Analysis Overview
SHA256
371e7fce1fa40071ff8b99fa72a84f8697e26e8d43bc0932c9acc9ce4ba64a0d
Threat Level: Known bad
The file JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables RegEdit via registry modification
Adds policy Run key to start application
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Impair Defenses: Safe Mode Boot
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Adds Run key to start application
Drops autorun.inf file
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 20:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 20:50
Reported
2025-01-27 20:53
Platform
win7-20240903-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "kivwkjyyogpomekmmjge.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "kivwkjyyogpomekmmjge.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "xuggtrfetksqnejkjfb.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "kivwkjyyogpomekmmjge.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "wqzwgbmiuinicqsq.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe ." | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "xuggtrfetksqnejkjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "wqzwgbmiuinicqsq.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "kivwkjyyogpomekmmjge.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "mitsebomaqxuqgkkid.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "kivwkjyyogpomekmmjge.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "xuggtrfetksqnejkjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "mitsebomaqxuqgkkid.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "wqzwgbmiuinicqsq.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "dyigrnzwjyeavknmj.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "xuggtrfetksqnejkjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "xuggtrfetksqnejkjfb.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "xuggtrfetksqnejkjfb.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "xuggtrfetksqnejkjfb.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "mitsebomaqxuqgkkid.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "zymoddtuleoongnqrpnma.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "kivwkjyyogpomekmmjge.exe ." | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "kivwkjyyogpomekmmjge.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "mitsebomaqxuqgkkid.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "xuggtrfetksqnejkjfb.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "dyigrnzwjyeavknmj.exe" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe ." | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bewcvztytqeilitafhjme.dhb | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File created | C:\Windows\SysWOW64\bewcvztytqeilitafhjme.dhb | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File created | C:\Windows\SysWOW64\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File created | C:\Program Files (x86)\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File created | C:\Windows\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\kivwkjyyogpomekmmjge.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File created | C:\Windows\bewcvztytqeilitafhjme.dhb | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\bewcvztytqeilitafhjme.dhb | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\qqfiyzqskepqqkswyxwwlo.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\wqzwgbmiuinicqsq.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| File opened for modification | C:\Windows\dyigrnzwjyeavknmj.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\mitsebomaqxuqgkkid.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\zymoddtuleoongnqrpnma.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| File opened for modification | C:\Windows\xuggtrfetksqnejkjfb.exe | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\zigsr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe"
C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
"C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe*"
C:\Users\Admin\AppData\Local\Temp\zigsr.exe
"C:\Users\Admin\AppData\Local\Temp\zigsr.exe" "-C:\Users\Admin\AppData\Local\Temp\wqzwgbmiuinicqsq.exe"
C:\Users\Admin\AppData\Local\Temp\zigsr.exe
"C:\Users\Admin\AppData\Local\Temp\zigsr.exe" "-C:\Users\Admin\AppData\Local\Temp\wqzwgbmiuinicqsq.exe"
C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
"C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.yahoo.com | udp |
| GB | 87.248.114.11:80 | www.yahoo.com | tcp |
| KZ | 95.56.28.147:43672 | tcp | |
| US | 8.8.8.8:53 | zagyxzu.net | udp |
| US | 34.227.7.138:80 | zagyxzu.net | tcp |
| US | 8.8.8.8:53 | jgraxsod.net | udp |
| US | 8.8.8.8:53 | ddhstozclxk.info | udp |
| US | 8.8.8.8:53 | yvlevtbtem.info | udp |
| DE | 85.214.228.140:80 | yvlevtbtem.info | tcp |
| US | 8.8.8.8:53 | njsugk.net | udp |
| US | 8.8.8.8:53 | cupszorovfx.net | udp |
| BG | 188.254.223.6:27303 | tcp | |
| US | 8.8.8.8:53 | eqcsmqwqou.org | udp |
| US | 8.8.8.8:53 | lppedez.org | udp |
| US | 8.8.8.8:53 | orzluuurr.net | udp |
| US | 8.8.8.8:53 | cztazbbor.info | udp |
| BG | 95.140.215.110:41508 | tcp | |
| US | 8.8.8.8:53 | vfjvaipsb.info | udp |
| US | 8.8.8.8:53 | hufarx.info | udp |
| BG | 78.90.52.163:36212 | tcp | |
| US | 8.8.8.8:53 | imsefqsjjty.net | udp |
| US | 8.8.8.8:53 | clxyzkvexavh.info | udp |
| US | 8.8.8.8:53 | vjafgnsy.info | udp |
| US | 8.8.8.8:53 | hhjfar.info | udp |
| US | 8.8.8.8:53 | begslbn.com | udp |
| DE | 93.123.101.185:44718 | tcp | |
| US | 8.8.8.8:53 | fjbhjuwj.net | udp |
| US | 8.8.8.8:53 | uiqaueqkeq.org | udp |
| US | 8.8.8.8:53 | nrnctibl.net | udp |
| US | 8.8.8.8:53 | jeawlywxtr.net | udp |
| LT | 78.57.238.81:31713 | tcp | |
| US | 8.8.8.8:53 | zpfqpe.net | udp |
| US | 8.8.8.8:53 | htahpod.org | udp |
| RU | 109.126.17.144:45163 | tcp | |
| US | 8.8.8.8:53 | bawotyjmh.info | udp |
| US | 8.8.8.8:53 | jqxsjuliobfu.net | udp |
| US | 8.8.8.8:53 | eywozmf.info | udp |
| US | 8.8.8.8:53 | gnscluluxmt.net | udp |
| BG | 78.90.52.163:36212 | tcp | |
| US | 8.8.8.8:53 | imwhww.info | udp |
| US | 8.8.8.8:53 | gxovrewca.info | udp |
| US | 208.117.43.225:80 | gxovrewca.info | tcp |
| US | 8.8.8.8:53 | solnlljap.info | udp |
| US | 8.8.8.8:53 | hthyjixi.info | udp |
| US | 8.8.8.8:53 | mmquqescoq.com | udp |
| US | 8.8.8.8:53 | kyfwwjc.info | udp |
| US | 8.8.8.8:53 | kglkferkp.net | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | arnqxvnar.net | udp |
| BG | 46.238.8.135:41875 | tcp | |
| US | 8.8.8.8:53 | hpebkzbxuz.info | udp |
| US | 8.8.8.8:53 | wbiwvwcbje.info | udp |
| BG | 109.160.25.117:29692 | tcp | |
| US | 8.8.8.8:53 | ieofjgjq.info | udp |
| US | 8.8.8.8:53 | lkpfthcneopu.info | udp |
| US | 8.8.8.8:53 | zctqggnqtup.net | udp |
| US | 8.8.8.8:53 | wdxfzzhm.info | udp |
| LT | 81.7.66.153:32089 | tcp | |
| US | 8.8.8.8:53 | nmkjljnueqqs.net | udp |
| US | 8.8.8.8:53 | zwftlitawmx.net | udp |
| US | 8.8.8.8:53 | xemyraduz.com | udp |
| US | 8.8.8.8:53 | ewusaueooiic.org | udp |
| US | 8.8.8.8:53 | ugwikuki.com | udp |
| BG | 213.167.28.200:34894 | tcp | |
| US | 8.8.8.8:53 | yevmmvry.info | udp |
| US | 8.8.8.8:53 | kepgsolem.net | udp |
| BG | 85.196.181.39:24680 | tcp | |
| US | 8.8.8.8:53 | mhfmtazsjcz.info | udp |
| US | 8.8.8.8:53 | aalvmilsmby.net | udp |
| US | 8.8.8.8:53 | yezgiwlcg.info | udp |
| US | 8.8.8.8:53 | tvtumycbj.info | udp |
| BE | 82.212.163.140:24600 | tcp | |
| US | 8.8.8.8:53 | auonjalwapgg.info | udp |
| US | 8.8.8.8:53 | oayqam.com | udp |
| US | 8.8.8.8:53 | lmfhcgditgi.com | udp |
| RU | 92.37.203.163:25690 | tcp | |
| US | 8.8.8.8:53 | scxclfncrux.net | udp |
| US | 8.8.8.8:53 | qibkxum.info | udp |
| US | 8.8.8.8:53 | hdjwlugksj.net | udp |
| RU | 46.37.132.64:41943 | tcp | |
| US | 8.8.8.8:53 | gsbjzqw.info | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
| MD5 | 5203b6ea0901877fbf2d8d6f6d8d338e |
| SHA1 | c803e92561921b38abe13239c1fd85605b570936 |
| SHA256 | 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060 |
| SHA512 | d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471 |
C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe
| MD5 | 43911114fe45fe2349eea1c3c5657bfd |
| SHA1 | 3ce01eaf787a67fd84d31bee4eddbeaab0b239c9 |
| SHA256 | 371e7fce1fa40071ff8b99fa72a84f8697e26e8d43bc0932c9acc9ce4ba64a0d |
| SHA512 | e333fa0db5a206dcbe32e385905aa71b09d3f09fbff449a65a6e5ea607ed9ab424595666d8603a173987f257735620d92942a7b420fdee049b281c4261018d35 |
\Users\Admin\AppData\Local\Temp\zigsr.exe
| MD5 | 4fed162de72a3aaaabcc7a1141308eee |
| SHA1 | 327060a6c942868d75bb76ea9618c9a89356cdce |
| SHA256 | fa50aa2e49ddb840cc7fde875495169944ecf30e37bc60d812f9431f5038c683 |
| SHA512 | 24004176eb4dc5fe91f46ad68d2f46c8584b527cfd1e73834dafbd039a5acbbb190430f02dd122624939e7c964adca8bc3a34c5b3752a893c574dd256b8340b0 |
C:\Users\Admin\AppData\Local\bewcvztytqeilitafhjme.dhb
| MD5 | 1b4fcd262cf00dde543aa96dd99ff4a9 |
| SHA1 | 4babe6960ccbd7b216a11fead77e2ffe0df7bd73 |
| SHA256 | cf81873f56689e5f2a6d894e987e8c7bfbeeee652fb85ec5dd695420fa43b7bc |
| SHA512 | 4eef355ea378c130d357d6bcea6cc81f2b2d9eee5348e1820164f23c1f186b852baa6b7117ce6d86ae5777f5886d1e21df724e7f752224774280ec014c9a223f |
C:\Users\Admin\AppData\Local\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf
| MD5 | d473bc33d2cd07a9a0ffb7cc001d6a19 |
| SHA1 | a72f447edbf63bd63cac3867ddfa2386085128db |
| SHA256 | 7d0b4bb9e39b5cca7c42cdbc199c3365c6a763191ee1caf1a63a7548ce6bd9c4 |
| SHA512 | 415bd92227cb0a36d2b5bc0bfc765c4bf3b89c4baf7a778cb8c32af58d0a589ea601fd3b5d6c8dba349ed4048ebe4c48289080ed5f2ba17ec607bba91d91b1fb |
C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb
| MD5 | 078286a0bec7cd8d765fd37b602f6af9 |
| SHA1 | 1928d99b771c690beca7a433f88351c1a5d78be0 |
| SHA256 | 87089d6dae145bba8146d36f30351b3f45a91abe3063794e919c92e2a33fad3e |
| SHA512 | e8f5f8b20f785762db047c1eb26d2788009e94652404fedca7581b36ac41c015bbd4f8f2fdb651b180a4c53f1826f726d9c78404c84dabd98eaa9e67cfa06b24 |
C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb
| MD5 | dbaad30372d8cc48e5d89b62e972639b |
| SHA1 | c30c2f63c8aebd2522fb5166b60ecb20daeedf6d |
| SHA256 | 8ed1c6609645cc5070a60b1cd0e67dc3d89b27990e18c7877e3c15c6a8811aab |
| SHA512 | bbf4ee046df007140061a8a552cd09914714675426e53a918c203a6cdd26a3e8d7092ff4040a216a157f1121eab5ec545caaa62422e09a48e30322e2770bde5c |
C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb
| MD5 | 075cc3cb518044fd90aced98d7494361 |
| SHA1 | 6d38dcb2c2fa6e6351cf24adbd71ac54e139f16e |
| SHA256 | 15843dca3a42072c74cf7ff9a912fbe2bd9fb8a6dd18ddb11e710b558a0a98c1 |
| SHA512 | 761dcf6e55bab435e7c98bd450a3616f1f56e784bf75d257e4eb82cb4c1462d29b1bc8faa8e016152a01f91a5ef7c0b5a0b3c3ec2463d7d76bf36fa05748d95b |
C:\Users\Admin\AppData\Local\bewcvztytqeilitafhjme.dhb
| MD5 | 805bca1f5fb9d0d5adffe0208043a98a |
| SHA1 | e8df72c3313eec052f79861b6cf53862fefd0559 |
| SHA256 | 0599e38f6fb234e6cff25183e774e7c48bfc6ebd4a7e180aeaf880723a6df3fb |
| SHA512 | 4e4bf7ad9bf7ccf5fe0348729775137f8081682e8d400211186d5ede37688051e499bdddbf27b2d84dbaef7fb8a6e672b5cbc71b2c5a72bc10b1b3985e5160dc |
C:\Users\Admin\AppData\Local\bewcvztytqeilitafhjme.dhb
| MD5 | 4853facadbc1ef276dd693dfca6d21e5 |
| SHA1 | ac5c1455f2d45293345c8c31155cdd6a04264a3d |
| SHA256 | 4d983afa766a60b448d32585176464d4022a8f1ff60b14e5ed75c8d04fab666f |
| SHA512 | c88e09c3ae853ef89c1800fb71a36b70be279d2398ddb358fb7b65ee0f0cea5d30d3abfb64f5310448ecfc242838e0ca277b1f47516e72d9537f2464df31918a |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 20:50
Reported
2025-01-28 09:09
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "dsqphfwmndgzwuwbjtrge.exe ." | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "dsqphfwmndgzwuwbjtrge.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe ." | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "hsmhvpcolxwleywxb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "hsmhvpcolxwleywxb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "akdxkdpawhftlebb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "oczxolbqqfhzvstxenky.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "hsmhvpcolxwleywxb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe ." | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "dsqphfwmndgzwuwbjtrge.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "qcxtidrecppfzutvah.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "bokhxtiwvjkbwssvbjf.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "qcxtidrecppfzutvah.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "dsqphfwmndgzwuwbjtrge.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "hsmhvpcolxwleywxb.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "oczxolbqqfhzvstxenky.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "dsqphfwmndgzwuwbjtrge.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe ." | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File created | C:\Windows\SysWOW64\eybfcfbwcxfdfipzmbeybf.fbw | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File created | C:\Windows\SysWOW64\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\eybfcfbwcxfdfipzmbeybf.fbw | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File created | C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File created | C:\Program Files (x86)\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File created | C:\Windows\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\eybfcfbwcxfdfipzmbeybf.fbw | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\bokhxtiwvjkbwssvbjf.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\akdxkdpawhftlebb.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File created | C:\Windows\eybfcfbwcxfdfipzmbeybf.fbw | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\hsmhvpcolxwleywxb.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\oczxolbqqfhzvstxenky.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| File opened for modification | C:\Windows\qcxtidrecppfzutvah.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| File opened for modification | C:\Windows\dsqphfwmndgzwuwbjtrge.exe | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\dcktv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe"
C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
"C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe*"
C:\Users\Admin\AppData\Local\Temp\dcktv.exe
"C:\Users\Admin\AppData\Local\Temp\dcktv.exe" "-C:\Users\Admin\AppData\Local\Temp\akdxkdpawhftlebb.exe"
C:\Users\Admin\AppData\Local\Temp\dcktv.exe
"C:\Users\Admin\AppData\Local\Temp\dcktv.exe" "-C:\Users\Admin\AppData\Local\Temp\akdxkdpawhftlebb.exe"
C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
"C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.111.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.160.67.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | 87.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | 79.223.19.104.in-addr.arpa | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | 56.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 2.23.161.164:80 | www.ebay.com | tcp |
