Analysis Overview
SHA256
be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6
Threat Level: Known bad
The file be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Adds policy Run key to start application
Loads dropped DLL
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Adds Run key to start application
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 02:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 02:17
Reported
2024-11-13 02:20
Platform
win7-20240903-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "xrmytskzqlirxsrsexb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "xrmytskzqlirxsrsexb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrmytskzqlirxsrsexb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrmytskzqlirxsrsexb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odtaqkxhtjbfgw = "mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rdquhyipyla = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvoyroergzubfyvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "xrmytskzqlirxsrsexb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "mfzkecthxrnvaussdv.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvsgdeypifepxuvymhnjg.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "dvoyroergzubfyvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "dvoyroergzubfyvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "mfzkecthxrnvaussdv.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "dvoyroergzubfyvue.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "zvsgdeypifepxuvymhnjg.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "dvoyroergzubfyvue.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrmytskzqlirxsrsexb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "zvsgdeypifepxuvymhnjg.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "dvoyroergzubfyvue.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "wnfogcrdrjdjmeay.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mfzkecthxrnvaussdv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "xrmytskzqlirxsrsexb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrmytskzqlirxsrsexb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mfzkecthxrnvaussdv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrmytskzqlirxsrsexb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mfzkecthxrnvaussdv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfzkecthxrnvaussdv.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wnfogcrdrjdjmeay = "xrmytskzqlirxsrsexb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrmytskzqlirxsrsexb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mfzkecthxrnvaussdv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dvoyroergzubfyvue.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mfzkecthxrnvaussdv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfzkecthxrnvaussdv.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "wnfogcrdrjdjmeay.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mfzkecthxrnvaussdv.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\obpuialtdrhj = "xrmytskzqlirxsrsexb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mfzkecthxrnvaussdv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kfbokkdtlhfpwssuhbgb.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\rhygxsgrevotvmh = "zvsgdeypifepxuvymhnjg.exe" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "wnfogcrdrjdjmeay.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\dvoyroergzubfyvue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wnfogcrdrjdjmeay.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\nbqwleqzkzqtt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvsgdeypifepxuvymhnjg.exe ." | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\jnsotcedejqjzenyuxlpuqveg.gls | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File created | C:\Windows\SysWOW64\jnsotcedejqjzenyuxlpuqveg.gls | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\odtaqkxhtjbfgwqmthgvlsicpzlbtxyoielz.ndk | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File created | C:\Windows\SysWOW64\odtaqkxhtjbfgwqmthgvlsicpzlbtxyoielz.ndk | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\odtaqkxhtjbfgwqmthgvlsicpzlbtxyoielz.ndk | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File created | C:\Program Files (x86)\odtaqkxhtjbfgwqmthgvlsicpzlbtxyoielz.ndk | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File opened for modification | C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File created | C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\jnsotcedejqjzenyuxlpuqveg.gls | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File created | C:\Windows\jnsotcedejqjzenyuxlpuqveg.gls | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File opened for modification | C:\Windows\odtaqkxhtjbfgwqmthgvlsicpzlbtxyoielz.ndk | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| File created | C:\Windows\odtaqkxhtjbfgwqmthgvlsicpzlbtxyoielz.ndk | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe
"C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe"
C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe
"C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe" "-"
C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe
"C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe" "-"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | hklgkqwuttn.com | udp |
| IE | 34.246.200.160:80 | hklgkqwuttn.com | tcp |
| US | 8.8.8.8:53 | mgygkgsqge.com | udp |
| US | 8.8.8.8:53 | vpwcpzrk.info | udp |
| US | 8.8.8.8:53 | lcfllcilwtmy.net | udp |
| US | 8.8.8.8:53 | yuitrvxbhgqa.net | udp |
| US | 8.8.8.8:53 | zgkvjcolxwc.info | udp |
| US | 8.8.8.8:53 | wljsua.net | udp |
| US | 8.8.8.8:53 | qwkweuse.com | udp |
| US | 8.8.8.8:53 | pqxntmosk.com | udp |
| US | 8.8.8.8:53 | igique.com | udp |
| US | 8.8.8.8:53 | guyiaq.org | udp |
| US | 8.8.8.8:53 | yeqsceua.org | udp |
| US | 8.8.8.8:53 | pouoyuyojoj.net | udp |
| US | 8.8.8.8:53 | ratirtqyspss.net | udp |
| US | 8.8.8.8:53 | xaxbbezav.org | udp |
| US | 8.8.8.8:53 | pgfshpfkznvy.info | udp |
| US | 8.8.8.8:53 | mkzfdx.net | udp |
| US | 8.8.8.8:53 | hhvercv.info | udp |
| US | 8.8.8.8:53 | xavxiovilc.net | udp |
| US | 8.8.8.8:53 | lcsgfob.org | udp |
| US | 8.8.8.8:53 | umtghoh.info | udp |
| US | 8.8.8.8:53 | qphelvs.info | udp |
| US | 8.8.8.8:53 | usqycm.org | udp |
| US | 8.8.8.8:53 | mqhmycj.info | udp |
| US | 8.8.8.8:53 | kuxajxugfkr.net | udp |
| US | 8.8.8.8:53 | ijmwsjpkrqze.net | udp |
| US | 8.8.8.8:53 | bqgwxwz.info | udp |
| US | 8.8.8.8:53 | xqdjqvtche.net | udp |
| US | 8.8.8.8:53 | cqiuai.org | udp |
| US | 8.8.8.8:53 | uxxohu.info | udp |
| US | 8.8.8.8:53 | pnbstkokimq.com | udp |
| US | 8.8.8.8:53 | icyigccmac.org | udp |
| US | 8.8.8.8:53 | azrakrbzpk.net | udp |
| US | 8.8.8.8:53 | mwrmppqbn.info | udp |
| US | 8.8.8.8:53 | frwnbyrqwc.net | udp |
| US | 8.8.8.8:53 | ougqys.com | udp |
| US | 8.8.8.8:53 | xtbuumlmt.org | udp |
| US | 8.8.8.8:53 | gcwggsuouisc.com | udp |
| US | 8.8.8.8:53 | fgpvxuwja.com | udp |
| US | 8.8.8.8:53 | vjmyxpra.net | udp |
| US | 8.8.8.8:53 | gclovk.net | udp |
| US | 8.8.8.8:53 | ycmklmlqpad.info | udp |
| US | 8.8.8.8:53 | nxnwpxhqyg.net | udp |
| US | 8.8.8.8:53 | xlfavuzdrub.com | udp |
| US | 8.8.8.8:53 | cchxivgz.net | udp |
| US | 8.8.8.8:53 | iqbobb.net | udp |
| US | 8.8.8.8:53 | oewakmwecoos.org | udp |
| US | 8.8.8.8:53 | zxfznjjo.net | udp |
| US | 8.8.8.8:53 | dakrsxggglmj.info | udp |
| US | 8.8.8.8:53 | jejubc.info | udp |
| US | 8.8.8.8:53 | crjtyy.info | udp |
| US | 8.8.8.8:53 | kskaxbb.info | udp |
| US | 8.8.8.8:53 | qohdzctj.info | udp |
| US | 8.8.8.8:53 | fgwderlr.net | udp |
| US | 8.8.8.8:53 | xwfmlmbmtaz.info | udp |
| DE | 85.214.228.140:80 | xwfmlmbmtaz.info | tcp |
| US | 8.8.8.8:53 | cyjjtlzjuev.info | udp |
| US | 8.8.8.8:53 | nafodwrwdqd.com | udp |
| US | 8.8.8.8:53 | rvdssifyejo.com | udp |
| US | 8.8.8.8:53 | rbixvijx.net | udp |
| US | 8.8.8.8:53 | zxtlzsdc.info | udp |
| US | 8.8.8.8:53 | ewvokslm.info | udp |
| US | 8.8.8.8:53 | iwfqjyt.net | udp |
| US | 8.8.8.8:53 | jkkjvq.net | udp |
| US | 8.8.8.8:53 | gaztfstohrq.net | udp |
| US | 8.8.8.8:53 | jyxshwnl.net | udp |
| US | 8.8.8.8:53 | bbhhtqchgepp.info | udp |
| US | 8.8.8.8:53 | xnevexwojuzq.info | udp |
| US | 8.8.8.8:53 | yvbitxlq.info | udp |
| US | 8.8.8.8:53 | scuwvyz.net | udp |
| US | 8.8.8.8:53 | bnzgzesvypeg.info | udp |
| US | 8.8.8.8:53 | ydqlnw.info | udp |
| US | 208.100.26.245:80 | ydqlnw.info | tcp |
| US | 8.8.8.8:53 | dofmfoaqf.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\xfooxkq.exe
| MD5 | 4e9173379c1a5f2bd310aed24d0173f7 |
| SHA1 | 728dfe6ee560f6bf9f8f3c080bb37147306e0791 |
| SHA256 | d8945b7d4640adb92889f2bce214380c2ac4c0bf98c1bc497f68f71104c8ac4c |
| SHA512 | 49f1c09055dc8a1770d5829293f85c1015e35aeec2a316b895b35a51d8dc7bf1595683ab206c72da19e87507f4f06f714ac36f2a845025f0fea368d1acf06054 |
C:\Users\Admin\AppData\Local\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 9eac7b145307086750cdc0539fbf8729 |
| SHA1 | cd0b40d6125dbe768b2228c4db9001a6fb253072 |
| SHA256 | 32e15c055b163eab9e1dcad44afd402395987e0961f705404ac17747488f1ddc |
| SHA512 | 81b11da6827ca41d73bfa838a1d7a7a08c20815c296c140a5ba16f4510086c79aa409b2d92e64fc1c3e01aecd87b3705165e766876fd1aec1232b6213b7ab25a |
C:\Users\Admin\AppData\Local\odtaqkxhtjbfgwqmthgvlsicpzlbtxyoielz.ndk
| MD5 | 963f2af9132c26a21166f4f05af0f3fe |
| SHA1 | dcf360ac4d07856151470abede7acd7eb9ceb239 |
| SHA256 | d4981907b3b03ae2d5b673363d5571ced13d6d6e23fe55d9fe5c34c79bbb2aa6 |
| SHA512 | f09d9d63cb2c0a62c9c88c39f320aa6d72757d71543e54b647c5b683e5439805904842f23e4e6ac77311b1423f1d9e3428d849bff43d97e97c03d05137e6455d |
C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 66476dec5271649ec1a250303a397dce |
| SHA1 | c7653948d3c186de6bd9086c17b65e586ac24537 |
| SHA256 | 077aaa472fe27e094cd77a2a393d127c2b3bf506dc66c385996079928728ed66 |
| SHA512 | 37814be8dee6d32c13b0682fa105dd9152288692488c1989660a876257fcb69cf5a0679aae95ecdee642f63a8d103ec889778e19bf55ae9a0f440861f0d1c947 |
C:\Users\Admin\AppData\Local\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 66783162b5237395e47765d43f099f21 |
| SHA1 | e401cb433e1d5d37f93a0d401e42512d31154850 |
| SHA256 | 4c94ce74130c9e608240f44886660896e9cfa10397b86cfc65b1b0ec6d0cde07 |
| SHA512 | 197d9c985e29ae4e33843fee45adb248d7c2edb12e0ec029b79af3b7d96d3ec12af693d3c40147391abbe9ac3115e62c9cb815dda419b78813e1befdd78e5ea3 |
C:\Users\Admin\AppData\Local\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | bd3fb57702fc72224f6d28f3bc382af7 |
| SHA1 | d243f474c3ff146975cceaf4c0dcd75b42eba2f2 |
| SHA256 | 37062e3d243495d6bde0cd9a9ef5f7758fe9851e3a8181af907fecdae57d644c |
| SHA512 | 7ba488d290c90bb566555992561826abcad3b9f5b1201698b0335622dc102689408d85309ba9a3594a4d9f5b2a1f8bf664bb75f6de2b00720befb9e2c7c9a273 |
C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 5b2332375cd8464dac503dcde53effa8 |
| SHA1 | 321d9ab6130ea3d263a08a84500085b39a4cbaad |
| SHA256 | b16ce95ea55c2d1add6c3055f21db59394e14cd65077564fff82d6efcc87a590 |
| SHA512 | d30e822dade839b209675985f0f2a80cb5896d41bee54e6cd09fff7cc0aa2cd10b96778e878d9283e17223bcbe4c0e2e1c6dbd334a7af9dc4dc97f6780a5adad |
C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 2a1bf6e49f52dc89b0ef04144797813d |
| SHA1 | 8ee38356e90ab4b7ed17775cd78d2288692bd4b4 |
| SHA256 | 30cb9a952965507d7037fe95cf30c4b35772fbf369021ecd2cf4bc23e10175c3 |
| SHA512 | 1284e8d3b885aed5eac9c4a33223350bf928b3dbcae9d03be141a601ebab1824bac6544d30470e94c54a5106a5150e20239a202413b8d2a32d256e13ffd7d532 |
