Malware Analysis Report

2025-08-10 22:41

Sample ID 250127-zm2yhawjap
Target JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd
SHA256 371e7fce1fa40071ff8b99fa72a84f8697e26e8d43bc0932c9acc9ce4ba64a0d
Tags
defense_evasion discovery persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

371e7fce1fa40071ff8b99fa72a84f8697e26e8d43bc0932c9acc9ce4ba64a0d

Threat Level: Known bad

The file JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery persistence privilege_escalation trojan

Modifies WinLogon for persistence

UAC bypass

Disables RegEdit via registry modification

Adds policy Run key to start application

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Impair Defenses: Safe Mode Boot

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Adds Run key to start application

Drops autorun.inf file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 20:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 20:50

Reported

2025-01-27 20:53

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "kivwkjyyogpomekmmjge.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "kivwkjyyogpomekmmjge.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "xuggtrfetksqnejkjfb.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zigsr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\myzoqdgu = "kivwkjyyogpomekmmjge.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "wqzwgbmiuinicqsq.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe ." C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "xuggtrfetksqnejkjfb.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "wqzwgbmiuinicqsq.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "kivwkjyyogpomekmmjge.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "mitsebomaqxuqgkkid.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "kivwkjyyogpomekmmjge.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "xuggtrfetksqnejkjfb.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "mitsebomaqxuqgkkid.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "wqzwgbmiuinicqsq.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "dyigrnzwjyeavknmj.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xuggtrfetksqnejkjfb.exe ." C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "xuggtrfetksqnejkjfb.exe ." C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqzwgbmiuinicqsq.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "xuggtrfetksqnejkjfb.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "xuggtrfetksqnejkjfb.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\kutggr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\dqsilzdsx = "xuggtrfetksqnejkjfb.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "mitsebomaqxuqgkkid.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "zymoddtuleoongnqrpnma.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mitsebomaqxuqgkkid.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wkneixcsyg = "kivwkjyyogpomekmmjge.exe ." C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "kivwkjyyogpomekmmjge.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oejcizgygqri = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zymoddtuleoongnqrpnma.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "mitsebomaqxuqgkkid.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "xuggtrfetksqnejkjfb.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\xiiwxjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kivwkjyyogpomekmmjge.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\kutggr = "dyigrnzwjyeavknmj.exe" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rgkchxdubkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dyigrnzwjyeavknmj.exe ." C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\bewcvztytqeilitafhjme.dhb C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File created C:\Windows\SysWOW64\bewcvztytqeilitafhjme.dhb C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File created C:\Windows\SysWOW64\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\SysWOW64\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Program Files (x86)\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File created C:\Program Files (x86)\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File created C:\Windows\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\kivwkjyyogpomekmmjge.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File created C:\Windows\bewcvztytqeilitafhjme.dhb C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\bewcvztytqeilitafhjme.dhb C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\qqfiyzqskepqqkswyxwwlo.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\wqzwgbmiuinicqsq.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
File opened for modification C:\Windows\dyigrnzwjyeavknmj.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\mitsebomaqxuqgkkid.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\zymoddtuleoongnqrpnma.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
File opened for modification C:\Windows\xuggtrfetksqnejkjfb.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2280 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
PID 2280 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
PID 2280 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
PID 2280 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
PID 2164 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2164 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2164 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2164 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2164 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2164 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2164 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2164 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe C:\Users\Admin\AppData\Local\Temp\zigsr.exe
PID 2280 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
PID 2280 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
PID 2280 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe
PID 2280 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\zigsr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe"

C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe

"C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe*"

C:\Users\Admin\AppData\Local\Temp\zigsr.exe

"C:\Users\Admin\AppData\Local\Temp\zigsr.exe" "-C:\Users\Admin\AppData\Local\Temp\wqzwgbmiuinicqsq.exe"

C:\Users\Admin\AppData\Local\Temp\zigsr.exe

"C:\Users\Admin\AppData\Local\Temp\zigsr.exe" "-C:\Users\Admin\AppData\Local\Temp\wqzwgbmiuinicqsq.exe"