| UA | 176.8.179.16:40947 | tcp | |
| US | 8.8.8.8:53 | zagyxzu.net | udp |
| US | 34.227.7.138:80 | zagyxzu.net | tcp |
| US | 8.8.8.8:53 | zdllhlditjzd.info | udp |
| US | 8.8.8.8:53 | lyrepwf.org | udp |
| US | 8.8.8.8:53 | jjngix.net | udp |
| US | 8.8.8.8:53 | ofwtdemvdwjh.net | udp |
| US | 8.8.8.8:53 | fcnuyrmwj.org | udp |
| US | 8.8.8.8:53 | yvlevtbtem.info | udp |
| DE | 85.214.228.140:80 | yvlevtbtem.info | tcp |
| US | 8.8.8.8:53 | fkewygmkarzp.net | udp |
| US | 8.8.8.8:53 | vsvujg.info | udp |
| US | 8.8.8.8:53 | voiztdxjhkm.com | udp |
| US | 8.8.8.8:53 | yxbtrpqyog.net | udp |
| US | 8.8.8.8:53 | kogczxombtrc.info | udp |
| US | 8.8.8.8:53 | lppedez.org | udp |
| US | 8.8.8.8:53 | ridxvoubk.net | udp |
| US | 8.8.8.8:53 | 164.161.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.7.227.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vuborzmdwar.com | udp |
| US | 8.8.8.8:53 | ekinxs.net | udp |
| US | 8.8.8.8:53 | imsefqsjjty.net | udp |
| US | 8.8.8.8:53 | bqlsnyf.com | udp |
| US | 8.8.8.8:53 | sazxvkllne.net | udp |
| US | 8.8.8.8:53 | wmemmkag.com | udp |
| US | 8.8.8.8:53 | mheextaoqoot.info | udp |
| US | 8.8.8.8:53 | gmmkqicm.com | udp |
| US | 8.8.8.8:53 | bvvsbahxniv.net | udp |
| US | 8.8.8.8:53 | xvbazgrquxxx.net | udp |
| US | 8.8.8.8:53 | uiqaueqkeq.org | udp |
| US | 8.8.8.8:53 | iiekfdukb.net | udp |
| US | 8.8.8.8:53 | daffdtoahq.info | udp |
| US | 8.8.8.8:53 | kayomsqccs.org | udp |
| US | 8.8.8.8:53 | twdulv.info | udp |
| US | 8.8.8.8:53 | gxovrewca.info | udp |
| US | 208.117.43.225:80 | gxovrewca.info | tcp |
| US | 8.8.8.8:53 | igyvtpdik.info | udp |
| US | 8.8.8.8:53 | iqsdjmza.info | udp |
| US | 8.8.8.8:53 | ycaoka.org | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.43.117.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eohkcsksh.info | udp |
| US | 8.8.8.8:53 | kglkferkp.net | udp |
| US | 8.8.8.8:53 | fnvgospwc.net | udp |
| US | 8.8.8.8:53 | nayqksxdeoyy.net | udp |
| US | 8.8.8.8:53 | yaxpgshqjy.net | udp |
| US | 8.8.8.8:53 | scouvhemn.net | udp |
| US | 8.8.8.8:53 | iqtcpyft.info | udp |
| US | 8.8.8.8:53 | lkpfthcneopu.info | udp |
| US | 8.8.8.8:53 | imlwhd.net | udp |
| US | 8.8.8.8:53 | plizzmkxkdvo.info | udp |
| US | 8.8.8.8:53 | wewijbyz.net | udp |
| US | 8.8.8.8:53 | zalsht.info | udp |
| US | 8.8.8.8:53 | onbcnr.net | udp |
| US | 8.8.8.8:53 | ugwikuki.com | udp |
| US | 8.8.8.8:53 | ycsqgi.com | udp |
| US | 8.8.8.8:53 | bcljyzibrk.info | udp |
| US | 8.8.8.8:53 | xkhiwdp.org | udp |
| US | 8.8.8.8:53 | bjkmaphq.info | udp |
| US | 8.8.8.8:53 | tvtumycbj.info | udp |
| US | 8.8.8.8:53 | hnmqqyvqk.net | udp |
| US | 8.8.8.8:53 | xsctfdhpiwod.info | udp |
| US | 8.8.8.8:53 | fveqxixlnj.info | udp |
| US | 8.8.8.8:53 | gsbjzqw.info | udp |
| US | 8.8.8.8:53 | qqkoymaw.com | udp |
| US | 8.8.8.8:53 | cwtseitwpdb.net | udp |
| US | 8.8.8.8:53 | urhqez.net | udp |
| US | 8.8.8.8:53 | ibajfb.info | udp |
| US | 8.8.8.8:53 | hbnihmmot.info | udp |
| US | 8.8.8.8:53 | wudrlgzax.info | udp |
| US | 8.8.8.8:53 | fahlytmmlz.info | udp |
| US | 8.8.8.8:53 | ajjpigfggb.net | udp |
| US | 8.8.8.8:53 | zeogwjwsnslb.info | udp |
| US | 8.8.8.8:53 | ydkotrvkhl.net | udp |
| US | 8.8.8.8:53 | nanehgtr.net | udp |
| US | 8.8.8.8:53 | blfsfjll.net | udp |
| US | 8.8.8.8:53 | dixzdew.net | udp |
| US | 8.8.8.8:53 | lbmajwuuq.com | udp |
| US | 8.8.8.8:53 | znpdlfmejihe.net | udp |
| US | 8.8.8.8:53 | iocomypijct.info | udp |
| US | 8.8.8.8:53 | mefkhug.net | udp |
| US | 8.8.8.8:53 | tcbopdsif.net | udp |
| US | 8.8.8.8:53 | entqdjaf.net | udp |
| US | 8.8.8.8:53 | quakmmsyem.org | udp |
| US | 8.8.8.8:53 | makyqycm.com | udp |
| US | 8.8.8.8:53 | jxeygb.net | udp |
| US | 8.8.8.8:53 | ovqodpzd.net | udp |
| US | 8.8.8.8:53 | xtkmlhp.info | udp |
| US | 8.8.8.8:53 | jqpeboe.com | udp |
| US | 8.8.8.8:53 | fazbdjijxaqt.net | udp |
| US | 8.8.8.8:53 | lsrxfm.net | udp |
| US | 8.8.8.8:53 | flnwhwwxfarv.net | udp |
| US | 8.8.8.8:53 | pcjpnotj.info | udp |
| US | 8.8.8.8:53 | dtjulkfi.info | udp |
| US | 8.8.8.8:53 | koymoq.com | udp |
| US | 8.8.8.8:53 | qninxsgta.info | udp |
| US | 8.8.8.8:53 | resivmhzh.net | udp |
| US | 8.8.8.8:53 | idnmjdeb.info | udp |
| US | 8.8.8.8:53 | bqglsw.info | udp |
| US | 8.8.8.8:53 | xczvodoqqrbf.net | udp |
| US | 8.8.8.8:53 | vzdbnquot.org | udp |
| US | 8.8.8.8:53 | qcweqows.com | udp |
| US | 8.8.8.8:53 | tlpzjoysgy.info | udp |
| US | 8.8.8.8:53 | mcgslskwd.info | udp |
| US | 8.8.8.8:53 | folwthrqhvbo.info | udp |
| US | 8.8.8.8:53 | iogazasyw.net | udp |
| US | 8.8.8.8:53 | kwegyi.org | udp |
| US | 8.8.8.8:53 | swjmhihwl.info | udp |
| US | 8.8.8.8:53 | bwwdfdzs.info | udp |
| US | 8.8.8.8:53 | qxnovodjnwph.net | udp |
| US | 8.8.8.8:53 | fctmuiu.org | udp |
| US | 8.8.8.8:53 | dabtkfv.net | udp |
| US | 8.8.8.8:53 | fymbfdrqb.org | udp |
| US | 8.8.8.8:53 | vyyersapaa.info | udp |
| US | 8.8.8.8:53 | qigeuwgc.com | udp |
| US | 8.8.8.8:53 | rzadlipg.net | udp |
| US | 8.8.8.8:53 | kedaukfm.info | udp |
| US | 8.8.8.8:53 | ygkigukuqi.org | udp |
| US | 8.8.8.8:53 | fxtipsji.info | udp |
| US | 8.8.8.8:53 | zdaymc.info | udp |
| US | 8.8.8.8:53 | komoaauqyyim.org | udp |
| US | 8.8.8.8:53 | gqcvuitbbgto.info | udp |
| US | 8.8.8.8:53 | kyxkljw.info | udp |
| US | 8.8.8.8:53 | inllquav.info | udp |
| US | 8.8.8.8:53 | scytoow.info | udp |
| US | 8.8.8.8:53 | bcakgxpwp.net | udp |
| US | 8.8.8.8:53 | rjzebiy.org | udp |
| US | 8.8.8.8:53 | fjcqiy.net | udp |
| US | 8.8.8.8:53 | ookllofsbuf.info | udp |
| US | 8.8.8.8:53 | zmzehifwl.info | udp |
| US | 8.8.8.8:53 | goydcebort.info | udp |
| US | 8.8.8.8:53 | cknujdulnim.info | udp |
| US | 8.8.8.8:53 | irfdvndbbaiy.info | udp |
| US | 8.8.8.8:53 | fwfeexky.info | udp |
| US | 8.8.8.8:53 | dgnplqx.net | udp |
| US | 8.8.8.8:53 | aeawuiyaagmw.org | udp |
| US | 8.8.8.8:53 | bsrbmvfyhz.info | udp |
| US | 8.8.8.8:53 | lnvgrtrihab.info | udp |
| US | 8.8.8.8:53 | biolfkjr.info | udp |
| US | 8.8.8.8:53 | dytmpmhvv.com | udp |
| US | 8.8.8.8:53 | oygobwpqj.info | udp |
| US | 8.8.8.8:53 | ouussmaquo.com | udp |
| US | 8.8.8.8:53 | imbtbbln.net | udp |
| US | 8.8.8.8:53 | narkymuuf.com | udp |
| US | 8.8.8.8:53 | yayfqlmmnc.net | udp |
| US | 8.8.8.8:53 | gcseyiicsuua.org | udp |
| US | 8.8.8.8:53 | vqxxfkf.net | udp |
| US | 8.8.8.8:53 | blqehiounii.info | udp |
| US | 8.8.8.8:53 | qiswcwuswm.org | udp |
| US | 8.8.8.8:53 | btnsxanx.net | udp |
| US | 8.8.8.8:53 | ncbmohv.org | udp |
| US | 8.8.8.8:53 | bbhtrv.info | udp |
| LT | 81.7.66.153:32089 | tcp | |
| US | 8.8.8.8:53 | zqjclbuuh.org | udp |
| US | 8.8.8.8:53 | vmgkpvrhzejx.net | udp |
| US | 8.8.8.8:53 | xolqtrc.info | udp |
| US | 8.8.8.8:53 | tlxttjksnrxh.net | udp |
| US | 8.8.8.8:53 | yagskq.org | udp |
| US | 8.8.8.8:53 | psnibdfgf.com | udp |
| US | 8.8.8.8:53 | ukaygoeumggm.org | udp |
| US | 8.8.8.8:53 | moiwegceskca.com | udp |
| US | 8.8.8.8:53 | gyawye.org | udp |
| US | 8.8.8.8:53 | hkxhzqtcjvg.net | udp |
| US | 8.8.8.8:53 | bzfofooyjid.net | udp |
| US | 8.8.8.8:53 | jxjkotukgu.net | udp |
| US | 8.8.8.8:53 | iejiqapby.info | udp |
| US | 8.8.8.8:53 | woztlczgt.info | udp |
| US | 8.8.8.8:53 | kckqgksqlsn.info | udp |
| US | 8.8.8.8:53 | tegqmlalhbzt.net | udp |
| US | 8.8.8.8:53 | vkquzkfac.info | udp |
| US | 8.8.8.8:53 | cvsczqkmh.net | udp |
| US | 8.8.8.8:53 | pddxhqkj.info | udp |
| US | 8.8.8.8:53 | nermleugbb.info | udp |
| US | 8.8.8.8:53 | xfvpqk.net | udp |
| US | 8.8.8.8:53 | nobyrszgnub.com | udp |
| US | 8.8.8.8:53 | iqsvsh.net | udp |
| US | 8.8.8.8:53 | fynmvr.info | udp |
| US | 8.8.8.8:53 | qyxcvwfeda.net | udp |
| US | 8.8.8.8:53 | dtxlvhyxgw.info | udp |
| US | 8.8.8.8:53 | bkrlbpag.net | udp |
| US | 8.8.8.8:53 | cvlarvyjqcze.info | udp |
| US | 8.8.8.8:53 | uijpkypud.net | udp |
| US | 8.8.8.8:53 | tahkmkiso.net | udp |
| US | 8.8.8.8:53 | scmgyeekkwyk.org | udp |
| US | 8.8.8.8:53 | llypmzuhyptw.net | udp |
| US | 8.8.8.8:53 | islbdyeap.net | udp |
| US | 8.8.8.8:53 | bsocxcnvh.org | udp |
| US | 8.8.8.8:53 | ogqkugkyocem.org | udp |
| US | 8.8.8.8:53 | rabnldyt.info | udp |
| US | 8.8.8.8:53 | eriqloferm.info | udp |
| US | 8.8.8.8:53 | lzydnmfiix.info | udp |
| US | 8.8.8.8:53 | iidcfctuz.net | udp |
| US | 8.8.8.8:53 | sigmamkgiueu.com | udp |
| US | 8.8.8.8:53 | uvygrcpnecc.info | udp |
| US | 8.8.8.8:53 | ewaqvor.info | udp |
| US | 8.8.8.8:53 | hosafkfafrbk.info | udp |
| US | 8.8.8.8:53 | jxpktyhgd.info | udp |
| US | 8.8.8.8:53 | lkjjlghm.info | udp |
| US | 8.8.8.8:53 | qhlqtvxo.info | udp |
| US | 8.8.8.8:53 | gdnnqzhkwiu.info | udp |
| US | 8.8.8.8:53 | sfybtzvclo.net | udp |
| US | 8.8.8.8:53 | xknqkxw.com | udp |
| US | 8.8.8.8:53 | lxdgbska.net | udp |
| US | 8.8.8.8:53 | ptjavojos.info | udp |
| US | 8.8.8.8:53 | osmekouk.org | udp |
| US | 8.8.8.8:53 | caswck.com | udp |
| US | 8.8.8.8:53 | vkeeji.net | udp |
| US | 8.8.8.8:53 | hyonbmbik.info | udp |
| US | 8.8.8.8:53 | oouwimuame.org | udp |
| US | 8.8.8.8:53 | qebzlkrrba.info | udp |
| US | 8.8.8.8:53 | cihwbypmk.net | udp |
| US | 8.8.8.8:53 | bkrhdabtbp.net | udp |
| US | 8.8.8.8:53 | fkdiugboa.org | udp |
| US | 8.8.8.8:53 | mszlkuldj.net | udp |
| US | 8.8.8.8:53 | vvznyu.info | udp |
| US | 8.8.8.8:53 | qmgsik.org | udp |
| US | 8.8.8.8:53 | uqykymisaa.com | udp |
| US | 8.8.8.8:53 | xszsuwzph.info | udp |
| US | 8.8.8.8:53 | meqkiyucoc.org | udp |
| US | 8.8.8.8:53 | uyewwgeokm.com | udp |
| US | 8.8.8.8:53 | jbmlzw.net | udp |
| US | 8.8.8.8:53 | umkqxamcgri.net | udp |
| US | 8.8.8.8:53 | izeafastp.net | udp |
| US | 8.8.8.8:53 | csauyeasyaes.org | udp |
| US | 8.8.8.8:53 | kuoisbvsdjs.net | udp |
| US | 8.8.8.8:53 | qophjsbo.net | udp |
| US | 8.8.8.8:53 | bikjkdotpidw.info | udp |
| US | 8.8.8.8:53 | qjhaagv.net | udp |
| US | 8.8.8.8:53 | kgjemi.net | udp |
| US | 8.8.8.8:53 | tmqbzrxplz.net | udp |
| US | 8.8.8.8:53 | fdfzvcdw.net | udp |
| US | 8.8.8.8:53 | tsgved.info | udp |
| US | 8.8.8.8:53 | dhoszass.net | udp |
| US | 8.8.8.8:53 | aockyykq.org | udp |
| US | 8.8.8.8:53 | lumcgayqt.info | udp |
| US | 8.8.8.8:53 | yaesaqygoqqc.com | udp |
| US | 8.8.8.8:53 | wpcqhg.net | udp |
| US | 8.8.8.8:53 | vpzdismu.net | udp |
| US | 8.8.8.8:53 | otpgdwp.net | udp |
| US | 8.8.8.8:53 | rcpizmsudgo.net | udp |
| US | 8.8.8.8:53 | amjtbgmm.info | udp |
| US | 8.8.8.8:53 | gujwxiyhdd.net | udp |
| US | 8.8.8.8:53 | cjzgrlb.net | udp |
| US | 8.8.8.8:53 | bjjhnpvzhy.net | udp |
| US | 8.8.8.8:53 | ytmpxlwoedik.net | udp |
| US | 8.8.8.8:53 | osmcaaks.com | udp |
| US | 8.8.8.8:53 | uqboaiac.net | udp |
| US | 8.8.8.8:53 | oaocpkidgphv.net | udp |
| US | 8.8.8.8:53 | bffybjxil.net | udp |
| US | 8.8.8.8:53 | xaqgdsluqadh.net | udp |
| US | 8.8.8.8:53 | pvmyqjxnnclx.net | udp |
| US | 8.8.8.8:53 | cgfrjezoq.info | udp |
| US | 8.8.8.8:53 | muzlbtvoxejb.net | udp |
| US | 8.8.8.8:53 | btpqhngg.info | udp |
| US | 8.8.8.8:53 | hujopdekjus.com | udp |
| US | 8.8.8.8:53 | yuzhnmhy.info | udp |
| US | 8.8.8.8:53 | xgtzdkxz.info | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zezmfqtoo.info | udp |
| US | 8.8.8.8:53 | jonafcrlvuv.com | udp |
| US | 8.8.8.8:53 | vkhoaejkl.net | udp |
| US | 8.8.8.8:53 | cpokycgluune.info | udp |
| US | 8.8.8.8:53 | qiqwyykeysys.com | udp |
| US | 8.8.8.8:53 | wkqmkc.com | udp |
| US | 8.8.8.8:53 | sujpnhteqcoz.info | udp |
| US | 8.8.8.8:53 | rucapjxynsu.com | udp |
| US | 8.8.8.8:53 | kwyokgew.com | udp |
| US | 8.8.8.8:53 | phbtxiqv.net | udp |
| US | 8.8.8.8:53 | jinillvc.info | udp |
| US | 8.8.8.8:53 | citmhfxal.info | udp |
| US | 8.8.8.8:53 | iogaioqygaoe.org | udp |
| US | 8.8.8.8:53 | dyuwroqhh.info | udp |
| US | 8.8.8.8:53 | hmhotnkdkue.net | udp |
| US | 8.8.8.8:53 | vxybtikwd.info | udp |
| US | 8.8.8.8:53 | climfkwxze.info | udp |
| US | 8.8.8.8:53 | wujujiodygs.info | udp |
| US | 8.8.8.8:53 | tpuojfhjkb.info | udp |
| US | 8.8.8.8:53 | nwlgenn.org | udp |
| US | 8.8.8.8:53 | asuiugmm.org | udp |
| US | 8.8.8.8:53 | vmgypyuuhwd.com | udp |
| US | 8.8.8.8:53 | fojcixvwpzd.org | udp |
| US | 8.8.8.8:53 | rikpmvbezwjz.info | udp |
| US | 8.8.8.8:53 | ugfjcuvmwp.info | udp |
| US | 8.8.8.8:53 | ssgyquamtpjp.info | udp |
| US | 8.8.8.8:53 | xlzbnkcrrkgh.net | udp |
| US | 8.8.8.8:53 | mbcqvg.net | udp |
| US | 8.8.8.8:53 | asvuzodtda.net | udp |
| US | 8.8.8.8:53 | mfvomkg.info | udp |
| BG | 79.100.76.218:41234 | tcp | |
| US | 8.8.8.8:53 | fkxzohntsugj.info | udp |
| US | 8.8.8.8:53 | ovstxcdlgwdv.net | udp |
| US | 8.8.8.8:53 | asmqyg.org | udp |
| US | 8.8.8.8:53 | cgbuekprhuk.info | udp |
| US | 8.8.8.8:53 | ncdqfzhp.info | udp |
| US | 8.8.8.8:53 | bkvcnvtmy.net | udp |
| US | 8.8.8.8:53 | okkaomykwy.org | udp |
| US | 8.8.8.8:53 | sudfnqtnsuxu.info | udp |
| US | 8.8.8.8:53 | guomuaiy.com | udp |
| US | 8.8.8.8:53 | holshweltha.net | udp |
| US | 8.8.8.8:53 | gwyogqoe.org | udp |
| US | 8.8.8.8:53 | inpjcxrlce.net | udp |
| US | 8.8.8.8:53 | fwyuaimem.info | udp |
| US | 8.8.8.8:53 | ibsfmbxoyhda.net | udp |
| US | 8.8.8.8:53 | ndfioknz.info | udp |
| US | 8.8.8.8:53 | nxzombzf.net | udp |
| US | 8.8.8.8:53 | ywhhcipewd.net | udp |
| US | 8.8.8.8:53 | tssyqtxn.net | udp |
| US | 8.8.8.8:53 | vzndzlxtz.info | udp |
| US | 8.8.8.8:53 | zvomqup.com | udp |
| US | 8.8.8.8:53 | mmigyzwyiif.net | udp |
| US | 8.8.8.8:53 | dkxqdkvidzbv.net | udp |
| US | 8.8.8.8:53 | raciatxuhg.info | udp |
| US | 8.8.8.8:53 | guiamg.org | udp |
| US | 8.8.8.8:53 | qnfmjxz.info | udp |
| US | 8.8.8.8:53 | qxrkvi.info | udp |
| US | 8.8.8.8:53 | dlblbdjazgxf.info | udp |
| US | 8.8.8.8:53 | odjnfatkvlgr.net | udp |
| US | 8.8.8.8:53 | gqpmvadulae.net | udp |
| US | 8.8.8.8:53 | phdifqsxye.info | udp |
| US | 8.8.8.8:53 | vrzain.net | udp |
| US | 8.8.8.8:53 | mmtunsztu.info | udp |
| US | 8.8.8.8:53 | jcxyfkzonhl.net | udp |
| US | 8.8.8.8:53 | kweswqma.com | udp |
| US | 8.8.8.8:53 | nvzykyqqgqr.org | udp |
| US | 8.8.8.8:53 | coxgtpn.info | udp |
| US | 8.8.8.8:53 | ueausame.org | udp |
| US | 8.8.8.8:53 | nqtkgofrsg.info | udp |
| US | 8.8.8.8:53 | uqefngb.net | udp |
| US | 8.8.8.8:53 | omxjlgxoqis.info | udp |
| US | 8.8.8.8:53 | llvozjjmi.com | udp |
| US | 8.8.8.8:53 | hsrupyh.org | udp |
| US | 8.8.8.8:53 | hjmhldqmwf.info | udp |
| US | 8.8.8.8:53 | uknszyb.net | udp |
| US | 8.8.8.8:53 | vphzty.info | udp |
| US | 8.8.8.8:53 | wnruvo.net | udp |
| US | 8.8.8.8:53 | loboje.info | udp |
| US | 8.8.8.8:53 | qqhotaylpev.info | udp |
| US | 8.8.8.8:53 | oqoaymeqye.com | udp |
| US | 8.8.8.8:53 | cylkfmgluvz.info | udp |
| US | 8.8.8.8:53 | muamegzjiibr.net | udp |
| US | 8.8.8.8:53 | jqiibhoylx.info | udp |
| US | 8.8.8.8:53 | asqokeugye.com | udp |
| US | 8.8.8.8:53 | caxhsn.net | udp |
| US | 8.8.8.8:53 | hmevjc.net | udp |
| US | 8.8.8.8:53 | iucccige.org | udp |
| US | 8.8.8.8:53 | ljgstpbimkn.org | udp |
| US | 8.8.8.8:53 | ntkpdz.net | udp |
| US | 8.8.8.8:53 | casyscua.com | udp |
| US | 8.8.8.8:53 | buisur.info | udp |
| US | 8.8.8.8:53 | pyasfkd.info | udp |
| US | 8.8.8.8:53 | hajwjyvcbbc.info | udp |
| US | 8.8.8.8:53 | nyzgjdx.com | udp |
| US | 8.8.8.8:53 | zfubcpzi.info | udp |
| US | 8.8.8.8:53 | qumwgm.com | udp |