C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 7a1a34ba183575a6e7ccf4166fff4174 |
| SHA1 | c285613cc2500fa2f1869980a1d8fa9293bbc778 |
| SHA256 | ab37a518a4b3995403f57aeb70edc73398de66c303292d88caa3878e92753e4d |
| SHA512 | cd70be07ee686f7fcc1941499b5f6f0a84210a14b61846d5c4f12a82afdb92456ad7b1107dd29b92917d873e516acca9ec805bf0e1e24638ad5a4a332c00dea9 |
C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 9a8c608f11a3ef7bafd176bb24a33d8c |
| SHA1 | 6b092fa7d34a40d770ae7eab2e4c355759710853 |
| SHA256 | f9b3f4439d9b9637b20f7dd883e2e5bcaafdf3f1a96184ebc012e011436cf6e7 |
| SHA512 | 7e146c6b748e9dc81f1fc6152eb56d24e920a361e96f5079214aeb56a05f26138aa0767b12bb6e545f7badede450a86a00580d13130a4df04453b9de74215d09 |
C:\Program Files (x86)\jnsotcedejqjzenyuxlpuqveg.gls
| MD5 | 96a8f71a254fbd7afb5d2f2f55fe3892 |
| SHA1 | b479d0fbdb259c88527d0d2c1aab6714cb19b9d0 |
| SHA256 | fe15b70982d65aa650c294f14a7e8af41b2266da0eebccd74812bb8efb489372 |
| SHA512 | ffafd965bd6fcd646137d9edb371648107880ebf27c25d5ea8ffab9cb0cea85449e7b34e0d440440a51fc28ef5c51c1d7711c507b756e2ab7366765eb6304b66 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 02:17
Reported
2024-11-13 02:20
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bijot = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oycksans = "yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ykqakujqyh = "fylctkgujzwgavusa.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ykqakujqyh = "miysmgfwohhurprsdfie.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgnyjuksblc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqvenwkqx = "zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqvenwkqx = "bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ykqakujqyh = "zujcvomctlkwspqqabd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgnyjuksblc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zujcvomctlkwspqqabd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ykqakujqyh = "oiwogyvkarpavrrqzz.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "zujcvomctlkwspqqabd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgnyjuksblc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqvenwkqx = "fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqvenwkqx = "zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqvenwkqx = "oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ykqakujqyh = "bypkfaaslfgusruwilpmd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgnyjuksblc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ykqakujqyh = "bypkfaaslfgusruwilpmd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqvenwkqx = "fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "zujcvomctlkwspqqabd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ykqakujqyh = "yqcsiytgujfohbzw.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muwcio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "oiwogyvkarpavrrqzz.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "fylctkgujzwgavusa.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqvenwkqx = "miysmgfwohhurprsdfie.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bypkfaaslfgusruwilpmd.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "bypkfaaslfgusruwilpmd.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muwcio = "fylctkgujzwgavusa.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "zujcvomctlkwspqqabd.exe ." | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "miysmgfwohhurprsdfie.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zilszgs = "miysmgfwohhurprsdfie.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qemykwnwgrjo = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqcsiytgujfohbzw.exe" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgnyjuksblc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiwogyvkarpavrrqzz.exe ." | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\syycgktuwzjgnvhsnzmsswaeno.tda | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tkvkzoiuhvqyqjgcifdufujyserfaiatqmspn.pet | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File created | C:\Windows\SysWOW64\tkvkzoiuhvqyqjgcifdufujyserfaiatqmspn.pet | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\syycgktuwzjgnvhsnzmsswaeno.tda | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\tkvkzoiuhvqyqjgcifdufujyserfaiatqmspn.pet | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File created | C:\Program Files (x86)\tkvkzoiuhvqyqjgcifdufujyserfaiatqmspn.pet | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File opened for modification | C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File created | C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\tkvkzoiuhvqyqjgcifdufujyserfaiatqmspn.pet | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File created | C:\Windows\tkvkzoiuhvqyqjgcifdufujyserfaiatqmspn.pet | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File opened for modification | C:\Windows\syycgktuwzjgnvhsnzmsswaeno.tda | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| File created | C:\Windows\syycgktuwzjgnvhsnzmsswaeno.tda | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zilszgs.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe
"C:\Users\Admin\AppData\Local\Temp\be521f0a005a06837effbec40bb14824a0d6df50f981aa88e23e51f28121cbc6.exe"
C:\Users\Admin\AppData\Local\Temp\zilszgs.exe
"C:\Users\Admin\AppData\Local\Temp\zilszgs.exe" "-"
C:\Users\Admin\AppData\Local\Temp\zilszgs.exe
"C:\Users\Admin\AppData\Local\Temp\zilszgs.exe" "-"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | 92.206.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | 56.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | 79.223.19.104.in-addr.arpa | udp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.27.206.92:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| FR | 52.222.159.143:80 | www.imdb.com | tcp |
| US | 8.8.8.8:53 | hklgkqwuttn.com | udp |
| IE | 34.246.200.160:80 | hklgkqwuttn.com | tcp |
| US | 8.8.8.8:53 | bjjwjofer.info | udp |
| US | 8.8.8.8:53 | ookysqemqm.org | udp |
| US | 8.8.8.8:53 | myfnoibzmdew.info | udp |
| US | 8.8.8.8:53 | wljsua.net | udp |
| US | 8.8.8.8:53 | xuhoikbengf.info | udp |
| US | 8.8.8.8:53 | pqxntmosk.com | udp |
| US | 8.8.8.8:53 | unnyfpyaozz.net | udp |
| US | 8.8.8.8:53 | akfabfcjflhc.info | udp |
| US | 8.8.8.8:53 | mzxkrjdvjvkk.net | udp |
| US | 8.8.8.8:53 | yeqsceua.org | udp |
| US | 8.8.8.8:53 | tutthfndw.org | udp |
| US | 8.8.8.8:53 | 143.159.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rvplvmpyqtkx.net | udp |
| US | 8.8.8.8:53 | nbvtdhkfra.net | udp |
| US | 8.8.8.8:53 | tipznzio.net | udp |
| US | 8.8.8.8:53 | csqayceu.org | udp |
| US | 8.8.8.8:53 | lavpuo.info | udp |
| US | 8.8.8.8:53 | tcgsnwt.info | udp |
| US | 8.8.8.8:53 | tywgsztrt.info | udp |
| US | 8.8.8.8:53 | tkpelgo.com | udp |
| US | 8.8.8.8:53 | ratirtqyspss.net | udp |
| US | 8.8.8.8:53 | cwhjbrdyz.info | udp |
| US | 8.8.8.8:53 | bsgqrktmz.com | udp |
| US | 8.8.8.8:53 | rshatarwtxb.com | udp |
| US | 8.8.8.8:53 | bsvdbcl.org | udp |
| US | 8.8.8.8:53 | ekmmsayeiq.org | udp |
| US | 8.8.8.8:53 | mwksemyuieuo.com | udp |
| US | 8.8.8.8:53 | lcsgfob.org | udp |
| US | 8.8.8.8:53 | nvtofbe.com | udp |
| US | 8.8.8.8:53 | ceedun.info | udp |
| US | 8.8.8.8:53 | dlwfnwiptr.net | udp |
| US | 8.8.8.8:53 | ijqojswsrav.info | udp |
| US | 8.8.8.8:53 | kuxajxugfkr.net | udp |
| US | 8.8.8.8:53 | pflahzchin.net | udp |
| US | 8.8.8.8:53 | fwpmpto.org | udp |
| US | 8.8.8.8:53 | hufamsknhddp.net | udp |
| US | 8.8.8.8:53 | rwdptulntzi.net | udp |
| US | 8.8.8.8:53 | eigywysoqe.com | udp |
| US | 8.8.8.8:53 | xqdjqvtche.net | udp |
| US | 8.8.8.8:53 | cqiuai.org | udp |
| US | 8.8.8.8:53 | noxauntoj.info | udp |
| US | 8.8.8.8:53 | hjwbaaqkcyyf.net | udp |
| US | 8.8.8.8:53 | occuxdwukfo.net | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xeoycsrn.net | udp |
| US | 8.8.8.8:53 | pnbstkokimq.com | udp |
| US | 8.8.8.8:53 | rvgvsrtclw.net | udp |
| US | 8.8.8.8:53 | vnxrwo.info | udp |
| US | 8.8.8.8:53 | azrakrbzpk.net | udp |
| US | 8.8.8.8:53 | dbbjbfwk.net | udp |
| US | 8.8.8.8:53 | eslsgkjci.info | udp |
| US | 8.8.8.8:53 | mcsuiyuecqac.com | udp |
| US | 8.8.8.8:53 | xtbuumlmt.org | udp |
| US | 8.8.8.8:53 | vjmyxpra.net | udp |
| US | 8.8.8.8:53 | dsxpcudmquk.net | udp |
| US | 8.8.8.8:53 | nxnwpxhqyg.net | udp |
| US | 8.8.8.8:53 | byteksp.com | udp |
| US | 8.8.8.8:53 | vefrhsuosgqy.info | udp |
| US | 8.8.8.8:53 | vvfqvgz.info | udp |
| US | 8.8.8.8:53 | nsrddavelav.net | udp |
| US | 8.8.8.8:53 | vujotrecd.info | udp |
| US | 8.8.8.8:53 | zxfznjjo.net | udp |
| US | 8.8.8.8:53 | fptqgycroysm.net | udp |
| US | 8.8.8.8:53 | nszwgofddwp.net | udp |
| US | 8.8.8.8:53 | omxbxewvzq.info | udp |
| US | 8.8.8.8:53 | xwfmlmbmtaz.info | udp |
| DE | 85.214.228.140:80 | xwfmlmbmtaz.info | tcp |
| US | 8.8.8.8:53 | griwhiprkehm.net | udp |
| US | 8.8.8.8:53 | jksjjwcuno.info | udp |
| US | 8.8.8.8:53 | qosxlqbekik.info | udp |
| US | 8.8.8.8:53 | nafodwrwdqd.com | udp |
| US | 8.8.8.8:53 | pqutlsceaw.info | udp |
| US | 8.8.8.8:53 | ewvokslm.info | udp |
| US | 8.8.8.8:53 | tphdrl.net | udp |
| US | 8.8.8.8:53 | suyqsisiui.com | udp |
| US | 8.8.8.8:53 | okiaykac.org | udp |
| US | 8.8.8.8:53 | etkerlzprq.net | udp |
| US | 8.8.8.8:53 | iosgkywkusys.com | udp |
| US | 8.8.8.8:53 | jkkjvq.net | udp |
| US | 8.8.8.8:53 | ouhxllf.info | udp |
| US | 8.8.8.8:53 | lfdupldijpr.org | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftxaxqey.info | udp |
| US | 8.8.8.8:53 | vbffgv.info | udp |
| US | 8.8.8.8:53 | bbhhtqchgepp.info | udp |
| US | 8.8.8.8:53 | ubbwxessv.info | udp |
| US | 8.8.8.8:53 | ydqlnw.info | udp |
| US | 208.100.26.245:80 | ydqlnw.info | tcp |
| US | 8.8.8.8:53 | lqxhbsdwbwhj.info | udp |
| US | 8.8.8.8:53 | xehavxbdpciu.net | udp |
| US | 8.8.8.8:53 | zjnfqwkcdohh.net | udp |
| US | 8.8.8.8:53 | iahzwr.net | udp |
| US | 8.8.8.8:53 | hzhnny.info | udp |
| US | 8.8.8.8:53 | uncaephtnirx.info | udp |
| US | 8.8.8.8:53 | bjvckg.net | udp |
| US | 8.8.8.8:53 | zorcpqrmzeu.com | udp |
| US | 8.8.8.8:53 | zkmebqpkysg.info | udp |
| US | 8.8.8.8:53 | tnxivajml.com | udp |
| US | 8.8.8.8:53 | ynqoxs.net | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iwdkjrjkoij.net | udp |
| US | 8.8.8.8:53 | vnbxzqnskn.info | udp |
| US | 8.8.8.8:53 | mlzdqkeb.info | udp |
| US | 8.8.8.8:53 | gqjssd.net | udp |
| US | 8.8.8.8:53 | olrraj.net | udp |
| US | 8.8.8.8:53 | nafxot.net | udp |
| US | 8.8.8.8:53 | bynasp.info | udp |
| US | 8.8.8.8:53 | eqdctkbow.info | udp |
| US | 8.8.8.8:53 | ywquuu.org | udp |
| US | 8.8.8.8:53 | nwthatyjpsji.net | udp |
| US | 8.8.8.8:53 | popdxvxsj.info | udp |
| US | 8.8.8.8:53 | hxvclsm.net | udp |
| US | 8.8.8.8:53 | okjnxwz.net | udp |
| US | 8.8.8.8:53 | pencxrvurgl.net | udp |
| US | 8.8.8.8:53 | tufyte.info | udp |
| US | 8.8.8.8:53 | inwdkw.info | udp |
| US | 8.8.8.8:53 | vijubus.org | udp |
| US | 8.8.8.8:53 | qfwojdsu.net | udp |
| US | 8.8.8.8:53 | sgqciyowocge.org | udp |
| US | 8.8.8.8:53 | noyqyu.net | udp |
| US | 8.8.8.8:53 | nzkibs.info | udp |
| US | 8.8.8.8:53 | sphdwerzxe.info | udp |
| US | 8.8.8.8:53 | yecmcwasmw.com | udp |
| US | 8.8.8.8:53 | aooeacso.org | udp |
| US | 8.8.8.8:53 | zacqgcr.net | udp |
| US | 8.8.8.8:53 | mfxvwgzshvzr.net | udp |
| US | 8.8.8.8:53 | xcrabwwkdky.net | udp |
| US | 8.8.8.8:53 | lgswzqbvc.org | udp |
| US | 8.8.8.8:53 | ssgkvuhqd.info | udp |
| US | 8.8.8.8:53 | ksujvrvghm.info | udp |
| US | 8.8.8.8:53 | qiaccmiqeokc.com | udp |
| US | 8.8.8.8:53 | vwruvqn.net | udp |
