US 8.8.8.8:53 bptivxv.net udp
US 8.8.8.8:53 tyzihzxt.net udp
US 8.8.8.8:53 orjlnovt.info udp
US 8.8.8.8:53 jybvwm.net udp
US 8.8.8.8:53 aaokun.info udp
US 8.8.8.8:53 lqsubgmse.org udp
US 8.8.8.8:53 eoymekquce.com udp
US 8.8.8.8:53 sycgcw.org udp
US 8.8.8.8:53 giigoeegcgea.com udp
US 8.8.8.8:53 gtvoamspru.net udp
US 8.8.8.8:53 swtnmmzclqx.info udp
US 8.8.8.8:53 xlwdyp.info udp
US 8.8.8.8:53 jfzhpqxoimtl.info udp
US 8.8.8.8:53 cyicaukkmu.com udp
US 8.8.8.8:53 wgqoecckyskm.com udp
US 8.8.8.8:53 qcneesfxtxz.net udp
US 8.8.8.8:53 yyquokaugswy.org udp
US 8.8.8.8:53 stpwvzjmz.info udp
US 8.8.8.8:53 lkbssuqv.net udp
US 8.8.8.8:53 ugksayaioyiw.org udp
US 8.8.8.8:53 isksbwv.info udp
US 8.8.8.8:53 jdfolanabxwg.net udp
US 8.8.8.8:53 pnnoffl.net udp
US 8.8.8.8:53 rqponuf.org udp
US 8.8.8.8:53 zjvrjso.org udp
US 8.8.8.8:53 eqsdzqrdgg.net udp
US 8.8.8.8:53 nvxwvuvgwsx.org udp
US 8.8.8.8:53 imofcpjrocgv.info udp
US 8.8.8.8:53 pswagoquh.org udp
US 8.8.8.8:53 hkzyyolyjo.net udp
US 8.8.8.8:53 sqffginkf.info udp
US 8.8.8.8:53 xozlqrfpnt.net udp
US 8.8.8.8:53 zuehbex.net udp
US 8.8.8.8:53 gytkywwfz.net udp
US 8.8.8.8:53 gwivyrwu.info udp
US 8.8.8.8:53 vmkjvsns.info udp
US 8.8.8.8:53 jazejwtkz.info udp
US 8.8.8.8:53 gupcbmz.info udp
US 8.8.8.8:53 qwoeoossekwm.org udp
US 8.8.8.8:53 wumswaosms.com udp
US 8.8.8.8:53 sksmhnvv.info udp
US 8.8.8.8:53 jozuhyt.com udp
US 8.8.8.8:53 yqojji.info udp
US 8.8.8.8:53 cqhoxkzufih.info udp
US 8.8.8.8:53 dikflkti.net udp
US 8.8.8.8:53 zfrgmmex.info udp
US 8.8.8.8:53 borvdw.info udp
US 8.8.8.8:53 nejhfd.info udp
US 8.8.8.8:53 skfacnvfz.info udp
US 8.8.8.8:53 ykvubunze.info udp
US 8.8.8.8:53 uplnriws.net udp
US 8.8.8.8:53 rsycjw.info udp
US 8.8.8.8:53 dixwmgh.net udp
US 8.8.8.8:53 kmxknajhv.info udp
US 8.8.8.8:53 kmebxm.net udp
US 8.8.8.8:53 babuxfj.net udp
US 8.8.8.8:53 ezhwcpnlqafl.net udp
US 8.8.8.8:53 xivvfgn.com udp
US 8.8.8.8:53 vgyzuclndnze.net udp
US 8.8.8.8:53 gmnynovshcj.info udp
US 8.8.8.8:53 ceawka.org udp
US 8.8.8.8:53 kgklgudeaihe.net udp
US 8.8.8.8:53 wopixqd.net udp
US 8.8.8.8:53 acsrnscsnal.info udp
US 8.8.8.8:53 euyycgqy.com udp
US 8.8.8.8:53 maqsjgdehiz.net udp
US 8.8.8.8:53 pqmmvaxvr.com udp
US 8.8.8.8:53 igcueecskauq.org udp
US 8.8.8.8:53 wekeekqs.com udp
US 8.8.8.8:53 amvxnt.info udp
US 8.8.8.8:53 xlnswacyhd.net udp
US 8.8.8.8:53 auexdebb.info udp
US 8.8.8.8:53 lkogncqj.net udp
US 8.8.8.8:53 cfqlkyyxvy.info udp
US 8.8.8.8:53 dxeklqrwx.org udp
US 8.8.8.8:53 lgxwlyhtlmc.com udp
US 8.8.8.8:53 jstixjbiheo.info udp
US 8.8.8.8:53 mytksgah.info udp
US 8.8.8.8:53 xcyqmsewq.info udp
US 8.8.8.8:53 tyzfomtw.net udp
US 8.8.8.8:53 kuyeiwequw.com udp
US 8.8.8.8:53 pspblt.net udp
US 8.8.8.8:53 lhrtevqwps.net udp
US 8.8.8.8:53 njiajqluzfna.net udp
US 8.8.8.8:53 xudkihbsqsl.net udp
US 8.8.8.8:53 nxnahrmg.info udp
US 8.8.8.8:53 pdrmdlf.net udp
US 8.8.8.8:53 zoxslsnvuqk.net udp
US 8.8.8.8:53 jofqjybxvkg.com udp
US 8.8.8.8:53 ckacgm.com udp
US 8.8.8.8:53 oyjtgu.net udp
US 8.8.8.8:53 wqfhmkhoa.info udp
US 8.8.8.8:53 joxjmytqjj.info udp
US 8.8.8.8:53 ndoapqdalpb.net udp
US 8.8.8.8:53 jibhrgnxv.com udp
US 8.8.8.8:53 pavfzkrx.net udp
US 8.8.8.8:53 zihondbizstk.info udp
US 8.8.8.8:53 ccykyy.com udp
US 8.8.8.8:53 eerjnkefu.net udp
US 8.8.8.8:53 xgnsfgd.info udp
US 8.8.8.8:53 yiaugcaqqqao.org udp
US 8.8.8.8:53 mcwqkmoyka.com udp
US 8.8.8.8:53 sugasqyeowok.org udp
US 8.8.8.8:53 rdwtne.net udp
US 8.8.8.8:53 zihyhy.net udp