| US | 8.8.8.8:53 | avetemrnen.net | udp |
| US | 8.8.8.8:53 | vgaftibz.info | udp |
| US | 8.8.8.8:53 | kyizjibldu.info | udp |
| US | 8.8.8.8:53 | khdqhpb.net | udp |
| US | 8.8.8.8:53 | zmbqxhvkn.info | udp |
| US | 8.8.8.8:53 | mssmge.org | udp |
| US | 8.8.8.8:53 | zisyqyrsj.org | udp |
| US | 8.8.8.8:53 | onzlafj.info | udp |
| US | 8.8.8.8:53 | aiaqiqohnxw.info | udp |
| US | 8.8.8.8:53 | muwiui.org | udp |
| US | 8.8.8.8:53 | dmjpmerk.info | udp |
| US | 8.8.8.8:53 | zphohizwlw.net | udp |
| US | 8.8.8.8:53 | wwlqzmnar.info | udp |
| US | 8.8.8.8:53 | deprfzdbx.info | udp |
| US | 8.8.8.8:53 | urdowgdb.net | udp |
| US | 8.8.8.8:53 | dkyajdhktea.net | udp |
| US | 8.8.8.8:53 | farxfzt.net | udp |
| US | 8.8.8.8:53 | jcsotdhkfet.net | udp |
| US | 8.8.8.8:53 | pndshdzgdu.info | udp |
| US | 8.8.8.8:53 | ttpsoenl.net | udp |
| US | 8.8.8.8:53 | oqsgddkegscp.info | udp |
| US | 8.8.8.8:53 | jadvbzpmzde.net | udp |
| US | 8.8.8.8:53 | kmskpu.info | udp |
| US | 8.8.8.8:53 | urjvplc.info | udp |
| US | 8.8.8.8:53 | jbyzhqopxu.info | udp |
| US | 8.8.8.8:53 | iwwygrqykt.info | udp |
| US | 8.8.8.8:53 | xsgufxlxdb.net | udp |
| US | 8.8.8.8:53 | lgzgdscu.info | udp |
| US | 8.8.8.8:53 | lrtupmqkjjs.org | udp |
| US | 8.8.8.8:53 | nazlbsguutp.info | udp |
| US | 8.8.8.8:53 | maeuejyp.info | udp |
| US | 8.8.8.8:53 | tmeiltb.org | udp |
| US | 8.8.8.8:53 | aksahmdab.net | udp |
| US | 8.8.8.8:53 | omfmnsz.net | udp |
| US | 8.8.8.8:53 | aeyhafxuznah.net | udp |
| US | 8.8.8.8:53 | igayyogm.org | udp |
| US | 8.8.8.8:53 | sqvkykd.info | udp |
| US | 8.8.8.8:53 | oyzrnh.info | udp |
| US | 8.8.8.8:53 | sdgctvrac.net | udp |
| US | 8.8.8.8:53 | veqmkccs.info | udp |
| US | 8.8.8.8:53 | juebxppmjybb.info | udp |
| US | 8.8.8.8:53 | exgfba.info | udp |
| US | 8.8.8.8:53 | yuhmwgt.info | udp |
| US | 8.8.8.8:53 | urgwesgmp.info | udp |
| US | 8.8.8.8:53 | nsgpro.info | udp |
| US | 8.8.8.8:53 | bicoljrkh.org | udp |
| US | 8.8.8.8:53 | rqvzuewwpmj.net | udp |
| US | 8.8.8.8:53 | rspxfkvezu.info | udp |
| US | 8.8.8.8:53 | gquywyqgmq.org | udp |
| US | 8.8.8.8:53 | uezshegdt.net | udp |
| US | 8.8.8.8:53 | pjumnwnmv.com | udp |
| US | 8.8.8.8:53 | sfjbrurzhktc.info | udp |
| US | 8.8.8.8:53 | fkiokat.com | udp |
| US | 8.8.8.8:53 | qhphjcwruv.info | udp |
| US | 8.8.8.8:53 | dchkpjhixjds.net | udp |
| US | 8.8.8.8:53 | kgkwikgwsa.com | udp |
| US | 8.8.8.8:53 | fafpcex.org | udp |
| US | 8.8.8.8:53 | bhhchgi.com | udp |
| US | 8.8.8.8:53 | reusxqdwpsk.info | udp |
| US | 8.8.8.8:53 | nffcghjfkxlo.info | udp |
| US | 8.8.8.8:53 | qufvlvhib.net | udp |
| US | 8.8.8.8:53 | yjtupendkkxe.info | udp |
| US | 8.8.8.8:53 | rlhlbkjny.com | udp |
| US | 8.8.8.8:53 | vmlipme.net | udp |
| US | 8.8.8.8:53 | vvkccluqn.net | udp |
| BG | 87.97.198.24:43316 | tcp | |
| US | 8.8.8.8:53 | dabjlwlk.net | udp |
| US | 8.8.8.8:53 | cxjstyd.net | udp |
| US | 8.8.8.8:53 | rcxcgvlkjgk.org | udp |
| US | 8.8.8.8:53 | iabiqtduaqn.info | udp |
| US | 8.8.8.8:53 | motsour.info | udp |
| US | 8.8.8.8:53 | qiqmec.org | udp |
| US | 8.8.8.8:53 | tunadk.net | udp |
| US | 8.8.8.8:53 | fijtvqndryp.org | udp |
| US | 8.8.8.8:53 | eipzrslud.info | udp |
| US | 8.8.8.8:53 | oysaaiqgsu.org | udp |
| US | 8.8.8.8:53 | yadmwvuppi.info | udp |
| US | 8.8.8.8:53 | dpdrwx.net | udp |
| US | 8.8.8.8:53 | urpywwpqmcv.net | udp |
| US | 8.8.8.8:53 | iaiugq.org | udp |
| US | 8.8.8.8:53 | acqywq.com | udp |
| US | 8.8.8.8:53 | asoovocg.net | udp |
| US | 8.8.8.8:53 | fotswjslma.net | udp |
| US | 8.8.8.8:53 | jdydxkpfmtl.net | udp |
| US | 8.8.8.8:53 | qwkakg.org | udp |
| US | 8.8.8.8:53 | dkpeeocmxpjs.info | udp |
| US | 8.8.8.8:53 | bfetne.net | udp |
| US | 8.8.8.8:53 | dfwhrojfrjcd.info | udp |
| US | 8.8.8.8:53 | ayugwm.org | udp |
| US | 8.8.8.8:53 | hqlleahr.net | udp |
| US | 8.8.8.8:53 | eukqapdidrk.info | udp |
| US | 8.8.8.8:53 | yjftgnxdfo.info | udp |
| US | 8.8.8.8:53 | aceyysck.com | udp |
| US | 8.8.8.8:53 | rmwbsmjktg.net | udp |
| US | 8.8.8.8:53 | cwuquw.com | udp |
| US | 8.8.8.8:53 | dhrdzrzkhxzd.info | udp |
| US | 8.8.8.8:53 | cexubyc.info | udp |
| US | 8.8.8.8:53 | zgbyzgamn.info | udp |
| US | 8.8.8.8:53 | kwoghyvym.net | udp |
| US | 8.8.8.8:53 | mqrect.net | udp |
| US | 8.8.8.8:53 | kyvmsxhzaz.info | udp |
| US | 8.8.8.8:53 | gwbchvpmv.info | udp |
| US | 8.8.8.8:53 | yroymt.net | udp |
| US | 8.8.8.8:53 | dqsdzd.info | udp |
| US | 8.8.8.8:53 | gyaqiqcg.org | udp |
| US | 8.8.8.8:53 | nyxilsggp.info | udp |
| US | 8.8.8.8:53 | bwzwfpynkd.net | udp |
| US | 8.8.8.8:53 | ikzggyomf.net | udp |
| US | 8.8.8.8:53 | efbepnwi.net | udp |
| US | 8.8.8.8:53 | qqxfsislwlzo.info | udp |
| US | 8.8.8.8:53 | qbzcetzv.info | udp |
| US | 8.8.8.8:53 | nilkdixen.net | udp |
| US | 8.8.8.8:53 | asgyeomy.org | udp |
| US | 8.8.8.8:53 | hfbgabb.org | udp |
| US | 8.8.8.8:53 | ixitmx.info | udp |
| US | 8.8.8.8:53 | lpnxdfigts.info | udp |
| US | 8.8.8.8:53 | rrpglwh.com | udp |
| US | 8.8.8.8:53 | mogtmbtlwt.net | udp |
| US | 8.8.8.8:53 | tglfxcnlsqi.net | udp |
| US | 8.8.8.8:53 | bsvnpeteyek.net | udp |
| US | 8.8.8.8:53 | jskiwxbggo.info | udp |
| US | 8.8.8.8:53 | izpzpgblh.net | udp |
| US | 8.8.8.8:53 | hhaukgdixgc.com | udp |
| US | 8.8.8.8:53 | tonipijzr.info | udp |
| US | 8.8.8.8:53 | sgcjjzhz.info | udp |
| US | 8.8.8.8:53 | oweaau.org | udp |
| US | 8.8.8.8:53 | krwxhyzumn.net | udp |
| US | 8.8.8.8:53 | tdgzfidr.info | udp |
| US | 8.8.8.8:53 | unubkvbgps.info | udp |
| US | 8.8.8.8:53 | cdoabwxwzgb.net | udp |
| US | 8.8.8.8:53 | gutafuz.info | udp |
| US | 8.8.8.8:53 | jqlutmrcr.info | udp |
| US | 8.8.8.8:53 | pwhftuysn.info | udp |
| US | 8.8.8.8:53 | bodnqycddaju.net | udp |
| US | 8.8.8.8:53 | qepxrlt.net | udp |
| US | 8.8.8.8:53 | rmpynsoon.info | udp |
| US | 8.8.8.8:53 | nbidpxcn.net | udp |
| US | 8.8.8.8:53 | rwkqnpl.info | udp |
| US | 8.8.8.8:53 | oxyexk.info | udp |
| US | 8.8.8.8:53 | zfdtygrazjd.org | udp |
| US | 8.8.8.8:53 | citepix.info | udp |
| US | 8.8.8.8:53 | bmlmzuz.net | udp |
| US | 8.8.8.8:53 | eaicecqawoqg.org | udp |
| US | 8.8.8.8:53 | xahqdbpt.info | udp |
| US | 8.8.8.8:53 | amgyik.com | udp |
| US | 8.8.8.8:53 | oquzjzqoikt.net | udp |
| US | 8.8.8.8:53 | dxvjvtpimdj.net | udp |
| US | 8.8.8.8:53 | qceqikaekkqc.com | udp |
| US | 8.8.8.8:53 | wwruhosvmg.info | udp |
| US | 8.8.8.8:53 | klcbqrbrtb.info | udp |
| US | 8.8.8.8:53 | poegpspul.info | udp |
| US | 8.8.8.8:53 | tdlchsbj.info | udp |
| US | 8.8.8.8:53 | hcfqhcj.com | udp |
| US | 8.8.8.8:53 | pirubsjsea.net | udp |
| US | 8.8.8.8:53 | zbiuymud.net | udp |
| US | 8.8.8.8:53 | gupksvbt.net | udp |
| US | 8.8.8.8:53 | cpigudnc.info | udp |
| US | 8.8.8.8:53 | lcvkrftoyru.net | udp |
| US | 8.8.8.8:53 | mazivzlqmeh.net | udp |
| US | 8.8.8.8:53 | ewwdtspcn.info | udp |
| US | 8.8.8.8:53 | pmidxai.info | udp |
| US | 8.8.8.8:53 | kaieuyciegaa.com | udp |
| US | 8.8.8.8:53 | ravoeyj.org | udp |
| US | 8.8.8.8:53 | ydoefmtxm.info | udp |
| US | 8.8.8.8:53 | sdfaiwpmqot.info | udp |
| US | 8.8.8.8:53 | kppmoy.net | udp |
| US | 8.8.8.8:53 | ewoextrab.net | udp |
| US | 8.8.8.8:53 | xtzlwwzqj.org | udp |
| US | 8.8.8.8:53 | cgqqzbjjo.net | udp |
| US | 8.8.8.8:53 | mqrrkx.info | udp |
| US | 8.8.8.8:53 | sidgxcze.info | udp |
| US | 8.8.8.8:53 | gfggfnuyrxa.net | udp |
| US | 8.8.8.8:53 | tedodftzd.com | udp |
| US | 8.8.8.8:53 | aiggkiokkymi.org | udp |
| US | 8.8.8.8:53 | oexbzdqeuw.net | udp |
| US | 8.8.8.8:53 | iblnzidililt.net | udp |
| US | 8.8.8.8:53 | srjdkocppz.net | udp |
| US | 8.8.8.8:53 | gabmxgxco.net | udp |
| US | 8.8.8.8:53 | skwukseimm.com | udp |
| US | 8.8.8.8:53 | wnxsox.info | udp |
| US | 8.8.8.8:53 | xqqgytzbgnyi.info | udp |
| US | 8.8.8.8:53 | iqkamaueuwyg.com | udp |
| US | 8.8.8.8:53 | zpvrqtxn.info | udp |
| US | 8.8.8.8:53 | ooaemaqkisiq.org | udp |
| US | 8.8.8.8:53 | tocgsqr.org | udp |
| US | 8.8.8.8:53 | whskrg.net | udp |
| US | 8.8.8.8:53 | sykage.org | udp |
| US | 8.8.8.8:53 | dadqhmotvc.info | udp |
| US | 8.8.8.8:53 | nnrmawm.net | udp |
| US | 8.8.8.8:53 | sbywvpmhcvmm.info | udp |
| US | 8.8.8.8:53 | nexihlcmpox.info | udp |
| US | 8.8.8.8:53 | utubpdsxsv.net | udp |
| US | 8.8.8.8:53 | geecyc.com | udp |
| US | 8.8.8.8:53 | gxanleunlt.net | udp |
| LT | 78.57.238.81:31713 | tcp | |
| US | 8.8.8.8:53 | ntdgkmipjcdx.info | udp |
| US | 8.8.8.8:53 | boyspw.info | udp |
| US | 8.8.8.8:53 | vvzbqi.info | udp |
| US | 8.8.8.8:53 | tjkkvlhfhbfo.net | udp |
| US | 8.8.8.8:53 | khtyvnpcsx.net | udp |
| US | 8.8.8.8:53 | hyigua.net | udp |
| US | 8.8.8.8:53 | tkfonuhla.net | udp |
| US | 8.8.8.8:53 | ekvmumt.net | udp |
| US | 8.8.8.8:53 | popczs.info | udp |
| US | 8.8.8.8:53 | vxlunydxpu.info | udp |
| US | 8.8.8.8:53 | ekgeguieum.org | udp |
| US | 8.8.8.8:53 | izzshp.net | udp |
| US | 8.8.8.8:53 | qysmmosewu.org | udp |
| US | 8.8.8.8:53 | pyokfpv.info | udp |
| US | 8.8.8.8:53 | qmexcovrdqux.info | udp |
| US | 8.8.8.8:53 | scdylinel.info | udp |
| US | 8.8.8.8:53 | vqyrvxiot.info | udp |
| US | 8.8.8.8:53 | gjljrdnz.net | udp |
| US | 8.8.8.8:53 | dptmekdd.info | udp |
| US | 8.8.8.8:53 | xmnhxwblfst.net | udp |
| US | 8.8.8.8:53 | dnokev.info | udp |
| US | 8.8.8.8:53 | jjbzrfg.org | udp |
| US | 8.8.8.8:53 | qpnofzkk.net | udp |
| US | 8.8.8.8:53 | ewmmuqmqkqye.com | udp |
| US | 8.8.8.8:53 | wrwrqnof.net | udp |
| US | 8.8.8.8:53 | xrdsbgmgui.net | udp |
| US | 8.8.8.8:53 | xpbctuhz.net | udp |
| US | 8.8.8.8:53 | xkmgseqryuol.info | udp |
| US | 8.8.8.8:53 | zmriexres.org | udp |
| US | 8.8.8.8:53 | aiaqmocoks.org | udp |
| US | 8.8.8.8:53 | ereicbtufu.net | udp |
| US | 8.8.8.8:53 | qcvbcci.net | udp |
| US | 8.8.8.8:53 | amguzpbvm.info | udp |
| US | 8.8.8.8:53 | inxrdyntchyu.info | udp |
| US | 8.8.8.8:53 | ptjdxyjmg.net | udp |
| US | 8.8.8.8:53 | lbjrgpoucoex.info | udp |
| US | 8.8.8.8:53 | cdwepwvgu.info | udp |
| US | 8.8.8.8:53 | rkbvuq.net | udp |
| US | 8.8.8.8:53 | ewioce.org | udp |
| US | 8.8.8.8:53 | ayciqpozwea.info | udp |
| US | 8.8.8.8:53 | hdeyuhk.info | udp |
| US | 8.8.8.8:53 | scnsesrmchy.info | udp |
| US | 8.8.8.8:53 | hfjfqthasdbv.info | udp |
| US | 8.8.8.8:53 | vkhbhch.info | udp |
| US | 8.8.8.8:53 | rqobkubxdc.net | udp |
| US | 8.8.8.8:53 | rgpgdaz.info | udp |
| US | 8.8.8.8:53 | cbztfskkwj.info | udp |
| US | 8.8.8.8:53 | ycjetyzukb.net | udp |
| US | 8.8.8.8:53 | mpfvguaylyh.info | udp |
| US | 8.8.8.8:53 | mgtqwigjx.info | udp |
| US | 8.8.8.8:53 | hvuplo.net | udp |
| US | 8.8.8.8:53 | jcmcalnjybd.info | udp |
| US | 8.8.8.8:53 | pabchqe.com | udp |
| US | 8.8.8.8:53 | aazvhf.net | udp |
| US | 8.8.8.8:53 | ogcogeskuauo.com | udp |
| US | 8.8.8.8:53 | rgacdcur.info | udp |
| US | 8.8.8.8:53 | dhcebyjy.info | udp |
| US | 8.8.8.8:53 | iouqsuqk.org | udp |
| US | 8.8.8.8:53 | uguepm.info | udp |
| US | 8.8.8.8:53 | ceiiouiy.com | udp |
| US | 8.8.8.8:53 | egkrcedjov.info | udp |
| US | 8.8.8.8:53 | kphkkrtjtg.info | udp |
| US | 8.8.8.8:53 | hetqjsknfitk.net | udp |
| US | 8.8.8.8:53 | iyzkpeyqm.net | udp |
| US | 8.8.8.8:53 | ydveluanv.info | udp |
| US | 8.8.8.8:53 | tjdeuoco.info | udp |
| US | 8.8.8.8:53 | cxpifww.net | udp |
| US | 8.8.8.8:53 | rdjxrzpdlv.net | udp |
| US | 8.8.8.8:53 | bcvzzboe.net | udp |
| US | 8.8.8.8:53 | lelndhouzvb.org | udp |
| US | 8.8.8.8:53 | rtxrksgkohn.net | udp |
| US | 8.8.8.8:53 | gjlotqtjzqtk.info | udp |
| US | 8.8.8.8:53 | pxfqrhhm.net | udp |
| US | 8.8.8.8:53 | ntzfwvejio.net | udp |
| US | 8.8.8.8:53 | fatwcxv.com | udp |
| US | 8.8.8.8:53 | edscdef.net | udp |
| US | 8.8.8.8:53 | xbibjqj.com | udp |
| US | 8.8.8.8:53 | faavipbtdvtm.net | udp |
| US | 8.8.8.8:53 | wwsmae.org | udp |
| US | 8.8.8.8:53 | yowway.com | udp |
| US | 8.8.8.8:53 | sgqfpophtuto.net | udp |
| US | 8.8.8.8:53 | imayak.org | udp |
| US | 8.8.8.8:53 | ajymvdtu.net | udp |
| US | 8.8.8.8:53 | ysbbnp.net | udp |
| US | 8.8.8.8:53 | iifxvqscy.net | udp |
| US | 8.8.8.8:53 | gnhhfpfz.info | udp |
| US | 8.8.8.8:53 | cuyyee.com | udp |
| US | 8.8.8.8:53 | zsviaj.info | udp |
| US | 8.8.8.8:53 | gzhovjzy.info | udp |
| US | 8.8.8.8:53 | amwqcmqw.com | udp |
| US | 8.8.8.8:53 | vdxqjf.info | udp |
| US | 8.8.8.8:53 | foawrqz.info | udp |
| US | 8.8.8.8:53 | gslpnul.net | udp |
| US | 8.8.8.8:53 | cjwimtimson.info | udp |
| US | 8.8.8.8:53 | zczzekazkkn.com | udp |
| US | 8.8.8.8:53 | jhxeoocoyerw.net | udp |
| US | 8.8.8.8:53 | pvnylxrzvawr.net | udp |
| US | 8.8.8.8:53 | vogqsod.info | udp |
| US | 8.8.8.8:53 | zfkvrm.net | udp |
| US | 8.8.8.8:53 | wlanyvxrow.net | udp |
| US | 8.8.8.8:53 | nvzihpnwf.net | udp |
| US | 8.8.8.8:53 | ggvtjua.info | udp |
| US | 8.8.8.8:53 | aqttqmnitpv.info | udp |
| US | 8.8.8.8:53 | vgazeqpkxhoy.net | udp |
| US | 8.8.8.8:53 | ymeijavkltbp.info | udp |
| US | 8.8.8.8:53 | nsrorb.info | udp |
| US | 8.8.8.8:53 | ltzypxrqsw.info | udp |
| US | 8.8.8.8:53 | mwltwnvjhu.net | udp |
| US | 8.8.8.8:53 | ztpvkfdmt.info | udp |
| US | 8.8.8.8:53 | kknrkuuinil.info | udp |
| US | 8.8.8.8:53 | fpogbrsi.net | udp |
| US | 8.8.8.8:53 | seiybm.net | udp |
| US | 8.8.8.8:53 | tbythjsl.net | udp |
| US | 8.8.8.8:53 | cussqcakoese.com | udp |
| US | 8.8.8.8:53 | joppgbkfpy.info | udp |
| US | 8.8.8.8:53 | fxbcpzrz.info | udp |
| US | 8.8.8.8:53 | caekukmc.org | udp |
| US | 8.8.8.8:53 | vpdosnvj.info | udp |
| US | 8.8.8.8:53 | oqwuyo.com | udp |
| US | 8.8.8.8:53 | psjkrhgqgcwt.net | udp |
| US | 8.8.8.8:53 | jyvhnnz.info | udp |
| US | 8.8.8.8:53 | torpxf.net | udp |
| US | 8.8.8.8:53 | eoscqw.org | udp |
| DE | 94.156.201.116:19145 | tcp | |
| US | 8.8.8.8:53 | uyyawsckycgo.org | udp |
| US | 8.8.8.8:53 | soumqigk.com | udp |
| US | 8.8.8.8:53 | mlmwhqpjjsm.info | udp |
| US | 8.8.8.8:53 | itmpmc.info | udp |
| US | 8.8.8.8:53 | ggnsfif.info | udp |
| US | 8.8.8.8:53 | psbyne.net | udp |
| US | 8.8.8.8:53 | futgwarn.info | udp |
| US | 8.8.8.8:53 | bkzdez.info | udp |
| US | 8.8.8.8:53 | tflozmkmbnr.com | udp |
| US | 8.8.8.8:53 | aqthmyfpqbf.net | udp |
| US | 8.8.8.8:53 | llwmrkyqr.info | udp |
| US | 8.8.8.8:53 | nggstmdljra.com | udp |
| US | 8.8.8.8:53 | hjzmmoelxn.info | udp |
| US | 8.8.8.8:53 | 251.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uwlgayfb.net | udp |
| US | 8.8.8.8:53 | wegadal.net | udp |
| US | 8.8.8.8:53 | hhpapq.info | udp |
| US | 8.8.8.8:53 | jgqfeydtglit.net | udp |
| US | 8.8.8.8:53 | jjsqbffahanq.info | udp |
| US | 8.8.8.8:53 | cgaaqcokee.com | udp |
| US | 8.8.8.8:53 | pmrczexx.net | udp |
| US | 8.8.8.8:53 | bsntzlnmt.com | udp |
| US | 8.8.8.8:53 | raeclzljhdfp.net | udp |
| US | 8.8.8.8:53 | uikokwui.com | udp |
| US | 8.8.8.8:53 | qqgvwgn.info | udp |
| US | 8.8.8.8:53 | jalglyvgcnh.org | udp |
| US | 8.8.8.8:53 | manystu.net | udp |
| US | 8.8.8.8:53 | vwhscqbwh.org | udp |
| US | 8.8.8.8:53 | xzxdhyfmrq.net | udp |
| US | 8.8.8.8:53 | ntjyht.info | udp |
| US | 8.8.8.8:53 | fafwizutysbn.info | udp |
| US | 8.8.8.8:53 | faqcowdvb.org | udp |
| US | 8.8.8.8:53 | mqturgpkvcn.net | udp |
| US | 8.8.8.8:53 | cwwgicwkoa.org | udp |
| US | 8.8.8.8:53 | lhtaojpn.info | udp |
| US | 8.8.8.8:53 | xksdtasj.info | udp |
| US | 8.8.8.8:53 | bowvfj.net | udp |
| US | 8.8.8.8:53 | qowhhghq.net | udp |