| US | 8.8.8.8:53 | hxzohkrwubh.net | udp |
| US | 8.8.8.8:53 | cikefqvitjps.net | udp |
| US | 8.8.8.8:53 | wsbewgjqm.net | udp |
| US | 8.8.8.8:53 | lvtntmix.info | udp |
| US | 8.8.8.8:53 | gmcrrrl.net | udp |
| US | 8.8.8.8:53 | xofyhmwvlzb.net | udp |
| US | 8.8.8.8:53 | wdzvnewqv.info | udp |
| US | 8.8.8.8:53 | gkiiykoyka.org | udp |
| US | 8.8.8.8:53 | mpttpkrkatxe.net | udp |
| US | 8.8.8.8:53 | quugwwom.com | udp |
| US | 8.8.8.8:53 | aelxvivwnsg.info | udp |
| US | 8.8.8.8:53 | arqvxeitjt.info | udp |
| US | 8.8.8.8:53 | uatwbqnws.net | udp |
| US | 8.8.8.8:53 | neyizica.net | udp |
| US | 8.8.8.8:53 | kajlsxb.info | udp |
| US | 8.8.8.8:53 | znecrurz.info | udp |
| US | 8.8.8.8:53 | gbpznozznyjb.net | udp |
| US | 8.8.8.8:53 | kujunzlu.info | udp |
| N/A | 192.168.28.2:445 | tcp | |
| US | 8.8.8.8:53 | gcpqepy.net | udp |
| US | 8.8.8.8:53 | duaspovio.net | udp |
| US | 8.8.8.8:53 | uvzigfdvbr.info | udp |
| US | 8.8.8.8:53 | lktkzratlpdy.net | udp |
| US | 8.8.8.8:53 | easavon.info | udp |
| US | 8.8.8.8:53 | jtqxtyuyrcd.com | udp |
| US | 8.8.8.8:53 | ppvrxwqcmibx.info | udp |
| US | 8.8.8.8:53 | ekuffx.net | udp |
| US | 8.8.8.8:53 | runvywriigs.org | udp |
| US | 8.8.8.8:53 | qdbklsxbzqpy.net | udp |
| US | 8.8.8.8:53 | xhmmhwrmthx.net | udp |
| US | 8.8.8.8:53 | aelubcv.info | udp |
| US | 8.8.8.8:53 | syrinkjdnuty.info | udp |
| US | 8.8.8.8:53 | dvjangz.net | udp |
| US | 8.8.8.8:53 | qsqgkuwg.com | udp |
| US | 8.8.8.8:53 | lrjkhwgic.com | udp |
| US | 8.8.8.8:53 | gknqbbbyo.info | udp |
| US | 8.8.8.8:53 | grjgraoeefhx.info | udp |
| US | 8.8.8.8:53 | uaygckksku.com | udp |
| US | 8.8.8.8:53 | taorhq.info | udp |
| US | 8.8.8.8:53 | gcoksqk.info | udp |
| US | 8.8.8.8:53 | vdzggtsz.info | udp |
| US | 8.8.8.8:53 | pzryostgtub.org | udp |
| N/A | 192.168.28.2:139 | tcp | |
| US | 8.8.8.8:53 | ccqoikwugmoi.com | udp |
| US | 8.8.8.8:53 | seeamgtsj.net | udp |
| US | 8.8.8.8:53 | bjrqccp.net | udp |
| US | 8.8.8.8:53 | reznbyp.com | udp |
| US | 8.8.8.8:53 | qrzgdqbd.info | udp |
| US | 8.8.8.8:53 | dilmcmz.net | udp |
| US | 8.8.8.8:53 | axecklffttqh.info | udp |
| US | 8.8.8.8:53 | kkvrbzvi.info | udp |
| US | 8.8.8.8:53 | ljvdwprwvkf.org | udp |
| US | 8.8.8.8:53 | sekqsygosicu.org | udp |
| US | 8.8.8.8:53 | tepnzlwrbfpl.net | udp |
| US | 8.8.8.8:53 | wpeujqs.info | udp |
| US | 8.8.8.8:53 | keaeecekqaas.com | udp |
| US | 8.8.8.8:53 | vmylheoy.info | udp |
| US | 8.8.8.8:53 | beeujstsjcw.info | udp |
| US | 8.8.8.8:53 | fzmxtysclkq.net | udp |
| US | 8.8.8.8:53 | nqtamifgpnb.info | udp |
| US | 8.8.8.8:53 | qwuxnsdikndq.info | udp |
| US | 8.8.8.8:53 | qkhqaqkex.net | udp |
| US | 8.8.8.8:53 | jkwlvj.info | udp |
| US | 8.8.8.8:53 | savpwudypi.net | udp |
| US | 8.8.8.8:53 | cmsisw.org | udp |
| US | 8.8.8.8:53 | jdvcixk.net | udp |
| US | 8.8.8.8:53 | bwhwhozexm.info | udp |
| US | 8.8.8.8:53 | lmexntpfa.org | udp |
| US | 8.8.8.8:53 | scquuek.net | udp |
| US | 8.8.8.8:53 | stxapuuba.info | udp |
| US | 8.8.8.8:53 | scwgagyi.org | udp |
| US | 8.8.8.8:53 | jscgvz.info | udp |
| US | 8.8.8.8:53 | ekouqagyuoyo.com | udp |
| US | 8.8.8.8:53 | wtxnaaltn.info | udp |
| US | 8.8.8.8:53 | eoocacsuyugo.com | udp |
| US | 8.8.8.8:53 | kseclqren.net | udp |
| US | 8.8.8.8:53 | jnxuvuqktsv.net | udp |
| US | 8.8.8.8:53 | tpjycws.com | udp |
| US | 8.8.8.8:53 | yavekefqtco.net | udp |
| US | 8.8.8.8:53 | zuacjkxkhhl.net | udp |
| US | 8.8.8.8:53 | rzymlt.info | udp |
| US | 8.8.8.8:53 | gjclvfpnhp.net | udp |
| US | 8.8.8.8:53 | cwqoie.org | udp |
| US | 8.8.8.8:53 | agtpkwhb.net | udp |
| US | 8.8.8.8:53 | vpiebzrofazu.net | udp |
| US | 8.8.8.8:53 | atbuawiglqkk.net | udp |
| US | 8.8.8.8:53 | kpyvvmntqn.net | udp |
| US | 8.8.8.8:53 | hlbjfp.net | udp |
| US | 8.8.8.8:53 | yxlhbebgnf.net | udp |
| US | 8.8.8.8:53 | dbnsgzvs.net | udp |
| US | 8.8.8.8:53 | gcwjaou.info | udp |
| US | 8.8.8.8:53 | lyykfcin.net | udp |
| US | 8.8.8.8:53 | noazeosdavjp.info | udp |
| US | 8.8.8.8:53 | nudslgskvez.com | udp |
| US | 8.8.8.8:53 | uqeomc.org | udp |
| US | 8.8.8.8:53 | zlmillul.info | udp |
| US | 8.8.8.8:53 | yaukcyu.net | udp |
| US | 8.8.8.8:53 | dcypmyhut.org | udp |
| US | 8.8.8.8:53 | uczeiisoe.net | udp |
| US | 8.8.8.8:53 | caoyeemkeccu.com | udp |
| US | 8.8.8.8:53 | oqmeiukm.org | udp |
| US | 8.8.8.8:53 | qeliqqd.info | udp |
| US | 8.8.8.8:53 | rixkdktie.com | udp |
| US | 8.8.8.8:53 | touyuh.info | udp |
| US | 8.8.8.8:53 | hvzecrvq.net | udp |
| US | 8.8.8.8:53 | uominug.info | udp |
| US | 8.8.8.8:53 | sjwgud.info | udp |
| US | 8.8.8.8:53 | ccpeteqkfcm.info | udp |
| US | 8.8.8.8:53 | dwkrlwnlrh.net | udp |
| US | 8.8.8.8:53 | vghtipdgbjbw.info | udp |
| US | 8.8.8.8:53 | btpypfipmac.info | udp |
| US | 8.8.8.8:53 | zvxurkzzvhty.info | udp |
| US | 8.8.8.8:53 | xoimlyf.info | udp |
| US | 8.8.8.8:53 | zxqtjwzfngun.info | udp |
| US | 8.8.8.8:53 | wyzuadd.net | udp |
| US | 8.8.8.8:53 | glgustogab.net | udp |
| US | 8.8.8.8:53 | sjzbdvpd.net | udp |
| US | 8.8.8.8:53 | yejwkviw.net | udp |
| US | 8.8.8.8:53 | rukbhehbhyd.org | udp |
| US | 8.8.8.8:53 | tujeokxesb.net | udp |
| US | 8.8.8.8:53 | kxhohjl.info | udp |
| US | 8.8.8.8:53 | ngnhps.net | udp |
| US | 8.8.8.8:53 | kqqcdiurz.info | udp |
| US | 8.8.8.8:53 | weaquoegacic.com | udp |
| US | 8.8.8.8:53 | evlcpfpchf.net | udp |
| US | 8.8.8.8:53 | bylwnpu.net | udp |
| US | 8.8.8.8:53 | ywnixfbfrwt.net | udp |
| US | 8.8.8.8:53 | iugekkcyoe.com | udp |
| US | 8.8.8.8:53 | pikyhpboz.org | udp |
| US | 8.8.8.8:53 | qcqadctgvxv.net | udp |
| US | 8.8.8.8:53 | aenqkyh.net | udp |
| US | 8.8.8.8:53 | uswgrz.info | udp |
| US | 8.8.8.8:53 | xddkwoakwc.net | udp |
| US | 8.8.8.8:53 | jzkgkar.com | udp |
| US | 8.8.8.8:53 | lsdlwgdqht.info | udp |
| US | 8.8.8.8:53 | brkzng.net | udp |
| US | 8.8.8.8:53 | gqwyaoausqyk.com | udp |
| US | 8.8.8.8:53 | gljqjnj.info | udp |
| US | 8.8.8.8:53 | jilbwqlziqo.org | udp |
| US | 8.8.8.8:53 | ccmeucsi.org | udp |
| US | 8.8.8.8:53 | bwyyfdtt.net | udp |
| US | 8.8.8.8:53 | rkfxkwp.com | udp |
| US | 8.8.8.8:53 | kteajfs.net | udp |
| US | 8.8.8.8:53 | sjfgnzvkawh.net | udp |
| US | 8.8.8.8:53 | cqeqkqayyc.org | udp |
| US | 8.8.8.8:53 | feyxxrkz.net | udp |
| US | 8.8.8.8:53 | gwxmbqd.info | udp |
| US | 8.8.8.8:53 | qmbwxclgd.info | udp |
| US | 8.8.8.8:53 | depfbed.net | udp |
| US | 8.8.8.8:53 | uaoylee.info | udp |
| US | 8.8.8.8:53 | lgiqnrwmr.info | udp |
| US | 8.8.8.8:53 | hhdcno.info | udp |
| US | 8.8.8.8:53 | dbvhlkndez.net | udp |
| US | 8.8.8.8:53 | btvhlvft.net | udp |
| US | 8.8.8.8:53 | hnvmpz.info | udp |
| US | 8.8.8.8:53 | vdmtswsdfyl.org | udp |
| US | 8.8.8.8:53 | rtafph.info | udp |
| US | 8.8.8.8:53 | oisfxztxhv.info | udp |
| US | 8.8.8.8:53 | pvprtymg.net | udp |
| US | 8.8.8.8:53 | tezhargcl.org | udp |
| US | 8.8.8.8:53 | hmzhqd.net | udp |
| US | 8.8.8.8:53 | mgoemc.org | udp |
| US | 8.8.8.8:53 | wihefwnpha.net | udp |
| US | 8.8.8.8:53 | wosiekkkcg.org | udp |
| US | 8.8.8.8:53 | latbowhcu.com | udp |
| US | 8.8.8.8:53 | imases.org | udp |
| FI | 94.237.17.29:80 | imases.org | tcp |
| US | 8.8.8.8:53 | ouauowcmiqcm.org | udp |
| US | 8.8.8.8:53 | umyijit.info | udp |
| US | 8.8.8.8:53 | aablgppino.info | udp |
| US | 8.8.8.8:53 | rqgezhvw.net | udp |
| US | 8.8.8.8:53 | puerojuyiqq.com | udp |
| US | 8.8.8.8:53 | axpjoitp.net | udp |
| US | 8.8.8.8:53 | rtjvvnpasshg.net | udp |
| US | 8.8.8.8:53 | kmsggkcu.org | udp |
| US | 8.8.8.8:53 | xnvvzd.net | udp |
| US | 8.8.8.8:53 | lyxuyph.info | udp |
| US | 8.8.8.8:53 | mqjgwhr.net | udp |
| US | 8.8.8.8:53 | dmnocv.info | udp |
| US | 8.8.8.8:53 | twhdeznb.net | udp |
| US | 8.8.8.8:53 | 29.17.237.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kqbgfspmu.info | udp |
| US | 8.8.8.8:53 | igbunwhhzd.net | udp |
| US | 8.8.8.8:53 | wovntmxv.info | udp |
| US | 8.8.8.8:53 | uwdsjlvyncd.info | udp |
| US | 8.8.8.8:53 | ladcxdxmbw.info | udp |
| US | 8.8.8.8:53 | acbxcmcdn.info | udp |
| US | 8.8.8.8:53 | rkjwbtsn.net | udp |
| US | 8.8.8.8:53 | caryabspw.net | udp |
| US | 8.8.8.8:53 | oduoqoveb.info | udp |
| US | 8.8.8.8:53 | rskzbimsfyt.net | udp |
| US | 8.8.8.8:53 | peeywjoj.net | udp |
| US | 8.8.8.8:53 | kkcqnylyzxc.info | udp |
| US | 8.8.8.8:53 | igowgkuaeqmw.com | udp |
| US | 8.8.8.8:53 | jadjqefez.net | udp |
| US | 8.8.8.8:53 | yoksaxzujpu.net | udp |
| US | 8.8.8.8:53 | aoskqookyuge.com | udp |
| US | 8.8.8.8:53 | yumhekvpeknh.net | udp |
| US | 8.8.8.8:53 | jypwhwggp.info | udp |
| US | 8.8.8.8:53 | jyjxskjbhhb.org | udp |
| US | 8.8.8.8:53 | qcomuekk.org | udp |
| US | 8.8.8.8:53 | hwkpdwl.info | udp |
| US | 8.8.8.8:53 | nitqnhz.com | udp |
| US | 8.8.8.8:53 | eamiwqog.com | udp |
| US | 8.8.8.8:53 | bxrsgminbopa.net | udp |
| US | 8.8.8.8:53 | tzwflmeio.net | udp |
| US | 8.8.8.8:53 | jttxnoo.net | udp |
| US | 8.8.8.8:53 | jzdmqv.net | udp |
| US | 8.8.8.8:53 | oejbsistly.net | udp |
| US | 8.8.8.8:53 | fydwhccelch.info | udp |
| US | 8.8.8.8:53 | tawaluhlxui.net | udp |
| US | 8.8.8.8:53 | tuwyabxqtort.net | udp |
| US | 8.8.8.8:53 | tvkvmwhx.info | udp |
| US | 8.8.8.8:53 | yogrzldfbk.info | udp |
| US | 8.8.8.8:53 | prrczpvcpsl.com | udp |
| US | 8.8.8.8:53 | rahnqeiicef.com | udp |
| US | 8.8.8.8:53 | mgtjtdscccc.info | udp |
| US | 8.8.8.8:53 | luigmwv.net | udp |
| US | 8.8.8.8:53 | swcvcsqq.info | udp |
| US | 8.8.8.8:53 | swuynjfkbnv.net | udp |
| US | 8.8.8.8:53 | wgwyssimgkoq.com | udp |
| US | 8.8.8.8:53 | gomsusyyuycc.com | udp |
| US | 8.8.8.8:53 | lgyxzxyldb.info | udp |
| US | 8.8.8.8:53 | trtrplgnvrtd.info | udp |
| US | 8.8.8.8:53 | xcupwwwpyxli.net | udp |
| US | 8.8.8.8:53 | xthnja.net | udp |
| US | 8.8.8.8:53 | rqjezml.org | udp |
| US | 8.8.8.8:53 | zbduhqatno.info | udp |
| US | 8.8.8.8:53 | nvckbmqn.net | udp |
| US | 8.8.8.8:53 | xxwotnbfpsri.net | udp |
| US | 8.8.8.8:53 | vzkgywhmru.info | udp |
| US | 8.8.8.8:53 | jgufibeybs.info | udp |
| US | 8.8.8.8:53 | iykomuoiso.org | udp |
| US | 8.8.8.8:53 | zqgewctiuah.org | udp |
| US | 8.8.8.8:53 | yaeenpdxwm.net | udp |
| US | 8.8.8.8:53 | snvmuytr.net | udp |
| US | 8.8.8.8:53 | ysuzcmb.net | udp |
| US | 8.8.8.8:53 | juczyab.info | udp |
| US | 8.8.8.8:53 | yveovmlrlid.info | udp |
| US | 8.8.8.8:53 | yswrwt.net | udp |
| US | 8.8.8.8:53 | tmbgdxjgf.org | udp |
| US | 8.8.8.8:53 | xcxxvvmr.info | udp |
| US | 8.8.8.8:53 | nrfeuo.info | udp |
| US | 8.8.8.8:53 | tmzjhmaahmz.info | udp |
| US | 8.8.8.8:53 | anwkhqzupqu.info | udp |
| US | 8.8.8.8:53 | qiwmesgw.net | udp |
| US | 8.8.8.8:53 | fpvilghmn.org | udp |
| US | 8.8.8.8:53 | apzqxiynpejr.info | udp |
| US | 8.8.8.8:53 | dymincoifib.info | udp |
| US | 8.8.8.8:53 | pxjhbvwnnvsp.net | udp |
| US | 8.8.8.8:53 | lspedol.com | udp |
| US | 8.8.8.8:53 | fidulrw.info | udp |
| US | 8.8.8.8:53 | igyyrpj.info | udp |
| US | 8.8.8.8:53 | redwzwuqjku.net | udp |
| US | 8.8.8.8:53 | bmuqenhwc.org | udp |
| US | 8.8.8.8:53 | egsqwwio.org | udp |
| US | 8.8.8.8:53 | fxogzqrc.info | udp |
| US | 8.8.8.8:53 | iqqawmueyu.com | udp |
| US | 8.8.8.8:53 | sovgagdst.net | udp |
| US | 8.8.8.8:53 | rslnfomn.info | udp |
| US | 8.8.8.8:53 | wqrvrtugx.net | udp |
| US | 8.8.8.8:53 | jeqqus.info | udp |
| US | 8.8.8.8:53 | dkgsyaflln.net | udp |
| US | 8.8.8.8:53 | hqforzfdjnbw.net | udp |
| US | 8.8.8.8:53 | kqsikakk.com | udp |
| US | 8.8.8.8:53 | omhirn.net | udp |
| US | 8.8.8.8:53 | zmhanin.info | udp |
| US | 8.8.8.8:53 | xrfznlhptk.info | udp |
| US | 8.8.8.8:53 | cprfvcxl.info | udp |
| US | 8.8.8.8:53 | ggdonmbae.info | udp |
| US | 8.8.8.8:53 | ooseig.org | udp |
| US | 8.8.8.8:53 | pyrzjqztsc.net | udp |