US 8.8.8.8:53 jspwestx.net udp
US 8.8.8.8:53 yidcleb.net udp
US 8.8.8.8:53 urzeaaq.info udp
US 8.8.8.8:53 qiacweigmk.com udp
US 8.8.8.8:53 nsnuryd.info udp
US 8.8.8.8:53 kxrbbxdijb.net udp
US 8.8.8.8:53 eiitzlwdid.net udp
US 8.8.8.8:53 nvkxvb.net udp
US 8.8.8.8:53 vifygixp.info udp
US 8.8.8.8:53 tanbvzqtnr.net udp
US 8.8.8.8:53 pktfja.info udp
US 8.8.8.8:53 jofalobzg.org udp
US 8.8.8.8:53 fojtsexntgc.info udp
US 8.8.8.8:53 qnfciyc.net udp
US 8.8.8.8:53 gmcuvrw.net udp
US 8.8.8.8:53 rodvrshbdi.info udp
US 8.8.8.8:53 ubpxnf.net udp
US 8.8.8.8:53 mkmcckmc.com udp
US 8.8.8.8:53 qiwgrqekiqy.net udp
US 8.8.8.8:53 usyswygoac.com udp
US 8.8.8.8:53 myemau.org udp
US 8.8.8.8:53 ywswnufqbid.info udp
US 8.8.8.8:53 sqzbbcvky.info udp
US 8.8.8.8:53 gkjamgs.net udp
US 8.8.8.8:53 xwjffym.info udp
US 8.8.8.8:53 sllstqcdrduk.net udp
US 8.8.8.8:53 sjxclehch.info udp
US 8.8.8.8:53 tuoellge.info udp
US 8.8.8.8:53 lzkuzesjzq.info udp
US 8.8.8.8:53 btbxik.net udp
US 8.8.8.8:53 uwzvue.info udp
US 8.8.8.8:53 sfzikuqo.info udp
US 8.8.8.8:53 dhiwjhjo.net udp
US 8.8.8.8:53 uzjmfwzzhoh.info udp
US 8.8.8.8:53 yuruugum.net udp
US 8.8.8.8:53 zthkqotyf.com udp
US 8.8.8.8:53 xazejwd.net udp
US 8.8.8.8:53 rlptdhmqkxqs.info udp
US 8.8.8.8:53 cyjodag.info udp
US 8.8.8.8:53 vcganmsypog.info udp
US 8.8.8.8:53 hsnarcfbr.net udp
US 8.8.8.8:53 nbrqqt.info udp
US 8.8.8.8:53 vnerxpnlpn.net udp
US 8.8.8.8:53 fchpewz.net udp
US 8.8.8.8:53 yqtbhifwsbwb.info udp
US 8.8.8.8:53 gwlkrwcczup.net udp
US 8.8.8.8:53 ukyeqcum.com udp
US 8.8.8.8:53 lkqikeyfz.com udp
US 8.8.8.8:53 vcethqpkncvu.net udp
US 8.8.8.8:53 lfmvqgns.net udp
US 8.8.8.8:53 rcomexf.info udp
US 8.8.8.8:53 kkwqwiukaiyw.org udp
US 8.8.8.8:53 cjzhdwbrjl.info udp
US 8.8.8.8:53 amitfiuqake.info udp
US 8.8.8.8:53 hkryhgrof.net udp
US 8.8.8.8:53 ntgwewwnfk.info udp
US 8.8.8.8:53 wsmpdlwc.info udp
US 8.8.8.8:53 dusahfzp.info udp
US 8.8.8.8:53 ajbzyuvtj.net udp
US 8.8.8.8:53 nxsmmms.info udp
US 8.8.8.8:53 issnsbtr.info udp
US 8.8.8.8:53 pbhkzxvlsagx.info udp
US 8.8.8.8:53 ltfdby.info udp
US 8.8.8.8:53 dakebcl.net udp
US 8.8.8.8:53 xvdapfgg.net udp
US 8.8.8.8:53 vzonqeufhh.net udp
US 8.8.8.8:53 ekmyowka.org udp
US 8.8.8.8:53 ljveoqn.net udp
US 8.8.8.8:53 svjbjrvhxn.info udp
US 8.8.8.8:53 yansygzbxix.net udp
US 8.8.8.8:53 jdpmfmjobbj.info udp
US 8.8.8.8:53 tuvlegkwh.net udp
US 8.8.8.8:53 uowywcscwiqa.org udp
US 8.8.8.8:53 bqlmbwpcggy.com udp
US 8.8.8.8:53 rnvmaytah.net udp
US 8.8.8.8:53 hcgxfiwitqmc.info udp
US 8.8.8.8:53 nxttboiwfij.com udp
US 8.8.8.8:53 iqronap.net udp
US 8.8.8.8:53 yevvqgrpluq.info udp
US 8.8.8.8:53 eefgljd.net udp
US 8.8.8.8:53 rsgqbpkmd.net udp
US 8.8.8.8:53 olpahkj.net udp
US 8.8.8.8:53 lqowtqpdla.info udp
US 8.8.8.8:53 sndkzp.net udp
US 8.8.8.8:53 uclardpzblyx.info udp
US 8.8.8.8:53 nhhepncj.info udp
US 8.8.8.8:53 ayawbzhst.net udp
US 8.8.8.8:53 syocaquuis.org udp
US 8.8.8.8:53 gsskgg.com udp
US 8.8.8.8:53 fihaluomnlgo.net udp
US 8.8.8.8:53 yqgeyq.org udp
US 8.8.8.8:53 rpdmarl.org udp
US 8.8.8.8:53 rqsqxlgdid.net udp
US 8.8.8.8:53 imtwefp.info udp
US 8.8.8.8:53 icivddlsw.info udp
US 8.8.8.8:53 vcmcivdf.info udp
US 8.8.8.8:53 aeumbmtkhht.info udp
US 8.8.8.8:53 psvaltsupo.net udp
US 8.8.8.8:53 icwavybilie.info udp
US 8.8.8.8:53 fddiqye.net udp
US 8.8.8.8:53 aeshjltyjbhs.info udp
US 8.8.8.8:53 oetclszet.info udp
US 8.8.8.8:53 ywkgufjd.info udp
US 8.8.8.8:53 akfidqsjc.net udp