| US | 8.8.8.8:53 | vazutursr.com | udp |
| US | 8.8.8.8:53 | ptjxnmtpat.net | udp |
| US | 8.8.8.8:53 | bedfmldkjroh.info | udp |
| US | 8.8.8.8:53 | uwuycykqiiic.com | udp |
| US | 8.8.8.8:53 | ikmgioey.com | udp |
| US | 8.8.8.8:53 | erxacranvsjj.info | udp |
| US | 8.8.8.8:53 | ergbotllwu.info | udp |
| US | 8.8.8.8:53 | palclqf.org | udp |
| US | 8.8.8.8:53 | hulsluqzmpkq.net | udp |
| US | 8.8.8.8:53 | hernaktkk.net | udp |
| US | 8.8.8.8:53 | kygams.org | udp |
| US | 8.8.8.8:53 | bosunoa.info | udp |
| US | 8.8.8.8:53 | btsfbwtdkj.info | udp |
| US | 8.8.8.8:53 | berjrmfg.net | udp |
| US | 8.8.8.8:53 | xmdniaje.net | udp |
| US | 8.8.8.8:53 | fthnjif.info | udp |
| US | 8.8.8.8:53 | pazmpovqsib.info | udp |
| US | 8.8.8.8:53 | xpvkpz.info | udp |
| US | 8.8.8.8:53 | rnashg.info | udp |
| US | 8.8.8.8:53 | jmvxzbbimvlu.net | udp |
| US | 8.8.8.8:53 | foutzjtzmo.info | udp |
| US | 8.8.8.8:53 | lcpyvyxicon.org | udp |
| US | 8.8.8.8:53 | lgkwbqtalsp.com | udp |
| US | 8.8.8.8:53 | cuhfjl.net | udp |
| US | 8.8.8.8:53 | nionwdjuczvq.net | udp |
| US | 8.8.8.8:53 | tvfqtiwpsuje.info | udp |
| US | 8.8.8.8:53 | iuhjbrarnaaa.info | udp |
| US | 8.8.8.8:53 | wepslo.info | udp |
| US | 8.8.8.8:53 | ikwheynod.net | udp |
| US | 8.8.8.8:53 | fhqrmk.info | udp |
| US | 8.8.8.8:53 | umytgvejjm.net | udp |
| US | 8.8.8.8:53 | btckbjpa.info | udp |
| US | 8.8.8.8:53 | fqbmotumywbl.info | udp |
| US | 8.8.8.8:53 | zavugstmp.org | udp |
| US | 8.8.8.8:53 | tynefilwn.org | udp |
| US | 8.8.8.8:53 | qeqgowacekei.org | udp |
| US | 8.8.8.8:53 | igsmqa.org | udp |
| US | 8.8.8.8:53 | asusikmw.org | udp |
| US | 8.8.8.8:53 | ucriuetlj.info | udp |
| US | 8.8.8.8:53 | alrksdoidluz.net | udp |
| US | 8.8.8.8:53 | kjvwnwhd.info | udp |
| US | 8.8.8.8:53 | isvjzaf.info | udp |
| US | 8.8.8.8:53 | qegiiyoyuy.org | udp |
| US | 8.8.8.8:53 | uvsyzdcjjzpm.info | udp |
| US | 8.8.8.8:53 | mglipq.net | udp |
| US | 8.8.8.8:53 | hooonlzz.net | udp |
| US | 8.8.8.8:53 | iwdxfuv.net | udp |
| US | 8.8.8.8:53 | gejtbcfh.net | udp |
| US | 8.8.8.8:53 | buzlyzlenvbq.net | udp |
| US | 8.8.8.8:53 | tkbofwvhx.org | udp |
| US | 8.8.8.8:53 | rcuetbvpfu.info | udp |
| US | 8.8.8.8:53 | wdtenskox.info | udp |
| US | 8.8.8.8:53 | dzhwvch.com | udp |
| US | 8.8.8.8:53 | ukujpbvpbdqv.info | udp |
| US | 8.8.8.8:53 | jdfynkemj.net | udp |
| US | 8.8.8.8:53 | znrnvtzpoo.net | udp |
| US | 8.8.8.8:53 | lqzozkewu.net | udp |
| US | 8.8.8.8:53 | skpbiszrf.info | udp |
| US | 8.8.8.8:53 | wunqzmxfl.net | udp |
| US | 8.8.8.8:53 | ayeaoocgwg.com | udp |
| US | 8.8.8.8:53 | ocowkmyqqa.com | udp |
| US | 8.8.8.8:53 | yvfovkd.info | udp |
| US | 8.8.8.8:53 | uimdhkpoxdli.net | udp |
| US | 8.8.8.8:53 | ulzojllhjav.net | udp |
| US | 8.8.8.8:53 | uybmbmsiv.net | udp |
| US | 8.8.8.8:53 | uuwjmlab.net | udp |
| US | 8.8.8.8:53 | makwuomssoio.com | udp |
| US | 8.8.8.8:53 | kgbwdahrxuua.net | udp |
| US | 8.8.8.8:53 | zrwjldnt.net | udp |
| US | 8.8.8.8:53 | liwnymmm.net | udp |
| US | 8.8.8.8:53 | defgnnkmw.org | udp |
| US | 8.8.8.8:53 | qesyzqsys.info | udp |
| US | 8.8.8.8:53 | nfjfpwxrbkpk.info | udp |
| US | 8.8.8.8:53 | occvhhcm.info | udp |
| US | 8.8.8.8:53 | jcyrpqlyjjug.info | udp |
| US | 8.8.8.8:53 | wfqmhefhbw.info | udp |
| US | 8.8.8.8:53 | nipaycn.info | udp |
| US | 8.8.8.8:53 | zewctxkrn.com | udp |
| US | 8.8.8.8:53 | ciqkuu.org | udp |
| US | 8.8.8.8:53 | vwnxzu.net | udp |
| US | 8.8.8.8:53 | epgqddz.net | udp |
| BG | 46.238.8.135:41875 | tcp | |
| US | 8.8.8.8:53 | eqcwrutmz.net | udp |
| US | 8.8.8.8:53 | gkrmuedvg.info | udp |
| US | 8.8.8.8:53 | akguummy.com | udp |
| US | 8.8.8.8:53 | dvpztwugeh.net | udp |
| US | 8.8.8.8:53 | cmrclkkfndd.info | udp |
| US | 8.8.8.8:53 | lugdzgbcjso.info | udp |
| US | 8.8.8.8:53 | kamsecqyiawk.org | udp |
| US | 8.8.8.8:53 | xuqdkthxhe.info | udp |
| US | 8.8.8.8:53 | dornhwvkb.com | udp |
| US | 8.8.8.8:53 | ugokgc.com | udp |
| US | 8.8.8.8:53 | bczkeicsobnr.net | udp |
| US | 8.8.8.8:53 | ihznbttareh.info | udp |
| US | 8.8.8.8:53 | tsxylz.info | udp |
| US | 8.8.8.8:53 | acioxeb.net | udp |
| US | 8.8.8.8:53 | txnoexua.info | udp |
| US | 8.8.8.8:53 | jyrrfk.info | udp |
| US | 8.8.8.8:53 | dkqprwe.info | udp |
| US | 8.8.8.8:53 | pqjwtyslc.org | udp |
| US | 8.8.8.8:53 | viqasnxylsv.info | udp |
| US | 8.8.8.8:53 | zajsygfgbcjg.net | udp |
| US | 8.8.8.8:53 | hgeddlft.net | udp |
| US | 8.8.8.8:53 | aseaurdf.info | udp |
| US | 8.8.8.8:53 | tcdqcl.net | udp |
| US | 8.8.8.8:53 | mieuyycqccqw.org | udp |
| US | 8.8.8.8:53 | onsicrdy.net | udp |
| US | 8.8.8.8:53 | eqgkiksw.org | udp |
| US | 8.8.8.8:53 | wmosxnjjtd.net | udp |
| US | 8.8.8.8:53 | gycusayqms.org | udp |
| US | 8.8.8.8:53 | wmaawoukeeym.com | udp |
| US | 8.8.8.8:53 | girwrfo.net | udp |
| US | 8.8.8.8:53 | sadhzf.info | udp |
| US | 8.8.8.8:53 | xjvyqdxb.info | udp |
| US | 8.8.8.8:53 | ymmkbf.info | udp |
| US | 8.8.8.8:53 | iewqyakm.com | udp |
| US | 8.8.8.8:53 | ecsjpl.info | udp |
| US | 8.8.8.8:53 | omcxraxnirzt.net | udp |
| US | 8.8.8.8:53 | cyhmjibjxv.info | udp |
| US | 8.8.8.8:53 | nizmxpokxhar.info | udp |
| US | 8.8.8.8:53 | nfdyjo.info | udp |
| US | 8.8.8.8:53 | hhteuyr.info | udp |
| US | 8.8.8.8:53 | yycnlpvf.net | udp |
| US | 8.8.8.8:53 | fsombyl.com | udp |
| US | 8.8.8.8:53 | moxrincvxu.info | udp |
| US | 8.8.8.8:53 | ieiuui.com | udp |
| US | 8.8.8.8:53 | qwbsxgmrbkz.net | udp |
| US | 8.8.8.8:53 | twpnsenu.info | udp |
| US | 8.8.8.8:53 | puagyconm.net | udp |
| US | 8.8.8.8:53 | mffzpj.net | udp |
| US | 8.8.8.8:53 | kmpgmfokfsc.info | udp |
| US | 8.8.8.8:53 | rnrxva.net | udp |
| US | 8.8.8.8:53 | edokhtykjc.info | udp |
| US | 8.8.8.8:53 | ayutqm.net | udp |
| US | 8.8.8.8:53 | usyssisesscc.com | udp |
| US | 8.8.8.8:53 | xyuiho.info | udp |
| US | 8.8.8.8:53 | iqamlhlkrpcw.net | udp |
| US | 8.8.8.8:53 | cscjigjdydsn.net | udp |
| US | 8.8.8.8:53 | wucsuszjlrdu.info | udp |
| US | 8.8.8.8:53 | jmitjfwt.net | udp |
| US | 8.8.8.8:53 | wwummkagkc.org | udp |
| US | 8.8.8.8:53 | gkgyccyumy.com | udp |
| US | 8.8.8.8:53 | ggxgbhvnuc.net | udp |
| US | 8.8.8.8:53 | cksysywsmg.com | udp |
| US | 8.8.8.8:53 | igcuwsewog.com | udp |
| US | 8.8.8.8:53 | kfyqwq.info | udp |
| US | 8.8.8.8:53 | vilwlevusar.info | udp |
| US | 8.8.8.8:53 | jefgfeait.org | udp |
| US | 8.8.8.8:53 | mkcgsowi.com | udp |
| US | 8.8.8.8:53 | jxnilc.info | udp |
| US | 8.8.8.8:53 | pltjplftcgva.info | udp |
| US | 8.8.8.8:53 | gsucuweomy.org | udp |
| US | 8.8.8.8:53 | ngkivmc.org | udp |
| US | 8.8.8.8:53 | jznrjsrs.info | udp |
| US | 8.8.8.8:53 | dyfoqfdwmj.info | udp |
| US | 8.8.8.8:53 | xuwojvqqvej.com | udp |
| US | 8.8.8.8:53 | eglfpihhaot.net | udp |
| US | 8.8.8.8:53 | zzuijdutmibt.info | udp |
| US | 8.8.8.8:53 | eyqqquioge.com | udp |
| US | 8.8.8.8:53 | xxfcmsfcwa.net | udp |
| US | 8.8.8.8:53 | gesokm.com | udp |
| US | 8.8.8.8:53 | lkrley.info | udp |
| US | 8.8.8.8:53 | lmdplrtatjbe.info | udp |
| US | 8.8.8.8:53 | gqkkiaw.net | udp |
| US | 8.8.8.8:53 | zwaktfbanh.info | udp |
| US | 8.8.8.8:53 | lghfgsdfvpvx.info | udp |
| US | 8.8.8.8:53 | kdqbhihpwnve.net | udp |
| US | 8.8.8.8:53 | jakewiw.org | udp |
| US | 8.8.8.8:53 | oopufaxwj.net | udp |
| US | 8.8.8.8:53 | iqacwg.org | udp |
| US | 8.8.8.8:53 | idubva.net | udp |
| US | 8.8.8.8:53 | nvhqiaxfag.info | udp |
| US | 8.8.8.8:53 | cbddpt.info | udp |
| US | 8.8.8.8:53 | hckkxhmv.info | udp |
| US | 8.8.8.8:53 | ssioosqq.com | udp |
| US | 8.8.8.8:53 | pceffh.net | udp |
| US | 8.8.8.8:53 | kgjnjqgtmxnz.net | udp |
| US | 8.8.8.8:53 | nmdemyr.com | udp |
| US | 8.8.8.8:53 | sgpupwhtdhy.net | udp |
| US | 8.8.8.8:53 | azxarftxvyt.net | udp |
| US | 8.8.8.8:53 | uaucisoooc.org | udp |
| US | 8.8.8.8:53 | icuakquc.org | udp |
| US | 8.8.8.8:53 | fhnuoozu.info | udp |
| US | 8.8.8.8:53 | faxqua.net | udp |
| US | 8.8.8.8:53 | mpggwyzyzqc.info | udp |
| US | 8.8.8.8:53 | bzvqgk.info | udp |
| US | 8.8.8.8:53 | iuqkiyoyuy.com | udp |
| US | 8.8.8.8:53 | bdcaxqjqxnvs.net | udp |
| US | 8.8.8.8:53 | fjtahhrwtrzq.net | udp |
| US | 8.8.8.8:53 | oaoipsjsn.info | udp |
| US | 8.8.8.8:53 | hydeharjluz.net | udp |
| US | 8.8.8.8:53 | sifmtetcu.net | udp |
| US | 8.8.8.8:53 | cghtruqwf.info | udp |
| US | 8.8.8.8:53 | dinuwoejy.com | udp |
| US | 8.8.8.8:53 | zwpcnrlz.net | udp |
| US | 8.8.8.8:53 | ygzfpkiejb.info | udp |
| US | 8.8.8.8:53 | lvvkla.net | udp |
| US | 8.8.8.8:53 | vpyxrqapstki.info | udp |
| US | 8.8.8.8:53 | pwhesqyux.net | udp |
| US | 8.8.8.8:53 | oizpebbdyjm.info | udp |
| US | 8.8.8.8:53 | cqkqsa.com | udp |
| US | 8.8.8.8:53 | orxmjv.net | udp |
| US | 8.8.8.8:53 | vpvxzwrzyhrg.info | udp |
| US | 8.8.8.8:53 | roluxcp.net | udp |
| US | 8.8.8.8:53 | ymqkmmkwmyoe.org | udp |
| US | 8.8.8.8:53 | wrjzzfqx.net | udp |
| US | 8.8.8.8:53 | nayuwciqh.net | udp |
| US | 8.8.8.8:53 | lwxebgusd.com | udp |
| US | 8.8.8.8:53 | aeocqh.net | udp |
| US | 8.8.8.8:53 | xxrduem.org | udp |
| US | 8.8.8.8:53 | wlbzkox.info | udp |
| US | 8.8.8.8:53 | hocebyjez.info | udp |
| US | 8.8.8.8:53 | zfpqbsxup.com | udp |
| US | 8.8.8.8:53 | ooquecoq.org | udp |
| US | 8.8.8.8:53 | jefwzetyf.info | udp |
| US | 8.8.8.8:53 | foblzwhin.org | udp |
| US | 8.8.8.8:53 | dcpkgstqebeg.info | udp |
| US | 8.8.8.8:53 | iyculvv.net | udp |
| US | 8.8.8.8:53 | oseook.com | udp |
| US | 8.8.8.8:53 | okyakwmggm.com | udp |
| US | 8.8.8.8:53 | vgcjcgcbn.info | udp |
| US | 8.8.8.8:53 | uysumcsc.com | udp |
| US | 8.8.8.8:53 | kwoueywsyi.org | udp |
| US | 8.8.8.8:53 | mfbgugxgy.net | udp |
| US | 8.8.8.8:53 | uywaasmm.org | udp |
| US | 8.8.8.8:53 | fsewpzsbtlvh.net | udp |
| RU | 178.72.80.110:42827 | tcp | |
| US | 8.8.8.8:53 | zwmqxyi.net | udp |
| US | 8.8.8.8:53 | jkhesyugm.net | udp |
| US | 8.8.8.8:53 | apjxpnbdxrh.net | udp |
| US | 8.8.8.8:53 | oiceyq.com | udp |
| US | 8.8.8.8:53 | wezelmwqs.net | udp |
| US | 8.8.8.8:53 | cnklwzgu.info | udp |
| US | 8.8.8.8:53 | nsdafnv.net | udp |
| US | 8.8.8.8:53 | waogum.org | udp |
| US | 8.8.8.8:53 | rsnyven.net | udp |
| US | 8.8.8.8:53 | uemeqq.org | udp |
| US | 8.8.8.8:53 | aurbbojuc.net | udp |
| US | 8.8.8.8:53 | eozwayt.net | udp |
| US | 8.8.8.8:53 | nkxleqdfain.com | udp |
| US | 8.8.8.8:53 | wcwqawswqska.com | udp |
| US | 8.8.8.8:53 | zsxcjwvjmh.info | udp |
| US | 8.8.8.8:53 | thfgnkxjoabp.info | udp |
| US | 8.8.8.8:53 | fohilibcvup.com | udp |
| US | 8.8.8.8:53 | mscesesy.org | udp |
| US | 8.8.8.8:53 | bymsnchkjan.com | udp |
| US | 8.8.8.8:53 | ceocqdnhugfj.info | udp |
| US | 8.8.8.8:53 | vcngpmy.info | udp |
| US | 8.8.8.8:53 | uwqeaymu.org | udp |
| US | 8.8.8.8:53 | svsntp.net | udp |
| US | 8.8.8.8:53 | tbxxwhpm.info | udp |
| US | 8.8.8.8:53 | lhjijcdwlwxw.net | udp |
| US | 8.8.8.8:53 | mcpjockfak.net | udp |
| US | 8.8.8.8:53 | qebcrnnrh.net | udp |
| US | 8.8.8.8:53 | zavzyudj.info | udp |
| US | 8.8.8.8:53 | vwjafaecjyhr.info | udp |
| US | 8.8.8.8:53 | ovjthhbn.net | udp |
| US | 8.8.8.8:53 | lgvgqaf.net | udp |
| US | 8.8.8.8:53 | qqmmogomcoei.com | udp |
| US | 8.8.8.8:53 | ykmeagkasw.org | udp |
| US | 8.8.8.8:53 | ryimnkm.net | udp |
| US | 8.8.8.8:53 | bbugmrnz.info | udp |
| US | 8.8.8.8:53 | rohfvfbr.net | udp |
| US | 8.8.8.8:53 | edejlfbdnp.info | udp |
| US | 8.8.8.8:53 | qvblrqz.info | udp |
| US | 8.8.8.8:53 | tjkirdbumaf.info | udp |
| US | 8.8.8.8:53 | wnlztgrrzyrv.info | udp |
| US | 8.8.8.8:53 | icsegmoqwg.org | udp |
| US | 8.8.8.8:53 | eumewe.org | udp |
| US | 8.8.8.8:53 | linbbyvblyxt.net | udp |
| US | 8.8.8.8:53 | hbjxbitwltb.com | udp |
| US | 8.8.8.8:53 | zapixvhc.net | udp |
| US | 8.8.8.8:53 | zmijiwzmlwaw.net | udp |
| US | 8.8.8.8:53 | ruygxkybpob.org | udp |
| US | 8.8.8.8:53 | vyzsinfsy.info | udp |
| US | 8.8.8.8:53 | fubsovxnmvgp.info | udp |
| US | 8.8.8.8:53 | bcxpzyvgqhp.com | udp |
| US | 8.8.8.8:53 | drtbuwftqeyz.net | udp |
| US | 8.8.8.8:53 | dgdejlj.com | udp |
| US | 8.8.8.8:53 | qpbybaxc.info | udp |
| US | 8.8.8.8:53 | zelijdchkol.com | udp |
| US | 8.8.8.8:53 | jwriqalwxrv.info | udp |
| US | 8.8.8.8:53 | pykztbsjmo.net | udp |
| US | 8.8.8.8:53 | ocmzofzajw.net | udp |
| US | 8.8.8.8:53 | ugdrja.net | udp |
| US | 8.8.8.8:53 | dujmywmyw.com | udp |
| US | 8.8.8.8:53 | dxtfqnwy.net | udp |
| US | 8.8.8.8:53 | perwemhgh.net | udp |
| US | 8.8.8.8:53 | avhqgr.net | udp |
| US | 8.8.8.8:53 | oukgysgakw.org | udp |
| US | 8.8.8.8:53 | puppymtel.org | udp |
| US | 8.8.8.8:53 | ukhwpvpzj.net | udp |
| US | 8.8.8.8:53 | xymohloop.org | udp |
| US | 8.8.8.8:53 | mvfzzttt.net | udp |
| US | 8.8.8.8:53 | nkmwdxgipsr.net | udp |
| US | 8.8.8.8:53 | jggazivqwh.info | udp |
| US | 8.8.8.8:53 | rxzqcgm.net | udp |
| US | 8.8.8.8:53 | eckgsyqyusaq.org | udp |
| US | 8.8.8.8:53 | gtlyfp.info | udp |
| US | 8.8.8.8:53 | iijaadysmch.info | udp |
| US | 8.8.8.8:53 | jmvjyquz.info | udp |
| US | 8.8.8.8:53 | xhrsvoiq.info | udp |
| US | 8.8.8.8:53 | euprohpc.info | udp |
| US | 8.8.8.8:53 | gsacdejgt.info | udp |
| US | 8.8.8.8:53 | nklodouec.info | udp |
| US | 8.8.8.8:53 | dzhbuv.info | udp |
| US | 34.227.7.138:80 | zagyxzu.net | tcp |
| US | 8.8.8.8:53 | mcqlfeobl.info | udp |
| DE | 85.214.228.140:80 | yvlevtbtem.info | tcp |
| US | 8.8.8.8:53 | rzvgqzoqqlzs.info | udp |
| US | 8.8.8.8:53 | tzjwdtjs.info | udp |
| US | 8.8.8.8:53 | vqbizkz.org | udp |
| US | 8.8.8.8:53 | isiqwy.org | udp |
| US | 8.8.8.8:53 | khsktyr.info | udp |
| US | 8.8.8.8:53 | ekinxs.net | udp |
| US | 8.8.8.8:53 | imsefqsjjty.net | udp |
| US | 8.8.8.8:53 | vauvovlapzvl.net | udp |
| US | 8.8.8.8:53 | cdrubdlzbz.net | udp |
| US | 8.8.8.8:53 | sacaesqakk.org | udp |
| US | 8.8.8.8:53 | sfklalwt.info | udp |
| US | 8.8.8.8:53 | quxslcvwbsx.net | udp |
| US | 8.8.8.8:53 | gyfkxogkw.net | udp |
| US | 208.117.43.225:80 | gxovrewca.info | tcp |
| BG | 85.91.130.138:40620 | tcp | |
| US | 8.8.8.8:53 | wiswdcqndvz.info | udp |
| US | 8.8.8.8:53 | nsqrpg.net | udp |
| US | 8.8.8.8:53 | autwpptdv.net | udp |
| US | 8.8.8.8:53 | xgjqblxbp.org | udp |
| US | 8.8.8.8:53 | kglkferkp.net | udp |
| US | 8.8.8.8:53 | yaxpgshqjy.net | udp |
| US | 8.8.8.8:53 | dwtmrtauh.net | udp |
| US | 8.8.8.8:53 | lkpfthcneopu.info | udp |
| US | 8.8.8.8:53 | fsvoaogof.org | udp |
| US | 8.8.8.8:53 | tvloihjbsb.net | udp |
| US | 8.8.8.8:53 | nevideuo.info | udp |
| US | 8.8.8.8:53 | kcocqqwwkcsm.org | udp |
| US | 8.8.8.8:53 | eiaagytyy.info | udp |
| US | 8.8.8.8:53 | ugwikuki.com | udp |
| US | 8.8.8.8:53 | wwrfdwk.net | udp |
| US | 8.8.8.8:53 | tjhrztqbpfhw.net | udp |
| US | 8.8.8.8:53 | oeakqsiiugsu.org | udp |
| US | 8.8.8.8:53 | uqxdcy.net | udp |
| US | 8.8.8.8:53 | tvtumycbj.info | udp |
| US | 8.8.8.8:53 | kioquvhbf.info | udp |
| US | 8.8.8.8:53 | usuygtfz.net | udp |
| US | 8.8.8.8:53 | qsqgyycuoy.com | udp |
| US | 8.8.8.8:53 | gsbjzqw.info | udp |
| US | 8.8.8.8:53 | rogwdgjqk.org | udp |
| US | 8.8.8.8:53 | dekcetwykm.net | udp |
| US | 8.8.8.8:53 | bubtcdxlfaqp.info | udp |
| US | 8.8.8.8:53 | aqqckymemy.com | udp |
| US | 8.8.8.8:53 | eikxnspqxuf.info | udp |
| US | 8.8.8.8:53 | wudrlgzax.info | udp |
| US | 8.8.8.8:53 | kuftfbvup.info | udp |
| US | 8.8.8.8:53 | jmbozkdve.net | udp |