| US | 8.8.8.8:53 | feyjrv.net | udp |
| US | 8.8.8.8:53 | lcmtpekoupi.info | udp |
| US | 8.8.8.8:53 | ebboql.info | udp |
| US | 8.8.8.8:53 | miqskekq.org | udp |
| US | 8.8.8.8:53 | ysreqsa.info | udp |
| US | 8.8.8.8:53 | mexaexjog.info | udp |
| US | 8.8.8.8:53 | vuvdlax.com | udp |
| US | 8.8.8.8:53 | myuymkyasmmu.com | udp |
| US | 8.8.8.8:53 | wbqtkcxy.net | udp |
| US | 8.8.8.8:53 | rmzrhow.org | udp |
| US | 8.8.8.8:53 | oeskeaye.com | udp |
| US | 8.8.8.8:53 | abqsvxvpbczm.info | udp |
| US | 8.8.8.8:53 | aaieooykee.org | udp |
| US | 8.8.8.8:53 | djpalkoig.info | udp |
| US | 8.8.8.8:53 | kegwiq.com | udp |
| US | 8.8.8.8:53 | idfqpe.info | udp |
| US | 8.8.8.8:53 | fgjwdazyr.net | udp |
| US | 8.8.8.8:53 | xyxktcigcjb.org | udp |
| US | 8.8.8.8:53 | nwmttinssns.com | udp |
| US | 8.8.8.8:53 | fhmkstt.net | udp |
| US | 8.8.8.8:53 | ppoitft.info | udp |
| US | 8.8.8.8:53 | hgvifktkt.net | udp |
| US | 8.8.8.8:53 | wokyyoqk.com | udp |
| US | 8.8.8.8:53 | pyhuldb.net | udp |
| US | 8.8.8.8:53 | jktzplakb.info | udp |
| US | 8.8.8.8:53 | hcuuovzzryhv.net | udp |
| US | 8.8.8.8:53 | wnrwbf.info | udp |
| US | 8.8.8.8:53 | usortbvkrqd.info | udp |
| US | 8.8.8.8:53 | kcavttiegg.info | udp |
| US | 8.8.8.8:53 | renmuav.net | udp |
| US | 8.8.8.8:53 | eymmhjxv.info | udp |
| US | 8.8.8.8:53 | aksrgnlgvpde.net | udp |
| US | 8.8.8.8:53 | kogewmhyy.net | udp |
| US | 8.8.8.8:53 | bkfpjbvftkpb.info | udp |
| US | 8.8.8.8:53 | zchuaxz.org | udp |
| US | 8.8.8.8:53 | wbdovmlrlid.info | udp |
| US | 8.8.8.8:53 | ywuetjpwd.net | udp |
| US | 8.8.8.8:53 | dilwotf.net | udp |
| US | 8.8.8.8:53 | lqlefyqnf.net | udp |
| US | 8.8.8.8:53 | cqgyquymow.com | udp |
| US | 8.8.8.8:53 | hghifclbjmx.net | udp |
| US | 8.8.8.8:53 | mywuuwkasige.com | udp |
| US | 8.8.8.8:53 | mmyqpsbqbkf.info | udp |
| US | 8.8.8.8:53 | kioeebngfib.info | udp |
| US | 8.8.8.8:53 | qkacqu.com | udp |
| US | 8.8.8.8:53 | dircxmsib.net | udp |
| US | 8.8.8.8:53 | dfvudx.net | udp |
| US | 8.8.8.8:53 | xocbsrhhhxvs.info | udp |
| US | 8.8.8.8:53 | abvrfonzpnmo.info | udp |
| US | 8.8.8.8:53 | rqcjorbuzh.info | udp |
| US | 8.8.8.8:53 | tajzruzcu.com | udp |
| US | 8.8.8.8:53 | rafbfgfcjqx.net | udp |
| US | 8.8.8.8:53 | zwkrpf.info | udp |
| US | 8.8.8.8:53 | dudqnb.info | udp |
| US | 8.8.8.8:53 | glhavybkt.info | udp |
| US | 8.8.8.8:53 | ozucvuzax.info | udp |
| US | 8.8.8.8:53 | bmzlzmpumie.com | udp |
| US | 8.8.8.8:53 | xkncznbot.net | udp |
| US | 8.8.8.8:53 | fgzlfkf.com | udp |
| US | 8.8.8.8:53 | ukihjahlgmng.info | udp |
| US | 8.8.8.8:53 | fctcxi.info | udp |
| US | 8.8.8.8:53 | vunwxpptcq.net | udp |
| US | 8.8.8.8:53 | zbfeqcxvcxrb.net | udp |
| US | 8.8.8.8:53 | cyykucjsn.info | udp |
| US | 8.8.8.8:53 | bocxqln.info | udp |
| US | 8.8.8.8:53 | jtdcfw.net | udp |
| US | 8.8.8.8:53 | zxlglmh.net | udp |
| US | 8.8.8.8:53 | cjfzqcmctvne.info | udp |
| US | 8.8.8.8:53 | ypmnjzuang.net | udp |
| US | 8.8.8.8:53 | xsjldtrmipnj.net | udp |
| US | 8.8.8.8:53 | viykqurkro.net | udp |
| US | 8.8.8.8:53 | iyfgdobzlbz.info | udp |
| US | 8.8.8.8:53 | rjdfkcjbybhm.info | udp |
| US | 8.8.8.8:53 | hhnyxvgqzexk.info | udp |
| US | 8.8.8.8:53 | dpfllt.net | udp |
| US | 8.8.8.8:53 | ahwlsjlt.info | udp |
| US | 8.8.8.8:53 | kalifavej.net | udp |
| US | 8.8.8.8:53 | lldynpblh.com | udp |
| US | 8.8.8.8:53 | aksaewcf.info | udp |
| US | 8.8.8.8:53 | kxcregpfeoqa.net | udp |
| US | 8.8.8.8:53 | jwpcniulign.net | udp |
| US | 8.8.8.8:53 | yvtvawa.info | udp |
| US | 8.8.8.8:53 | rkmakp.info | udp |
| US | 8.8.8.8:53 | bjyprc.info | udp |
| US | 8.8.8.8:53 | rsdupgl.net | udp |
| US | 8.8.8.8:53 | iuswqkcw.org | udp |
| US | 8.8.8.8:53 | ekfybkui.info | udp |
| US | 8.8.8.8:53 | dmdlqkno.net | udp |
| US | 8.8.8.8:53 | axjfnc.net | udp |
| US | 8.8.8.8:53 | julfppzljvdt.info | udp |
| US | 8.8.8.8:53 | oelqhkx.info | udp |
| US | 8.8.8.8:53 | vhrcycrh.net | udp |
| US | 8.8.8.8:53 | zwhcpepgxix.info | udp |
| US | 8.8.8.8:53 | gaowmec.info | udp |
| US | 8.8.8.8:53 | anxqrqhdbwf.net | udp |
| US | 8.8.8.8:53 | mgtsgnz.net | udp |
| US | 8.8.8.8:53 | jlnrffxvtbis.info | udp |
| US | 8.8.8.8:53 | aerdilpadro.info | udp |
| US | 8.8.8.8:53 | mycaagwkky.com | udp |
| US | 8.8.8.8:53 | muyeqksowm.com | udp |
| US | 8.8.8.8:53 | feddhjfdzb.info | udp |
| US | 8.8.8.8:53 | qsuswiv.info | udp |
| US | 8.8.8.8:53 | jeddpyceavfk.info | udp |
| US | 8.8.8.8:53 | ywuebj.net | udp |
| US | 8.8.8.8:53 | verqplh.com | udp |
| US | 8.8.8.8:53 | hnjxytbzve.info | udp |
| US | 8.8.8.8:53 | jgtjyq.net | udp |
| US | 8.8.8.8:53 | damjfutozebh.info | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jwbydygkx.org | udp |
| US | 8.8.8.8:53 | mwmmywoc.com | udp |
| US | 8.8.8.8:53 | ipzhxhyqjmy.net | udp |
| US | 8.8.8.8:53 | sgvtwecwfgy.info | udp |
| US | 8.8.8.8:53 | cdympugxeqk.info | udp |
| US | 8.8.8.8:53 | ekzvyztn.info | udp |
| US | 8.8.8.8:53 | pjipgaug.info | udp |
| US | 8.8.8.8:53 | lajibuebocbd.info | udp |
| US | 8.8.8.8:53 | whlokow.info | udp |
| US | 8.8.8.8:53 | ggkysskgwaoe.com | udp |
| US | 8.8.8.8:53 | ohvlqczkcwx.info | udp |
| US | 8.8.8.8:53 | nydzdaqqby.info | udp |
| US | 8.8.8.8:53 | eaggequqscyu.com | udp |
| US | 8.8.8.8:53 | ypcvzitd.net | udp |
| US | 8.8.8.8:53 | damuvayii.com | udp |
| US | 8.8.8.8:53 | tsoneriiysb.net | udp |
| US | 8.8.8.8:53 | xplapqbl.info | udp |
| US | 8.8.8.8:53 | yensgeomr.net | udp |
| US | 8.8.8.8:53 | aecicfvipvi.info | udp |
| US | 8.8.8.8:53 | fcbxlvvx.net | udp |
| US | 8.8.8.8:53 | yabunofpixc.info | udp |
| US | 8.8.8.8:53 | ecyiyscwgc.org | udp |
| US | 8.8.8.8:53 | divvvugafs.net | udp |
| US | 8.8.8.8:53 | xxxrftze.info | udp |
| US | 8.8.8.8:53 | dhuyjhloz.net | udp |
| US | 8.8.8.8:53 | jkqqtapgxcd.com | udp |
| US | 8.8.8.8:53 | khhztgno.info | udp |
| US | 8.8.8.8:53 | msmcdkdoc.info | udp |
| US | 8.8.8.8:53 | wijekixin.info | udp |
| US | 8.8.8.8:53 | iqmetivduaz.net | udp |
| US | 8.8.8.8:53 | sqkbpfwd.info | udp |
| US | 8.8.8.8:53 | huesdsbdp.info | udp |
| US | 8.8.8.8:53 | ammewepycled.info | udp |
| US | 8.8.8.8:53 | hahmtynehqj.com | udp |
| US | 8.8.8.8:53 | wapcbawcsri.net | udp |
| US | 8.8.8.8:53 | xzphjzderx.info | udp |
| US | 8.8.8.8:53 | tezeganfqi.net | udp |
| US | 8.8.8.8:53 | kcijqx.net | udp |
| US | 8.8.8.8:53 | guaoooh.net | udp |
| US | 8.8.8.8:53 | ryxswstapfex.info | udp |
| US | 8.8.8.8:53 | qnfoeorhv.net | udp |
| US | 8.8.8.8:53 | vebufa.info | udp |
| US | 8.8.8.8:53 | aodctjrovpk.net | udp |
| US | 8.8.8.8:53 | socoiamyumow.com | udp |
| US | 8.8.8.8:53 | lffrtdl.org | udp |
| US | 8.8.8.8:53 | iroivcx.info | udp |
| US | 8.8.8.8:53 | xzhgsuemflx.org | udp |
| US | 8.8.8.8:53 | gnzfjcag.net | udp |
| US | 8.8.8.8:53 | mvwlxuli.info | udp |
| US | 8.8.8.8:53 | iygjnusqvuy.net | udp |
| US | 8.8.8.8:53 | bgnyewjus.info | udp |
| US | 8.8.8.8:53 | xmjoifqmzd.net | udp |
| US | 8.8.8.8:53 | gbjatyzspgbt.info | udp |
| US | 8.8.8.8:53 | zwlzgexjmm.net | udp |
| US | 8.8.8.8:53 | pnaooq.info | udp |
| US | 8.8.8.8:53 | amgwwobyz.info | udp |
| US | 8.8.8.8:53 | mivgjzr.net | udp |
| US | 8.8.8.8:53 | uotztgzaf.net | udp |
| US | 8.8.8.8:53 | quwuyc.com | udp |
| US | 8.8.8.8:53 | airqbcdytol.net | udp |
| US | 8.8.8.8:53 | twhckkb.net | udp |
| US | 8.8.8.8:53 | ogoktiz.info | udp |
| US | 8.8.8.8:53 | rkfcpoj.org | udp |
| US | 8.8.8.8:53 | lgkofbioin.info | udp |
| US | 8.8.8.8:53 | jgnwdrpgqz.info | udp |
| US | 8.8.8.8:53 | lgzqjyj.com | udp |
| US | 8.8.8.8:53 | leulcjxdb.com | udp |
| US | 8.8.8.8:53 | hehchqxqv.info | udp |
| US | 8.8.8.8:53 | wyzwnksgker.net | udp |
| US | 8.8.8.8:53 | kdyavux.net | udp |
| US | 8.8.8.8:53 | qkmgeyiyay.com | udp |
| US | 8.8.8.8:53 | dzsahhohpvz.net | udp |
| US | 8.8.8.8:53 | paymtvnc.net | udp |
| US | 8.8.8.8:53 | schmmyl.info | udp |
| US | 8.8.8.8:53 | ldqifwi.info | udp |
| US | 8.8.8.8:53 | lkfzkgn.info | udp |
| US | 8.8.8.8:53 | kyncwupixmn.net | udp |
| US | 8.8.8.8:53 | aptvjyedhs.net | udp |
| US | 8.8.8.8:53 | xoasrra.org | udp |
| US | 8.8.8.8:53 | bqrfbsfnx.info | udp |
| US | 8.8.8.8:53 | gxrfhqtzmqsq.net | udp |
| US | 8.8.8.8:53 | aybpxyivvx.info | udp |
| US | 8.8.8.8:53 | sbtcqpoj.net | udp |
| US | 8.8.8.8:53 | igqsueqwkwyg.org | udp |
| US | 8.8.8.8:53 | tijkbbfwdbbf.info | udp |
| US | 8.8.8.8:53 | osnobczahxb.info | udp |
| US | 8.8.8.8:53 | balcxkcqb.com | udp |
| US | 8.8.8.8:53 | eqiunsmzyf.net | udp |
| US | 8.8.8.8:53 | psqipiv.net | udp |
| US | 8.8.8.8:53 | cvcfqxncfjh.info | udp |
| US | 8.8.8.8:53 | iwnmgwh.info | udp |
| US | 8.8.8.8:53 | eprebs.info | udp |
| US | 8.8.8.8:53 | dchspxphwk.net | udp |
| US | 8.8.8.8:53 | oobalsrsrab.net | udp |
| US | 8.8.8.8:53 | koruzdvsm.info | udp |
| US | 8.8.8.8:53 | thfunvzbyauf.net | udp |
| US | 8.8.8.8:53 | kkwmwy.com | udp |
| US | 8.8.8.8:53 | rexbaqmap.org | udp |
| US | 8.8.8.8:53 | yukmsmyw.com | udp |
| US | 8.8.8.8:53 | yoxnjnzuud.net | udp |
| US | 8.8.8.8:53 | azbonwokt.net | udp |
| US | 8.8.8.8:53 | gannlztuzvtc.info | udp |
| US | 8.8.8.8:53 | jszwvgp.org | udp |
| US | 8.8.8.8:53 | aomjkapm.info | udp |
| US | 8.8.8.8:53 | pplmmcrwncz.info | udp |
| US | 8.8.8.8:53 | nhwsjfh.info | udp |
| US | 8.8.8.8:53 | fulwkorypno.com | udp |
| US | 8.8.8.8:53 | iqoiqq.com | udp |
| US | 8.8.8.8:53 | jifixuufm.net | udp |
| US | 8.8.8.8:53 | uuocwocwsaqo.com | udp |
| US | 8.8.8.8:53 | uikmeg.com | udp |
| US | 8.8.8.8:53 | nmlfykvgyqz.info | udp |
| US | 8.8.8.8:53 | jelzhlivcg.net | udp |
| US | 8.8.8.8:53 | xcesnqnmtmp.com | udp |
| US | 8.8.8.8:53 | dwtpjmitygn.net | udp |
| US | 8.8.8.8:53 | odspco.net | udp |
| US | 8.8.8.8:53 | sktpzs.net | udp |
| US | 8.8.8.8:53 | guhxvqcon.info | udp |
| US | 8.8.8.8:53 | cceoxwr.net | udp |
| US | 8.8.8.8:53 | twvxzofmxqhn.info | udp |
| US | 8.8.8.8:53 | fwrkrwl.info | udp |
| US | 8.8.8.8:53 | aqfzbnqmt.net | udp |
| US | 8.8.8.8:53 | aakggyacik.com | udp |
| US | 8.8.8.8:53 | eavubkp.info | udp |
| US | 8.8.8.8:53 | ykqqrofoofk.net | udp |
| US | 8.8.8.8:53 | lrfjbtdidpdn.net | udp |
| US | 8.8.8.8:53 | xsvifqmwf.net | udp |
| US | 8.8.8.8:53 | rvuekumtj.com | udp |
| US | 8.8.8.8:53 | jmqdmind.net | udp |
| US | 8.8.8.8:53 | ekagqeuwwuas.org | udp |
| US | 8.8.8.8:53 | hubpis.net | udp |
| US | 8.8.8.8:53 | kkbcikrd.info | udp |
| US | 8.8.8.8:53 | kujoaz.info | udp |
| US | 8.8.8.8:53 | ickicwos.com | udp |
| US | 8.8.8.8:53 | yecntej.net | udp |
| US | 8.8.8.8:53 | robmtayaqd.net | udp |
| US | 8.8.8.8:53 | xoqyjxbuopup.info | udp |
| US | 8.8.8.8:53 | twddgmsywp.net | udp |
| US | 8.8.8.8:53 | uegyjegav.info | udp |
| US | 8.8.8.8:53 | dznelepal.info | udp |
| US | 8.8.8.8:53 | tlrabkrlgw.net | udp |
| US | 8.8.8.8:53 | wwtloxsa.net | udp |
| US | 8.8.8.8:53 | haxaomiuj.info | udp |
| US | 8.8.8.8:53 | timwfizizqh.net | udp |
| US | 8.8.8.8:53 | bcdpgnokwj.info | udp |
| US | 8.8.8.8:53 | ltlhpalbtntx.info | udp |
| US | 8.8.8.8:53 | fuvynes.info | udp |
| US | 8.8.8.8:53 | rmcpkun.net | udp |
| US | 8.8.8.8:53 | davtjx.net | udp |
| US | 8.8.8.8:53 | hvapjj.net | udp |
| US | 8.8.8.8:53 | ptsxldpo.net | udp |
| US | 8.8.8.8:53 | bsgsvqnkdhdo.info | udp |
| US | 8.8.8.8:53 | sguaqw.com | udp |
| US | 8.8.8.8:53 | trtrgzzk.net | udp |
| US | 8.8.8.8:53 | swvwxqlcroo.net | udp |
| US | 8.8.8.8:53 | xunzsihfd.com | udp |
| US | 8.8.8.8:53 | oylwrhv.info | udp |
| US | 8.8.8.8:53 | orfwjuidoigl.info | udp |
| US | 8.8.8.8:53 | vynexfe.org | udp |
| US | 8.8.8.8:53 | sceommucuy.org | udp |
| US | 8.8.8.8:53 | ougwkg.org | udp |
| US | 8.8.8.8:53 | djjebefijn.info | udp |
| US | 8.8.8.8:53 | pkjalzxk.info | udp |