US 8.8.8.8:53 sdsrzaejjq.info udp
US 8.8.8.8:53 todtpguifi.info udp
US 8.8.8.8:53 yedkxgkqe.info udp
US 8.8.8.8:53 mzkrjkkj.info udp
US 8.8.8.8:53 qmaccqoe.org udp
US 8.8.8.8:53 kbdefe.info udp
US 8.8.8.8:53 qsfgdzqbt.info udp
US 8.8.8.8:53 kkhvkufslsz.net udp
US 8.8.8.8:53 dlbmvyvkub.info udp
US 8.8.8.8:53 bbltxevjvt.info udp
US 8.8.8.8:53 lblufkqxpm.net udp
US 8.8.8.8:53 gymeswskio.org udp
US 8.8.8.8:53 sunezmbzi.net udp
US 8.8.8.8:53 btqshxxdelfc.net udp
US 8.8.8.8:53 yhmuqtfepao.net udp
US 8.8.8.8:53 zijwgwteyue.com udp
US 8.8.8.8:53 zkqmgwtcxgf.org udp
US 8.8.8.8:53 kwvaxyhdeyt.info udp
US 8.8.8.8:53 amjkzr.info udp
US 8.8.8.8:53 obfmfq.info udp
US 8.8.8.8:53 anddhdbylmxx.info udp
US 8.8.8.8:53 dkvoaktfxpl.net udp
US 8.8.8.8:53 bkxonzbir.info udp
US 8.8.8.8:53 brufzu.info udp
US 8.8.8.8:53 bezadm.net udp
US 8.8.8.8:53 muuqswca.org udp
US 8.8.8.8:53 sgcsckaqiiqs.com udp
US 8.8.8.8:53 pgssyxpfdmo.net udp
US 8.8.8.8:53 mmlmwgy.net udp
US 8.8.8.8:53 egqldmf.info udp
US 8.8.8.8:53 vkdijap.com udp
US 8.8.8.8:53 fqxsaqc.org udp
US 8.8.8.8:53 gppivj.info udp
US 8.8.8.8:53 xwvxpqm.info udp
US 8.8.8.8:53 hkmjpffyye.net udp
US 8.8.8.8:53 sibdviyqnsj.net udp
US 8.8.8.8:53 ndbrrymrvhrw.info udp
US 8.8.8.8:53 zqoxrj.info udp
US 8.8.8.8:53 qkbkrqbhjxy.net udp
US 8.8.8.8:53 gkbvhqv.net udp
US 8.8.8.8:53 qstanz.net udp
US 8.8.8.8:53 vfbjhoyv.info udp
US 8.8.8.8:53 ywpcxcy.info udp
US 8.8.8.8:53 jznhbx.net udp
US 8.8.8.8:53 jjheajofomez.info udp
US 8.8.8.8:53 htlerifsy.net udp
US 8.8.8.8:53 jycche.net udp
US 8.8.8.8:53 eyefvgvmadsi.info udp
US 8.8.8.8:53 azrqvs.info udp
US 8.8.8.8:53 lcynrsykn.info udp
US 8.8.8.8:53 cyqbhirnudoc.info udp
US 8.8.8.8:53 ooxgtid.net udp
US 8.8.8.8:53 ascmkguuyeei.com udp
US 8.8.8.8:53 ufbksuzwt.info udp
US 8.8.8.8:53 bhpoact.net udp
US 8.8.8.8:53 soqoicoqsk.com udp
US 8.8.8.8:53 zjuakcyvsxmz.info udp
US 8.8.8.8:53 wqsawmym.org udp
US 8.8.8.8:53 abtvzsiqbpp.net udp
IE 34.246.200.160:80 hklgkqwuttn.com tcp
US 8.8.8.8:53 gqeigcio.org udp
US 8.8.8.8:53 vpwcpzrk.info udp
US 8.8.8.8:53 jqbapfx.com udp
US 8.8.8.8:53 bwakyoheys.info udp
US 8.8.8.8:53 hirmpehjx.net udp
US 8.8.8.8:53 doheflpcmskm.net udp
US 8.8.8.8:53 zgkvjcolxwc.info udp
US 8.8.8.8:53 wljsua.net udp
US 8.8.8.8:53 pajqtkf.net udp
US 8.8.8.8:53 qoociioaim.org udp
US 8.8.8.8:53 uqlepa.net udp
US 8.8.8.8:53 yeqsceua.org udp
US 8.8.8.8:53 nvbaxf.net udp
US 8.8.8.8:53 zgzuogxlog.net udp
US 8.8.8.8:53 lavpuo.info udp
US 8.8.8.8:53 ratirtqyspss.net udp
US 8.8.8.8:53 rxrsqgnaly.info udp
US 8.8.8.8:53 uaavognmz.net udp
US 8.8.8.8:53 vjucvsjhluu.org udp
US 8.8.8.8:53 sncupf.info udp
US 8.8.8.8:53 oeeosqkmkg.com udp
US 8.8.8.8:53 rbrvrurtemet.net udp
US 8.8.8.8:53 umtghoh.info udp
US 8.8.8.8:53 syswpmssdtt.info udp
US 8.8.8.8:53 fpdjuvifvn.info udp
US 8.8.8.8:53 kuxajxugfkr.net udp
US 8.8.8.8:53 iemwiqck.org udp
US 8.8.8.8:53 ftuntumjqifl.info udp
US 8.8.8.8:53 cqiuai.org udp
US 8.8.8.8:53 bwetpr.net udp
US 8.8.8.8:53 nodheyoppr.info udp
US 8.8.8.8:53 ognrub.net udp
US 8.8.8.8:53 ccwcvgx.net udp
US 8.8.8.8:53 azrakrbzpk.net udp
US 8.8.8.8:53 bdtghweq.info udp
US 8.8.8.8:53 sygqseqgsuic.com udp
US 8.8.8.8:53 lcwvhen.net udp
US 8.8.8.8:53 eqkgoeiuwe.com udp
US 8.8.8.8:53 augekwgk.com udp
US 8.8.8.8:53 sapdjozokgt.net udp
US 8.8.8.8:53 vedomszij.net udp
US 8.8.8.8:53 vjmyxpra.net udp
US 8.8.8.8:53 bsuoetduv.info udp
US 8.8.8.8:53 brpygfhqla.info udp