| US | 8.8.8.8:53 | bwfgqykjpmmv.net | udp |
| US | 8.8.8.8:53 | lbmajwuuq.com | udp |
| US | 8.8.8.8:53 | fwaneylwz.com | udp |
| US | 8.8.8.8:53 | rjkuffif.info | udp |
| US | 8.8.8.8:53 | tcbopdsif.net | udp |
| US | 8.8.8.8:53 | eiwqqo.com | udp |
| US | 8.8.8.8:53 | atgddvetdmmi.info | udp |
| US | 8.8.8.8:53 | vsfctwl.com | udp |
| US | 8.8.8.8:53 | ovqodpzd.net | udp |
| US | 8.8.8.8:53 | rylsbwaix.com | udp |
| US | 8.8.8.8:53 | crnvkwkg.net | udp |
| US | 8.8.8.8:53 | fgzerawqz.com | udp |
| US | 8.8.8.8:53 | cgwucwuy.com | udp |
| US | 8.8.8.8:53 | dtjulkfi.info | udp |
| US | 8.8.8.8:53 | jobjpk.info | udp |
| US | 8.8.8.8:53 | jflyjmn.com | udp |
| US | 8.8.8.8:53 | nenctuyaj.com | udp |
| US | 8.8.8.8:53 | jjfltdperf.net | udp |
| US | 8.8.8.8:53 | idnmjdeb.info | udp |
| US | 8.8.8.8:53 | xczvodoqqrbf.net | udp |
| US | 8.8.8.8:53 | mzoshovltpyr.info | udp |
| US | 8.8.8.8:53 | fqnwxuk.info | udp |
| US | 8.8.8.8:53 | mgcesumccm.com | udp |
| US | 8.8.8.8:53 | lsghprkecgo.org | udp |
| US | 8.8.8.8:53 | lgmgcdygf.com | udp |
| US | 8.8.8.8:53 | swjmhihwl.info | udp |
| US | 8.8.8.8:53 | cdfmblcf.info | udp |
| US | 8.8.8.8:53 | acgaoqww.com | udp |
| US | 8.8.8.8:53 | xbwkjoszfjw.org | udp |
| US | 8.8.8.8:53 | pmnquhf.org | udp |
| US | 8.8.8.8:53 | kujqvevcnpt.info | udp |
| US | 8.8.8.8:53 | qxnovodjnwph.net | udp |
| US | 8.8.8.8:53 | wymyckya.com | udp |
| US | 8.8.8.8:53 | iyjxjjvajyp.info | udp |
| US | 8.8.8.8:53 | ketwcpl.net | udp |
| US | 8.8.8.8:53 | kedaukfm.info | udp |
| US | 8.8.8.8:53 | oxnutcxouw.net | udp |
| US | 8.8.8.8:53 | wpwnksjsdm.net | udp |
| US | 8.8.8.8:53 | wisikukgcq.org | udp |
| US | 8.8.8.8:53 | uovyresga.net | udp |
| US | 8.8.8.8:53 | kyxkljw.info | udp |
| US | 8.8.8.8:53 | zmzehifwl.info | udp |
| US | 8.8.8.8:53 | mugbnvyd.info | udp |
| US | 8.8.8.8:53 | irfdvndbbaiy.info | udp |
| US | 8.8.8.8:53 | xtlbisdp.info | udp |
| US | 8.8.8.8:53 | fwfeexky.info | udp |
| US | 8.8.8.8:53 | lgnrgqpc.net | udp |
| US | 8.8.8.8:53 | tyljfojal.com | udp |
| US | 8.8.8.8:53 | ymnypcr.net | udp |
| US | 8.8.8.8:53 | biolfkjr.info | udp |
| US | 8.8.8.8:53 | jnerxggo.info | udp |
| US | 8.8.8.8:53 | yvwtursp.net | udp |
| US | 8.8.8.8:53 | dlpywqnqj.org | udp |
| US | 8.8.8.8:53 | xopybuh.net | udp |
| US | 8.8.8.8:53 | ghspla.net | udp |
| US | 8.8.8.8:53 | ouussmaquo.com | udp |
| US | 8.8.8.8:53 | vjvqrkgcr.info | udp |
| US | 8.8.8.8:53 | cdbrks.net | udp |
| US | 8.8.8.8:53 | vqxxfkf.net | udp |
| US | 8.8.8.8:53 | kfzfgdnu.info | udp |
| US | 8.8.8.8:53 | rylvtpm.net | udp |
| US | 8.8.8.8:53 | bqkkuwuxmgxr.info | udp |
| US | 8.8.8.8:53 | upajaajl.info | udp |
| US | 8.8.8.8:53 | qgzxlexab.info | udp |
| US | 8.8.8.8:53 | tamelysw.info | udp |
| US | 8.8.8.8:53 | yfdcuttz.info | udp |
| US | 8.8.8.8:53 | tlxttjksnrxh.net | udp |
| US | 8.8.8.8:53 | iimeiekscs.org | udp |
| US | 8.8.8.8:53 | guzhlwbwp.info | udp |
| US | 8.8.8.8:53 | xmxnqsf.com | udp |
| US | 8.8.8.8:53 | swyvegxdtrlb.net | udp |
| US | 8.8.8.8:53 | psnibdfgf.com | udp |
| US | 8.8.8.8:53 | purujsfkd.net | udp |
| US | 8.8.8.8:53 | vsbrzkx.info | udp |
| US | 8.8.8.8:53 | hkxhzqtcjvg.net | udp |
| US | 8.8.8.8:53 | dprelo.info | udp |
| US | 8.8.8.8:53 | ymtylzbaezgu.net | udp |
| US | 8.8.8.8:53 | kckqgksqlsn.info | udp |
| US | 8.8.8.8:53 | ewntdc.net | udp |
| US | 8.8.8.8:53 | rxzznxveuf.net | udp |
| US | 8.8.8.8:53 | idisnoxetot.info | udp |
| US | 8.8.8.8:53 | udwimtbhnc.net | udp |
| US | 8.8.8.8:53 | pddxhqkj.info | udp |
| US | 8.8.8.8:53 | ropgkxok.net | udp |
| US | 8.8.8.8:53 | nermleugbb.info | udp |
| US | 8.8.8.8:53 | qxttnyjhrkvd.net | udp |
| US | 8.8.8.8:53 | tkhqlwnkcol.com | udp |
| US | 8.8.8.8:53 | dwwolbqplsfz.net | udp |
| US | 8.8.8.8:53 | acxops.net | udp |
| US | 8.8.8.8:53 | raxxxsiav.info | udp |
| US | 8.8.8.8:53 | dxoyavtivwpv.net | udp |
| US | 8.8.8.8:53 | hcsyhvohz.com | udp |
| US | 8.8.8.8:53 | tpursd.info | udp |
| US | 8.8.8.8:53 | iidcfctuz.net | udp |
| US | 8.8.8.8:53 | tesgncp.org | udp |
| US | 8.8.8.8:53 | iwmaqwweyuce.com | udp |
| US | 8.8.8.8:53 | szxkwwk.net | udp |
| US | 8.8.8.8:53 | xqyymedwahor.net | udp |
| US | 8.8.8.8:53 | pdnqheedzf.net | udp |
| US | 8.8.8.8:53 | lxdgbska.net | udp |
| US | 8.8.8.8:53 | qbbavakgt.info | udp |
| US | 8.8.8.8:53 | cglmrcfapyq.net | udp |
| US | 8.8.8.8:53 | guwtpuxmp.info | udp |
| US | 8.8.8.8:53 | cckxjf.info | udp |
| US | 8.8.8.8:53 | hyonbmbik.info | udp |
| US | 8.8.8.8:53 | nxnifstiasx.org | udp |
| US | 8.8.8.8:53 | xvkkipmizjoj.net | udp |
| US | 8.8.8.8:53 | fkdiugboa.org | udp |
| US | 8.8.8.8:53 | vvznyu.info | udp |
| US | 8.8.8.8:53 | miuqgwqk.org | udp |
| US | 8.8.8.8:53 | kpvyegoz.info | udp |
| US | 8.8.8.8:53 | xoxvvtjcsjyf.info | udp |
| BG | 213.167.28.200:34894 | tcp | |
| US | 8.8.8.8:53 | uyewwgeokm.com | udp |
| US | 8.8.8.8:53 | zoxuris.net | udp |
| US | 8.8.8.8:53 | ggdcgp.net | udp |
| US | 8.8.8.8:53 | umkqxamcgri.net | udp |
| US | 8.8.8.8:53 | qnvozydmn.info | udp |
| US | 8.8.8.8:53 | rxpdncbgvan.info | udp |
| US | 8.8.8.8:53 | umewqmmeuy.com | udp |
| US | 8.8.8.8:53 | agemmmoygqcg.org | udp |
| US | 8.8.8.8:53 | brjtiihgpj.net | udp |
| US | 8.8.8.8:53 | jmkpjqn.net | udp |
| US | 8.8.8.8:53 | nphglxd.org | udp |
| US | 8.8.8.8:53 | kgjemi.net | udp |
| US | 8.8.8.8:53 | osvmpyyeyue.net | udp |
| US | 8.8.8.8:53 | fysorvjcpyaw.info | udp |
| US | 8.8.8.8:53 | frdltl.info | udp |
| US | 8.8.8.8:53 | nkumkkiddegt.net | udp |
| US | 8.8.8.8:53 | dhoszass.net | udp |
| US | 8.8.8.8:53 | wphexgvozwt.info | udp |
| US | 8.8.8.8:53 | lumcgayqt.info | udp |
| US | 8.8.8.8:53 | eytjeqgsp.info | udp |
| US | 8.8.8.8:53 | ssjqthw.info | udp |
| US | 8.8.8.8:53 | lgluxdzgz.info | udp |
| US | 8.8.8.8:53 | jjgoaixj.info | udp |
| US | 8.8.8.8:53 | wojmlyunjyn.net | udp |
| US | 8.8.8.8:53 | wpcqhg.net | udp |
| US | 8.8.8.8:53 | jskkjdnlngh.net | udp |
| US | 8.8.8.8:53 | mowkmckiqgeo.com | udp |
| US | 8.8.8.8:53 | tuutoxsynoyk.net | udp |
| US | 8.8.8.8:53 | osmcaaks.com | udp |
| US | 8.8.8.8:53 | jmegkkp.com | udp |
| US | 8.8.8.8:53 | bhdwdokib.org | udp |
| US | 8.8.8.8:53 | pfnqtp.net | udp |
| US | 8.8.8.8:53 | hujopdekjus.com | udp |
| US | 8.8.8.8:53 | zgudvcwxr.com | udp |
| US | 8.8.8.8:53 | umlzvkqgx.info | udp |
| US | 8.8.8.8:53 | vszknwoqd.net | udp |
| US | 8.8.8.8:53 | yuzhnmhy.info | udp |
| US | 8.8.8.8:53 | yhbfozcm.info | udp |
| US | 8.8.8.8:53 | vkhoaejkl.net | udp |
| US | 8.8.8.8:53 | owukiyuqeaic.com | udp |
| US | 8.8.8.8:53 | nglddwzpiwf.com | udp |
| US | 8.8.8.8:53 | zncmww.info | udp |
| US | 8.8.8.8:53 | qiqwyykeysys.com | udp |
| US | 8.8.8.8:53 | rhaestmtdb.net | udp |
| US | 8.8.8.8:53 | qktgjtqajtz.net | udp |
| US | 8.8.8.8:53 | xkumavlp.info | udp |
| US | 8.8.8.8:53 | rkuexkbwvufy.info | udp |
| US | 8.8.8.8:53 | blfaox.info | udp |
| US | 8.8.8.8:53 | pfvbnklr.net | udp |
| US | 8.8.8.8:53 | sszextain.net | udp |
| US | 8.8.8.8:53 | dyuwroqhh.info | udp |
| US | 8.8.8.8:53 | uqvqvof.net | udp |
| US | 8.8.8.8:53 | vxybtikwd.info | udp |
| US | 8.8.8.8:53 | vcrgfsaqx.org | udp |
| US | 8.8.8.8:53 | xgbarhd.com | udp |
| US | 8.8.8.8:53 | vmgypyuuhwd.com | udp |
| US | 8.8.8.8:53 | cuevmsdbpm.net | udp |
| US | 8.8.8.8:53 | vansyum.com | udp |
| US | 8.8.8.8:53 | gmyems.org | udp |
| US | 8.8.8.8:53 | undsfetreaew.info | udp |
| US | 8.8.8.8:53 | suiyeayi.org | udp |
| US | 8.8.8.8:53 | mbcqvg.net | udp |
| US | 8.8.8.8:53 | wprulitqrkti.info | udp |
| US | 8.8.8.8:53 | zrrsxztpjfem.net | udp |
| US | 8.8.8.8:53 | mfvomkg.info | udp |
| US | 8.8.8.8:53 | ovstxcdlgwdv.net | udp |
| US | 8.8.8.8:53 | mwgmfszwfsh.net | udp |
| US | 8.8.8.8:53 | ncdqfzhp.info | udp |
| US | 8.8.8.8:53 | imkgswak.org | udp |
| US | 8.8.8.8:53 | mmzehxgnpohx.net | udp |
| US | 8.8.8.8:53 | aahalsz.net | udp |
| US | 8.8.8.8:53 | acnubebmn.info | udp |
| US | 8.8.8.8:53 | nxzombzf.net | udp |
| US | 8.8.8.8:53 | rntvzyvsqj.info | udp |
| US | 8.8.8.8:53 | edasqspseum.info | udp |
| US | 8.8.8.8:53 | xdjcla.info | udp |
| US | 8.8.8.8:53 | eempsu.info | udp |
| US | 8.8.8.8:53 | pwdooyphk.net | udp |
| US | 8.8.8.8:53 | qsbersvx.info | udp |
| US | 8.8.8.8:53 | odjnfatkvlgr.net | udp |
| US | 8.8.8.8:53 | gmhtxuhhcz.info | udp |
| US | 8.8.8.8:53 | timvskcsh.net | udp |
| US | 8.8.8.8:53 | waqxblbomoh.net | udp |
| US | 8.8.8.8:53 | eiyykeo.info | udp |
| US | 8.8.8.8:53 | uqefngb.net | udp |
| US | 8.8.8.8:53 | pffuoiumv.net | udp |
| US | 8.8.8.8:53 | rybsdpxvmnws.info | udp |
| US | 8.8.8.8:53 | llvozjjmi.com | udp |
| US | 8.8.8.8:53 | fginxixq.net | udp |
| US | 8.8.8.8:53 | zzjknggkwxhz.net | udp |
| US | 8.8.8.8:53 | hjmhldqmwf.info | udp |
| US | 8.8.8.8:53 | twzcmuxgx.info | udp |
| US | 8.8.8.8:53 | pstizcp.net | udp |
| US | 8.8.8.8:53 | loboje.info | udp |
| US | 8.8.8.8:53 | qqhotaylpev.info | udp |
| US | 8.8.8.8:53 | oapzhsk.info | udp |
| US | 8.8.8.8:53 | ypkuwkxk.net | udp |
| US | 8.8.8.8:53 | asqokeugye.com | udp |
| US | 8.8.8.8:53 | itkrkepifm.info | udp |
| US | 8.8.8.8:53 | caxhsn.net | udp |
| US | 8.8.8.8:53 | qwxqytjvo.net | udp |
| US | 8.8.8.8:53 | mcmlhits.info | udp |
| US | 8.8.8.8:53 | juronwf.net | udp |
| US | 8.8.8.8:53 | jwioqov.info | udp |
| US | 8.8.8.8:53 | buisur.info | udp |
| US | 8.8.8.8:53 | ldirdi.info | udp |
| US | 8.8.8.8:53 | qqwwgqtzbjd.info | udp |
| US | 8.8.8.8:53 | pmopzqljjgne.info | udp |
| US | 8.8.8.8:53 | lyzebuhs.info | udp |
| US | 8.8.8.8:53 | tibdhnvakd.net | udp |
| US | 8.8.8.8:53 | khdqhpb.net | udp |
| US | 8.8.8.8:53 | zisyqyrsj.org | udp |
| US | 8.8.8.8:53 | hppzuatio.com | udp |
| US | 8.8.8.8:53 | aiaqiqohnxw.info | udp |
| US | 8.8.8.8:53 | wydszav.net | udp |
| US | 8.8.8.8:53 | rgrcrtgum.com | udp |
| US | 8.8.8.8:53 | rnvyumslvgot.net | udp |
| US | 8.8.8.8:53 | jmnoexwhge.info | udp |
| US | 8.8.8.8:53 | eqpyndl.net | udp |
| US | 8.8.8.8:53 | hpaenwbetwq.com | udp |
| US | 8.8.8.8:53 | wwlqzmnar.info | udp |
| US | 8.8.8.8:53 | oyafuoxhdky.info | udp |
| US | 8.8.8.8:53 | mpbidmzm.net | udp |
| US | 8.8.8.8:53 | tjrkrqprbevj.net | udp |
| US | 8.8.8.8:53 | cktlmrenxe.info | udp |
| US | 8.8.8.8:53 | yiiioofyx.info | udp |
| US | 8.8.8.8:53 | pndshdzgdu.info | udp |
| US | 8.8.8.8:53 | ekcyoa.org | udp |
| BG | 84.40.115.39:34181 | tcp | |
| US | 8.8.8.8:53 | bobijjkdnwnu.net | udp |
| US | 8.8.8.8:53 | kmskpu.info | udp |
| US | 8.8.8.8:53 | reqlfebe.info | udp |
| US | 8.8.8.8:53 | aetgjbrvrovv.info | udp |
| US | 8.8.8.8:53 | guqocqkg.org | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iokkgmiioq.com | udp |
| US | 8.8.8.8:53 | xqkcnggkj.info | udp |
| US | 8.8.8.8:53 | trwidfy.net | udp |
| US | 8.8.8.8:53 | juqqizbyk.com | udp |
| US | 8.8.8.8:53 | agykeqksuosy.org | udp |
| US | 8.8.8.8:53 | sdgctvrac.net | udp |
| US | 8.8.8.8:53 | femeebwa.info | udp |
| US | 8.8.8.8:53 | nelooxrwbs.net | udp |
| US | 8.8.8.8:53 | znzkewnog.info | udp |
| US | 8.8.8.8:53 | zksypckon.net | udp |
| US | 8.8.8.8:53 | urgwesgmp.info | udp |
| US | 8.8.8.8:53 | bawwqwmsbiah.net | udp |
| US | 8.8.8.8:53 | eqawok.com | udp |
| US | 8.8.8.8:53 | oefnjlji.net | udp |
| US | 8.8.8.8:53 | rspxfkvezu.info | udp |
| US | 8.8.8.8:53 | hmoajsdal.info | udp |
| US | 8.8.8.8:53 | somslvl.net | udp |
| US | 8.8.8.8:53 | nglkhzsvsav.com | udp |
| US | 8.8.8.8:53 | pjumnwnmv.com | udp |
| US | 8.8.8.8:53 | lgnhfztlzlcj.info | udp |
| US | 8.8.8.8:53 | dchkpjhixjds.net | udp |
| US | 8.8.8.8:53 | ydhwywhk.info | udp |
| US | 8.8.8.8:53 | ioabvszktayp.net | udp |
| US | 8.8.8.8:53 | bhhchgi.com | udp |
| US | 8.8.8.8:53 | mehcvmrex.info | udp |
| US | 8.8.8.8:53 | vejudutqs.org | udp |
| US | 8.8.8.8:53 | aaucsaaqkmio.org | udp |
| US | 8.8.8.8:53 | xkhbnqy.info | udp |
| US | 8.8.8.8:53 | dabjlwlk.net | udp |
| US | 8.8.8.8:53 | zdnqvcltvsz.net | udp |
| US | 8.8.8.8:53 | wkzxzk.net | udp |
| US | 8.8.8.8:53 | xsuchgz.info | udp |
| US | 8.8.8.8:53 | zwletaitq.info | udp |
| US | 8.8.8.8:53 | cndwjgbknnm.info | udp |
| US | 8.8.8.8:53 | qyyeqmuiig.com | udp |
| US | 8.8.8.8:53 | jezspuu.com | udp |
| US | 8.8.8.8:53 | jdydxkpfmtl.net | udp |
| US | 8.8.8.8:53 | mvvszipnr.net | udp |
| US | 8.8.8.8:53 | tztyhwta.info | udp |
| US | 8.8.8.8:53 | pqywiermbym.net | udp |
| US | 8.8.8.8:53 | dkpeeocmxpjs.info | udp |
| US | 8.8.8.8:53 | lexllnh.net | udp |
| US | 8.8.8.8:53 | lswnqnqzwa.info | udp |
| US | 8.8.8.8:53 | nqhurimfj.org | udp |
| US | 8.8.8.8:53 | aaycawagsi.org | udp |
| US | 8.8.8.8:53 | eukqapdidrk.info | udp |
| US | 8.8.8.8:53 | rmwbsmjktg.net | udp |
| US | 8.8.8.8:53 | nepxrapdj.net | udp |
| US | 8.8.8.8:53 | gojrlnj.info | udp |
| US | 8.8.8.8:53 | mhysxrscpzh.net | udp |
| US | 8.8.8.8:53 | xptedduulxgb.info | udp |
| US | 8.8.8.8:53 | aqtwyyewv.info | udp |
| US | 8.8.8.8:53 | snnoegdwryno.net | udp |
| US | 8.8.8.8:53 | ajhodtvkc.net | udp |
| US | 8.8.8.8:53 | qwumyggu.org | udp |
| US | 8.8.8.8:53 | yroymt.net | udp |
| US | 8.8.8.8:53 | pujucdsk.net | udp |
| US | 8.8.8.8:53 | dqsdzd.info | udp |
| US | 8.8.8.8:53 | bnsyzgr.com | udp |
| US | 8.8.8.8:53 | hbzjdizb.info | udp |
| US | 8.8.8.8:53 | yuumqaasygmw.org | udp |
| US | 8.8.8.8:53 | hdotlurhwjvh.info | udp |
| US | 8.8.8.8:53 | actqrjkmwwn.info | udp |
| US | 8.8.8.8:53 | zuihdfmw.info | udp |
| US | 8.8.8.8:53 | nennbgr.net | udp |
| US | 8.8.8.8:53 | nyxilsggp.info | udp |
| US | 8.8.8.8:53 | ucmypct.info | udp |
| US | 8.8.8.8:53 | ayfckstsoch.net | udp |
| US | 8.8.8.8:53 | efbepnwi.net | udp |
| US | 8.8.8.8:53 | jwkcrxziv.com | udp |
| US | 8.8.8.8:53 | mexyzadmp.net | udp |
| US | 8.8.8.8:53 | gcgmkkeyagqe.com | udp |
| US | 8.8.8.8:53 | licaosjgsjux.info | udp |
| US | 8.8.8.8:53 | rrpglwh.com | udp |
| US | 8.8.8.8:53 | npmfwrwekqzy.net | udp |
| US | 8.8.8.8:53 | bsvnpeteyek.net | udp |
| US | 8.8.8.8:53 | girwll.net | udp |
| US | 8.8.8.8:53 | vanodzljqmn.com | udp |
| US | 8.8.8.8:53 | rulaikhfxg.net | udp |
| US | 8.8.8.8:53 | epjtnauthl.net | udp |
| US | 8.8.8.8:53 | navaekxycd.net | udp |
| US | 8.8.8.8:53 | sbjamlvaygh.info | udp |
| US | 8.8.8.8:53 | npxszczafr.net | udp |
| US | 8.8.8.8:53 | yaqygwmunw.net | udp |
| US | 8.8.8.8:53 | bfmkioxbfdye.net | udp |
| US | 8.8.8.8:53 | hhaukgdixgc.com | udp |
| US | 8.8.8.8:53 | iiaoewusykqa.org | udp |
| US | 8.8.8.8:53 | zqhzfbxl.net | udp |
| US | 8.8.8.8:53 | unubkvbgps.info | udp |
| US | 8.8.8.8:53 | rgniwdy.net | udp |
| US | 8.8.8.8:53 | wvhadjhon.net | udp |
| US | 8.8.8.8:53 | unptiolqxz.net | udp |
| US | 8.8.8.8:53 | zczdzknqrpf.info | udp |
| US | 8.8.8.8:53 | vpapyjclrwtu.net | udp |
| US | 8.8.8.8:53 | qepxrlt.net | udp |
| US | 8.8.8.8:53 | tkpcbwlejmut.info | udp |
| US | 8.8.8.8:53 | jrgqzl.info | udp |
| US | 8.8.8.8:53 | fqyobmfft.com | udp |
| US | 8.8.8.8:53 | jcfysqgezkj.com | udp |
| US | 8.8.8.8:53 | citepix.info | udp |
| US | 8.8.8.8:53 | oquzjzqoikt.net | udp |
| US | 8.8.8.8:53 | uuftlnp.info | udp |
| US | 8.8.8.8:53 | xciruggv.net | udp |
| US | 8.8.8.8:53 | qceqikaekkqc.com | udp |
| US | 8.8.8.8:53 | sjvbxazftaa.net | udp |
| US | 8.8.8.8:53 | wicstytgq.net | udp |
| US | 8.8.8.8:53 | nwzayml.org | udp |