| US | 8.8.8.8:53 | qidbobwqej.net | udp |
| US | 8.8.8.8:53 | oemgaoms.org | udp |
| US | 8.8.8.8:53 | sqsegav.net | udp |
| US | 8.8.8.8:53 | mhzzjq.net | udp |
| US | 8.8.8.8:53 | ihryrovffyz.info | udp |
| US | 8.8.8.8:53 | hsuitgu.com | udp |
| US | 8.8.8.8:53 | rqtslc.net | udp |
| US | 8.8.8.8:53 | urcoqwfqz.info | udp |
| US | 8.8.8.8:53 | fwvrmypd.net | udp |
| US | 8.8.8.8:53 | eayacokbim.info | udp |
| US | 8.8.8.8:53 | uuwaimuyug.com | udp |
| US | 8.8.8.8:53 | wirqhnhph.info | udp |
| US | 8.8.8.8:53 | xzqpbm.net | udp |
| US | 8.8.8.8:53 | xthigsubue.net | udp |
| US | 8.8.8.8:53 | eoymekquce.com | udp |
| US | 8.8.8.8:53 | ogogayawumkq.org | udp |
| US | 8.8.8.8:53 | acfvnmtwud.info | udp |
| US | 8.8.8.8:53 | wwvatecsfov.net | udp |
| US | 8.8.8.8:53 | jkscoh.net | udp |
| US | 8.8.8.8:53 | ueiisgsikawg.com | udp |
| US | 8.8.8.8:53 | kufqvwt.net | udp |
| US | 8.8.8.8:53 | uqzsbt.info | udp |
| US | 8.8.8.8:53 | qktmookkd.info | udp |
| US | 8.8.8.8:53 | jbtubuihpmzw.net | udp |
| US | 8.8.8.8:53 | cyicaukkmu.com | udp |
| US | 8.8.8.8:53 | cmuaemwq.org | udp |
| US | 8.8.8.8:53 | utmtjxvk.info | udp |
| US | 8.8.8.8:53 | aakqsm.com | udp |
| US | 8.8.8.8:53 | yyquokaugswy.org | udp |
| US | 8.8.8.8:53 | behkxihtr.org | udp |
| US | 8.8.8.8:53 | bufaojsi.info | udp |
| US | 8.8.8.8:53 | wmaaywwmqk.org | udp |
| US | 8.8.8.8:53 | txgiwser.info | udp |
| US | 8.8.8.8:53 | pnnoffl.net | udp |
| US | 8.8.8.8:53 | ysbqwwuuzso.info | udp |
| US | 8.8.8.8:53 | bblbsg.info | udp |
| US | 8.8.8.8:53 | wotczsv.net | udp |
| US | 8.8.8.8:53 | zxsezgcl.net | udp |
| US | 8.8.8.8:53 | pswagoquh.org | udp |
| US | 8.8.8.8:53 | jbpert.info | udp |
| US | 8.8.8.8:53 | scaqcgwyau.org | udp |
| US | 8.8.8.8:53 | iwyisrjkfwn.info | udp |
| US | 8.8.8.8:53 | skkllu.net | udp |
| US | 8.8.8.8:53 | icjybkaul.info | udp |
| US | 8.8.8.8:53 | gytkywwfz.net | udp |
| US | 8.8.8.8:53 | ociozivpz.info | udp |
| US | 8.8.8.8:53 | foigiunibrbp.net | udp |
| US | 8.8.8.8:53 | bqxikoxv.net | udp |
| US | 8.8.8.8:53 | zapyqerszet.info | udp |
| US | 8.8.8.8:53 | tqubthmzair.info | udp |
| US | 8.8.8.8:53 | pebmrsfnf.info | udp |
| US | 8.8.8.8:53 | jazejwtkz.info | udp |
| US | 8.8.8.8:53 | owtjis.info | udp |
| US | 8.8.8.8:53 | hdrcgvu.org | udp |
| US | 8.8.8.8:53 | idstdwfkeq.net | udp |
| US | 8.8.8.8:53 | lrxsrg.info | udp |
| US | 8.8.8.8:53 | jozuhyt.com | udp |
| US | 8.8.8.8:53 | sxqllijuns.net | udp |
| US | 8.8.8.8:53 | ooagogisko.com | udp |
| US | 8.8.8.8:53 | petpuwlrx.org | udp |
| US | 8.8.8.8:53 | zfrgmmex.info | udp |
| US | 8.8.8.8:53 | borvdw.info | udp |
| US | 8.8.8.8:53 | lvnkjguul.net | udp |
| US | 8.8.8.8:53 | fgvwoveunq.net | udp |
| US | 8.8.8.8:53 | wgpjmvkyri.net | udp |
| US | 8.8.8.8:53 | ebwyksntlp.net | udp |
| US | 8.8.8.8:53 | kmxknajhv.info | udp |
| US | 8.8.8.8:53 | pohfzultakeb.info | udp |
| US | 8.8.8.8:53 | uqasmqui.org | udp |
| US | 8.8.8.8:53 | cibtgo.net | udp |
| US | 8.8.8.8:53 | arueuskxncdd.info | udp |
| US | 8.8.8.8:53 | ekitriwi.info | udp |
| US | 8.8.8.8:53 | kaoeim.com | udp |
| US | 8.8.8.8:53 | xivvfgn.com | udp |
| US | 8.8.8.8:53 | npenpqkznchv.info | udp |
| US | 8.8.8.8:53 | vbbevy.net | udp |
| US | 8.8.8.8:53 | symqdyrnomq.info | udp |
| US | 8.8.8.8:53 | batkuc.net | udp |
| US | 8.8.8.8:53 | vckssryhvh.info | udp |
| US | 8.8.8.8:53 | kgklgudeaihe.net | udp |
| US | 8.8.8.8:53 | zijyjzz.net | udp |
| US | 8.8.8.8:53 | jsqmsdcoxwdi.net | udp |
| US | 8.8.8.8:53 | eafsvbbkt.info | udp |
| US | 8.8.8.8:53 | hlckhav.org | udp |
| US | 8.8.8.8:53 | zlziedplifbq.info | udp |
| US | 8.8.8.8:53 | igcueecskauq.org | udp |
| US | 8.8.8.8:53 | amvxnt.info | udp |
| US | 8.8.8.8:53 | kgllwstxeg.net | udp |
| US | 8.8.8.8:53 | gokqeylmp.info | udp |
| US | 8.8.8.8:53 | oeumlkzqn.net | udp |
| US | 8.8.8.8:53 | auexdebb.info | udp |
| US | 8.8.8.8:53 | retyrmgwpop.net | udp |
| US | 8.8.8.8:53 | rgftxgtbd.info | udp |
| US | 8.8.8.8:53 | lgxwlyhtlmc.com | udp |
| US | 8.8.8.8:53 | jscljauq.net | udp |
| US | 8.8.8.8:53 | aiggoioa.com | udp |
| US | 8.8.8.8:53 | xcyqmsewq.info | udp |
| US | 8.8.8.8:53 | pspblt.net | udp |
| US | 8.8.8.8:53 | foxzqiual.com | udp |
| US | 8.8.8.8:53 | zoxslsnvuqk.net | udp |
| US | 8.8.8.8:53 | wqfhmkhoa.info | udp |
| US | 8.8.8.8:53 | bunarmcbz.info | udp |
| US | 8.8.8.8:53 | eejrorok.info | udp |
| US | 8.8.8.8:53 | pavfzkrx.net | udp |
| US | 8.8.8.8:53 | okewckaoekcc.org | udp |
| US | 8.8.8.8:53 | gspctihstyn.net | udp |
| US | 8.8.8.8:53 | tuiufvrokozb.net | udp |
| US | 8.8.8.8:53 | wdzglrduz.net | udp |
| US | 8.8.8.8:53 | upidozwx.net | udp |
| US | 8.8.8.8:53 | mcwqkmoyka.com | udp |
| US | 8.8.8.8:53 | gwukccwgco.com | udp |
| US | 8.8.8.8:53 | gqessmgy.com | udp |
| US | 8.8.8.8:53 | ngzdsfvud.net | udp |
| US | 8.8.8.8:53 | pylced.info | udp |
| US | 8.8.8.8:53 | hfhdjfpl.info | udp |
| US | 8.8.8.8:53 | rdwtne.net | udp |
| US | 8.8.8.8:53 | oxdiigsqhjs.net | udp |
| US | 8.8.8.8:53 | micbgbllgr.info | udp |
| US | 8.8.8.8:53 | eiitzlwdid.net | udp |
| US | 8.8.8.8:53 | yavlxe.net | udp |
| US | 8.8.8.8:53 | ksskaooo.org | udp |
| US | 8.8.8.8:53 | pktfja.info | udp |
| US | 8.8.8.8:53 | vmdmkch.com | udp |
| US | 8.8.8.8:53 | pziaxyhojmu.org | udp |
| US | 8.8.8.8:53 | zuqerkw.com | udp |
| US | 8.8.8.8:53 | bmnifdalvrfh.info | udp |
| US | 8.8.8.8:53 | rodvrshbdi.info | udp |
| US | 8.8.8.8:53 | vxhrykncj.net | udp |
| US | 8.8.8.8:53 | ubpxnf.net | udp |
| US | 8.8.8.8:53 | lmjfeaasyab.net | udp |
| US | 8.8.8.8:53 | usyswygoac.com | udp |
| US | 8.8.8.8:53 | ywswnufqbid.info | udp |
| US | 8.8.8.8:53 | pkfwysoyjqd.info | udp |
| US | 8.8.8.8:53 | pjitqhdeor.info | udp |
| US | 8.8.8.8:53 | vacsgebcg.org | udp |
| US | 8.8.8.8:53 | bjwhkm.net | udp |
| US | 8.8.8.8:53 | sqzbbcvky.info | udp |
| US | 8.8.8.8:53 | gkjamgs.net | udp |
| US | 8.8.8.8:53 | sjxclehch.info | udp |
| US | 8.8.8.8:53 | cojyxkykh.info | udp |
| US | 8.8.8.8:53 | fkynlfmejlwm.info | udp |
| US | 8.8.8.8:53 | dlbytjdqbwr.info | udp |
| US | 8.8.8.8:53 | lzkuzesjzq.info | udp |
| US | 8.8.8.8:53 | muuogmeoce.org | udp |
| US | 8.8.8.8:53 | iasuxfeqzr.info | udp |
| US | 8.8.8.8:53 | scgmsouiic.org | udp |
| US | 8.8.8.8:53 | pjicma.info | udp |
| US | 8.8.8.8:53 | yoseikgg.com | udp |
| US | 8.8.8.8:53 | uivmxxmlain.info | udp |
| US | 8.8.8.8:53 | uzjmfwzzhoh.info | udp |
| US | 8.8.8.8:53 | zmvwlin.net | udp |
| US | 8.8.8.8:53 | tgcmkqtch.com | udp |
| US | 8.8.8.8:53 | kzyumgzlr.info | udp |
| US | 8.8.8.8:53 | xsmabcngj.net | udp |
| US | 8.8.8.8:53 | pizveubsm.info | udp |
| US | 8.8.8.8:53 | qlamsp.info | udp |
| US | 8.8.8.8:53 | jvecrlnf.net | udp |
| US | 8.8.8.8:53 | qdpyuolsll.net | udp |
| US | 8.8.8.8:53 | oukgqyaococa.org | udp |
| US | 8.8.8.8:53 | zqenypvhdiip.net | udp |
| US | 8.8.8.8:53 | wmcaec.info | udp |
| US | 8.8.8.8:53 | hsnarcfbr.net | udp |
| US | 8.8.8.8:53 | tjhjjmmxfvdb.net | udp |
| US | 8.8.8.8:53 | zcgkukd.org | udp |
| US | 8.8.8.8:53 | dbvpxrzzcr.net | udp |
| US | 8.8.8.8:53 | qglaprqgvd.net | udp |
| US | 8.8.8.8:53 | yavcshvgp.net | udp |
| US | 8.8.8.8:53 | njpufbn.net | udp |
| US | 8.8.8.8:53 | lwsmrwymlcr.com | udp |
| US | 8.8.8.8:53 | radpzuqn.net | udp |
| US | 8.8.8.8:53 | uenurlwyrexs.net | udp |
| US | 8.8.8.8:53 | hqvfvllm.info | udp |
| US | 8.8.8.8:53 | blvqvwtzswfi.info | udp |
| US | 8.8.8.8:53 | hzrhfxmmoeb.net | udp |
| US | 8.8.8.8:53 | vxcfoy.info | udp |
| US | 8.8.8.8:53 | ashomoi.net | udp |
| US | 8.8.8.8:53 | uhzvxuhejt.net | udp |
| US | 8.8.8.8:53 | pmjpozskp.info | udp |
| US | 8.8.8.8:53 | vcethqpkncvu.net | udp |
| US | 8.8.8.8:53 | soluwgefv.net | udp |
| US | 8.8.8.8:53 | cubdesjkr.info | udp |
| US | 8.8.8.8:53 | cjzhdwbrjl.info | udp |
| US | 8.8.8.8:53 | ywygmewqys.org | udp |
| US | 8.8.8.8:53 | amitfiuqake.info | udp |
| US | 8.8.8.8:53 | zotirebcu.org | udp |
| US | 8.8.8.8:53 | otkxpar.info | udp |
| US | 8.8.8.8:53 | xwqgthqgh.org | udp |
| US | 8.8.8.8:53 | snhqhjfhxnbj.net | udp |
| US | 8.8.8.8:53 | esvonmrqu.info | udp |
| US | 8.8.8.8:53 | zfmfzhgfgt.info | udp |
| US | 8.8.8.8:53 | xolcjetmnon.com | udp |
| US | 8.8.8.8:53 | rnykduhg.info | udp |
| US | 8.8.8.8:53 | issnsbtr.info | udp |
| US | 8.8.8.8:53 | svjbjrvhxn.info | udp |
| US | 8.8.8.8:53 | yansygzbxix.net | udp |
| US | 8.8.8.8:53 | zdbkfqbsp.info | udp |
| US | 8.8.8.8:53 | imoays.com | udp |
| US | 8.8.8.8:53 | cwrajl.net | udp |
| US | 8.8.8.8:53 | bhvvae.info | udp |
| US | 8.8.8.8:53 | rnvmaytah.net | udp |
| US | 8.8.8.8:53 | iobhhcqalq.info | udp |
| US | 8.8.8.8:53 | iwayuo.com | udp |
| US | 8.8.8.8:53 | czjoef.info | udp |
| US | 8.8.8.8:53 | ncdhbupe.info | udp |
| US | 8.8.8.8:53 | qbnivxhql.info | udp |
| US | 8.8.8.8:53 | hxnyem.info | udp |
| US | 8.8.8.8:53 | aqeuoauiei.com | udp |
| US | 8.8.8.8:53 | mihcmkh.info | udp |
| US | 8.8.8.8:53 | iqronap.net | udp |
| US | 8.8.8.8:53 | omewoqieaa.com | udp |
| US | 8.8.8.8:53 | pmvsbx.net | udp |
| US | 8.8.8.8:53 | osgsawwewi.com | udp |
| US | 8.8.8.8:53 | kvjgbyxowal.net | udp |
| US | 8.8.8.8:53 | geyicyaeiiwq.com | udp |
| US | 8.8.8.8:53 | nmxxlwx.info | udp |
| US | 8.8.8.8:53 | ziytugrnbm.info | udp |
| US | 8.8.8.8:53 | ayawbzhst.net | udp |
| US | 8.8.8.8:53 | mubcfacbriv.net | udp |
| US | 8.8.8.8:53 | fyvnlnbuc.com | udp |
| US | 8.8.8.8:53 | ngmofvvxsze.org | udp |
| US | 8.8.8.8:53 | zcaltun.net | udp |
| US | 8.8.8.8:53 | nfrpputoua.net | udp |
| US | 8.8.8.8:53 | lzckdzrw.info | udp |
| US | 8.8.8.8:53 | yqgeyq.org | udp |
| US | 8.8.8.8:53 | tawvtyuw.info | udp |
| US | 8.8.8.8:53 | fifqhwhizdw.org | udp |
| US | 8.8.8.8:53 | navyoyrwpc.info | udp |
| US | 8.8.8.8:53 | hnkjjmfof.net | udp |
| US | 8.8.8.8:53 | rwkmlknghug.info | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 192.168.28.2:445 | tcp | |
| US | 8.8.8.8:53 | rqsqxlgdid.net | udp |
| US | 8.8.8.8:53 | lwqulegiaxbz.info | udp |
| US | 8.8.8.8:53 | wmtrpybepsu.info | udp |
| US | 8.8.8.8:53 | uifaxrnigwtn.net | udp |
| US | 8.8.8.8:53 | mqcscqiuuowq.com | udp |
| US | 8.8.8.8:53 | otdvvtl.info | udp |
| US | 8.8.8.8:53 | iuyglxovekb.net | udp |
| US | 8.8.8.8:53 | psvaltsupo.net | udp |
| US | 8.8.8.8:53 | qegpglqn.info | udp |
| US | 8.8.8.8:53 | vqjqam.net | udp |
| US | 8.8.8.8:53 | oetclszet.info | udp |
| US | 8.8.8.8:53 | mikdqqboet.net | udp |
| US | 8.8.8.8:53 | ftsmrvmecqz.net | udp |
| US | 8.8.8.8:53 | bmtutaekdy.net | udp |
| N/A | 192.168.28.2:139 | tcp | |
| US | 8.8.8.8:53 | omhotscflej.info | udp |
| US | 8.8.8.8:53 | yedkxgkqe.info | udp |
| US | 8.8.8.8:53 | hnderchv.net | udp |
| US | 8.8.8.8:53 | nhamjsc.com | udp |
| US | 8.8.8.8:53 | adsurleu.net | udp |
| US | 8.8.8.8:53 | kbdefe.info | udp |
| US | 8.8.8.8:53 | tamnvpocwhx.com | udp |
| US | 8.8.8.8:53 | ythauppywex.net | udp |
| US | 8.8.8.8:53 | lgjhlptj.info | udp |
| US | 8.8.8.8:53 | gccvdetqfxgg.net | udp |
| US | 8.8.8.8:53 | lbarmiaq.net | udp |
| US | 8.8.8.8:53 | jdpshq.net | udp |
| US | 8.8.8.8:53 | jydsiwdwwmx.info | udp |
| US | 8.8.8.8:53 | luzsjmb.com | udp |
| US | 8.8.8.8:53 | ugbiruw.info | udp |
| US | 8.8.8.8:53 | kocityn.info | udp |
| US | 8.8.8.8:53 | lkpvfulyqkl.net | udp |
| US | 8.8.8.8:53 | btfrphbyd.info | udp |
| US | 8.8.8.8:53 | nytoijinuqw.com | udp |
| US | 8.8.8.8:53 | axftup.net | udp |
| US | 8.8.8.8:53 | llvmsjxrf.net | udp |
| US | 8.8.8.8:53 | dyhvkht.info | udp |
| US | 8.8.8.8:53 | hzrqsujcn.com | udp |
| US | 8.8.8.8:53 | yhmuqtfepao.net | udp |
| US | 8.8.8.8:53 | rlqcqjv.com | udp |
| US | 8.8.8.8:53 | bsemkanqad.info | udp |
| US | 8.8.8.8:53 | tahtdo.net | udp |