US 8.8.8.8:53 euaxfxjw.info udp
US 8.8.8.8:53 ackocsyc.com udp
US 8.8.8.8:53 ycmqiowcug.org udp
US 8.8.8.8:53 dqwdaezsxat.net udp
US 8.8.8.8:53 nxnwpxhqyg.net udp
US 8.8.8.8:53 tpveomqylan.com udp
US 8.8.8.8:53 zxfznjjo.net udp
US 8.8.8.8:53 qohdzctj.info udp
US 8.8.8.8:53 aqrepulatsy.info udp
DE 85.214.228.140:80 xwfmlmbmtaz.info tcp
US 8.8.8.8:53 zgdpfvnfaprt.net udp
US 8.8.8.8:53 nafodwrwdqd.com udp
US 8.8.8.8:53 jkkjvq.net udp
US 8.8.8.8:53 carzlrl.info udp
US 8.8.8.8:53 ilizkaepnopv.net udp
US 208.100.26.245:80 ydqlnw.info tcp
US 8.8.8.8:53 cvqiopfp.net udp
US 8.8.8.8:53 fbjqtmncko.net udp
US 8.8.8.8:53 uncaephtnirx.info udp
US 8.8.8.8:53 cybenqtjo.net udp
US 8.8.8.8:53 gkmstmvdb.net udp
US 8.8.8.8:53 tnxivajml.com udp
US 8.8.8.8:53 qsxyponp.net udp
US 8.8.8.8:53 vvhqnasr.net udp
US 8.8.8.8:53 vnbxzqnskn.info udp
US 8.8.8.8:53 lquoxehymemm.info udp
US 8.8.8.8:53 nafxot.net udp
US 8.8.8.8:53 wgqetwphni.net udp
US 8.8.8.8:53 ywquuu.org udp
US 8.8.8.8:53 aqrovkyyr.info udp
US 8.8.8.8:53 wswsucgymmwu.com udp
US 8.8.8.8:53 rodalclkn.info udp
US 8.8.8.8:53 eksegvjmqqav.net udp
US 8.8.8.8:53 ndollqnj.info udp
US 8.8.8.8:53 civozjszxima.info udp
US 8.8.8.8:53 okpobqy.net udp
US 8.8.8.8:53 zkexidziss.info udp
US 8.8.8.8:53 fmmjtqsrn.com udp
US 8.8.8.8:53 ewwquu.org udp
US 8.8.8.8:53 cgocmmaksqkm.org udp
US 8.8.8.8:53 nzkibs.info udp
US 8.8.8.8:53 mukqsyuqam.com udp
US 8.8.8.8:53 gonuccfqb.net udp
US 8.8.8.8:53 lgswzqbvc.org udp
US 8.8.8.8:53 kolofavonqk.info udp
US 8.8.8.8:53 mgfajoxgzwx.net udp
US 8.8.8.8:53 kyewyasoyo.org udp
US 8.8.8.8:53 cikefqvitjps.net udp
US 8.8.8.8:53 vypsznu.net udp
US 8.8.8.8:53 xofyhmwvlzb.net udp
US 8.8.8.8:53 lobwzuqytvzj.net udp
US 8.8.8.8:53 oetsrg.net udp
US 8.8.8.8:53 ugkqku.org udp
US 8.8.8.8:53 syoiiw.org udp
US 8.8.8.8:53 bshebrrjxjj.org udp
US 8.8.8.8:53 aelxvivwnsg.info udp
US 8.8.8.8:53 idtriulj.info udp
US 8.8.8.8:53 vvckmeet.net udp
US 8.8.8.8:53 uoqiucam.com udp
US 8.8.8.8:53 qvtstzvn.info udp
US 8.8.8.8:53 neyizica.net udp
US 8.8.8.8:53 uuwqcg.org udp
US 8.8.8.8:53 kajlsxb.info udp
US 8.8.8.8:53 qcnextlgcog.info udp
US 8.8.8.8:53 msrfitfe.info udp
US 8.8.8.8:53 zrjtkinlnee.org udp
US 8.8.8.8:53 pgfvtyvj.net udp
US 8.8.8.8:53 uvzigfdvbr.info udp
US 8.8.8.8:53 hawhpjeidszu.net udp
US 8.8.8.8:53 mgeyyuvcp.net udp
US 8.8.8.8:53 ekuffx.net udp
US 8.8.8.8:53 nudttuivtu.info udp
US 8.8.8.8:53 runvywriigs.org udp
US 8.8.8.8:53 xbqnyhehnfby.net udp
US 8.8.8.8:53 xhmmhwrmthx.net udp
US 8.8.8.8:53 aelubcv.info udp
US 8.8.8.8:53 danekjldqpnx.info udp
US 8.8.8.8:53 cavftwykusej.net udp
US 8.8.8.8:53 bmoidyov.info udp
US 8.8.8.8:53 zfhyebpb.net udp
US 8.8.8.8:53 xbneqqytcilq.net udp
US 8.8.8.8:53 hezyzqhszsx.org udp
US 8.8.8.8:53 jfenvudf.net udp
US 8.8.8.8:53 sawyyqucco.com udp
US 8.8.8.8:53 dilmcmz.net udp
US 8.8.8.8:53 ighzbeh.net udp
US 8.8.8.8:53 aiiosygeiwyo.com udp
US 8.8.8.8:53 pvriqd.net udp
US 8.8.8.8:53 lwbganinsp.net udp
US 8.8.8.8:53 sekqsygosicu.org udp
US 8.8.8.8:53 okxgeab.net udp
US 8.8.8.8:53 aammcs.com udp
US 8.8.8.8:53 idhbyhpgxorb.net udp
US 8.8.8.8:53 rckhxancdzdi.net udp
US 8.8.8.8:53 wpeujqs.info udp
US 8.8.8.8:53 lhgalyr.com udp
US 8.8.8.8:53 jswebesy.info udp
US 8.8.8.8:53 vmylheoy.info udp
US 8.8.8.8:53 oudctvv.net udp
US 8.8.8.8:53 cmsisw.org udp
US 8.8.8.8:53 kqtbjibmaul.info udp
US 8.8.8.8:53 stxapuuba.info udp
US 8.8.8.8:53 dxfvcgdcv.info udp
US 8.8.8.8:53 ovwkbp.info udp