| US | 8.8.8.8:53 | ggqoqwoc.com | udp |
| US | 8.8.8.8:53 | keybxkj.net | udp |
| US | 8.8.8.8:53 | myxwxzfwlyu.info | udp |
| US | 8.8.8.8:53 | tdlchsbj.info | udp |
| US | 8.8.8.8:53 | ltrnik.net | udp |
| US | 8.8.8.8:53 | bizpsuebmt.info | udp |
| US | 8.8.8.8:53 | hinwebnbjyh.com | udp |
| US | 8.8.8.8:53 | mcewsaasss.org | udp |
| US | 8.8.8.8:53 | gctmgcfq.net | udp |
| US | 8.8.8.8:53 | ewoextrab.net | udp |
| US | 8.8.8.8:53 | rabdscta.info | udp |
| US | 8.8.8.8:53 | hgboqwg.info | udp |
| US | 8.8.8.8:53 | xajeqhc.info | udp |
| US | 8.8.8.8:53 | tedodftzd.com | udp |
| US | 8.8.8.8:53 | zrnrvnpm.net | udp |
| US | 8.8.8.8:53 | ruwcrbxaz.info | udp |
| US | 8.8.8.8:53 | pgrfmktttwb.org | udp |
| US | 8.8.8.8:53 | zgbwpalwl.net | udp |
| US | 8.8.8.8:53 | gabmxgxco.net | udp |
| US | 8.8.8.8:53 | gyfzbtmg.info | udp |
| US | 8.8.8.8:53 | iqkamaueuwyg.com | udp |
| US | 8.8.8.8:53 | dpjrdawwap.info | udp |
| US | 8.8.8.8:53 | nnrmawm.net | udp |
| US | 8.8.8.8:53 | vebsokjdxot.org | udp |
| US | 8.8.8.8:53 | omcnccrgnor.net | udp |
| US | 8.8.8.8:53 | umyikekmuw.org | udp |
| US | 8.8.8.8:53 | msmeteo.net | udp |
| US | 8.8.8.8:53 | kincpy.net | udp |
| US | 8.8.8.8:53 | tlpmssa.net | udp |
| US | 8.8.8.8:53 | ihnowjytmkku.info | udp |
| US | 8.8.8.8:53 | rkrjzipmvht.org | udp |
| US | 8.8.8.8:53 | ntdgkmipjcdx.info | udp |
| US | 8.8.8.8:53 | nrbyxpgjdv.net | udp |
| US | 8.8.8.8:53 | oipcikwcgqe.info | udp |
| US | 8.8.8.8:53 | vvzbqi.info | udp |
| US | 8.8.8.8:53 | orhapwzifcuc.info | udp |
| US | 8.8.8.8:53 | rytdpp.net | udp |
| US | 8.8.8.8:53 | myakiksuie.com | udp |
| US | 8.8.8.8:53 | ilbzjcpxo.net | udp |
| US | 8.8.8.8:53 | ydnqdafon.net | udp |
| US | 8.8.8.8:53 | czqsbuz.info | udp |
| US | 8.8.8.8:53 | vxlunydxpu.info | udp |
| US | 8.8.8.8:53 | pnnohlhcs.info | udp |
| US | 8.8.8.8:53 | ywkjyhaqjb.info | udp |
| US | 8.8.8.8:53 | ilxcxyjpx.info | udp |
| US | 8.8.8.8:53 | hcydwntgwywm.info | udp |
| US | 8.8.8.8:53 | dnokev.info | udp |
| US | 8.8.8.8:53 | lgymtxu.info | udp |
| US | 8.8.8.8:53 | upvmswcyv.net | udp |
| US | 8.8.8.8:53 | pqdsnxnkaq.net | udp |
| US | 8.8.8.8:53 | vodrnedob.net | udp |
| US | 8.8.8.8:53 | abblavog.net | udp |
| US | 8.8.8.8:53 | lehdhu.net | udp |
| US | 8.8.8.8:53 | ptjdxyjmg.net | udp |
| US | 8.8.8.8:53 | msuglepurbr.info | udp |
| US | 8.8.8.8:53 | bpptpmrzzyac.net | udp |
| US | 8.8.8.8:53 | siuimksyyw.org | udp |
| US | 8.8.8.8:53 | acgaiaie.com | udp |
| US | 8.8.8.8:53 | wqywrcx.info | udp |
| US | 8.8.8.8:53 | nqhldgj.org | udp |
| US | 8.8.8.8:53 | mmopzitorat.net | udp |
| US | 8.8.8.8:53 | sklsbwz.net | udp |
| US | 8.8.8.8:53 | mmvqjexmd.info | udp |
| US | 8.8.8.8:53 | dhrgeeqi.info | udp |
| US | 8.8.8.8:53 | hujlebi.info | udp |
| US | 8.8.8.8:53 | mgtqwigjx.info | udp |
| US | 8.8.8.8:53 | yrozag.info | udp |
| US | 8.8.8.8:53 | gkksiagmyy.org | udp |
| US | 8.8.8.8:53 | dhcebyjy.info | udp |
| US | 8.8.8.8:53 | osmlrkbsxspk.net | udp |
| US | 8.8.8.8:53 | rbrungobaefb.net | udp |
| US | 8.8.8.8:53 | tiyjcz.net | udp |
| US | 8.8.8.8:53 | quyiwgpcx.net | udp |
| US | 8.8.8.8:53 | tjdeuoco.info | udp |
| US | 8.8.8.8:53 | weoghibqnsp.net | udp |
| US | 8.8.8.8:53 | mguqekyc.com | udp |
| US | 8.8.8.8:53 | gmgsbahdlrs.net | udp |
| US | 8.8.8.8:53 | sqyvym.info | udp |
| US | 8.8.8.8:53 | hhdhvtfwf.com | udp |
| US | 8.8.8.8:53 | pxfqrhhm.net | udp |
| US | 8.8.8.8:53 | wbbktstl.info | udp |
| US | 8.8.8.8:53 | iuwwww.org | udp |
| US | 8.8.8.8:53 | usnpkjhbly.net | udp |
| US | 8.8.8.8:53 | fatwcxv.com | udp |
| US | 8.8.8.8:53 | wzzfjkp.net | udp |
| US | 8.8.8.8:53 | kmmiiuqmkosq.com | udp |
| US | 8.8.8.8:53 | faavipbtdvtm.net | udp |
| US | 8.8.8.8:53 | nwsedczktgo.info | udp |
| US | 8.8.8.8:53 | hyiullfz.info | udp |
| US | 8.8.8.8:53 | phyxbqjugr.info | udp |
| US | 8.8.8.8:53 | lfzycnmnpua.com | udp |
| US | 8.8.8.8:53 | zsviaj.info | udp |
| US | 8.8.8.8:53 | csmyas.com | udp |
| US | 8.8.8.8:53 | pknqhulhbx.net | udp |
| US | 8.8.8.8:53 | effoeyrn.info | udp |
| US | 8.8.8.8:53 | uuyqcs.org | udp |
| US | 8.8.8.8:53 | vdxqjf.info | udp |
| US | 8.8.8.8:53 | xfrfzb.net | udp |
| US | 8.8.8.8:53 | hdkjbjcau.info | udp |
| US | 8.8.8.8:53 | myrurnsai.net | udp |
| US | 8.8.8.8:53 | uuoioo.org | udp |
| US | 8.8.8.8:53 | omskemgmwe.org | udp |
| US | 8.8.8.8:53 | ygicocmky.net | udp |
| US | 8.8.8.8:53 | mjcfjqpv.net | udp |
| US | 8.8.8.8:53 | kuuosoyy.com | udp |
| US | 8.8.8.8:53 | yqbciur.info | udp |
| US | 8.8.8.8:53 | ehpzpspfpt.info | udp |
| US | 8.8.8.8:53 | etlolkngqeo.net | udp |
| US | 8.8.8.8:53 | olysndmj.net | udp |
| US | 8.8.8.8:53 | wlanyvxrow.net | udp |
| US | 8.8.8.8:53 | kslmrbnhtbx.info | udp |
| US | 8.8.8.8:53 | yimookay.com | udp |
| US | 8.8.8.8:53 | eccmjudft.info | udp |
| US | 8.8.8.8:53 | odjmnizmf.info | udp |
| US | 8.8.8.8:53 | cfvejrduy.info | udp |
| US | 8.8.8.8:53 | oeimqaek.org | udp |
| US | 8.8.8.8:53 | wmlgoyhcc.info | udp |
| US | 8.8.8.8:53 | dxugnzfn.info | udp |
| US | 8.8.8.8:53 | hkqmwczspkp.net | udp |
| US | 8.8.8.8:53 | vpgqiopawraa.info | udp |
| US | 8.8.8.8:53 | nsrorb.info | udp |
| US | 8.8.8.8:53 | ybpmldqkzgaj.info | udp |
| US | 8.8.8.8:53 | fpplvl.info | udp |
| US | 8.8.8.8:53 | fpogbrsi.net | udp |
| US | 8.8.8.8:53 | ioryvqlapqz.net | udp |
| US | 8.8.8.8:53 | qmjmwsb.info | udp |
| US | 8.8.8.8:53 | polthkszom.info | udp |
| US | 8.8.8.8:53 | hypqlamwx.net | udp |
| US | 8.8.8.8:53 | drfllxxkrk.info | udp |
| US | 8.8.8.8:53 | vtrudohq.info | udp |
| US | 8.8.8.8:53 | joppgbkfpy.info | udp |
| US | 8.8.8.8:53 | cqyaisekakms.org | udp |
| US | 8.8.8.8:53 | psjkrhgqgcwt.net | udp |
| US | 8.8.8.8:53 | zofinuvi.net | udp |
| US | 8.8.8.8:53 | dsnjmut.net | udp |
| US | 8.8.8.8:53 | mlmwhqpjjsm.info | udp |
| US | 8.8.8.8:53 | pnqzqrjqthbg.info | udp |
| US | 8.8.8.8:53 | aqthmyfpqbf.net | udp |
| US | 8.8.8.8:53 | kvgkyklfvnfh.info | udp |
| US | 8.8.8.8:53 | hhpapq.info | udp |
| US | 8.8.8.8:53 | dxptryhkkxuw.info | udp |
| US | 8.8.8.8:53 | lultdbo.info | udp |
| US | 8.8.8.8:53 | hodphw.net | udp |
| US | 8.8.8.8:53 | hqrbdvpagiv.info | udp |
| US | 8.8.8.8:53 | cgaaqcokee.com | udp |
| US | 8.8.8.8:53 | dxumgjwklz.net | udp |
| US | 8.8.8.8:53 | qwfvtcbczad.net | udp |
| US | 8.8.8.8:53 | qbzpeydhls.net | udp |
| US | 8.8.8.8:53 | smjmlooxowj.net | udp |
| US | 8.8.8.8:53 | yocxrurrzg.info | udp |
| US | 8.8.8.8:53 | qqgvwgn.info | udp |
| US | 8.8.8.8:53 | paqdtrzbfv.info | udp |
| US | 8.8.8.8:53 | vwmunozv.info | udp |
| US | 8.8.8.8:53 | aohgxbn.net | udp |
| US | 8.8.8.8:53 | agwegiswsuwc.com | udp |
| US | 8.8.8.8:53 | pkferezlzj.net | udp |
| US | 8.8.8.8:53 | mqturgpkvcn.net | udp |
| US | 8.8.8.8:53 | zixkkidkpet.com | udp |
| US | 8.8.8.8:53 | ptjxnmtpat.net | udp |
| US | 8.8.8.8:53 | ikmgioey.com | udp |
| US | 8.8.8.8:53 | gmlpsuxv.info | udp |
| US | 8.8.8.8:53 | fmsvnwai.net | udp |
| US | 8.8.8.8:53 | vwmielaee.info | udp |
| US | 8.8.8.8:53 | kwaaggim.org | udp |
| US | 8.8.8.8:53 | palclqf.org | udp |
| US | 8.8.8.8:53 | sycxtcpt.info | udp |
| US | 8.8.8.8:53 | ejqrgacnvrfl.info | udp |
| US | 8.8.8.8:53 | elrszi.net | udp |
| US | 8.8.8.8:53 | qcwoiscegccm.org | udp |
| US | 8.8.8.8:53 | pazmpovqsib.info | udp |
| US | 8.8.8.8:53 | xppcdfoxen.net | udp |
| US | 8.8.8.8:53 | jdgespwbrw.net | udp |
| US | 8.8.8.8:53 | fexqnsyeo.com | udp |
| US | 8.8.8.8:53 | ovvankxmfgw.info | udp |
| US | 8.8.8.8:53 | zqbeeylqda.net | udp |
| US | 8.8.8.8:53 | rnashg.info | udp |
| US | 8.8.8.8:53 | ueuueyis.com | udp |
| US | 8.8.8.8:53 | foutzjtzmo.info | udp |
| US | 8.8.8.8:53 | zsfovwnhupb.org | udp |
| US | 8.8.8.8:53 | luwdzm.info | udp |
| US | 8.8.8.8:53 | nibalaqr.info | udp |
| US | 8.8.8.8:53 | uaeimwes.org | udp |
| US | 8.8.8.8:53 | ikwheynod.net | udp |
| US | 8.8.8.8:53 | wuviebqgpgwu.net | udp |
| US | 8.8.8.8:53 | yofqgk.net | udp |
| US | 8.8.8.8:53 | kwafhljvkaj.net | udp |
| US | 8.8.8.8:53 | eyscmq.org | udp |
| US | 8.8.8.8:53 | igvblnrpb.net | udp |
| US | 8.8.8.8:53 | dpfhotpoxql.org | udp |
| US | 8.8.8.8:53 | tsivnkiuugu.org | udp |
| US | 8.8.8.8:53 | agavlqjvuu.net | udp |
| US | 8.8.8.8:53 | zavugstmp.org | udp |
| US | 8.8.8.8:53 | ekwoyskqsoii.org | udp |
| US | 8.8.8.8:53 | jkdvncbm.net | udp |
| US | 8.8.8.8:53 | oeamwweeeyag.org | udp |
| US | 8.8.8.8:53 | alrksdoidluz.net | udp |
| US | 8.8.8.8:53 | gqfawac.net | udp |
| US | 8.8.8.8:53 | bxjvos.net | udp |
| US | 8.8.8.8:53 | yefosolgyae.net | udp |
| US | 8.8.8.8:53 | bisqguvux.com | udp |
| US | 8.8.8.8:53 | lmuzzo.info | udp |
| US | 8.8.8.8:53 | rpfvxwbo.net | udp |
| US | 8.8.8.8:53 | hooonlzz.net | udp |
| US | 8.8.8.8:53 | xetwnbvfl.org | udp |
| US | 8.8.8.8:53 | jenxtorin.net | udp |
| US | 8.8.8.8:53 | cifceisebd.info | udp |
| US | 8.8.8.8:53 | dzhwvch.com | udp |
| US | 8.8.8.8:53 | rhwyry.net | udp |
| US | 8.8.8.8:53 | fhpanl.net | udp |
| US | 8.8.8.8:53 | qoumuoeewqwq.com | udp |
| US | 8.8.8.8:53 | jbrplywd.net | udp |
| US | 8.8.8.8:53 | xvmtilfy.net | udp |
| US | 8.8.8.8:53 | boxbfd.net | udp |
| US | 8.8.8.8:53 | lqzozkewu.net | udp |
| US | 8.8.8.8:53 | xstxhcibpsj.net | udp |
| US | 8.8.8.8:53 | cehfxuvon.net | udp |
| US | 8.8.8.8:53 | wotmpm.net | udp |
| US | 8.8.8.8:53 | ayeaoocgwg.com | udp |
| US | 8.8.8.8:53 | hsyqnop.info | udp |
| US | 8.8.8.8:53 | imoaqyowik.com | udp |
| US | 8.8.8.8:53 | jgtcvuvyvrj.org | udp |
| US | 8.8.8.8:53 | ulzojllhjav.net | udp |
| US | 8.8.8.8:53 | lehvfou.org | udp |
| US | 8.8.8.8:53 | bczgzzzvbb.net | udp |
| US | 8.8.8.8:53 | zrwjldnt.net | udp |
| US | 8.8.8.8:53 | itvyeybis.net | udp |
| US | 8.8.8.8:53 | wsbiqd.net | udp |
| US | 8.8.8.8:53 | smsowycm.org | udp |
| US | 8.8.8.8:53 | vcfctggtvzs.info | udp |
| US | 8.8.8.8:53 | xbxovtr.net | udp |
| US | 8.8.8.8:53 | jcyrpqlyjjug.info | udp |
| US | 8.8.8.8:53 | lbgatusqtrmg.info | udp |
| US | 8.8.8.8:53 | grtllmbeq.net | udp |
| US | 8.8.8.8:53 | debupglifrz.org | udp |
| US | 8.8.8.8:53 | reybhpfhhvfu.net | udp |
| US | 8.8.8.8:53 | yiauqiqs.org | udp |
| US | 8.8.8.8:53 | azgczcxhvp.info | udp |
| US | 8.8.8.8:53 | eitgtqyqbav.net | udp |
| US | 8.8.8.8:53 | jjkllkvp.net | udp |
| US | 8.8.8.8:53 | istvbjcfltt.info | udp |
| US | 8.8.8.8:53 | sbuuby.net | udp |
| US | 8.8.8.8:53 | cmrclkkfndd.info | udp |
| US | 8.8.8.8:53 | iyhybidey.net | udp |
| US | 8.8.8.8:53 | bczkeicsobnr.net | udp |
| US | 8.8.8.8:53 | iyehjrhrqzpe.info | udp |
| US | 8.8.8.8:53 | jwxikegm.net | udp |
| US | 8.8.8.8:53 | jyrrfk.info | udp |
| US | 8.8.8.8:53 | zsjsnohovfm.com | udp |
| US | 8.8.8.8:53 | eangcvqqxgt.net | udp |
| US | 8.8.8.8:53 | miqsezfrjeyd.net | udp |
| US | 8.8.8.8:53 | viqasnxylsv.info | udp |
| US | 8.8.8.8:53 | aeduifvt.net | udp |
| US | 8.8.8.8:53 | vjtgcdnjzcjn.net | udp |
| US | 8.8.8.8:53 | vciupst.org | udp |
| US | 8.8.8.8:53 | zdqjymbaloec.info | udp |
| US | 8.8.8.8:53 | affjpu.net | udp |
| US | 8.8.8.8:53 | tcdqcl.net | udp |
| US | 8.8.8.8:53 | wqruhetyv.net | udp |
| US | 8.8.8.8:53 | zoxhlwpjje.net | udp |
| US | 8.8.8.8:53 | mymacyegeyao.org | udp |
| US | 8.8.8.8:53 | cljirl.net | udp |
| US | 8.8.8.8:53 | gymawayosg.com | udp |
| US | 8.8.8.8:53 | ydgioazk.info | udp |
| US | 8.8.8.8:53 | ivrsfcacrcr.info | udp |
| US | 8.8.8.8:53 | oqfidnf.net | udp |
| US | 8.8.8.8:53 | jyjcjoparmdo.net | udp |
| US | 8.8.8.8:53 | dkaeer.info | udp |
| US | 8.8.8.8:53 | pomonejex.org | udp |
| US | 8.8.8.8:53 | xjvyqdxb.info | udp |
| US | 8.8.8.8:53 | homslkp.net | udp |
| US | 8.8.8.8:53 | wevktat.info | udp |
| US | 8.8.8.8:53 | zriykgz.info | udp |
| US | 8.8.8.8:53 | cyhmjibjxv.info | udp |
| US | 8.8.8.8:53 | iqoycacqoa.org | udp |
| US | 8.8.8.8:53 | hnhksv.info | udp |
| US | 8.8.8.8:53 | mhpznjajsf.net | udp |
| US | 8.8.8.8:53 | rjbilspqfix.org | udp |
| US | 8.8.8.8:53 | iidzzet.net | udp |
| US | 8.8.8.8:53 | vowckplid.org | udp |
| US | 8.8.8.8:53 | moxrincvxu.info | udp |
| US | 8.8.8.8:53 | xcpwdclb.net | udp |
| US | 8.8.8.8:53 | jujikgvepzy.com | udp |
| US | 8.8.8.8:53 | fuosngkante.info | udp |
| US | 8.8.8.8:53 | gkgtbq.net | udp |
| US | 8.8.8.8:53 | nitexmjjz.net | udp |
| US | 8.8.8.8:53 | rnrxva.net | udp |
| US | 8.8.8.8:53 | tswdxkp.info | udp |
| US | 8.8.8.8:53 | lhnetason.com | udp |
| US | 8.8.8.8:53 | usyssisesscc.com | udp |
| US | 8.8.8.8:53 | twhqzveavt.info | udp |
| US | 8.8.8.8:53 | vcrcpkzvl.com | udp |
| US | 8.8.8.8:53 | xgsvxcreeve.net | udp |
| US | 8.8.8.8:53 | yjxoddjunztx.info | udp |
| US | 8.8.8.8:53 | jmitjfwt.net | udp |
| US | 8.8.8.8:53 | ygtgllrlqww.net | udp |
| US | 8.8.8.8:53 | revbpywao.info | udp |
| US | 8.8.8.8:53 | vhxptg.net | udp |
| US | 8.8.8.8:53 | kmzddnqrlb.info | udp |
| US | 8.8.8.8:53 | zeimeaj.net | udp |
| US | 8.8.8.8:53 | mkcgsowi.com | udp |
| US | 8.8.8.8:53 | xfcmmgr.net | udp |
| US | 8.8.8.8:53 | eglfpihhaot.net | udp |
| US | 8.8.8.8:53 | oavubenylid.info | udp |
| US | 8.8.8.8:53 | imvcaebcr.info | udp |
| US | 8.8.8.8:53 | uukevcfubyf.info | udp |
| US | 8.8.8.8:53 | ggjkqklibwd.info | udp |
| US | 8.8.8.8:53 | nmxythmiroj.net | udp |
| US | 8.8.8.8:53 | nvhqiaxfag.info | udp |
| US | 8.8.8.8:53 | hkwksydnn.com | udp |
| US | 8.8.8.8:53 | duyylibtp.com | udp |
| US | 8.8.8.8:53 | pxxzlmegp.com | udp |
| US | 8.8.8.8:53 | gjmotzptvcnj.net | udp |
| US | 8.8.8.8:53 | xrpnpyfg.info | udp |
| US | 8.8.8.8:53 | dzxzcqpopy.net | udp |
| US | 8.8.8.8:53 | semijpfavi.info | udp |
| US | 8.8.8.8:53 | jgnwhwt.org | udp |
| US | 8.8.8.8:53 | xgvcdetmd.com | udp |
| US | 8.8.8.8:53 | pceffh.net | udp |
| US | 8.8.8.8:53 | bqkqkcdcakb.net | udp |
| US | 8.8.8.8:53 | pppojfzyuq.net | udp |
| US | 8.8.8.8:53 | swpogybfpmn.net | udp |
| US | 8.8.8.8:53 | faxqua.net | udp |
| US | 8.8.8.8:53 | csbfezhoxwgs.net | udp |
| US | 8.8.8.8:53 | tkcdzw.info | udp |
| US | 8.8.8.8:53 | mdmdswvioxdw.net | udp |
| US | 8.8.8.8:53 | mjrlpqhb.info | udp |
| US | 8.8.8.8:53 | iuqkiyoyuy.com | udp |
| US | 8.8.8.8:53 | xqikwsvjj.com | udp |
| US | 8.8.8.8:53 | sifmtetcu.net | udp |
| US | 8.8.8.8:53 | aayecike.org | udp |
| US | 8.8.8.8:53 | yphkii.info | udp |
| US | 8.8.8.8:53 | nmpzibhj.info | udp |
| US | 8.8.8.8:53 | xwwzlcbltdhu.net | udp |
| US | 8.8.8.8:53 | dinuwoejy.com | udp |
| US | 8.8.8.8:53 | doylban.net | udp |
| US | 8.8.8.8:53 | pdpehac.info | udp |
| US | 8.8.8.8:53 | bhnseh.info | udp |
| US | 8.8.8.8:53 | ygzfpkiejb.info | udp |
| US | 8.8.8.8:53 | jydojitelpi.com | udp |
| US | 8.8.8.8:53 | uuljjctd.net | udp |
| US | 8.8.8.8:53 | bqrqzwh.info | udp |
| US | 8.8.8.8:53 | cqkqsa.com | udp |
| US | 8.8.8.8:53 | vthhjwztnp.info | udp |
| US | 8.8.8.8:53 | agpxwxhlguir.info | udp |
| US | 8.8.8.8:53 | pkfkwmxgn.net | udp |
| US | 8.8.8.8:53 | acxrtpwxbymx.info | udp |
| US | 8.8.8.8:53 | aeocqh.net | udp |
| US | 8.8.8.8:53 | netovscagwn.info | udp |
| US | 8.8.8.8:53 | dtgibwp.info | udp |
| US | 8.8.8.8:53 | gytonmx.info | udp |
| US | 8.8.8.8:53 | swjnlwwvbonx.net | udp |
| US | 8.8.8.8:53 | uurepoimh.info | udp |
| US | 8.8.8.8:53 | zdfkdhjofcv.info | udp |
| US | 8.8.8.8:53 | iyculvv.net | udp |
| US | 8.8.8.8:53 | vwagzgxu.info | udp |