C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe

"C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.11:80 www.yahoo.com tcp
KZ 95.56.28.147:43672 tcp
US 8.8.8.8:53 zagyxzu.net udp
US 34.227.7.138:80 zagyxzu.net tcp
US 8.8.8.8:53 jgraxsod.net udp
US 8.8.8.8:53 ddhstozclxk.info udp
US 8.8.8.8:53 yvlevtbtem.info udp
DE 85.214.228.140:80 yvlevtbtem.info tcp
US 8.8.8.8:53 njsugk.net udp
US 8.8.8.8:53 cupszorovfx.net udp
BG 188.254.223.6:27303 tcp
US 8.8.8.8:53 eqcsmqwqou.org udp
US 8.8.8.8:53 lppedez.org udp
US 8.8.8.8:53 orzluuurr.net udp
US 8.8.8.8:53 cztazbbor.info udp
BG 95.140.215.110:41508 tcp
US 8.8.8.8:53 vfjvaipsb.info udp
US 8.8.8.8:53 hufarx.info udp
BG 78.90.52.163:36212 tcp
US 8.8.8.8:53 imsefqsjjty.net udp
US 8.8.8.8:53 clxyzkvexavh.info udp
US 8.8.8.8:53 vjafgnsy.info udp
US 8.8.8.8:53 hhjfar.info udp
US 8.8.8.8:53 begslbn.com udp
DE 93.123.101.185:44718 tcp
US 8.8.8.8:53 fjbhjuwj.net udp
US 8.8.8.8:53 uiqaueqkeq.org udp
US 8.8.8.8:53 nrnctibl.net udp
US 8.8.8.8:53 jeawlywxtr.net udp
LT 78.57.238.81:31713 tcp
US 8.8.8.8:53 zpfqpe.net udp
US 8.8.8.8:53 htahpod.org udp
RU 109.126.17.144:45163 tcp
US 8.8.8.8:53 bawotyjmh.info udp
US 8.8.8.8:53 jqxsjuliobfu.net udp
US 8.8.8.8:53 eywozmf.info udp
US 8.8.8.8:53 gnscluluxmt.net udp
BG 78.90.52.163:36212 tcp
US 8.8.8.8:53 imwhww.info udp
US 8.8.8.8:53 gxovrewca.info udp
US 208.117.43.225:80 gxovrewca.info tcp
US 8.8.8.8:53 solnlljap.info udp
US 8.8.8.8:53 hthyjixi.info udp
US 8.8.8.8:53 mmquqescoq.com udp
US 8.8.8.8:53 kyfwwjc.info udp
US 8.8.8.8:53 kglkferkp.net udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 arnqxvnar.net udp
BG 46.238.8.135:41875 tcp
US 8.8.8.8:53 hpebkzbxuz.info udp
US 8.8.8.8:53 wbiwvwcbje.info udp
BG 109.160.25.117:29692 tcp
US 8.8.8.8:53 ieofjgjq.info udp
US 8.8.8.8:53 lkpfthcneopu.info udp
US 8.8.8.8:53 zctqggnqtup.net udp
US 8.8.8.8:53 wdxfzzhm.info udp
LT 81.7.66.153:32089 tcp
US 8.8.8.8:53 nmkjljnueqqs.net udp
US 8.8.8.8:53 zwftlitawmx.net udp
US 8.8.8.8:53 xemyraduz.com udp
US 8.8.8.8:53 ewusaueooiic.org udp
US 8.8.8.8:53 ugwikuki.com udp
BG 213.167.28.200:34894 tcp
US 8.8.8.8:53 yevmmvry.info udp
US 8.8.8.8:53 kepgsolem.net udp
BG 85.196.181.39:24680 tcp
US 8.8.8.8:53 mhfmtazsjcz.info udp
US 8.8.8.8:53 aalvmilsmby.net udp
US 8.8.8.8:53 yezgiwlcg.info udp
US 8.8.8.8:53 tvtumycbj.info udp
BE 82.212.163.140:24600 tcp
US 8.8.8.8:53 auonjalwapgg.info udp
US 8.8.8.8:53 oayqam.com udp
US 8.8.8.8:53 lmfhcgditgi.com udp
RU 92.37.203.163:25690 tcp
US 8.8.8.8:53 scxclfncrux.net udp
US 8.8.8.8:53 qibkxum.info udp
US 8.8.8.8:53 hdjwlugksj.net udp
RU 46.37.132.64:41943 tcp
US 8.8.8.8:53 gsbjzqw.info udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\eujspiznoet.exe

MD5 5203b6ea0901877fbf2d8d6f6d8d338e
SHA1 c803e92561921b38abe13239c1fd85605b570936
SHA256 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060
SHA512 d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471

C:\Windows\SysWOW64\mitsebomaqxuqgkkid.exe

MD5 43911114fe45fe2349eea1c3c5657bfd
SHA1 3ce01eaf787a67fd84d31bee4eddbeaab0b239c9
SHA256 371e7fce1fa40071ff8b99fa72a84f8697e26e8d43bc0932c9acc9ce4ba64a0d
SHA512 e333fa0db5a206dcbe32e385905aa71b09d3f09fbff449a65a6e5ea607ed9ab424595666d8603a173987f257735620d92942a7b420fdee049b281c4261018d35