US 8.8.8.8:53 hpwdnrehqh.net udp
US 8.8.8.8:53 ekfcxnv.info udp
US 8.8.8.8:53 almgicpa.net udp
US 8.8.8.8:53 nmjuarjhbejq.info udp
US 8.8.8.8:53 fkvbetrp.net udp
US 8.8.8.8:53 yuqwuwaukeig.org udp
US 8.8.8.8:53 knecrmxqrmj.net udp
US 8.8.8.8:53 yaqmzkmax.net udp
US 8.8.8.8:53 ekouqagyuoyo.com udp
US 8.8.8.8:53 ywfifmdkdyv.net udp
US 8.8.8.8:53 ohwyzen.net udp
US 8.8.8.8:53 kseclqren.net udp
US 8.8.8.8:53 apaovegwk.info udp
US 8.8.8.8:53 ptjnfojzyw.net udp
US 8.8.8.8:53 soncjql.info udp
US 8.8.8.8:53 yavekefqtco.net udp
US 8.8.8.8:53 hivfeylatab.info udp
US 8.8.8.8:53 hcdkhor.com udp
US 8.8.8.8:53 mcyckaqqck.com udp
US 8.8.8.8:53 jslstrdzfmh.info udp
US 8.8.8.8:53 ujlhtk.net udp
US 8.8.8.8:53 wanztztkw.info udp
US 8.8.8.8:53 rwdgbzfua.org udp
US 8.8.8.8:53 jejbqldlutsn.net udp
US 8.8.8.8:53 kvpexwl.info udp
US 8.8.8.8:53 dqzhvpvwkf.net udp
US 8.8.8.8:53 bwlgdey.org udp
US 8.8.8.8:53 eyfwtmhsvgp.info udp
US 8.8.8.8:53 nudslgskvez.com udp
US 8.8.8.8:53 uauskg.org udp
US 8.8.8.8:53 wzrgrkhgbqo.net udp
US 8.8.8.8:53 rcstxmtvi.org udp
US 8.8.8.8:53 rixkdktie.com udp
US 8.8.8.8:53 pwujofveu.info udp
US 8.8.8.8:53 vgpgict.com udp
US 8.8.8.8:53 bzkbmozxjf.info udp
US 8.8.8.8:53 nmxslea.net udp
US 8.8.8.8:53 btpypfipmac.info udp
US 8.8.8.8:53 xjasver.info udp
US 8.8.8.8:53 wussgs.com udp
US 8.8.8.8:53 jtvmtd.net udp
US 8.8.8.8:53 rukbhehbhyd.org udp
US 8.8.8.8:53 xradvzch.info udp
US 8.8.8.8:53 rhrwfgnvrh.info udp
US 8.8.8.8:53 lvrhfhhddx.info udp
US 8.8.8.8:53 pyzgmgxtn.org udp
US 8.8.8.8:53 ldvecirkfcb.net udp
US 8.8.8.8:53 kqqcdiurz.info udp
US 8.8.8.8:53 kabvrfxutmt.info udp
US 8.8.8.8:53 dyfetzdg.info udp
US 8.8.8.8:53 lihkyfrvtmx.info udp
US 8.8.8.8:53 znwfljrsyvub.net udp
US 8.8.8.8:53 pikyhpboz.org udp
US 8.8.8.8:53 gozsdi.net udp
US 8.8.8.8:53 ccmeucsi.org udp
US 8.8.8.8:53 sgcmuod.info udp
US 8.8.8.8:53 oewesyaecu.com udp
US 8.8.8.8:53 oirwxezuv.net udp
US 8.8.8.8:53 yecyxtnib.info udp
US 8.8.8.8:53 skxclsw.info udp
US 8.8.8.8:53 sjfgnzvkawh.net udp
US 8.8.8.8:53 nuohjggtdc.net udp
US 8.8.8.8:53 ysueywyc.com udp
US 8.8.8.8:53 vbuodmvmj.com udp
US 8.8.8.8:53 qmbwxclgd.info udp
US 8.8.8.8:53 pczdyxkwx.net udp
US 8.8.8.8:53 depfbed.net udp
US 8.8.8.8:53 qinwfwlbjlnu.info udp
US 8.8.8.8:53 dlahrmrnaj.net udp
US 8.8.8.8:53 uwpadlwcfwq.net udp
US 8.8.8.8:53 gkaqwiwwae.org udp
US 8.8.8.8:53 hhdcno.info udp
US 8.8.8.8:53 cufwughio.info udp
US 8.8.8.8:53 oisfxztxhv.info udp
US 8.8.8.8:53 sehytydybw.info udp
US 8.8.8.8:53 zwfwrsbcrya.info udp
US 8.8.8.8:53 nalyhg.info udp
US 8.8.8.8:53 jhihilllbc.info udp
US 8.8.8.8:53 mgoemc.org udp
US 8.8.8.8:53 pfpgknhq.info udp
US 8.8.8.8:53 ttmjnt.net udp
US 8.8.8.8:53 fotmfsoynph.com udp
US 8.8.8.8:53 rqgezhvw.net udp
US 8.8.8.8:53 axpjoitp.net udp
US 8.8.8.8:53 tuzebczxqaj.net udp
US 8.8.8.8:53 mqjgwhr.net udp
US 8.8.8.8:53 ocuswgkkim.com udp
US 8.8.8.8:53 acbxcmcdn.info udp
US 8.8.8.8:53 kqeyqm.com udp
US 8.8.8.8:53 mkdglz.net udp
US 8.8.8.8:53 peeywjoj.net udp
US 8.8.8.8:53 okpcribdbmr.info udp
US 8.8.8.8:53 iclqmtoajudh.info udp
US 8.8.8.8:53 qmsufqdizon.info udp
US 8.8.8.8:53 qwoxzvwmrvsb.net udp
US 8.8.8.8:53 bbtbbofqujwe.net udp
US 8.8.8.8:53 rcyttwjk.net udp
US 8.8.8.8:53 gdtzlnuteh.info udp
US 8.8.8.8:53 jypwhwggp.info udp
US 8.8.8.8:53 pyxmndne.info udp
US 8.8.8.8:53 yicubckxu.info udp
US 8.8.8.8:53 vlfrzulnum.info udp
US 8.8.8.8:53 eamiwqog.com udp
US 8.8.8.8:53 dwacfos.info udp