| US | 8.8.8.8:53 | onccxbf.net | udp |
| US | 8.8.8.8:53 | vztutgkkoi.info | udp |
| US | 8.8.8.8:53 | jxckdkn.org | udp |
| US | 8.8.8.8:53 | iieami.org | udp |
| US | 8.8.8.8:53 | hvllbqpeqlnw.net | udp |
| US | 8.8.8.8:53 | mwkqumcysq.org | udp |
| US | 8.8.8.8:53 | iqfohce.info | udp |
| US | 8.8.8.8:53 | uysumcsc.com | udp |
| US | 8.8.8.8:53 | uksyrc.info | udp |
| US | 8.8.8.8:53 | xyxptkmuw.info | udp |
| US | 8.8.8.8:53 | uywaasmm.org | udp |
| US | 8.8.8.8:53 | zwmqxyi.net | udp |
| US | 8.8.8.8:53 | jkhesyugm.net | udp |
| US | 8.8.8.8:53 | umujprwnjalw.info | udp |
| US | 8.8.8.8:53 | mkqwom.com | udp |
| US | 8.8.8.8:53 | mukhmcaupuhm.info | udp |
| US | 8.8.8.8:53 | wmzjomtw.info | udp |
| US | 8.8.8.8:53 | ibvumkeek.net | udp |
| US | 8.8.8.8:53 | wcwqawswqska.com | udp |
| US | 8.8.8.8:53 | zsxcjwvjmh.info | udp |
| US | 8.8.8.8:53 | nqrdvkh.info | udp |
| US | 8.8.8.8:53 | zvpvdvdnqkpm.info | udp |
| US | 8.8.8.8:53 | cqeacy.org | udp |
| US | 8.8.8.8:53 | acsoxyubjwdd.info | udp |
| US | 8.8.8.8:53 | mscesesy.org | udp |
| US | 8.8.8.8:53 | nqspqedyjgde.net | udp |
| US | 8.8.8.8:53 | rtbwgc.info | udp |
| US | 8.8.8.8:53 | wfvavg.info | udp |
| US | 8.8.8.8:53 | djjsxpy.org | udp |
| US | 8.8.8.8:53 | ikgmwesqeq.com | udp |
| US | 8.8.8.8:53 | vturlctwz.net | udp |
| US | 8.8.8.8:53 | svsntp.net | udp |
| US | 8.8.8.8:53 | yayoiaau.org | udp |
| US | 8.8.8.8:53 | kizbusdnu.info | udp |
| US | 8.8.8.8:53 | ncvkfcm.info | udp |
| US | 8.8.8.8:53 | mcpjockfak.net | udp |
| US | 8.8.8.8:53 | jlpcfxk.org | udp |
| US | 8.8.8.8:53 | mykvegowh.info | udp |
| US | 8.8.8.8:53 | jafqdwogzen.com | udp |
| US | 8.8.8.8:53 | lgvgqaf.net | udp |
| US | 8.8.8.8:53 | toywknaxtjwx.info | udp |
| US | 8.8.8.8:53 | zjwetanqyex.org | udp |
| US | 8.8.8.8:53 | rohfvfbr.net | udp |
| US | 8.8.8.8:53 | lycojkgo.net | udp |
| US | 8.8.8.8:53 | fujmejelucer.info | udp |
| US | 8.8.8.8:53 | gqpoza.info | udp |
| US | 8.8.8.8:53 | hajapniijw.info | udp |
| US | 8.8.8.8:53 | rrbdxruchqrd.info | udp |
| US | 8.8.8.8:53 | wlxtixapea.info | udp |
| US | 8.8.8.8:53 | wxsdpyeu.net | udp |
| US | 8.8.8.8:53 | qvblrqz.info | udp |
| US | 8.8.8.8:53 | xwynjprs.net | udp |
| US | 8.8.8.8:53 | icsegmoqwg.org | udp |
| US | 8.8.8.8:53 | eumewe.org | udp |
| US | 8.8.8.8:53 | soxsea.info | udp |
| US | 8.8.8.8:53 | ddxika.info | udp |
| US | 8.8.8.8:53 | vyzsinfsy.info | udp |
| US | 8.8.8.8:53 | apzointxt.info | udp |
| US | 8.8.8.8:53 | qzmaverphgt.net | udp |
| US | 8.8.8.8:53 | movlht.info | udp |
| US | 8.8.8.8:53 | iocggcawqk.org | udp |
| US | 8.8.8.8:53 | vkddgzzb.net | udp |
| US | 8.8.8.8:53 | bcxpzyvgqhp.com | udp |
| US | 8.8.8.8:53 | xfiaeczkp.info | udp |
| US | 8.8.8.8:53 | iyakismo.com | udp |
| US | 8.8.8.8:53 | bkhxjlqlonci.net | udp |
| US | 8.8.8.8:53 | hpwyfqjyiqf.net | udp |
| US | 8.8.8.8:53 | qofnbfptzuz.net | udp |
| US | 8.8.8.8:53 | ocmzofzajw.net | udp |
| US | 8.8.8.8:53 | ugdrja.net | udp |
| US | 8.8.8.8:53 | wjsvti.info | udp |
| GR | 46.103.143.97:21802 | tcp | |
| US | 8.8.8.8:53 | lsfwqyq.net | udp |
| US | 8.8.8.8:53 | goumuy.net | udp |
| US | 8.8.8.8:53 | sbewyso.info | udp |
| US | 8.8.8.8:53 | nwhhtptfk.info | udp |
| US | 8.8.8.8:53 | qfdgjy.net | udp |
| US | 8.8.8.8:53 | oukgysgakw.org | udp |
| US | 8.8.8.8:53 | vavggaiojiy.net | udp |
| US | 8.8.8.8:53 | xymohloop.org | udp |
| US | 8.8.8.8:53 | gbhkxlijjpni.info | udp |
| US | 8.8.8.8:53 | iybyzql.net | udp |
| US | 8.8.8.8:53 | xedqiqrkt.org | udp |
| US | 8.8.8.8:53 | sssoyemasioe.com | udp |
| US | 8.8.8.8:53 | ucmisqkscaoq.org | udp |
| US | 8.8.8.8:53 | lpqczzcitss.info | udp |
| US | 8.8.8.8:53 | evfnyb.net | udp |
| US | 8.8.8.8:53 | lusqvwp.info | udp |
| US | 8.8.8.8:53 | pikbopns.net | udp |
| US | 8.8.8.8:53 | cyxjcspqpwj.info | udp |
| US | 8.8.8.8:53 | xhrsvoiq.info | udp |
| US | 8.8.8.8:53 | uxayki.info | udp |
| US | 8.8.8.8:53 | cdwwbxjgcqr.info | udp |
| US | 8.8.8.8:53 | muztcezjff.net | udp |
| US | 8.8.8.8:53 | euprohpc.info | udp |
| US | 8.8.8.8:53 | tvcgqksjbf.net | udp |
| US | 8.8.8.8:53 | rhvtootwqo.info | udp |
| US | 34.227.7.138:80 | zagyxzu.net | tcp |
| US | 8.8.8.8:53 | batydwbvagp.net | udp |
| US | 8.8.8.8:53 | yuyccccs.org | udp |
| DE | 85.214.228.140:80 | yvlevtbtem.info | tcp |
| US | 8.8.8.8:53 | lppedez.org | udp |
| US | 8.8.8.8:53 | fejjurjk.net | udp |
| US | 8.8.8.8:53 | wotqgsxkv.info | udp |
| US | 8.8.8.8:53 | waqouqcmykou.com | udp |
| US | 8.8.8.8:53 | kupmfgvwc.info | udp |
| US | 8.8.8.8:53 | imsefqsjjty.net | udp |
| US | 8.8.8.8:53 | tngbcephbq.net | udp |
| US | 8.8.8.8:53 | sacaesqakk.org | udp |
| US | 8.8.8.8:53 | gbdlvuvuxxk.info | udp |
| US | 8.8.8.8:53 | bqkbad.info | udp |
| US | 8.8.8.8:53 | lggwexd.net | udp |
| US | 208.117.43.225:80 | gxovrewca.info | tcp |
| US | 8.8.8.8:53 | vsuaaetcu.net | udp |
| US | 8.8.8.8:53 | xhzynlbzxqxv.info | udp |
| US | 8.8.8.8:53 | bljdhiksh.com | udp |
| US | 8.8.8.8:53 | aqxwvwrqsih.net | udp |
| US | 8.8.8.8:53 | lkpfthcneopu.info | udp |
| US | 8.8.8.8:53 | kjkfji.net | udp |
| US | 8.8.8.8:53 | ufxxqyi.info | udp |
| US | 8.8.8.8:53 | wewijbyz.net | udp |
| US | 8.8.8.8:53 | osjhmum.info | udp |
| US | 8.8.8.8:53 | uqsogakqosus.org | udp |
| US | 8.8.8.8:53 | yqvwovxv.info | udp |
| US | 8.8.8.8:53 | ugwikuki.com | udp |
| US | 8.8.8.8:53 | ovgsapuejtt.info | udp |
| US | 8.8.8.8:53 | jevqpqnafxpf.info | udp |
| US | 8.8.8.8:53 | vitshrddxndk.net | udp |
| US | 8.8.8.8:53 | tvtumycbj.info | udp |
| US | 8.8.8.8:53 | ccqocqwa.com | udp |
| US | 8.8.8.8:53 | hnmqqyvqk.net | udp |
| US | 8.8.8.8:53 | ublruorlew.net | udp |
| US | 8.8.8.8:53 | aumcosggaemu.com | udp |
| US | 8.8.8.8:53 | xoymztwah.info | udp |
| US | 8.8.8.8:53 | pabrupbr.info | udp |
| US | 8.8.8.8:53 | geqkvsltxwv.info | udp |
| US | 8.8.8.8:53 | wudrlgzax.info | udp |
| US | 8.8.8.8:53 | pgyilcrkhb.info | udp |
| US | 8.8.8.8:53 | cyfmajxcx.info | udp |
| US | 8.8.8.8:53 | vrbxdcd.info | udp |
| US | 8.8.8.8:53 | lbmajwuuq.com | udp |
| US | 8.8.8.8:53 | dmvcpaoggka.net | udp |
| US | 8.8.8.8:53 | iwzenuv.info | udp |
| US | 8.8.8.8:53 | yzvqtqz.net | udp |
| US | 8.8.8.8:53 | xuxlxqeibox.org | udp |
| US | 8.8.8.8:53 | tcbopdsif.net | udp |
| US | 8.8.8.8:53 | eiwqqo.com | udp |
| US | 8.8.8.8:53 | ccukkyns.info | udp |
| US | 8.8.8.8:53 | ovqodpzd.net | udp |
| US | 8.8.8.8:53 | scrqtsmkr.info | udp |
| US | 8.8.8.8:53 | zclgqxkephgj.info | udp |
| US | 8.8.8.8:53 | fkbqpjbmb.info | udp |
| US | 8.8.8.8:53 | bwzlxxdmnbzu.net | udp |
| US | 8.8.8.8:53 | etozkleepu.net | udp |
| US | 8.8.8.8:53 | cgwucwuy.com | udp |
| US | 8.8.8.8:53 | dtjulkfi.info | udp |
| US | 8.8.8.8:53 | kfpzxzucmqhx.net | udp |
| US | 8.8.8.8:53 | xczvodoqqrbf.net | udp |
| US | 8.8.8.8:53 | hgeeup.net | udp |
| US | 8.8.8.8:53 | hxybpm.info | udp |
| US | 8.8.8.8:53 | sdtivkp.net | udp |
| BG | 95.140.215.110:41508 | tcp | |
| US | 8.8.8.8:53 | gikzqvyvvbn.info | udp |
| US | 8.8.8.8:53 | qxnovodjnwph.net | udp |
| US | 8.8.8.8:53 | ucoqwy.com | udp |
| US | 8.8.8.8:53 | qigeuwgc.com | udp |
| US | 8.8.8.8:53 | fimqdwemx.com | udp |
| US | 8.8.8.8:53 | ketwcpl.net | udp |
| US | 8.8.8.8:53 | kedaukfm.info | udp |
| US | 8.8.8.8:53 | ygsyka.org | udp |
| US | 8.8.8.8:53 | urqvrirvsi.info | udp |
| US | 8.8.8.8:53 | zfupudipwhqc.net | udp |
| US | 8.8.8.8:53 | pjbeedt.org | udp |
| US | 8.8.8.8:53 | kumwmc.org | udp |
| US | 8.8.8.8:53 | agmaxulkhux.net | udp |
| US | 8.8.8.8:53 | jhlczrkvml.info | udp |
| US | 8.8.8.8:53 | yqmvwjv.info | udp |
| US | 8.8.8.8:53 | lpvkzjlw.info | udp |
| US | 8.8.8.8:53 | zmzehifwl.info | udp |
| US | 8.8.8.8:53 | jkhbfge.org | udp |
| US | 8.8.8.8:53 | qftzfwb.info | udp |
| US | 8.8.8.8:53 | oebqttfile.net | udp |
| US | 8.8.8.8:53 | fwfeexky.info | udp |
| US | 8.8.8.8:53 | ytrbah.net | udp |
| US | 8.8.8.8:53 | agnqhsril.info | udp |
| US | 8.8.8.8:53 | vmhppvcxng.net | udp |
| US | 8.8.8.8:53 | bntybbxl.net | udp |
| US | 8.8.8.8:53 | wclefbh.info | udp |
| US | 8.8.8.8:53 | ouussmaquo.com | udp |
| US | 8.8.8.8:53 | tpisufx.net | udp |
| US | 8.8.8.8:53 | xxvdvntceh.net | udp |
| US | 8.8.8.8:53 | ldllpbzeil.info | udp |
| US | 8.8.8.8:53 | cgieie.com | udp |
| US | 8.8.8.8:53 | uucvsljpokao.net | udp |
| US | 8.8.8.8:53 | qmtqjzvplb.info | udp |
| US | 8.8.8.8:53 | vqxxfkf.net | udp |
| US | 8.8.8.8:53 | fwlnure.org | udp |
| US | 8.8.8.8:53 | knbhgohyuea.info | udp |
| US | 8.8.8.8:53 | tctgotzgkqr.org | udp |
| US | 8.8.8.8:53 | gbcdwcunpn.net | udp |
| US | 8.8.8.8:53 | emsmqwiasywe.org | udp |
| US | 8.8.8.8:53 | qyksaasgkk.com | udp |
| US | 8.8.8.8:53 | xdlyjfqbsk.info | udp |
| US | 8.8.8.8:53 | hmddibht.info | udp |
| US | 8.8.8.8:53 | xnxcvxjks.net | udp |
| US | 8.8.8.8:53 | tlxttjksnrxh.net | udp |
| US | 8.8.8.8:53 | saeqga.com | udp |
| US | 8.8.8.8:53 | gyooqcogiymu.org | udp |
| US | 8.8.8.8:53 | psnibdfgf.com | udp |
| US | 8.8.8.8:53 | swlwbairrnns.net | udp |
| US | 8.8.8.8:53 | towaguhp.info | udp |
| US | 8.8.8.8:53 | jszcbid.org | udp |
| US | 8.8.8.8:53 | vsbrzkx.info | udp |
| US | 8.8.8.8:53 | hkxhzqtcjvg.net | udp |
| US | 8.8.8.8:53 | nwvdjh.info | udp |
| US | 8.8.8.8:53 | twvycdjipka.net | udp |
| US | 8.8.8.8:53 | hbjyol.info | udp |
| US | 8.8.8.8:53 | kckqgksqlsn.info | udp |
| US | 8.8.8.8:53 | ogrmskv.info | udp |
| US | 8.8.8.8:53 | fdbvfxnqdg.info | udp |
| US | 8.8.8.8:53 | vkquzkfac.info | udp |
| US | 8.8.8.8:53 | uebyirfxj.info | udp |
| US | 8.8.8.8:53 | mkoaqesusq.com | udp |
| US | 8.8.8.8:53 | imvwiwp.info | udp |
| US | 8.8.8.8:53 | cvsczqkmh.net | udp |
| US | 8.8.8.8:53 | nermleugbb.info | udp |
| US | 8.8.8.8:53 | wsgkgo.com | udp |
| US | 8.8.8.8:53 | oghntipon.net | udp |
| US | 8.8.8.8:53 | koqjxrhd.net | udp |
| US | 8.8.8.8:53 | mceycsjghcp.info | udp |
| US | 8.8.8.8:53 | yclhuqiyd.info | udp |
| US | 8.8.8.8:53 | uoqoqwkigsqs.org | udp |
| US | 8.8.8.8:53 | aacwuakk.com | udp |
| US | 8.8.8.8:53 | ydwlllondrow.info | udp |
| US | 8.8.8.8:53 | bqctrovitmd.com | udp |
| US | 8.8.8.8:53 | iqsvsh.net | udp |
| US | 8.8.8.8:53 | defffhl.net | udp |
| US | 8.8.8.8:53 | uijpkypud.net | udp |
| US | 8.8.8.8:53 | zfbkhupny.info | udp |
| US | 8.8.8.8:53 | cuosew.net | udp |
| US | 8.8.8.8:53 | xmpyfwrms.net | udp |
| US | 8.8.8.8:53 | bsocxcnvh.org | udp |
| US | 8.8.8.8:53 | pyjohgjqo.org | udp |
| US | 8.8.8.8:53 | iidcfctuz.net | udp |
| US | 8.8.8.8:53 | semwgwci.org | udp |
| US | 8.8.8.8:53 | hrknsxgxkp.info | udp |
| US | 8.8.8.8:53 | hosafkfafrbk.info | udp |
| US | 8.8.8.8:53 | yvyaiwyd.info | udp |
| US | 8.8.8.8:53 | cmtgrpr.net | udp |
| US | 8.8.8.8:53 | sitaddtqfpoi.info | udp |
| US | 8.8.8.8:53 | qyniyvt.net | udp |
| US | 8.8.8.8:53 | vlzcuspqn.org | udp |
| US | 8.8.8.8:53 | zgwzkcrcdmj.net | udp |
| US | 8.8.8.8:53 | hyonbmbik.info | udp |
| US | 8.8.8.8:53 | tixjqvjv.net | udp |
| US | 8.8.8.8:53 | ymvchglkp.net | udp |
| LT | 86.38.55.89:33142 | tcp | |
| US | 8.8.8.8:53 | hxdrwuhigl.net | udp |
| US | 8.8.8.8:53 | mszlkuldj.net | udp |
| US | 8.8.8.8:53 | vvznyu.info | udp |
| US | 8.8.8.8:53 | rojijyeyc.net | udp |
| US | 8.8.8.8:53 | kvhkewqvaiz.net | udp |
| US | 8.8.8.8:53 | tuxfnooadua.info | udp |
| US | 8.8.8.8:53 | ciisue.com | udp |
| US | 8.8.8.8:53 | uyewwgeokm.com | udp |
| US | 8.8.8.8:53 | xczrdcnedyl.com | udp |
| US | 8.8.8.8:53 | lbfnddr.net | udp |
| US | 8.8.8.8:53 | rqmudon.org | udp |
| US | 8.8.8.8:53 | umkqxamcgri.net | udp |
| US | 8.8.8.8:53 | llqszvpmpqb.info | udp |
| US | 8.8.8.8:53 | gqvepzxwzzr.info | udp |
| US | 8.8.8.8:53 | cskoqkwgmi.org | udp |
| US | 8.8.8.8:53 | gjofpsleyf.net | udp |
| US | 8.8.8.8:53 | jqzgvtro.info | udp |
| US | 8.8.8.8:53 | oeogssyokiow.com | udp |
| US | 8.8.8.8:53 | mqhjzzxajz.net | udp |
| US | 8.8.8.8:53 | csauyeasyaes.org | udp |
| US | 8.8.8.8:53 | gjdrqnpyeq.net | udp |
| US | 8.8.8.8:53 | iqgwwsgayc.com | udp |
| US | 8.8.8.8:53 | ycrbdtkajqi.net | udp |
| US | 8.8.8.8:53 | pysntjmh.info | udp |
| US | 8.8.8.8:53 | sciaca.com | udp |
| FR | 195.154.21.66:80 | sciaca.com | tcp |
| US | 8.8.8.8:53 | jmkpjqn.net | udp |
| US | 8.8.8.8:53 | kgjemi.net | udp |
| US | 8.8.8.8:53 | loevposqxros.net | udp |
| US | 8.8.8.8:53 | ysukjkpuntr.info | udp |
| US | 8.8.8.8:53 | 66.21.154.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnlmletvqw.net | udp |
| US | 8.8.8.8:53 | ashmsqe.info | udp |
| US | 8.8.8.8:53 | yulyvadrrehd.net | udp |
| US | 8.8.8.8:53 | lumcgayqt.info | udp |
| US | 8.8.8.8:53 | accqowiuoqmk.com | udp |
| US | 8.8.8.8:53 | enwelgqyhyle.info | udp |
| US | 8.8.8.8:53 | iptlasfcn.net | udp |
| US | 8.8.8.8:53 | rwmthlryd.info | udp |
| US | 8.8.8.8:53 | qalahvd.net | udp |
| US | 8.8.8.8:53 | qwhnacl.info | udp |
| US | 8.8.8.8:53 | wpcqhg.net | udp |
| US | 8.8.8.8:53 | imculwbnhnyk.info | udp |
| US | 8.8.8.8:53 | xmhwjgvayg.net | udp |
| US | 8.8.8.8:53 | mecyeyss.org | udp |
| US | 8.8.8.8:53 | mismlxr.info | udp |
| US | 8.8.8.8:53 | osmcaaks.com | udp |
| US | 8.8.8.8:53 | mkvpzlb.info | udp |
| US | 8.8.8.8:53 | qgnecsrybid.net | udp |
| US | 8.8.8.8:53 | jqhgtmjml.com | udp |
| US | 8.8.8.8:53 | muzlbtvoxejb.net | udp |
| US | 8.8.8.8:53 | xuqrxchaa.info | udp |
| US | 8.8.8.8:53 | ynftcs.info | udp |
| US | 8.8.8.8:53 | cmdilmzev.net | udp |
| US | 8.8.8.8:53 | ltdhlkp.org | udp |
| US | 8.8.8.8:53 | baetrkkie.org | udp |
| US | 8.8.8.8:53 | jishrkxphdd.org | udp |
| US | 8.8.8.8:53 | huripcrzuol.info | udp |
| US | 8.8.8.8:53 | yeywkyys.com | udp |
| US | 8.8.8.8:53 | yrdzod.net | udp |
| US | 8.8.8.8:53 | uusihaxvs.info | udp |
| US | 8.8.8.8:53 | hgrrmeayp.info | udp |
| US | 8.8.8.8:53 | qiqwyykeysys.com | udp |
| US | 8.8.8.8:53 | aglbrd.info | udp |
| US | 8.8.8.8:53 | txpzfaap.info | udp |
| US | 8.8.8.8:53 | qcqqmiqe.com | udp |
| US | 8.8.8.8:53 | eoywoocosi.org | udp |
| US | 8.8.8.8:53 | qktgjtqajtz.net | udp |
| US | 8.8.8.8:53 | izjgfebikmp.info | udp |
| US | 8.8.8.8:53 | zkedpaqn.info | udp |
| US | 8.8.8.8:53 | vszbzuxcn.org | udp |
| US | 8.8.8.8:53 | nyvarpt.org | udp |
| US | 8.8.8.8:53 | cyyhydehqg.net | udp |
| US | 8.8.8.8:53 | zibhfsfghu.info | udp |
| US | 8.8.8.8:53 | urdttfg.info | udp |
| US | 8.8.8.8:53 | udeclbpgxo.net | udp |
| US | 8.8.8.8:53 | vxybtikwd.info | udp |
| US | 8.8.8.8:53 | honzteycaex.info | udp |
| US | 8.8.8.8:53 | vmgypyuuhwd.com | udp |
| US | 8.8.8.8:53 | jpnelslrox.net | udp |
| US | 8.8.8.8:53 | fvtlgq.info | udp |
| US | 8.8.8.8:53 | xfvuqvvlbf.net | udp |
| US | 8.8.8.8:53 | tpgvet.info | udp |
| US | 8.8.8.8:53 | mbcqvg.net | udp |
| US | 8.8.8.8:53 | eblenwi.net | udp |
| US | 8.8.8.8:53 | zmjlbf.info | udp |
| US | 8.8.8.8:53 | jcbytmsbh.org | udp |
| US | 8.8.8.8:53 | egponxwii.info | udp |
| US | 8.8.8.8:53 | gfqpod.net | udp |
| US | 8.8.8.8:53 | sssgkeac.org | udp |
| US | 8.8.8.8:53 | hgrgfvze.net | udp |
| US | 8.8.8.8:53 | llxemc.info | udp |
| US | 8.8.8.8:53 | dkdywssg.net | udp |
| US | 8.8.8.8:53 | fslsnwtem.com | udp |
| US | 8.8.8.8:53 | zqeawpqhbj.net | udp |
| US | 8.8.8.8:53 | qpartys.net | udp |
| US | 8.8.8.8:53 | iuiudkcpp.net | udp |
| US | 8.8.8.8:53 | ncdqfzhp.info | udp |