\Users\Admin\AppData\Local\Temp\zigsr.exe

MD5 4fed162de72a3aaaabcc7a1141308eee
SHA1 327060a6c942868d75bb76ea9618c9a89356cdce
SHA256 fa50aa2e49ddb840cc7fde875495169944ecf30e37bc60d812f9431f5038c683
SHA512 24004176eb4dc5fe91f46ad68d2f46c8584b527cfd1e73834dafbd039a5acbbb190430f02dd122624939e7c964adca8bc3a34c5b3752a893c574dd256b8340b0

C:\Users\Admin\AppData\Local\bewcvztytqeilitafhjme.dhb

MD5 1b4fcd262cf00dde543aa96dd99ff4a9
SHA1 4babe6960ccbd7b216a11fead77e2ffe0df7bd73
SHA256 cf81873f56689e5f2a6d894e987e8c7bfbeeee652fb85ec5dd695420fa43b7bc
SHA512 4eef355ea378c130d357d6bcea6cc81f2b2d9eee5348e1820164f23c1f186b852baa6b7117ce6d86ae5777f5886d1e21df724e7f752224774280ec014c9a223f

C:\Users\Admin\AppData\Local\wkneixcsygfuiqmeuhuilcgvaqwedsgo.csf

MD5 d473bc33d2cd07a9a0ffb7cc001d6a19
SHA1 a72f447edbf63bd63cac3867ddfa2386085128db
SHA256 7d0b4bb9e39b5cca7c42cdbc199c3365c6a763191ee1caf1a63a7548ce6bd9c4
SHA512 415bd92227cb0a36d2b5bc0bfc765c4bf3b89c4baf7a778cb8c32af58d0a589ea601fd3b5d6c8dba349ed4048ebe4c48289080ed5f2ba17ec607bba91d91b1fb

C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb

MD5 078286a0bec7cd8d765fd37b602f6af9
SHA1 1928d99b771c690beca7a433f88351c1a5d78be0
SHA256 87089d6dae145bba8146d36f30351b3f45a91abe3063794e919c92e2a33fad3e
SHA512 e8f5f8b20f785762db047c1eb26d2788009e94652404fedca7581b36ac41c015bbd4f8f2fdb651b180a4c53f1826f726d9c78404c84dabd98eaa9e67cfa06b24

C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb

MD5 dbaad30372d8cc48e5d89b62e972639b
SHA1 c30c2f63c8aebd2522fb5166b60ecb20daeedf6d
SHA256 8ed1c6609645cc5070a60b1cd0e67dc3d89b27990e18c7877e3c15c6a8811aab
SHA512 bbf4ee046df007140061a8a552cd09914714675426e53a918c203a6cdd26a3e8d7092ff4040a216a157f1121eab5ec545caaa62422e09a48e30322e2770bde5c

C:\Program Files (x86)\bewcvztytqeilitafhjme.dhb

MD5 075cc3cb518044fd90aced98d7494361
SHA1 6d38dcb2c2fa6e6351cf24adbd71ac54e139f16e
SHA256 15843dca3a42072c74cf7ff9a912fbe2bd9fb8a6dd18ddb11e710b558a0a98c1
SHA512 761dcf6e55bab435e7c98bd450a3616f1f56e784bf75d257e4eb82cb4c1462d29b1bc8faa8e016152a01f91a5ef7c0b5a0b3c3ec2463d7d76bf36fa05748d95b

C:\Users\Admin\AppData\Local\bewcvztytqeilitafhjme.dhb

MD5 805bca1f5fb9d0d5adffe0208043a98a
SHA1 e8df72c3313eec052f79861b6cf53862fefd0559
SHA256 0599e38f6fb234e6cff25183e774e7c48bfc6ebd4a7e180aeaf880723a6df3fb
SHA512 4e4bf7ad9bf7ccf5fe0348729775137f8081682e8d400211186d5ede37688051e499bdddbf27b2d84dbaef7fb8a6e672b5cbc71b2c5a72bc10b1b3985e5160dc

C:\Users\Admin\AppData\Local\bewcvztytqeilitafhjme.dhb

MD5 4853facadbc1ef276dd693dfca6d21e5
SHA1 ac5c1455f2d45293345c8c31155cdd6a04264a3d
SHA256 4d983afa766a60b448d32585176464d4022a8f1ff60b14e5ed75c8d04fab666f
SHA512 c88e09c3ae853ef89c1800fb71a36b70be279d2398ddb358fb7b65ee0f0cea5d30d3abfb64f5310448ecfc242838e0ca277b1f47516e72d9537f2464df31918a