US 8.8.8.8:53 egqoaq.com udp
US 8.8.8.8:53 wqkxyov.net udp
US 8.8.8.8:53 cmrigcoi.info udp
US 8.8.8.8:53 hmldreth.net udp
US 8.8.8.8:53 ykiggo.com udp
US 8.8.8.8:53 tzwflmeio.net udp
US 8.8.8.8:53 nonoqcbel.org udp
US 8.8.8.8:53 lgxctr.info udp
US 8.8.8.8:53 vfddpsjsrq.info udp
US 8.8.8.8:53 gqusmuus.com udp
US 8.8.8.8:53 fydwhccelch.info udp
US 8.8.8.8:53 putjvibfshzu.net udp
US 8.8.8.8:53 hhmosujuzqzq.net udp
US 8.8.8.8:53 zgjyxnyan.org udp
US 8.8.8.8:53 ooaayw.org udp
US 8.8.8.8:53 aabofvdo.info udp
US 8.8.8.8:53 xeaexkqamew.org udp
US 8.8.8.8:53 tvkvmwhx.info udp
US 8.8.8.8:53 hprqzxhugq.info udp
US 8.8.8.8:53 jdjgtbjsnal.org udp
US 8.8.8.8:53 ijakcyi.net udp
US 8.8.8.8:53 rahnqeiicef.com udp
US 8.8.8.8:53 eqymum.com udp
US 8.8.8.8:53 qeewoq.com udp
US 8.8.8.8:53 swuynjfkbnv.net udp
US 8.8.8.8:53 slpjrknd.info udp
US 8.8.8.8:53 jhrzpq.info udp
US 8.8.8.8:53 lgyxzxyldb.info udp
US 8.8.8.8:53 iuhjpepnp.info udp
US 8.8.8.8:53 xthnja.net udp
US 8.8.8.8:53 ffbshvpusws.net udp
US 8.8.8.8:53 xicrgwzzil.info udp
US 8.8.8.8:53 gtnkbphey.net udp
US 8.8.8.8:53 jgufibeybs.info udp
US 8.8.8.8:53 aoqybp.net udp
US 8.8.8.8:53 wwwegqoagsee.org udp
US 8.8.8.8:53 habesibat.org udp
US 8.8.8.8:53 yveovmlrlid.info udp
US 8.8.8.8:53 vkuyssdyf.org udp
US 8.8.8.8:53 xcxxvvmr.info udp
US 8.8.8.8:53 relgxbjkaq.net udp
US 8.8.8.8:53 xucpcv.net udp
US 8.8.8.8:53 tarcpkhpn.org udp
US 8.8.8.8:53 wmmscpl.info udp
US 8.8.8.8:53 dyusbg.net udp
US 8.8.8.8:53 vnjrpakul.net udp
US 8.8.8.8:53 ysrdzppy.net udp
US 8.8.8.8:53 fpvilghmn.org udp
US 8.8.8.8:53 cabglprpdwrf.net udp
US 8.8.8.8:53 bgxngmdzzd.info udp
US 8.8.8.8:53 umvzmnedseny.info udp
US 8.8.8.8:53 dymincoifib.info udp
US 8.8.8.8:53 rusjpt.info udp
US 8.8.8.8:53 jeovdo.info udp
US 8.8.8.8:53 bmuqenhwc.org udp
US 8.8.8.8:53 oknlmrlmr.info udp
US 8.8.8.8:53 sovgagdst.net udp
US 8.8.8.8:53 yiwouukm.com udp
US 8.8.8.8:53 uuaclgzdp.net udp
US 8.8.8.8:53 wqrvrtugx.net udp
US 8.8.8.8:53 eegxpqopfkd.net udp
US 8.8.8.8:53 wwwauwmuey.org udp
US 8.8.8.8:53 ddbypyvxbar.org udp
US 8.8.8.8:53 ugvmkoyoxjd.info udp
US 8.8.8.8:53 ooseig.org udp
US 8.8.8.8:53 kgxwyshmbd.info udp
US 8.8.8.8:53 haugdp.info udp
US 8.8.8.8:53 tmsybuzdfnqz.net udp
US 8.8.8.8:53 feyjrv.net udp
US 8.8.8.8:53 uzdskepkgj.net udp
US 8.8.8.8:53 tldmdetwt.org udp
US 8.8.8.8:53 ysreqsa.info udp
US 8.8.8.8:53 jejdvjh.com udp
US 8.8.8.8:53 mcxqvghqhhk.net udp
US 8.8.8.8:53 rmzrhow.org udp
US 8.8.8.8:53 ctnhbvtc.info udp
US 8.8.8.8:53 zvlcnqfiy.info udp
US 8.8.8.8:53 ysoyiq.org udp
US 8.8.8.8:53 fgjwdazyr.net udp
US 8.8.8.8:53 kywqzgzkjeyu.info udp
US 8.8.8.8:53 wokyyoqk.com udp
US 8.8.8.8:53 eurdxxsjgr.info udp
US 8.8.8.8:53 jktzplakb.info udp
US 8.8.8.8:53 xojsdfju.net udp
US 8.8.8.8:53 mcwqlqcafrr.info udp
US 8.8.8.8:53 gguyiwqa.com udp
N/A 192.168.28.2:445 tcp
US 8.8.8.8:53 tczezkzctmk.net udp
US 8.8.8.8:53 edbireshbic.info udp
N/A 192.168.28.2:139 tcp
US 8.8.8.8:53 eobpgsr.net udp
US 8.8.8.8:53 tyjbqk.info udp
US 8.8.8.8:53 prlbco.info udp
US 8.8.8.8:53 jwarxqbqb.com udp
US 8.8.8.8:53 iuwocqgumgqg.org udp
US 8.8.8.8:53 wbdovmlrlid.info udp
US 8.8.8.8:53 lmqxsspvau.net udp
US 8.8.8.8:53 hghifclbjmx.net udp
US 8.8.8.8:53 wsnxrixkbmf.info udp
US 8.8.8.8:53 yaethtjc.net udp
US 8.8.8.8:53 zqnktqb.info udp
US 8.8.8.8:53 ayvofpmalr.info udp
US 8.8.8.8:53 jaramcvaz.net udp
US 8.8.8.8:53 kioeebngfib.info udp
US 8.8.8.8:53 vyjcdycem.net udp