| US | 8.8.8.8:53 | ndpabbxqrb.net | udp |
| US | 8.8.8.8:53 | obfmfq.info | udp |
| US | 8.8.8.8:53 | jsvsaux.net | udp |
| US | 8.8.8.8:53 | rqpqxfshjcgz.net | udp |
| US | 8.8.8.8:53 | bkxonzbir.info | udp |
| US | 8.8.8.8:53 | zdmubq.info | udp |
| US | 8.8.8.8:53 | ojdtvuej.net | udp |
| US | 8.8.8.8:53 | kyvyblad.net | udp |
| US | 8.8.8.8:53 | guosyc.org | udp |
| US | 8.8.8.8:53 | pgssyxpfdmo.net | udp |
| US | 8.8.8.8:53 | cijcgu.net | udp |
| US | 8.8.8.8:53 | qkkhjosinane.info | udp |
| US | 8.8.8.8:53 | zayejqhwmkn.net | udp |
| US | 8.8.8.8:53 | gppivj.info | udp |
| US | 8.8.8.8:53 | dedaek.info | udp |
| US | 8.8.8.8:53 | zusnnnlpmjl.org | udp |
| US | 8.8.8.8:53 | gjhfevhg.net | udp |
| US | 8.8.8.8:53 | myasmq.org | udp |
| US | 8.8.8.8:53 | kwlbfrhinuh.net | udp |
| US | 8.8.8.8:53 | kueaiseqga.org | udp |
| US | 8.8.8.8:53 | qkbkrqbhjxy.net | udp |
| US | 8.8.8.8:53 | ksncaoh.net | udp |
| US | 8.8.8.8:53 | mmmewa.com | udp |
| US | 8.8.8.8:53 | ywpcxcy.info | udp |
| US | 8.8.8.8:53 | womsaysoei.org | udp |
| US | 8.8.8.8:53 | xtxzgdlc.net | udp |
| US | 8.8.8.8:53 | ueusmcsiewsi.org | udp |
| US | 8.8.8.8:53 | kitzoi.net | udp |
| US | 8.8.8.8:53 | vkegfbbeamr.com | udp |
| US | 8.8.8.8:53 | eyefvgvmadsi.info | udp |
| US | 8.8.8.8:53 | ftqrnsld.net | udp |
| US | 8.8.8.8:53 | jpsyqx.info | udp |
| US | 8.8.8.8:53 | xubvvsvcdv.info | udp |
| US | 8.8.8.8:53 | adekbmbgzsx.net | udp |
| US | 8.8.8.8:53 | pafvtp.info | udp |
| US | 8.8.8.8:53 | hujgxodqod.net | udp |
| US | 8.8.8.8:53 | azrqvs.info | udp |
| US | 8.8.8.8:53 | lcynrsykn.info | udp |
| US | 8.8.8.8:53 | tnbmlcn.info | udp |
| US | 8.8.8.8:53 | ztlwxflnyd.net | udp |
| US | 8.8.8.8:53 | xudjbnraryr.com | udp |
| US | 8.8.8.8:53 | qpghtoeb.net | udp |
| US | 8.8.8.8:53 | wsjepoi.info | udp |
| US | 8.8.8.8:53 | iymknoxslen.info | udp |
| US | 8.8.8.8:53 | fpybjumwcjri.net | udp |
| US | 8.8.8.8:53 | pfutrvtyjzao.info | udp |
| US | 8.8.8.8:53 | mczavynsf.info | udp |
| US | 8.8.8.8:53 | lsqxfg.info | udp |
| US | 8.8.8.8:53 | nbbouyliw.info | udp |
| US | 8.8.8.8:53 | wqsawmym.org | udp |
| US | 8.8.8.8:53 | lhdofxlqzmf.org | udp |
| US | 8.8.8.8:53 | tmlijov.com | udp |
| US | 8.8.8.8:53 | ruxotab.info | udp |
| US | 8.8.8.8:53 | abtvzsiqbpp.net | udp |
| US | 8.8.8.8:53 | umeyss.com | udp |
| US | 8.8.8.8:53 | qwwuegosuk.com | udp |
| US | 8.8.8.8:53 | owciic.org | udp |
| IE | 34.246.200.160:80 | hklgkqwuttn.com | tcp |
| US | 8.8.8.8:53 | ynhkizxrb.info | udp |
| US | 8.8.8.8:53 | fohikmlszed.net | udp |
| US | 8.8.8.8:53 | pyhmvensb.com | udp |
| US | 8.8.8.8:53 | coimxcawkhk.info | udp |
| US | 8.8.8.8:53 | zwrukksq.info | udp |
| US | 8.8.8.8:53 | hwovggambow.com | udp |
| US | 8.8.8.8:53 | wljsua.net | udp |
| US | 8.8.8.8:53 | qncmxclozeac.net | udp |
| US | 8.8.8.8:53 | bcjllw.info | udp |
| US | 8.8.8.8:53 | baektt.net | udp |
| US | 8.8.8.8:53 | otdyxilyr.net | udp |
| US | 8.8.8.8:53 | buhujg.net | udp |
| US | 8.8.8.8:53 | mfxkpvnuf.net | udp |
| US | 8.8.8.8:53 | yeqsceua.org | udp |
| US | 8.8.8.8:53 | qacnmoumhkl.info | udp |
| US | 8.8.8.8:53 | dvfybv.info | udp |
| US | 8.8.8.8:53 | xnqvzbhhlw.net | udp |
| US | 8.8.8.8:53 | tmwdik.net | udp |
| US | 8.8.8.8:53 | ratirtqyspss.net | udp |
| US | 8.8.8.8:53 | uogiseewsq.com | udp |
| US | 8.8.8.8:53 | udzcihkj.info | udp |
| US | 8.8.8.8:53 | mysies.org | udp |
| US | 8.8.8.8:53 | ogpnvkkwz.net | udp |
| US | 8.8.8.8:53 | bqqkvac.org | udp |
| US | 8.8.8.8:53 | lcsgfob.org | udp |
| US | 8.8.8.8:53 | xmcixkdjs.com | udp |
| US | 8.8.8.8:53 | umtghoh.info | udp |
| US | 8.8.8.8:53 | khptjbjfyxbi.net | udp |
| US | 8.8.8.8:53 | vftqhzowtgpw.info | udp |
| US | 8.8.8.8:53 | mqhmycj.info | udp |
| US | 8.8.8.8:53 | ervibdlorej.info | udp |
| US | 8.8.8.8:53 | fvldzmbrio.net | udp |
| US | 8.8.8.8:53 | kuxajxugfkr.net | udp |
| US | 8.8.8.8:53 | rwdptulntzi.net | udp |
| US | 8.8.8.8:53 | ieeuwsmseo.org | udp |
| US | 8.8.8.8:53 | cqiuai.org | udp |
| US | 8.8.8.8:53 | dqbaztb.net | udp |
| US | 8.8.8.8:53 | xbbuzxdannlj.net | udp |
| US | 8.8.8.8:53 | azrakrbzpk.net | udp |
| US | 8.8.8.8:53 | iivuqtezuqdc.info | udp |
| US | 8.8.8.8:53 | axtkwhlz.info | udp |
| US | 8.8.8.8:53 | vfpbztgbiz.net | udp |
| US | 8.8.8.8:53 | ncfohkf.net | udp |
| US | 8.8.8.8:53 | gpnuueumxpds.info | udp |
| US | 8.8.8.8:53 | hydrjdcb.net | udp |
| US | 8.8.8.8:53 | vjmyxpra.net | udp |
| US | 8.8.8.8:53 | dewxsww.org | udp |
| US | 8.8.8.8:53 | ffuxxckcqhkg.net | udp |
| US | 8.8.8.8:53 | ehbjwcwvlw.net | udp |
| US | 8.8.8.8:53 | ogyizghstqv.info | udp |
| US | 8.8.8.8:53 | nxnwpxhqyg.net | udp |
| US | 8.8.8.8:53 | snsgxjvdyqbd.info | udp |
| US | 8.8.8.8:53 | ohlpoijc.info | udp |
| US | 8.8.8.8:53 | ypjlfxnqow.net | udp |
| US | 8.8.8.8:53 | vujotrecd.info | udp |
| US | 8.8.8.8:53 | gwbwhbb.net | udp |
| US | 8.8.8.8:53 | amcxxf.info | udp |
| US | 8.8.8.8:53 | kjqhdj.info | udp |
| US | 8.8.8.8:53 | kskaxbb.info | udp |
| DE | 85.214.228.140:80 | xwfmlmbmtaz.info | tcp |
| US | 8.8.8.8:53 | ouaehqp.net | udp |
| US | 8.8.8.8:53 | dldipcc.net | udp |
| US | 8.8.8.8:53 | ojpldppsetiu.info | udp |
| US | 8.8.8.8:53 | cdgjthsabrta.info | udp |
| US | 8.8.8.8:53 | nafodwrwdqd.com | udp |
| US | 8.8.8.8:53 | wmvisyvgd.info | udp |
| US | 8.8.8.8:53 | pwqitjxwgdlh.net | udp |
| US | 8.8.8.8:53 | cpiuxxgqpy.net | udp |
| US | 8.8.8.8:53 | mhvqgavwc.info | udp |
| US | 8.8.8.8:53 | vaakyelsc.org | udp |
| US | 8.8.8.8:53 | okiaykac.org | udp |
| US | 8.8.8.8:53 | eisqnaint.net | udp |
| US | 8.8.8.8:53 | jkkjvq.net | udp |
| US | 8.8.8.8:53 | rttebtovrq.info | udp |
| US | 8.8.8.8:53 | qhdpfsuizgb.net | udp |
| US | 8.8.8.8:53 | aalczsobt.info | udp |
| US | 208.100.26.245:80 | ydqlnw.info | tcp |
| US | 8.8.8.8:53 | gkewoqyy.com | udp |
| US | 8.8.8.8:53 | xehavxbdpciu.net | udp |
| US | 8.8.8.8:53 | uncaephtnirx.info | udp |
| US | 8.8.8.8:53 | ooackcoyaq.org | udp |
| US | 8.8.8.8:53 | fafgmmnazyd.org | udp |
| US | 8.8.8.8:53 | nytybqvrzz.net | udp |
| US | 8.8.8.8:53 | gelmxgdpjei.net | udp |
| US | 8.8.8.8:53 | idyzzbdtzemm.info | udp |
| US | 8.8.8.8:53 | scauus.org | udp |
| US | 8.8.8.8:53 | zhfsxb.net | udp |
| US | 8.8.8.8:53 | rpiblkjcmlln.info | udp |
| US | 8.8.8.8:53 | tnxivajml.com | udp |
| US | 8.8.8.8:53 | xylmvuj.net | udp |
| US | 8.8.8.8:53 | qsxyponp.net | udp |
| US | 8.8.8.8:53 | wagsgoiawc.org | udp |
| US | 8.8.8.8:53 | ygaerwzousp.net | udp |
| US | 8.8.8.8:53 | waaugi.org | udp |
| US | 8.8.8.8:53 | nafxot.net | udp |
| US | 8.8.8.8:53 | uoeciooykyuk.com | udp |
| US | 8.8.8.8:53 | xmxzfpimkwyo.info | udp |
| US | 8.8.8.8:53 | gqwmacocsc.com | udp |
| US | 8.8.8.8:53 | pbcfvfld.info | udp |
| US | 8.8.8.8:53 | vgjtlcfgdil.com | udp |
| US | 8.8.8.8:53 | ywquuu.org | udp |
| US | 8.8.8.8:53 | tahfzwgbnkfm.info | udp |
| US | 8.8.8.8:53 | penmlub.org | udp |
| US | 8.8.8.8:53 | wocikoyyoycu.org | udp |
| US | 8.8.8.8:53 | pencxrvurgl.net | udp |
| US | 8.8.8.8:53 | pmuahnxb.net | udp |
| US | 8.8.8.8:53 | ulaywmloklcr.net | udp |
| US | 8.8.8.8:53 | lybfvtvz.net | udp |
| US | 8.8.8.8:53 | ewwquu.org | udp |
| US | 8.8.8.8:53 | wwnqnuben.net | udp |
| US | 8.8.8.8:53 | uvanksrjdlvc.info | udp |
| US | 8.8.8.8:53 | typqgupsx.info | udp |
| US | 8.8.8.8:53 | ayhuxgq.info | udp |
| US | 8.8.8.8:53 | blfromcxtg.net | udp |
| US | 8.8.8.8:53 | nzkibs.info | udp |
| US | 8.8.8.8:53 | hprlbdveivwi.info | udp |
| US | 8.8.8.8:53 | whpjfbsd.info | udp |
| US | 8.8.8.8:53 | puwtoct.info | udp |
| US | 8.8.8.8:53 | lgswzqbvc.org | udp |
| US | 8.8.8.8:53 | escsgg.com | udp |
| US | 8.8.8.8:53 | xgfccgxmj.com | udp |
| US | 8.8.8.8:53 | znbmhmkarc.info | udp |
| US | 8.8.8.8:53 | hwvhmcsvde.net | udp |
| US | 8.8.8.8:53 | hcvcguhfl.net | udp |
| US | 8.8.8.8:53 | pwxjraiicmng.info | udp |
| US | 8.8.8.8:53 | cikefqvitjps.net | udp |
| US | 8.8.8.8:53 | amysiuossa.com | udp |
| US | 8.8.8.8:53 | ywgqbwrghyb.info | udp |
| US | 8.8.8.8:53 | cgfnfejd.info | udp |
| US | 8.8.8.8:53 | wiekdsrmdol.info | udp |
| US | 8.8.8.8:53 | bsxaloa.com | udp |
| US | 8.8.8.8:53 | wsntfcy.info | udp |
| US | 8.8.8.8:53 | siewtsrkrgq.info | udp |
| US | 8.8.8.8:53 | ktyugsataa.info | udp |
| US | 8.8.8.8:53 | xofyhmwvlzb.net | udp |
| US | 8.8.8.8:53 | aelxvivwnsg.info | udp |
| US | 8.8.8.8:53 | jkhaximadsg.org | udp |
| US | 8.8.8.8:53 | neyizica.net | udp |
| US | 8.8.8.8:53 | xfaqyaxm.info | udp |
| US | 8.8.8.8:53 | vacxwzinzu.info | udp |
| US | 8.8.8.8:53 | bxvnfdvjbs.net | udp |
| US | 8.8.8.8:53 | rvtefrvr.net | udp |
| US | 8.8.8.8:53 | ziraysd.org | udp |
| US | 8.8.8.8:53 | uvzigfdvbr.info | udp |
| US | 8.8.8.8:53 | kgezzfon.info | udp |
| US | 8.8.8.8:53 | qgkzxqt.info | udp |
| US | 8.8.8.8:53 | ekuffx.net | udp |
| US | 8.8.8.8:53 | qpblntzy.net | udp |
| US | 8.8.8.8:53 | fmitkryaxzef.net | udp |
| US | 8.8.8.8:53 | difuullyzpd.org | udp |
| US | 8.8.8.8:53 | oiiorrz.info | udp |
| US | 8.8.8.8:53 | kakgsgcasq.org | udp |
| US | 8.8.8.8:53 | rsfvzlbm.info | udp |
| US | 8.8.8.8:53 | aelubcv.info | udp |
| US | 8.8.8.8:53 | ksysaiigmcsg.org | udp |
| US | 8.8.8.8:53 | ortkioqbqavt.net | udp |
| US | 8.8.8.8:53 | ecwikuom.org | udp |
| US | 8.8.8.8:53 | yyogeguwwg.org | udp |
| US | 8.8.8.8:53 | grjgraoeefhx.info | udp |
| US | 8.8.8.8:53 | eegcgi.com | udp |
| US | 8.8.8.8:53 | cepjhztuprh.net | udp |
| US | 8.8.8.8:53 | pzryostgtub.org | udp |
| US | 8.8.8.8:53 | dfzudewgyi.net | udp |
| US | 8.8.8.8:53 | oyfbggi.net | udp |
| US | 8.8.8.8:53 | dilmcmz.net | udp |
| US | 8.8.8.8:53 | uyoomgkqaoeo.com | udp |
| US | 8.8.8.8:53 | tepnzlwrbfpl.net | udp |
| US | 8.8.8.8:53 | yykjfj.net | udp |
| US | 8.8.8.8:53 | jtrpqkp.com | udp |
| US | 8.8.8.8:53 | xqubrmyz.info | udp |
| US | 8.8.8.8:53 | lhgalyr.com | udp |
| US | 8.8.8.8:53 | jaxuyzkiudlt.net | udp |
| US | 8.8.8.8:53 | vmylheoy.info | udp |
| US | 8.8.8.8:53 | vppwsurncik.info | udp |
| US | 8.8.8.8:53 | bojotnepbsia.info | udp |
| US | 8.8.8.8:53 | mbxlwhde.info | udp |
| US | 8.8.8.8:53 | sotchhwccdk.net | udp |
| US | 8.8.8.8:53 | jkwlvj.info | udp |
| US | 8.8.8.8:53 | bdnydvjuqs.info | udp |
| US | 8.8.8.8:53 | cmsisw.org | udp |
| US | 8.8.8.8:53 | rjbgdgzizv.info | udp |
| US | 8.8.8.8:53 | mpbcsreq.net | udp |
| US | 8.8.8.8:53 | vmauhmj.org | udp |
| US | 8.8.8.8:53 | ygrctafwdtlf.info | udp |
| US | 8.8.8.8:53 | hgnpdrnc.info | udp |
| US | 8.8.8.8:53 | cafatfv.net | udp |
| US | 8.8.8.8:53 | ukxjxzli.info | udp |
| US | 8.8.8.8:53 | uuxzzmljcxfb.net | udp |
| US | 8.8.8.8:53 | ekouqagyuoyo.com | udp |
| US | 8.8.8.8:53 | kvdweovox.net | udp |
| US | 8.8.8.8:53 | bgrimgqa.info | udp |
| US | 8.8.8.8:53 | dvbkeojodiat.net | udp |
| US | 8.8.8.8:53 | trnkouhj.net | udp |
| US | 8.8.8.8:53 | yavekefqtco.net | udp |
| US | 8.8.8.8:53 | rzymlt.info | udp |
| US | 8.8.8.8:53 | auoylp.net | udp |
| US | 8.8.8.8:53 | mcyckaqqck.com | udp |
| US | 8.8.8.8:53 | cwqoie.org | udp |
| US | 8.8.8.8:53 | vyvvdj.info | udp |
| US | 8.8.8.8:53 | adggmnzehw.info | udp |
| US | 8.8.8.8:53 | pqnhocjarh.info | udp |
| US | 8.8.8.8:53 | nudslgskvez.com | udp |
| US | 8.8.8.8:53 | bgvxggw.org | udp |
| US | 8.8.8.8:53 | tmjppcf.info | udp |
| US | 8.8.8.8:53 | yaukcyu.net | udp |
| US | 8.8.8.8:53 | iszudgfgvmd.net | udp |
| US | 8.8.8.8:53 | rixkdktie.com | udp |
| US | 8.8.8.8:53 | xegwhcyyysyz.net | udp |
| US | 8.8.8.8:53 | btpypfipmac.info | udp |
| US | 8.8.8.8:53 | vzdjep.info | udp |
| US | 8.8.8.8:53 | xikxpjiqxxlr.net | udp |
| US | 8.8.8.8:53 | wxsqqk.net | udp |
| US | 8.8.8.8:53 | nvuudh.info | udp |
| US | 8.8.8.8:53 | sjzbdvpd.net | udp |