| US | 8.8.8.8:53 | kmhvmlhihjb.info | udp |
| US | 8.8.8.8:53 | gwyogqoe.org | udp |
| US | 8.8.8.8:53 | inpjcxrlce.net | udp |
| US | 8.8.8.8:53 | kfywojekhg.info | udp |
| US | 8.8.8.8:53 | oktltmnh.net | udp |
| US | 8.8.8.8:53 | uaioieiaee.org | udp |
| US | 8.8.8.8:53 | jimybut.info | udp |
| US | 8.8.8.8:53 | nxzombzf.net | udp |
| US | 8.8.8.8:53 | qpfxmp.info | udp |
| US | 8.8.8.8:53 | swmyasuscm.com | udp |
| US | 8.8.8.8:53 | raciatxuhg.info | udp |
| US | 8.8.8.8:53 | guiamg.org | udp |
| US | 8.8.8.8:53 | ptnuei.net | udp |
| US | 8.8.8.8:53 | apywwxvwkans.net | udp |
| US | 8.8.8.8:53 | odjnfatkvlgr.net | udp |
| US | 8.8.8.8:53 | pwbshthony.net | udp |
| US | 8.8.8.8:53 | kweswqma.com | udp |
| US | 8.8.8.8:53 | xzokaoz.net | udp |
| US | 8.8.8.8:53 | fxpqnenmja.net | udp |
| US | 8.8.8.8:53 | rcmwvslym.info | udp |
| US | 8.8.8.8:53 | ybzlnweojojr.net | udp |
| US | 8.8.8.8:53 | swusyocs.org | udp |
| US | 8.8.8.8:53 | uqefngb.net | udp |
| LT | 78.63.79.112:33079 | tcp | |
| US | 8.8.8.8:53 | ocyoen.info | udp |
| US | 8.8.8.8:53 | vgjmfyh.info | udp |
| US | 8.8.8.8:53 | eoyblb.net | udp |
| US | 8.8.8.8:53 | llvozjjmi.com | udp |
| US | 8.8.8.8:53 | twzcmuxgx.info | udp |
| US | 8.8.8.8:53 | loboje.info | udp |
| US | 8.8.8.8:53 | cylkfmgluvz.info | udp |
| US | 8.8.8.8:53 | nxvteiutinru.info | udp |
| US | 8.8.8.8:53 | avoalwpq.net | udp |
| US | 8.8.8.8:53 | caxhsn.net | udp |
| US | 8.8.8.8:53 | eshklee.info | udp |
| US | 8.8.8.8:53 | misoluj.net | udp |
| US | 8.8.8.8:53 | zydpicfmhnjm.info | udp |
| US | 8.8.8.8:53 | uomsvkz.info | udp |
| US | 8.8.8.8:53 | cueoemqiqi.org | udp |
| US | 8.8.8.8:53 | mexghmyobsx.info | udp |
| US | 8.8.8.8:53 | buisur.info | udp |
| US | 8.8.8.8:53 | plnyuktb.net | udp |
| US | 8.8.8.8:53 | mumxztvgt.net | udp |
| US | 8.8.8.8:53 | xojopysfjov.org | udp |
| US | 8.8.8.8:53 | avetemrnen.net | udp |
| US | 8.8.8.8:53 | kyizjibldu.info | udp |
| US | 8.8.8.8:53 | mhezxqhs.net | udp |
| US | 8.8.8.8:53 | xusmrzzcrst.info | udp |
| US | 8.8.8.8:53 | llhnywiltqos.info | udp |
| US | 8.8.8.8:53 | aiaqiqohnxw.info | udp |
| US | 8.8.8.8:53 | wwlqzmnar.info | udp |
| US | 8.8.8.8:53 | gjjovfhkjsq.info | udp |
| US | 8.8.8.8:53 | pndshdzgdu.info | udp |
| US | 8.8.8.8:53 | zitmbzef.net | udp |
| US | 8.8.8.8:53 | ymncdneqh.net | udp |
| US | 8.8.8.8:53 | oyrwfsfwgci.info | udp |
| US | 8.8.8.8:53 | fjpftebvhcmm.info | udp |
| US | 8.8.8.8:53 | kmskpu.info | udp |
| US | 8.8.8.8:53 | ieyeqi.com | udp |
| US | 8.8.8.8:53 | cgocdfduuia.net | udp |
| US | 8.8.8.8:53 | kduyxexpfkfv.net | udp |
| US | 8.8.8.8:53 | hsnkmenwvof.com | udp |
| US | 8.8.8.8:53 | dhlsxwzo.info | udp |
| US | 8.8.8.8:53 | iwwygrqykt.info | udp |
| US | 8.8.8.8:53 | cmngmodpikj.info | udp |
| US | 8.8.8.8:53 | iafmfuwev.info | udp |
| US | 8.8.8.8:53 | vpzddin.com | udp |
| US | 8.8.8.8:53 | tmeiltb.org | udp |
| US | 8.8.8.8:53 | yytqwyr.info | udp |
| US | 8.8.8.8:53 | kuiwwaae.org | udp |
| US | 8.8.8.8:53 | sdgctvrac.net | udp |
| US | 8.8.8.8:53 | imkqguasoq.org | udp |
| US | 8.8.8.8:53 | ebqyetdut.net | udp |
| US | 8.8.8.8:53 | jmbqrehb.info | udp |
| US | 8.8.8.8:53 | rspxfkvezu.info | udp |
| US | 8.8.8.8:53 | nfdrqf.info | udp |
| US | 8.8.8.8:53 | faklymxqz.com | udp |
| US | 8.8.8.8:53 | psbalvmdesaw.net | udp |
| US | 8.8.8.8:53 | pjumnwnmv.com | udp |
| US | 8.8.8.8:53 | aeqske.com | udp |
| US | 8.8.8.8:53 | ghrlqzjixm.info | udp |
| US | 8.8.8.8:53 | umzbbf.info | udp |
| US | 8.8.8.8:53 | kslsryhctml.net | udp |
| US | 8.8.8.8:53 | kkceuwkecqoi.org | udp |
| US | 8.8.8.8:53 | bydvwt.net | udp |
| US | 8.8.8.8:53 | bhhchgi.com | udp |
| US | 8.8.8.8:53 | wqbtdiq.net | udp |
| US | 8.8.8.8:53 | rkxnhqior.net | udp |
| US | 8.8.8.8:53 | uwlcchbldsn.info | udp |
| US | 8.8.8.8:53 | dabjlwlk.net | udp |
| US | 8.8.8.8:53 | bprecnih.net | udp |
| US | 8.8.8.8:53 | fukfschpnxbo.net | udp |
| US | 8.8.8.8:53 | rajmhwv.com | udp |
| US | 8.8.8.8:53 | tjerkgthz.net | udp |
| US | 8.8.8.8:53 | oysaaiqgsu.org | udp |
| US | 8.8.8.8:53 | vwqrrd.net | udp |
| US | 8.8.8.8:53 | nmnmbsvqfov.com | udp |
| US | 8.8.8.8:53 | jezspuu.com | udp |
| US | 8.8.8.8:53 | tiyffulgt.net | udp |
| US | 8.8.8.8:53 | xibbfjnw.net | udp |
| US | 8.8.8.8:53 | mvvszipnr.net | udp |
| US | 8.8.8.8:53 | mcfqcijcfic.net | udp |
| US | 8.8.8.8:53 | xkrsoef.net | udp |
| US | 8.8.8.8:53 | juzgnwdgusx.com | udp |
| US | 8.8.8.8:53 | samqiscsqs.com | udp |
| US | 8.8.8.8:53 | dkpeeocmxpjs.info | udp |
| US | 8.8.8.8:53 | cftgctyidaxi.net | udp |
| US | 8.8.8.8:53 | xbdtdub.net | udp |
| US | 8.8.8.8:53 | lswnqnqzwa.info | udp |
| US | 8.8.8.8:53 | rekqpm.info | udp |
| US | 8.8.8.8:53 | fiyepgdrzmg.net | udp |
| US | 8.8.8.8:53 | zortbcxsh.net | udp |
| US | 8.8.8.8:53 | vnvchqrcn.net | udp |
| US | 8.8.8.8:53 | iawegfpc.info | udp |
| US | 8.8.8.8:53 | eukqapdidrk.info | udp |
| US | 8.8.8.8:53 | rmwbsmjktg.net | udp |
| US | 8.8.8.8:53 | txrardnmpex.info | udp |
| US | 8.8.8.8:53 | nepxrapdj.net | udp |
| US | 8.8.8.8:53 | cexubyc.info | udp |
| US | 8.8.8.8:53 | gojrlnj.info | udp |
| US | 8.8.8.8:53 | xptedduulxgb.info | udp |
| US | 8.8.8.8:53 | ufecsczymdqo.info | udp |
| US | 8.8.8.8:53 | dqsdzd.info | udp |
| US | 8.8.8.8:53 | qcmkwgekokkk.org | udp |
| US | 8.8.8.8:53 | futluokpvkhe.net | udp |
| US | 8.8.8.8:53 | yuumqaasygmw.org | udp |
| US | 8.8.8.8:53 | vbyefcdryhnp.info | udp |
| US | 8.8.8.8:53 | ocmmuwocciqy.org | udp |
| US | 8.8.8.8:53 | behsesbyx.com | udp |
| US | 8.8.8.8:53 | efbepnwi.net | udp |
| US | 8.8.8.8:53 | kxyqiitsc.net | udp |
| US | 8.8.8.8:53 | equzuyrayxzo.info | udp |
| US | 8.8.8.8:53 | iapibwfkf.net | udp |
| US | 8.8.8.8:53 | pglelalwggd.info | udp |
| US | 8.8.8.8:53 | eelimwqij.info | udp |
| US | 8.8.8.8:53 | hfbgabb.org | udp |
| US | 8.8.8.8:53 | uwukygpulj.info | udp |
| US | 8.8.8.8:53 | nvxoopjravwe.info | udp |
| US | 8.8.8.8:53 | opzgucl.info | udp |
| US | 8.8.8.8:53 | ezpeeyies.info | udp |
| US | 8.8.8.8:53 | tglfxcnlsqi.net | udp |
| BG | 88.87.9.41:27251 | tcp | |
| US | 8.8.8.8:53 | rdllpdxevc.info | udp |
| US | 8.8.8.8:53 | bsvnpeteyek.net | udp |
| US | 8.8.8.8:53 | ggiwmqgkqcya.org | udp |
| US | 8.8.8.8:53 | rulaikhfxg.net | udp |
| US | 8.8.8.8:53 | cguoezr.net | udp |
| US | 8.8.8.8:53 | tfjjnoqt.info | udp |
| US | 8.8.8.8:53 | xxmigktyg.com | udp |
| US | 8.8.8.8:53 | hhaukgdixgc.com | udp |
| US | 8.8.8.8:53 | wauxvvykvg.net | udp |
| US | 8.8.8.8:53 | unubkvbgps.info | udp |
| US | 8.8.8.8:53 | lglwdnbd.info | udp |
| US | 8.8.8.8:53 | donhjvaxpypp.net | udp |
| US | 8.8.8.8:53 | akzaaqbjb.info | udp |
| US | 8.8.8.8:53 | qepxrlt.net | udp |
| US | 8.8.8.8:53 | aevuaqdsm.net | udp |
| US | 8.8.8.8:53 | ngfkgqmgimh.org | udp |
| US | 8.8.8.8:53 | bykyfi.net | udp |
| US | 8.8.8.8:53 | lukihixjupr.org | udp |
| US | 8.8.8.8:53 | citepix.info | udp |
| US | 8.8.8.8:53 | jozxzgswmrh.net | udp |
| US | 8.8.8.8:53 | wfflxru.info | udp |
| US | 8.8.8.8:53 | nsrvwca.org | udp |
| US | 8.8.8.8:53 | pmptcotx.net | udp |
| US | 8.8.8.8:53 | huuonkc.org | udp |
| US | 8.8.8.8:53 | qceqikaekkqc.com | udp |
| US | 8.8.8.8:53 | eehpwazqnl.net | udp |
| US | 8.8.8.8:53 | nwzayml.org | udp |
| US | 8.8.8.8:53 | tdlchsbj.info | udp |
| US | 8.8.8.8:53 | bohzzcvun.org | udp |
| US | 8.8.8.8:53 | nkvyvami.net | udp |
| US | 8.8.8.8:53 | hajyfalwmzr.org | udp |
| US | 8.8.8.8:53 | ravoeyj.org | udp |
| US | 8.8.8.8:53 | cxfbbvwq.net | udp |
| US | 8.8.8.8:53 | mvzxwixogj.net | udp |
| US | 8.8.8.8:53 | wwtfrd.net | udp |
| US | 8.8.8.8:53 | rtcqudyyzhrh.info | udp |
| US | 8.8.8.8:53 | xecwugtbc.org | udp |
| US | 8.8.8.8:53 | wcibuwpqacr.info | udp |
| US | 8.8.8.8:53 | sidgxcze.info | udp |
| US | 8.8.8.8:53 | bslsxsdqqip.com | udp |
| US | 8.8.8.8:53 | nhllcahi.net | udp |
| US | 8.8.8.8:53 | wwuqyyeaysig.org | udp |
| US | 8.8.8.8:53 | vzueywlonjeg.info | udp |
| US | 8.8.8.8:53 | tedodftzd.com | udp |
| US | 8.8.8.8:53 | savglsruj.net | udp |
| US | 8.8.8.8:53 | rbpdbc.info | udp |
| US | 8.8.8.8:53 | jszsdmxyjzh.org | udp |
| US | 8.8.8.8:53 | yudrtnvbms.info | udp |
| US | 8.8.8.8:53 | kmyjhlkza.info | udp |
| US | 8.8.8.8:53 | emeiiwwysu.com | udp |
| US | 8.8.8.8:53 | nytsmmzevyz.org | udp |
| US | 8.8.8.8:53 | gabmxgxco.net | udp |
| US | 8.8.8.8:53 | dthcmsus.net | udp |
| US | 8.8.8.8:53 | iqkamaueuwyg.com | udp |
| US | 8.8.8.8:53 | uouifea.info | udp |
| US | 8.8.8.8:53 | ykirmubs.net | udp |
| US | 8.8.8.8:53 | nrxkdj.net | udp |
| US | 8.8.8.8:53 | kvnwxdblpopq.net | udp |
| US | 8.8.8.8:53 | fbjwtayutuv.net | udp |
| US | 8.8.8.8:53 | oeomrarwnkn.net | udp |
| US | 8.8.8.8:53 | zgpyuiyjr.org | udp |
| US | 8.8.8.8:53 | dfgpuv.net | udp |
| US | 8.8.8.8:53 | vvzbqi.info | udp |
| US | 8.8.8.8:53 | vusvdbpb.info | udp |
| US | 8.8.8.8:53 | mphupunir.net | udp |
| US | 8.8.8.8:53 | nhkidkzhkkx.net | udp |
| US | 8.8.8.8:53 | ekvmumt.net | udp |
| US | 8.8.8.8:53 | hppujkzs.net | udp |
| US | 8.8.8.8:53 | fsfslefhtkxh.net | udp |
| US | 8.8.8.8:53 | vxlunydxpu.info | udp |
| US | 8.8.8.8:53 | pzdwcbsq.net | udp |
| US | 8.8.8.8:53 | wianzn.info | udp |
| US | 8.8.8.8:53 | fodslmimf.com | udp |
| US | 8.8.8.8:53 | qmwgkcimaqes.org | udp |
| US | 8.8.8.8:53 | pfhxkwihhg.info | udp |
| US | 8.8.8.8:53 | dnokev.info | udp |
| US | 8.8.8.8:53 | iaguysaysikg.com | udp |
| US | 8.8.8.8:53 | zmystcv.org | udp |
| US | 8.8.8.8:53 | fifesmrbm.net | udp |
| US | 8.8.8.8:53 | zmriexres.org | udp |
| US | 8.8.8.8:53 | vxakrkg.org | udp |
| US | 8.8.8.8:53 | qemghpz.info | udp |
| US | 8.8.8.8:53 | rqmcpmequ.info | udp |
| US | 8.8.8.8:53 | wucwikkaai.com | udp |
| US | 8.8.8.8:53 | ptjdxyjmg.net | udp |
| US | 8.8.8.8:53 | bhcwvkk.org | udp |
| US | 8.8.8.8:53 | rkbvuq.net | udp |
| US | 8.8.8.8:53 | ewioce.org | udp |
| US | 8.8.8.8:53 | fmmbktcgpkpx.info | udp |
| US | 8.8.8.8:53 | scnsesrmchy.info | udp |
| US | 8.8.8.8:53 | sklsbwz.net | udp |
| US | 8.8.8.8:53 | ogiauweyooam.org | udp |
| US | 8.8.8.8:53 | qkwecg.com | udp |
| US | 8.8.8.8:53 | lnllqjoq.net | udp |
| US | 8.8.8.8:53 | mgtqwigjx.info | udp |
| US | 8.8.8.8:53 | jcmcalnjybd.info | udp |
| US | 8.8.8.8:53 | miegswic.com | udp |
| US | 8.8.8.8:53 | igccvtb.info | udp |
| US | 8.8.8.8:53 | dhcebyjy.info | udp |
| US | 8.8.8.8:53 | vqdogbsr.net | udp |
| US | 8.8.8.8:53 | zaypbhfxoz.info | udp |
| US | 8.8.8.8:53 | pndebrmtjnli.info | udp |
| US | 8.8.8.8:53 | hetqjsknfitk.net | udp |
| US | 8.8.8.8:53 | psotdycyp.com | udp |
| US | 8.8.8.8:53 | tjdeuoco.info | udp |
| US | 8.8.8.8:53 | gcckcwwicmug.org | udp |
| US | 8.8.8.8:53 | oyyuyogo.com | udp |
| US | 8.8.8.8:53 | uugges.com | udp |
| US | 8.8.8.8:53 | funogbzuhx.info | udp |
| US | 8.8.8.8:53 | kvejnumumq.info | udp |
| US | 8.8.8.8:53 | pudvxgrauyf.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
| MD5 | 5203b6ea0901877fbf2d8d6f6d8d338e |
| SHA1 | c803e92561921b38abe13239c1fd85605b570936 |
| SHA256 | 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060 |
| SHA512 | d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471 |
C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe
| MD5 | 43911114fe45fe2349eea1c3c5657bfd |
| SHA1 | 3ce01eaf787a67fd84d31bee4eddbeaab0b239c9 |
| SHA256 | 371e7fce1fa40071ff8b99fa72a84f8697e26e8d43bc0932c9acc9ce4ba64a0d |
| SHA512 | e333fa0db5a206dcbe32e385905aa71b09d3f09fbff449a65a6e5ea607ed9ab424595666d8603a173987f257735620d92942a7b420fdee049b281c4261018d35 |
C:\Users\Admin\AppData\Local\Temp\dcktv.exe
| MD5 | 5b636d806943e2a0101554abbfe5becf |
| SHA1 | 69cba4316e8372a503597e5b5038262d3fa9e754 |
| SHA256 | f4bfd9762b293bb249923922549449a3f7de0098182bd4541420f3f681491be5 |
| SHA512 | fb11f42cb98ef9102c991525f198fa2794cfb7ada5c7264bdb7a9c31c8f51cb58532511a21c39b31b770c16154fe5e40c9ddc79d1a1b1515d9a2d9677ee8d378 |
C:\Users\Admin\AppData\Local\eybfcfbwcxfdfipzmbeybf.fbw
| MD5 | 806d5645e36e7f3af966ea55a45418a2 |
| SHA1 | ca67edc927759345fd3e3dfb1aead5ccb9d0b282 |
| SHA256 | ec3233b21e98d4c1ced09ba15218c6b8d5eae460eec66e0faefb2f230e51d0a6 |
| SHA512 | 9f35bd114bc2b99b26d44fe3d0d70c805582f57f7bdd1c7fba860eae5c21e485b19667253cc1a523c6bc371d36c8716793f04905cd3c6f5b0f6ff57556f0e8ba |
C:\Users\Admin\AppData\Local\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb
| MD5 | b0561fa601778d6e41b4f0820cd5039f |
| SHA1 | 2e9911dee7d4cb2d6443eb6a710ad2b1d3974a1f |
| SHA256 | 6b53702d7c7478c104028f07731d6d359654e5df11d64650cde14380584f70d2 |
| SHA512 | a3c87384ae2737e0ec378e8438e5b9fcd78b2d3f24f5dd18b1b2c50d29e38583c897357b2029d3d650a04ae5e1bb69942b22603809876b3d54adc3c1fba98dac |
C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw
| MD5 | 9d971bb939383ead01574086c58ce0ff |
| SHA1 | 27395ad96b95e852c967153c81a269152e73d465 |
| SHA256 | 0626436ccf6ca859ade4cc38becd95034974bb8cc82baa6e7f8e4324814420a5 |
| SHA512 | 70d63ed496a0a2b2d1a918480251f1e21961f8d414657de4d1245fb00309c2b96e8f446ca1c07fb60c9e9818130da67979a8bac8a1d0a56e858924cf59d17872 |
C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw
| MD5 | 27b709391b05c5cf4e6da762baabc203 |
| SHA1 | 9d505cbbb0873d16d4434cbf025ebfd4ed7150f5 |
| SHA256 | 147a8fd8bfbd0f97b2d55de2dd645ec8764bfca9d36fb574a313435b992fb70c |
| SHA512 | 3d19fd0b48cf4e1d387983a0cb717cdc4ad0f4abafdc19cdde3403cc049e3a5b42898e224421d2d894f3588dff5ff3dd3f829298d028fb29517f8b3002f1fba1 |
C:\aerfmzfkaf.bat
| MD5 | 84465679e7c3bce67dc2f0661fc0603d |
| SHA1 | 998d70d34c516273a7aa75094fe6d70b2977a4aa |
| SHA256 | b484afebbad6e16ca5b6c811a56df01f1702487c5383bade79fa59cfdd7e5484 |
| SHA512 | 858a33f20565b10dcd997a0f9c102963497912b3d3d2a9c87396e6d003030b311fff19d965ca8fd4f6c39ef1dff6bb9642cf74cffd332ed2030c91e86459ba0b |
C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw
| MD5 | b66c695bb2bb585453d473dceaaad72d |
| SHA1 | 5cb54ee5022d8c8ee417c9929f41dac4ba2c91a8 |
| SHA256 | 2f73bd73da235039c90a41510754276a90d1d04ed11e2b7f1a6b6b6354b2bc09 |
| SHA512 | 8b47f35d83aab3e339a927d7fc6c1f62516e4fb46c2a321f06fd85742ab52fe59a1472797cf970f2ca5ec774c7e40610fbe4391bc4799ebbcab145744bebb5f4 |
C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw
| MD5 | 925d5e78dfa6620e403d77b90773af6b |
| SHA1 | 2e4ba0659d14f44a3fc25bb4554462fc121ff815 |
| SHA256 | 514b83d0d720f34d5ca5b3e13eafb6c2ef8c7cf58d20ef4307c661325d8aa042 |
| SHA512 | 8c48c26af0561c71f803498c2d8090e3b2af087d97f6c38a5f14a192e8b75355ede05014f67d42ea7c0fa932a5cf76c85330e470342eb56b2c78401e604384a4 |
C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw
| MD5 | f9f2b68ce86061c2980f2cad14ccca00 |
| SHA1 | ae3452cb6bbf0376ab5ac9759c9e349ab79ae078 |
| SHA256 | 8b402cc186592d185d8f709b8fd744b8a94d5380954d70ddaa3cbe65baeb4551 |
| SHA512 | 82c5d7f8875a15a13d74ddd90ba9eb71486028ff4d8c32257a768bf6a6fa82baca28c2b686f5fde9ae898a0cb6a53049e3f6f25b79d3c670006f129330bdbc99 |
C:\Users\Admin\AppData\Local\eybfcfbwcxfdfipzmbeybf.fbw
| MD5 | a07907e60b5e38cdb25cb9e80bb8bfb9 |
| SHA1 | 9658e6a1f5f5233482f540326a9c4b2e64e72d30 |
| SHA256 | 150486e0062c1187df54d5c040964e0297ade2d19ca61a190799c0051372079f |
| SHA512 | ba721d075471ea07aab1935b2b58ccbc75b762743d9458ef5e57a5290659530fb9b9b8b1df0dc191c045f1aa9aab368e06418e921a1abce51f22488f093c5049 |