US 8.8.8.8:53 kiouyo.org udp
US 8.8.8.8:53 uwjurjcuth.net udp
US 8.8.8.8:53 oyehpdlipb.info udp
US 8.8.8.8:53 elkndjzt.net udp
US 8.8.8.8:53 ktpqbh.info udp
US 8.8.8.8:53 hwzabcjogwx.info udp
US 8.8.8.8:53 omsspilgcw.info udp
US 8.8.8.8:53 dfvudx.net udp
US 8.8.8.8:53 pahavctdz.net udp
US 8.8.8.8:53 zmuygrlzp.com udp
US 8.8.8.8:53 rqcjorbuzh.info udp
US 8.8.8.8:53 aoqemwcywo.com udp
US 8.8.8.8:53 kiamck.com udp
US 8.8.8.8:53 hmevgoxljrti.net udp
US 8.8.8.8:53 rafbfgfcjqx.net udp
US 8.8.8.8:53 ymmuskuewmsc.org udp
US 8.8.8.8:53 rayqmsesq.info udp
US 8.8.8.8:53 iueprajoceth.net udp
US 8.8.8.8:53 oxmfry.net udp
US 8.8.8.8:53 dudqnb.info udp
US 8.8.8.8:53 xbiomzpgvb.net udp
US 8.8.8.8:53 bibuhct.net udp
US 8.8.8.8:53 qdxrrd.net udp
US 8.8.8.8:53 ytgyjuxiw.net udp
US 8.8.8.8:53 poagzldov.com udp
US 8.8.8.8:53 xkncznbot.net udp
US 8.8.8.8:53 xxlvvgfxcn.info udp
US 8.8.8.8:53 buyqurbj.info udp
US 8.8.8.8:53 eawswkakyo.com udp
US 8.8.8.8:53 mipsjzvdm.net udp
US 8.8.8.8:53 zxlglmh.net udp
US 8.8.8.8:53 cjfzqcmctvne.info udp
US 8.8.8.8:53 gunpzae.info udp
US 8.8.8.8:53 meqiokaayu.org udp
US 8.8.8.8:53 dmdvyqfwrs.info udp
US 8.8.8.8:53 qmisgs.org udp
US 8.8.8.8:53 dpfllt.net udp
US 8.8.8.8:53 iaojdgwfhox.net udp
US 8.8.8.8:53 cywsmweuce.org udp
US 8.8.8.8:53 sijcpsi.info udp
US 8.8.8.8:53 aoxlrqh.info udp
US 8.8.8.8:53 khhqhgf.net udp
US 8.8.8.8:53 nqfyldbit.org udp
US 8.8.8.8:53 jwpcniulign.net udp
US 8.8.8.8:53 tosynisiv.org udp
US 8.8.8.8:53 txhong.net udp
US 8.8.8.8:53 kogkjs.net udp
US 8.8.8.8:53 kcrgngi.info udp
US 8.8.8.8:53 iuswqkcw.org udp
US 8.8.8.8:53 aslnxmd.info udp
US 8.8.8.8:53 ekfybkui.info udp
US 8.8.8.8:53 jqaeqfarnwnq.net udp
US 8.8.8.8:53 gxzoxihez.net udp
US 8.8.8.8:53 tscuvbzsmhwj.info udp
US 8.8.8.8:53 aeccvqg.info udp
US 8.8.8.8:53 koooacoyiiak.com udp
US 8.8.8.8:53 oelqhkx.info udp
US 8.8.8.8:53 nurbmahvlpld.net udp
US 8.8.8.8:53 tfrnhqtpalpu.net udp
US 8.8.8.8:53 uwccjhdmxejx.net udp
US 8.8.8.8:53 pfqpkh.info udp
US 8.8.8.8:53 aerdilpadro.info udp
US 8.8.8.8:53 qqgmmkykgw.org udp
US 8.8.8.8:53 kdofpdbv.info udp
US 8.8.8.8:53 qsuswiv.info udp
US 8.8.8.8:53 lozsualzfhm.net udp
US 8.8.8.8:53 vznatnt.org udp
US 8.8.8.8:53 bkbqcopuxex.com udp
US 8.8.8.8:53 jeddpyceavfk.info udp
US 8.8.8.8:53 ywqowiem.com udp
US 8.8.8.8:53 smqcsimc.org udp
US 8.8.8.8:53 rkzgspm.org udp
US 8.8.8.8:53 klfnxcer.net udp
US 8.8.8.8:53 rhpzfosvcbv.info udp
US 8.8.8.8:53 pjxelzkvwrjq.info udp
US 8.8.8.8:53 pcnuzetkbmc.info udp
US 8.8.8.8:53 hnjxytbzve.info udp
US 8.8.8.8:53 fsbmnsl.net udp
US 8.8.8.8:53 owfmxfveds.info udp
US 8.8.8.8:53 rahulodal.com udp
US 8.8.8.8:53 lyqgvg.info udp
US 8.8.8.8:53 damjfutozebh.info udp
US 8.8.8.8:53 tszhefadik.info udp
US 8.8.8.8:53 ucpwmsdmk.info udp
US 8.8.8.8:53 qmwyeeqcko.org udp
US 8.8.8.8:53 eqgiqwesoagm.com udp
US 8.8.8.8:53 uoamgesuykeu.org udp
US 8.8.8.8:53 mwmmywoc.com udp
US 8.8.8.8:53 twhqmssevaw.net udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\vgnqbcl.exe

MD5 386d3d81c643fad2c7c9d8bc3d640869
SHA1 68eb7717394fd0f7e7fd00abb729c9b9fdf6d6de
SHA256 2183d45504d667aed0461ea2b29a1bc2520ca08f727343d54260b50be0c6c5a4
SHA512 0e16bf91aadebd41d76d2b0af66207ecacd66ac173589b1a9688f9c4c125f6e0457e5381ef06ee8d74b9a26f3f3833c67a91a351f4c45705a28bd04cc81c0dbc

C:\Users\Admin\AppData\Local\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 e1451aa52509ebe777c3f04333026d47