| US | 8.8.8.8:53 | hsdmngcey.org | udp |
| US | 8.8.8.8:53 | pyzgmgxtn.org | udp |
| US | 8.8.8.8:53 | qdnczevvcef.info | udp |
| US | 8.8.8.8:53 | ibtbwocs.net | udp |
| US | 8.8.8.8:53 | fvlphddsumf.net | udp |
| US | 8.8.8.8:53 | kqqcdiurz.info | udp |
| US | 8.8.8.8:53 | eunkhfm.info | udp |
| US | 8.8.8.8:53 | bylwnpu.net | udp |
| US | 8.8.8.8:53 | qdlmtpwdi.info | udp |
| US | 8.8.8.8:53 | pikyhpboz.org | udp |
| US | 8.8.8.8:53 | ccqmkcusuggc.com | udp |
| US | 8.8.8.8:53 | cnpqquv.net | udp |
| US | 8.8.8.8:53 | xdzqhkj.info | udp |
| US | 8.8.8.8:53 | rexwpuanrk.info | udp |
| US | 8.8.8.8:53 | brkzng.net | udp |
| US | 8.8.8.8:53 | njfoqgfukwlu.net | udp |
| US | 8.8.8.8:53 | modqvapgvns.net | udp |
| US | 8.8.8.8:53 | qioumk.com | udp |
| US | 8.8.8.8:53 | smhezsemz.net | udp |
| US | 8.8.8.8:53 | nulbfbvqxp.info | udp |
| US | 8.8.8.8:53 | vqzhbwmeqgfx.info | udp |
| US | 8.8.8.8:53 | emwgmc.org | udp |
| US | 8.8.8.8:53 | gjdtdmpqjn.net | udp |
| US | 8.8.8.8:53 | sjfgnzvkawh.net | udp |
| US | 8.8.8.8:53 | pukedcb.info | udp |
| US | 8.8.8.8:53 | pehmhas.org | udp |
| US | 8.8.8.8:53 | hqgrrur.com | udp |
| US | 8.8.8.8:53 | bdxqegrcj.org | udp |
| US | 8.8.8.8:53 | ikkeciew.org | udp |
| US | 8.8.8.8:53 | nprncnklobho.net | udp |
| US | 8.8.8.8:53 | haewzszexqp.org | udp |
| US | 8.8.8.8:53 | hhdcno.info | udp |
| US | 8.8.8.8:53 | qptdbd.net | udp |
| US | 8.8.8.8:53 | rtrxokdybkn.info | udp |
| US | 8.8.8.8:53 | efiqrkuv.net | udp |
| US | 8.8.8.8:53 | xnyxhq.net | udp |
| US | 8.8.8.8:53 | svayds.info | udp |
| US | 8.8.8.8:53 | oisfxztxhv.info | udp |
| US | 8.8.8.8:53 | zrjjipriul.info | udp |
| US | 8.8.8.8:53 | skzjbjbv.net | udp |
| US | 8.8.8.8:53 | wlwsdx.info | udp |
| US | 8.8.8.8:53 | eencaoj.info | udp |
| US | 8.8.8.8:53 | bqlmowtvpge.net | udp |
| US | 8.8.8.8:53 | ibhqdp.info | udp |
| US | 8.8.8.8:53 | pezmhxnqy.net | udp |
| US | 8.8.8.8:53 | uulmlinyo.info | udp |
| US | 8.8.8.8:53 | bezxqyajqi.info | udp |
| US | 8.8.8.8:53 | vowsimp.com | udp |
| US | 8.8.8.8:53 | mqjgwhr.net | udp |
| US | 8.8.8.8:53 | nuboqaggwoe.net | udp |
| US | 8.8.8.8:53 | vzhbealsne.net | udp |
| US | 8.8.8.8:53 | acbxcmcdn.info | udp |
| US | 8.8.8.8:53 | iuoucqgamkam.org | udp |
| US | 8.8.8.8:53 | rsbqxqwzvsx.info | udp |
| US | 8.8.8.8:53 | cywieeweyguc.com | udp |
| US | 8.8.8.8:53 | peeywjoj.net | udp |
| US | 8.8.8.8:53 | jmrfbmjmhbr.org | udp |
| US | 8.8.8.8:53 | fhvunaltdiil.info | udp |
| US | 8.8.8.8:53 | uooaqkqg.com | udp |
| US | 8.8.8.8:53 | bbtbbofqujwe.net | udp |
| US | 8.8.8.8:53 | vmhqbmdwzuf.info | udp |
| US | 8.8.8.8:53 | geijqasxls.info | udp |
| US | 8.8.8.8:53 | ryzejtxchic.net | udp |
| US | 8.8.8.8:53 | hwkpdwl.info | udp |
| US | 8.8.8.8:53 | tivwobhqf.net | udp |
| US | 8.8.8.8:53 | eamiwqog.com | udp |
| US | 8.8.8.8:53 | qmnaxnn.net | udp |
| US | 8.8.8.8:53 | komrbxjeo.net | udp |
| US | 8.8.8.8:53 | tzwflmeio.net | udp |
| US | 8.8.8.8:53 | fvdqbwpibkj.net | udp |
| US | 8.8.8.8:53 | lgxctr.info | udp |
| US | 8.8.8.8:53 | tkwavwajngv.info | udp |
| US | 8.8.8.8:53 | bcdxpevdz.info | udp |
| US | 8.8.8.8:53 | tuwyabxqtort.net | udp |
| US | 8.8.8.8:53 | tvkvmwhx.info | udp |
| US | 8.8.8.8:53 | sxusydhjnzzx.info | udp |
| US | 8.8.8.8:53 | yeaogask.org | udp |
| US | 8.8.8.8:53 | pyhsazmmep.net | udp |
| US | 8.8.8.8:53 | tmisdij.net | udp |
| US | 8.8.8.8:53 | rahnqeiicef.com | udp |
| US | 8.8.8.8:53 | qitutpqlz.net | udp |
| US | 8.8.8.8:53 | csciocso.org | udp |
| US | 8.8.8.8:53 | suxopzxqy.net | udp |
| US | 8.8.8.8:53 | baeztrkemetm.info | udp |
| US | 8.8.8.8:53 | jczaquhdrsz.org | udp |
| US | 8.8.8.8:53 | swuynjfkbnv.net | udp |
| US | 8.8.8.8:53 | bitorllfugvo.net | udp |
| US | 8.8.8.8:53 | qlfysqqq.net | udp |
| US | 8.8.8.8:53 | xthnja.net | udp |
| US | 8.8.8.8:53 | ismiqi.com | udp |
| US | 8.8.8.8:53 | xmzhhsaju.net | udp |
| US | 8.8.8.8:53 | jgufibeybs.info | udp |
| US | 8.8.8.8:53 | mldntszvro.info | udp |
| US | 8.8.8.8:53 | czsmvjv.net | udp |
| US | 8.8.8.8:53 | yveovmlrlid.info | udp |
| US | 8.8.8.8:53 | verkrjrmmwn.com | udp |
| US | 8.8.8.8:53 | fktcfmkeh.info | udp |
| US | 8.8.8.8:53 | oeiqause.org | udp |
| US | 8.8.8.8:53 | xcxxvvmr.info | udp |
| US | 8.8.8.8:53 | gwfurip.info | udp |
| US | 8.8.8.8:53 | kmcioo.org | udp |
| US | 8.8.8.8:53 | fpvilghmn.org | udp |
| US | 8.8.8.8:53 | twbateruz.info | udp |
| US | 8.8.8.8:53 | dcmmnld.net | udp |
| US | 8.8.8.8:53 | umvzmnedseny.info | udp |
| US | 8.8.8.8:53 | aqyseigeeqgc.org | udp |
| US | 8.8.8.8:53 | mwxgvhz.info | udp |
| US | 8.8.8.8:53 | dymincoifib.info | udp |
| US | 8.8.8.8:53 | acdbfvn.net | udp |
| US | 8.8.8.8:53 | lyvlbq.net | udp |
| US | 8.8.8.8:53 | baqecnrrosyu.net | udp |
| US | 8.8.8.8:53 | pnlyuidyblzl.net | udp |
| US | 8.8.8.8:53 | bmokptbwmwd.info | udp |
| US | 8.8.8.8:53 | yozquch.info | udp |
| US | 8.8.8.8:53 | wqcyiyoswkik.org | udp |
| US | 8.8.8.8:53 | bmuqenhwc.org | udp |
| US | 8.8.8.8:53 | jaibgv.net | udp |
| US | 8.8.8.8:53 | cuamruqnbl.info | udp |
| US | 8.8.8.8:53 | zrkbajzk.info | udp |
| US | 8.8.8.8:53 | cclxfgpil.info | udp |
| US | 8.8.8.8:53 | sapsroajmxdy.net | udp |
| US | 8.8.8.8:53 | qcoehqccrnc.net | udp |
| US | 8.8.8.8:53 | fjpnlmwmp.net | udp |
| US | 8.8.8.8:53 | sovgagdst.net | udp |
| US | 8.8.8.8:53 | uuaclgzdp.net | udp |
| US | 8.8.8.8:53 | ziralf.net | udp |
| US | 8.8.8.8:53 | nidmzhlgn.org | udp |
| US | 8.8.8.8:53 | lajmwgtyrlt.net | udp |
| US | 8.8.8.8:53 | hqforzfdjnbw.net | udp |
| US | 8.8.8.8:53 | astckxiobab.info | udp |
| US | 8.8.8.8:53 | byqoteha.net | udp |
| US | 8.8.8.8:53 | ipsgemxfxxp.info | udp |
| US | 8.8.8.8:53 | uggcckouguok.org | udp |
| US | 8.8.8.8:53 | eegxpqopfkd.net | udp |
| US | 8.8.8.8:53 | sysyuguqkuge.com | udp |
| US | 8.8.8.8:53 | ooseig.org | udp |
| US | 8.8.8.8:53 | buredxrotal.org | udp |
| US | 8.8.8.8:53 | qaswusis.org | udp |
| US | 8.8.8.8:53 | vxkocnovzf.net | udp |
| US | 8.8.8.8:53 | ihdoxos.net | udp |
| US | 8.8.8.8:53 | rsncdhg.com | udp |
| US | 8.8.8.8:53 | jjjpvvwdmjbv.net | udp |
| US | 8.8.8.8:53 | mxgopb.info | udp |
| US | 8.8.8.8:53 | onjixhvqj.net | udp |
| US | 8.8.8.8:53 | feyjrv.net | udp |
| US | 8.8.8.8:53 | qqtoltnrhyfn.info | udp |
| US | 8.8.8.8:53 | zsnkfboyt.info | udp |
| US | 8.8.8.8:53 | rmzrhow.org | udp |
| US | 8.8.8.8:53 | fhtlpwohsx.info | udp |
| US | 8.8.8.8:53 | fussqcfityjs.info | udp |
| US | 8.8.8.8:53 | xutobygt.info | udp |
| US | 8.8.8.8:53 | fgjwdazyr.net | udp |
| US | 8.8.8.8:53 | afbihp.info | udp |
| US | 8.8.8.8:53 | molgqkp.info | udp |
| US | 8.8.8.8:53 | wokyyoqk.com | udp |
| US | 8.8.8.8:53 | fdypoqxctyx.net | udp |
| US | 8.8.8.8:53 | xmblohfzxm.info | udp |
| US | 8.8.8.8:53 | renmuav.net | udp |
| US | 8.8.8.8:53 | aksrgnlgvpde.net | udp |
| US | 8.8.8.8:53 | fkfdgulofku.net | udp |
| US | 8.8.8.8:53 | zbjltrit.info | udp |
| US | 8.8.8.8:53 | zwvhmopufdnn.info | udp |
| US | 8.8.8.8:53 | ypxidsq.net | udp |
| US | 8.8.8.8:53 | nlxprrvb.info | udp |
| US | 8.8.8.8:53 | vqxkmyleqas.info | udp |
| US | 8.8.8.8:53 | bgzeqigzr.info | udp |
| US | 8.8.8.8:53 | wbdovmlrlid.info | udp |
| US | 8.8.8.8:53 | dgbkjfkopqz.com | udp |
| US | 8.8.8.8:53 | hghifclbjmx.net | udp |
| US | 8.8.8.8:53 | pfvbkl.info | udp |
| US | 8.8.8.8:53 | ddmukfxjdk.info | udp |
| US | 8.8.8.8:53 | ayvofpmalr.info | udp |
| US | 8.8.8.8:53 | mkemocmugi.org | udp |
| US | 8.8.8.8:53 | kioeebngfib.info | udp |
| US | 8.8.8.8:53 | turfolmwhyy.info | udp |
| US | 8.8.8.8:53 | isosgewwmmai.org | udp |
| US | 8.8.8.8:53 | mfxbtbnhwy.net | udp |
| US | 8.8.8.8:53 | dfvudx.net | udp |
| US | 8.8.8.8:53 | nnhujmnhmi.net | udp |
| US | 8.8.8.8:53 | tjwkxxqc.net | udp |
| US | 8.8.8.8:53 | easmicuqasiu.org | udp |
| US | 8.8.8.8:53 | aqkooa.net | udp |
| US | 8.8.8.8:53 | zkjbpeurfb.net | udp |
| US | 8.8.8.8:53 | vqjeykfob.info | udp |
| US | 8.8.8.8:53 | hmevgoxljrti.net | udp |
| US | 8.8.8.8:53 | umgwueuyqaui.com | udp |
| US | 8.8.8.8:53 | cvtctmtcrdp.info | udp |
| US | 8.8.8.8:53 | tlgebcn.net | udp |
| US | 8.8.8.8:53 | phlmpyv.info | udp |
| US | 8.8.8.8:53 | oxmfry.net | udp |
| US | 8.8.8.8:53 | spwgsqjwdvog.net | udp |
| US | 8.8.8.8:53 | dudqnb.info | udp |
| US | 8.8.8.8:53 | zytcvyh.net | udp |
| US | 8.8.8.8:53 | yodypig.info | udp |
| US | 8.8.8.8:53 | pnnqnuwqknx.com | udp |
| US | 8.8.8.8:53 | xkncznbot.net | udp |
| US | 8.8.8.8:53 | kpxhlhxc.net | udp |
| US | 8.8.8.8:53 | oqlwlqzmn.net | udp |
| US | 8.8.8.8:53 | fctcxi.info | udp |
| US | 8.8.8.8:53 | vunwxpptcq.net | udp |
| US | 8.8.8.8:53 | mofvvghgryb.net | udp |
| US | 8.8.8.8:53 | zbfeqcxvcxrb.net | udp |
| US | 8.8.8.8:53 | oxlmpyjgow.info | udp |
| US | 8.8.8.8:53 | zxlglmh.net | udp |
| US | 8.8.8.8:53 | eabtnvldfpe.info | udp |
| US | 8.8.8.8:53 | gerblx.info | udp |
| US | 8.8.8.8:53 | xevmkitn.info | udp |
| US | 8.8.8.8:53 | hsbcblj.info | udp |
| US | 8.8.8.8:53 | iysfbtdmfsr.info | udp |
| US | 8.8.8.8:53 | qmisgs.org | udp |
| US | 8.8.8.8:53 | jwpcniulign.net | udp |
| US | 8.8.8.8:53 | msiamquw.org | udp |
| US | 8.8.8.8:53 | kcrgngi.info | udp |
| US | 8.8.8.8:53 | rqsjbuz.info | udp |
| US | 8.8.8.8:53 | iuswqkcw.org | udp |
| US | 8.8.8.8:53 | pddohvvew.org | udp |
| US | 8.8.8.8:53 | tpacqtduy.com | udp |
| US | 8.8.8.8:53 | tscuvbzsmhwj.info | udp |
| US | 8.8.8.8:53 | oelqhkx.info | udp |
| US | 8.8.8.8:53 | cvvgjxnbyyv.net | udp |
| US | 8.8.8.8:53 | dqnnce.info | udp |
| US | 8.8.8.8:53 | oipsxoj.net | udp |
| US | 8.8.8.8:53 | rwxotsdl.net | udp |
| US | 8.8.8.8:53 | mbujyp.info | udp |
| US | 8.8.8.8:53 | yagagokgwmqe.org | udp |
| US | 8.8.8.8:53 | mnpyegnjck.info | udp |
| US | 8.8.8.8:53 | qqgmmkykgw.org | udp |
| US | 8.8.8.8:53 | ewmyyqyeywuc.org | udp |
| US | 8.8.8.8:53 | imggague.org | udp |
| US | 8.8.8.8:53 | vduocxspgb.info | udp |
| US | 8.8.8.8:53 | kebjxvt.net | udp |
| US | 8.8.8.8:53 | qsuswiv.info | udp |
| US | 8.8.8.8:53 | fzsjrovyph.info | udp |
| US | 8.8.8.8:53 | jeddpyceavfk.info | udp |
| US | 8.8.8.8:53 | hadotbgncsfx.net | udp |
| US | 8.8.8.8:53 | jvnsej.info | udp |
| US | 8.8.8.8:53 | tgbqzmhgd.info | udp |
| US | 8.8.8.8:53 | hnjxytbzve.info | udp |
| US | 8.8.8.8:53 | zncqpfestd.info | udp |
| US | 8.8.8.8:53 | aajavebafq.net | udp |
| US | 8.8.8.8:53 | saalyezyxhnu.net | udp |
| US | 8.8.8.8:53 | damjfutozebh.info | udp |
| US | 8.8.8.8:53 | xfdrxwvxtx.net | udp |
| US | 8.8.8.8:53 | qmwyeeqcko.org | udp |
| US | 8.8.8.8:53 | jwbydygkx.org | udp |
| US | 8.8.8.8:53 | osguanrtleof.net | udp |
| US | 8.8.8.8:53 | eqgiqwesoagm.com | udp |
| US | 8.8.8.8:53 | mwmmywoc.com | udp |
| US | 8.8.8.8:53 | iyzolkj.net | udp |
| US | 8.8.8.8:53 | zrhyur.net | udp |
| US | 8.8.8.8:53 | kmqcpiwgzh.net | udp |
| US | 8.8.8.8:53 | pjipgaug.info | udp |
| US | 8.8.8.8:53 | vfvmbqdwgie.info | udp |
| US | 8.8.8.8:53 | iesoaygaqy.com | udp |
| US | 8.8.8.8:53 | eiohsadhra.info | udp |
| US | 8.8.8.8:53 | imgstrbtgtw.net | udp |
| US | 8.8.8.8:53 | jyhqnzvnccab.net | udp |
| US | 8.8.8.8:53 | eaggequqscyu.com | udp |
| US | 8.8.8.8:53 | dnhlzlftlmbh.info | udp |
| US | 8.8.8.8:53 | fdmcyd.net | udp |
| US | 8.8.8.8:53 | ypcvzitd.net | udp |
| US | 8.8.8.8:53 | fisylefiv.net | udp |
| US | 8.8.8.8:53 | yensgeomr.net | udp |
| US | 8.8.8.8:53 | cdchrcpa.net | udp |
| US | 8.8.8.8:53 | wooqkcou.com | udp |
| US | 8.8.8.8:53 | nqwnlt.net | udp |
| US | 8.8.8.8:53 | sswksemmam.com | udp |
| US | 8.8.8.8:53 | ecyiyscwgc.org | udp |
| US | 8.8.8.8:53 | ccuuacewecew.com | udp |
| US | 8.8.8.8:53 | gaiacwkkccuw.org | udp |
| US | 8.8.8.8:53 | zjgatneodv.net | udp |