SHA1 9fceb6fd378bab8ca569657fae5752902096daee
SHA256 50c04c6a80d7218c4537c6f1f7cb9ab6adf5fdc1d3aad770b3b02cf90b5916b4
SHA512 a33ce7451d07880aab032e891c24d0b85b1ea7aea378a160082d3c29dc254e9753139b122fe91cec972d7263168386dd3f8699f9178f219074431032d3051ebf

C:\Users\Admin\AppData\Local\uoeqkumbskftlebbejwqgsmwodumhvngddglys.uoy

MD5 214b298e4140daa50884ec898bd07042
SHA1 303119da26fdad7c15a696ef94e1d469069a30a4
SHA256 0ce086524f7fe6f4b34f4f5ce5bbb51a6cdcc89cc006ee7983c27630358fda31
SHA512 aed8729aeb5233ab435b01cfa1bc1a919d913e8830483b105b050592c518798f4e8f2d03285f15ce5ce9ace49a7dc61b01cb5115692c20a166aaab174b20ed94

C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 35dd0a7e937db0d9cbbe9de9c27314b7
SHA1 0c44703beb5ab6224e95debe0dc518a390712405
SHA256 71cd47e5d658624c00eb211f48731d134de1107b72472e32e0fb2de819e5d8c7
SHA512 e44c7974dbbbe52f54b6ad65002032d506dca0cbf81c2667b745150c8af502342ffdbbe685bb4a0ede52e3e7c4134eb31656e1f2bdd08ae04b986afea5763b02

C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 2a7fac9a7b049d3d99dd98e7736bc8e8
SHA1 27b8d1705fb5128d07a4405d27761deede505bf1
SHA256 19acfe81863de4327c3d910647c48f9caabc8be636567738e755689b26e1cbb5
SHA512 1862a425b1fd52ca51bf91cdc46a62cb49749ec10a9c06ec54e44ccce22a9ad1483bf23ca768df77605d9a7ac96421f58ddba8540e25534f6564413f786faf8b

C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 9a492cdd49a6c6d07a5fcdcac2f78bf9
SHA1 9df2b8624044d73b9c8fed80df8df53eaa2b3704
SHA256 d3bc60af5378c05efd9b2a31ef6a42758bb40a9d23e4da47356fac8429858aab
SHA512 e332bd2b782a1f12716301ffe8cb505f91e8de6359112a5cdff2d1270b224c003422134dc9153c50557b3f5d6fb2f4639e178253f636f3316820b6856d6bd4e0

C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 e4d5df84363f10fe1887282ea658f2d2
SHA1 d9d45dab9f7b1212c2ef5310a2de93302e3f06ab
SHA256 7c7ba3195df813fcb65ea69fe1eb1a71e6c791cee6efd651feb5f714dd450725
SHA512 d75aa6b741a34c554e0610613d09ed157a5b74df7d17e241a51136135ae790b8df19c30407b45288aebda91d8394093ae055ac241060b9c2685d05e4bc34a362

C:\Users\Admin\AppData\Local\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 139608fd2050d639dfb895211611c742
SHA1 99a03bb015676d175c4a74e329a7a3679f2e6f4b
SHA256 0b40c063f9abb223fc4323b26366961f58d4a79e53dac500eb5fc62b6b21c1ea
SHA512 4f83fa0e30e2dfbbc6f2cda104792204beda4895fd12d6c8ccfaa047353177f8807948b9b86432a8b7241ee200cd7968e75e132464b4a736138f2f5a675de5d5

C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 da6eb16282df61aeb6d9471663d7bf19
SHA1 358e11d883a3d425402df9408b8a51e86c43e34d
SHA256 e059c8c2cc5324e692786237708038a3e836e56e8cb04c3f23ae5556b4e27200
SHA512 912cd741a7add78cd4d308d61fb52c152a1b44de92612278e3ecd038eda5dcfd73042b84861ed15b441ba23e5e4ace9b54db597e10fc9eb82a5f3b5f0a383d81

C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 3614f4fd8f8ae81a679a3a92f159f61a
SHA1 89d18ea94888111ea55be19ca3213e5d85eb76ec
SHA256 ad2fe6fee8d470142ffe53acca85faefa5e89899a143192fcbf91ac3229e36e4
SHA512 27db87ea15457d9a17297742e02fac99a10cb858a22b11caf50ba30e830b56179341596df06dd62a660fa2aad0cec10b7e44765b4b65a69a76a068d7687d8717

C:\Program Files (x86)\xglmvubflscfmugvnhjsxyhgnrx.ory

MD5 e85559fa97cbb6eea28a9d4a6e67b6c4
SHA1 dd408916e09e72f80fa6af6b1e79ccf76b4fe6c2
SHA256 9a4617a12ee6c95b261bbbf444e07b49d5911621fa3d3029b52c83e1b08aa19e
SHA512 3dcaa027a2a0d43884d6e340a1c194f75a4cfc79be6b52ac615b2f2f4914da4a09fe047faf01e140605be24cdff1b6eb8e6a6d760486e8ce09231732d1adc333