| US | 8.8.8.8:53 | ovrsqojh.info | udp |
| US | 8.8.8.8:53 | xopsjytuhsf.com | udp |
| US | 8.8.8.8:53 | txdtdpalwz.net | udp |
| US | 8.8.8.8:53 | ipncpsluq.net | udp |
| US | 8.8.8.8:53 | ealnjtg.info | udp |
| US | 8.8.8.8:53 | msmcdkdoc.info | udp |
| US | 8.8.8.8:53 | uwvzzyfyrrv.net | udp |
| US | 8.8.8.8:53 | teejbp.info | udp |
| US | 8.8.8.8:53 | vvjwtl.net | udp |
| US | 8.8.8.8:53 | cosutwnub.net | udp |
| US | 8.8.8.8:53 | hahmtynehqj.com | udp |
| US | 8.8.8.8:53 | wxmodgv.info | udp |
| US | 8.8.8.8:53 | aeqakceiwawe.org | udp |
| US | 8.8.8.8:53 | pvhzojtk.info | udp |
| US | 8.8.8.8:53 | kcijqx.net | udp |
| US | 8.8.8.8:53 | lolduiagf.org | udp |
| US | 8.8.8.8:53 | oufapsi.info | udp |
| US | 8.8.8.8:53 | aodctjrovpk.net | udp |
| US | 8.8.8.8:53 | qskcponybeu.info | udp |
| US | 8.8.8.8:53 | ssgcvez.net | udp |
| US | 8.8.8.8:53 | ujwxcoprscdo.info | udp |
| US | 8.8.8.8:53 | wkpmhihqbok.net | udp |
| US | 8.8.8.8:53 | zwoaoz.info | udp |
| US | 8.8.8.8:53 | gnzfjcag.net | udp |
| US | 8.8.8.8:53 | xcrydeamagn.info | udp |
| US | 8.8.8.8:53 | ilhyan.info | udp |
| US | 8.8.8.8:53 | ljjujjhvvgid.net | udp |
| US | 8.8.8.8:53 | dmyafhrjwih.org | udp |
| US | 8.8.8.8:53 | brxcqworosfa.info | udp |
| US | 8.8.8.8:53 | bhvgxprwt.info | udp |
| US | 8.8.8.8:53 | quwuyc.com | udp |
| US | 8.8.8.8:53 | vurtdlxgerbs.info | udp |
| US | 8.8.8.8:53 | jgnwdrpgqz.info | udp |
| US | 8.8.8.8:53 | wupmrwsqwil.net | udp |
| US | 8.8.8.8:53 | bsyrdwzaltzt.net | udp |
| US | 8.8.8.8:53 | wokoewiccc.org | udp |
| US | 8.8.8.8:53 | kedinuvon.net | udp |
| US | 8.8.8.8:53 | eanjci.info | udp |
| US | 8.8.8.8:53 | qkmgeyiyay.com | udp |
| US | 8.8.8.8:53 | bxohzdwj.info | udp |
| US | 8.8.8.8:53 | dirqiuxbhwd.com | udp |
| US | 8.8.8.8:53 | paymtvnc.net | udp |
| US | 8.8.8.8:53 | lhyiphrh.info | udp |
| US | 8.8.8.8:53 | kssisesopujl.net | udp |
| US | 8.8.8.8:53 | vnyjrcam.net | udp |
| US | 8.8.8.8:53 | xoasrra.org | udp |
| US | 8.8.8.8:53 | gggqdseij.info | udp |
| US | 8.8.8.8:53 | iowwoanapxl.net | udp |
| US | 8.8.8.8:53 | fnfnjych.net | udp |
| US | 8.8.8.8:53 | sbtcqpoj.net | udp |
| US | 8.8.8.8:53 | ngffpgkqtslm.net | udp |
| US | 8.8.8.8:53 | tijkbbfwdbbf.info | udp |
| US | 8.8.8.8:53 | osnobczahxb.info | udp |
| US | 8.8.8.8:53 | lkpyawfvtcp.com | udp |
| US | 8.8.8.8:53 | psqipiv.net | udp |
| US | 8.8.8.8:53 | ygdqbmsivbz.info | udp |
| US | 8.8.8.8:53 | pydunsrcmww.info | udp |
| US | 8.8.8.8:53 | ibpxpcdm.net | udp |
| US | 8.8.8.8:53 | ljqqwhuybpnl.info | udp |
| US | 8.8.8.8:53 | nfwdvw.net | udp |
| US | 8.8.8.8:53 | dchspxphwk.net | udp |
| US | 8.8.8.8:53 | ferpfadwqmz.org | udp |
| US | 8.8.8.8:53 | purcqlzd.net | udp |
| US | 8.8.8.8:53 | kmsoekes.com | udp |
| US | 8.8.8.8:53 | zpvjdwrflbir.info | udp |
| US | 8.8.8.8:53 | tgirrcaau.com | udp |
| US | 8.8.8.8:53 | wsqwoo.info | udp |
| US | 8.8.8.8:53 | thfunvzbyauf.net | udp |
| US | 8.8.8.8:53 | wmgoskoksiqw.org | udp |
| US | 8.8.8.8:53 | nghniidqtu.info | udp |
| US | 8.8.8.8:53 | ifzsrezkc.info | udp |
| US | 8.8.8.8:53 | rexbaqmap.org | udp |
| US | 8.8.8.8:53 | psmskbrik.info | udp |
| US | 8.8.8.8:53 | nhwsjfh.info | udp |
| US | 8.8.8.8:53 | mgaoksmasccc.org | udp |
| US | 8.8.8.8:53 | siumqyr.info | udp |
| US | 8.8.8.8:53 | jifixuufm.net | udp |
| US | 8.8.8.8:53 | bclohtxrsrhb.net | udp |
| US | 8.8.8.8:53 | uikmeg.com | udp |
| US | 8.8.8.8:53 | ascosmecyk.org | udp |
| US | 8.8.8.8:53 | xgboeeuqfwh.info | udp |
| US | 8.8.8.8:53 | eiwwikhft.net | udp |
| US | 8.8.8.8:53 | jelzhlivcg.net | udp |
| US | 8.8.8.8:53 | nvvahsb.com | udp |
| US | 8.8.8.8:53 | skkcam.org | udp |
| US | 8.8.8.8:53 | xelelqhlcgr.net | udp |
| US | 8.8.8.8:53 | ugiyaisk.org | udp |
| US | 8.8.8.8:53 | kyqgqcagiu.com | udp |
| US | 8.8.8.8:53 | cksrwc.net | udp |
| US | 8.8.8.8:53 | guhxvqcon.info | udp |
| US | 8.8.8.8:53 | xpxqtymwjcp.org | udp |
| US | 8.8.8.8:53 | jihakqhn.info | udp |
| US | 8.8.8.8:53 | igzaiessf.info | udp |
| US | 8.8.8.8:53 | fwrkrwl.info | udp |
| US | 8.8.8.8:53 | ayswtyhozyo.net | udp |
| US | 8.8.8.8:53 | ckcqzkb.net | udp |
| US | 8.8.8.8:53 | pljbnept.net | udp |
| US | 8.8.8.8:53 | xsvifqmwf.net | udp |
| US | 8.8.8.8:53 | wioeucor.info | udp |
| US | 8.8.8.8:53 | bzfgtzmwv.net | udp |
| US | 8.8.8.8:53 | eusalev.net | udp |
| US | 8.8.8.8:53 | buncmyff.info | udp |
| US | 8.8.8.8:53 | uzhiswzkjn.info | udp |
| US | 8.8.8.8:53 | ickicwos.com | udp |
| US | 8.8.8.8:53 | kcsock.com | udp |
| US | 8.8.8.8:53 | abyhtipjrcnu.info | udp |
| US | 8.8.8.8:53 | twddgmsywp.net | udp |
| US | 8.8.8.8:53 | sgtpmx.net | udp |
| US | 8.8.8.8:53 | mibycbx.info | udp |
| US | 8.8.8.8:53 | tunsdefcaod.net | udp |
| US | 8.8.8.8:53 | rezrrwbhkdsl.info | udp |
| US | 8.8.8.8:53 | zudmqqr.info | udp |
| US | 8.8.8.8:53 | hammkdxemrkw.info | udp |
| N/A | 192.168.28.2:445 | tcp | |
| US | 8.8.8.8:53 | timwfizizqh.net | udp |
| US | 8.8.8.8:53 | aukygm.com | udp |
| US | 8.8.8.8:53 | igyswucssm.org | udp |
| US | 8.8.8.8:53 | fuzvpun.net | udp |
| US | 8.8.8.8:53 | hvapjj.net | udp |
| US | 8.8.8.8:53 | jctpvezuh.net | udp |
| US | 8.8.8.8:53 | pylegqjt.net | udp |
| US | 8.8.8.8:53 | tkkcexfg.net | udp |
| US | 8.8.8.8:53 | juxqlsfrpybd.net | udp |
| US | 8.8.8.8:53 | trtrgzzk.net | udp |
| US | 8.8.8.8:53 | akjcajbgnkr.net | udp |
| US | 8.8.8.8:53 | wacmoaki.com | udp |
| US | 8.8.8.8:53 | ydvnqwmktito.net | udp |
| US | 8.8.8.8:53 | dlsoon.net | udp |
| US | 8.8.8.8:53 | lpjdnvvu.net | udp |
| US | 8.8.8.8:53 | oylwrhv.info | udp |
| US | 8.8.8.8:53 | vgbquct.com | udp |
| US | 8.8.8.8:53 | xnqhessfsqkj.info | udp |
| N/A | 192.168.28.2:139 | tcp | |
| US | 8.8.8.8:53 | uadorujkaga.net | udp |
| US | 8.8.8.8:53 | vankgrdnr.info | udp |
| US | 8.8.8.8:53 | sceommucuy.org | udp |
| US | 8.8.8.8:53 | gmmckoku.org | udp |
| US | 8.8.8.8:53 | kfejvykzmo.info | udp |
| US | 8.8.8.8:53 | ovhqijqinem.info | udp |
| US | 8.8.8.8:53 | piehwh.info | udp |
| US | 8.8.8.8:53 | pkjalzxk.info | udp |
| US | 8.8.8.8:53 | bsbagozwaeg.org | udp |
| US | 8.8.8.8:53 | ypyhhqcplrnr.info | udp |
| US | 8.8.8.8:53 | rqtslc.net | udp |
| US | 8.8.8.8:53 | kjuaiw.info | udp |
| US | 8.8.8.8:53 | unfndmkenrlw.info | udp |
| US | 8.8.8.8:53 | aodenmn.info | udp |
| US | 8.8.8.8:53 | eayacokbim.info | udp |
| US | 8.8.8.8:53 | uuwaimuyug.com | udp |
| US | 8.8.8.8:53 | lqsubgmse.org | udp |
| US | 8.8.8.8:53 | eoymekquce.com | udp |
| US | 8.8.8.8:53 | juqodx.info | udp |
| US | 8.8.8.8:53 | ndujxk.net | udp |
| US | 8.8.8.8:53 | kufqvwt.net | udp |
| US | 8.8.8.8:53 | ezzejwtthw.net | udp |
| US | 8.8.8.8:53 | ppqcyvqpja.net | udp |
| US | 8.8.8.8:53 | hieyfaxuk.net | udp |
| US | 8.8.8.8:53 | cnrbpd.info | udp |
| US | 8.8.8.8:53 | yyquokaugswy.org | udp |
| US | 8.8.8.8:53 | fnyxmguvyhys.net | udp |
| US | 8.8.8.8:53 | ugksayaioyiw.org | udp |
| US | 8.8.8.8:53 | iqesomckiiuy.org | udp |
| US | 8.8.8.8:53 | pnnoffl.net | udp |
| US | 8.8.8.8:53 | entawwdwsjp.info | udp |
| US | 8.8.8.8:53 | lmpmvfb.org | udp |
| US | 8.8.8.8:53 | wyiaueimqq.org | udp |
| US | 8.8.8.8:53 | jlosxmrybyb.net | udp |
| US | 8.8.8.8:53 | pyjwxyt.com | udp |
| US | 8.8.8.8:53 | lcgcphpi.info | udp |
| US | 8.8.8.8:53 | pswagoquh.org | udp |
| US | 8.8.8.8:53 | xozlqrfpnt.net | udp |
| US | 8.8.8.8:53 | xzkcectkyn.net | udp |
| US | 8.8.8.8:53 | lescaz.info | udp |
| US | 8.8.8.8:53 | wrqddxxtaefd.net | udp |
| US | 8.8.8.8:53 | gytkywwfz.net | udp |
| US | 8.8.8.8:53 | eaoiyeiwmcyo.org | udp |
| US | 8.8.8.8:53 | iwafqdikiyj.info | udp |
| US | 8.8.8.8:53 | esyqiueg.com | udp |
| US | 8.8.8.8:53 | jazejwtkz.info | udp |
| US | 8.8.8.8:53 | ncgihigyl.info | udp |
| US | 8.8.8.8:53 | baqsericro.info | udp |
| US | 8.8.8.8:53 | eykooiqs.org | udp |
| US | 8.8.8.8:53 | lrxsrg.info | udp |
| US | 8.8.8.8:53 | piaxlbikekf.org | udp |
| US | 8.8.8.8:53 | jcblthzfcgte.info | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\zilszgs.exe
| MD5 | 979162ec5187e7dce7c5c6fe9383d5a4 |
| SHA1 | 9f3b9046be083403b378d8cd2998ee399e12cd21 |
| SHA256 | e379b18e73c370a4ef27fb9d7c7844d3cdf300b3b2d47e3f5777161a19ab71d0 |
| SHA512 | f664185447aa0d89ac680f9b01cd5904a6eb0d5e16d4fe0a5ced208667cee2e12f5a2e48f8f32eaa42892cd1e0101bb90161e563d55832947941aef46f1c85c4 |
C:\Users\Admin\AppData\Local\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | 6878790f713a7b8f01f0642aac043f01 |
| SHA1 | 627a445154ff9a956d2ff7bb4f2908413b847ac2 |
| SHA256 | 8479ced68258e604453f49580638912ba277f6262c9349e4af4bd529c817aeab |
| SHA512 | 2dced776ac1dbfd20abec07b1f87a73307650b51ab7e33fc84985267504e6d6fd8e517d74c75dc3e9790a620967b9920c639398c2aae13cc187a80a9727c115f |
C:\Users\Admin\AppData\Local\tkvkzoiuhvqyqjgcifdufujyserfaiatqmspn.pet
| MD5 | e4d3f414f1cd20c1073c7e7bb3ddc669 |
| SHA1 | a360f2fa2fdedef02ae41f14180b10bf230957d2 |
| SHA256 | a9618b5dc3f6600594bc14634f40425d618675fa4259092b2bb3ba3c055b0e67 |
| SHA512 | b10dce9da849b7d044a3b3c68d707bb26cdfb3cb9e2d897462c76920ca17cd1a8bf27b31bcad5ed5f4d153d67459dd65f2568b7487f1cf77f687ca0434f132b7 |
C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | cc05cc22c461092b35c2a74ed5cc50d1 |
| SHA1 | ce16bdf4f2524b27605a0988dea9e72a28300b9c |
| SHA256 | f5805a400e1158b8e0879341d0825dec0f2bef384c5274f430bbc89299de9499 |
| SHA512 | 21cfb2d3d6fa6149004dd00f064fb07e472705355292bfbd61d60c2187890579cb0d361a3523fce10df130fb8bcd96ea5d0937fc29f5c1d8a312a16bd1e18193 |
C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | f0080f3d8992fd14cad3f118a0336500 |
| SHA1 | 29aa75868c9f1d5a1bb58f1deccd0011f5fc8b3d |
| SHA256 | a85c87c305ed36cc9a1d579a2ab65bdc8305d9fd06a6f90936c05cdef28d5d40 |
| SHA512 | 33ba390482def90a9ab5c5e0d67df455651ad0c691c6979194459430db1fb7892da1914553e1f0d9e0bf00e5cb9a8af54936376181ce9b761257898f4030e205 |
C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | 6c3de8497c66555c2c275bd84162006f |
| SHA1 | aa1e6ffd49adb39085291a27bc2a8d6d0bedd103 |
| SHA256 | 7a11f2a964e06c30803ff1b8aa867cb71b6cc8412b4e2b14e394f9e5f49f37fa |
| SHA512 | deae1303d5b49c50445a7482f724ade619c35fab566e9d6865c03b6ee657f23205bef93d011ca9683bb3551837f11cf876db6278480ba743e3726e5330ce4137 |
C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | 608e9a205ce20f9c635bef7254d5b11b |
| SHA1 | c14b2cd46ccbc0a9e85b6538d3c0a84b159f1a6f |
| SHA256 | 40f2b81cc985083e8f4884c2ebc0ff94997bfbe454494a3762632ccab296b473 |
| SHA512 | d0b42dfe4e285e9495b87e190d0ef6d1b5e78b676578b64eb7bae47a141e2c47b42cb3cee72ebc41ac2460c35aba16db090bdb47faef129bbb526a1970846052 |
C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | 5761815c5e52104aec0f8835241f36bf |
| SHA1 | 6c041f0f317c99cdc9c8c9283c28336e0a1af0aa |
| SHA256 | 89dd88f0d4111f5f20a290d3a8cbe88f73b7c7e2f4a299a01335f7e1cc4a88ea |
| SHA512 | b3c611ea032a1aa93d468e1e9d3d8c511602cf1b2678059e713263a650bdd405a6caf4d6a3d4a7d83b8cc28548b7f5227f0ca8994fddeecade4652d6990f8400 |
C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | 690d99f5e077fc55f8db96747ffe6889 |
| SHA1 | c30c439b29042b0cb063508dd45e521250f5165d |
| SHA256 | 87780f6577242d547afef8ccd5f66904f00eefcdae2340b9fe6c973964e7bb89 |
| SHA512 | 237df60540d2003535aa30a25b05c40b8af0fc095b48d8d3eb5847c2a1190e4002cb4520a749613302da13eef0c1f0cc5bae718e1ed5111be93ea04c1d484785 |
C:\Program Files (x86)\syycgktuwzjgnvhsnzmsswaeno.tda
| MD5 | 972a4c43a286309ac7f98a9c57962aae |
| SHA1 | 30a2006d7a8e01d5f2a81c579e44eb53785581b5 |
| SHA256 | 26bc0b9248aa38a991d3f78debd11ebab3bd7b54ec92117986a11b52559416ee |
| SHA512 | 38248e024be8d9518dcf11f534b1d3e53fae02976e3844404f91a290784e7281a3011e44971efd99eb2d5a0403c2adf32d4cfcd5310eaf3ecaf6e37be1efbd8c |