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-27 20:50

Reported

2025-01-28 09:09

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sarjulveyhdpfw = "akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vaodlzgmdjc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "dsqphfwmndgzwuwbjtrge.exe ." C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "dsqphfwmndgzwuwbjtrge.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "hsmhvpcolxwleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "hsmhvpcolxwleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "akdxkdpawhftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "oczxolbqqfhzvstxenky.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "hsmhvpcolxwleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe ." C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "dsqphfwmndgzwuwbjtrge.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "qcxtidrecppfzutvah.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "bokhxtiwvjkbwssvbjf.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcxtidrecppfzutvah = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\akdxkdpawhftlebb = "qcxtidrecppfzutvah.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "dsqphfwmndgzwuwbjtrge.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vewpbteojtqdumi = "hsmhvpcolxwleywxb.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ryofpfowpxsds = "oczxolbqqfhzvstxenky.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "dsqphfwmndgzwuwbjtrge.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syndmbjqipjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bokhxtiwvjkbwssvbjf.exe" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hsmhvpcolxwleywxb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\akdxkdpawhftlebb.exe ." C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File created C:\Windows\SysWOW64\eybfcfbwcxfdfipzmbeybf.fbw C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File created C:\Windows\SysWOW64\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\eybfcfbwcxfdfipzmbeybf.fbw C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\SysWOW64\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\SysWOW64\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File created C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Program Files (x86)\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File created C:\Program Files (x86)\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File created C:\Windows\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\eybfcfbwcxfdfipzmbeybf.fbw C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\bokhxtiwvjkbwssvbjf.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\akdxkdpawhftlebb.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File created C:\Windows\eybfcfbwcxfdfipzmbeybf.fbw C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\hsmhvpcolxwleywxb.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\oczxolbqqfhzvstxenky.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\ukjjcbtkmdhbzybhqbaqpp.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
File opened for modification C:\Windows\qcxtidrecppfzutvah.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
File opened for modification C:\Windows\dsqphfwmndgzwuwbjtrge.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5052 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
PID 5052 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
PID 5052 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
PID 3048 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe
PID 3048 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe
PID 3048 wrote to memory of 1052 N/A C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe
PID 3048 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe
PID 3048 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe
PID 3048 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe C:\Users\Admin\AppData\Local\Temp\dcktv.exe
PID 5052 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
PID 5052 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe
PID 5052 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\dcktv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43911114fe45fe2349eea1c3c5657bfd.exe"

C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe

"C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe*"

C:\Users\Admin\AppData\Local\Temp\dcktv.exe

"C:\Users\Admin\AppData\Local\Temp\dcktv.exe" "-C:\Users\Admin\AppData\Local\Temp\akdxkdpawhftlebb.exe"

C:\Users\Admin\AppData\Local\Temp\dcktv.exe

"C:\Users\Admin\AppData\Local\Temp\dcktv.exe" "-C:\Users\Admin\AppData\Local\Temp\akdxkdpawhftlebb.exe"

C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe

"C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_43911114fe45fe2349eea1c3c5657bfd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 147.111.86.104.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 244.160.67.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 87.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 79.223.19.104.in-addr.arpa udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 56.74.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.ebay.com udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 2.23.161.164:80 www.ebay.com tcp
UA 176.8.179.16:40947 tcp
US 8.8.8.8:53 zagyxzu.net udp
US 34.227.7.138:80 zagyxzu.net tcp
US 8.8.8.8:53 zdllhlditjzd.info udp
US 8.8.8.8:53 lyrepwf.org udp
US 8.8.8.8:53 jjngix.net udp
US 8.8.8.8:53 ofwtdemvdwjh.net udp
US 8.8.8.8:53 fcnuyrmwj.org udp
US 8.8.8.8:53 yvlevtbtem.info udp
DE 85.214.228.140:80 yvlevtbtem.info tcp
US 8.8.8.8:53 fkewygmkarzp.net udp
US 8.8.8.8:53 vsvujg.info udp
US 8.8.8.8:53 voiztdxjhkm.com udp
US 8.8.8.8:53 yxbtrpqyog.net udp
US 8.8.8.8:53 kogczxombtrc.info udp
US 8.8.8.8:53 lppedez.org udp
US 8.8.8.8:53 ridxvoubk.net udp
US 8.8.8.8:53 164.161.23.2.in-addr.arpa udp
US 8.8.8.8:53 138.7.227.34.in-addr.arpa udp
US 8.8.8.8:53 vuborzmdwar.com udp
US 8.8.8.8:53 ekinxs.net udp
US 8.8.8.8:53 imsefqsjjty.net udp
US 8.8.8.8:53 bqlsnyf.com udp
US 8.8.8.8:53 sazxvkllne.net udp
US 8.8.8.8:53 wmemmkag.com udp
US 8.8.8.8:53 mheextaoqoot.info udp
US 8.8.8.8:53 gmmkqicm.com udp
US 8.8.8.8:53 bvvsbahxniv.net udp
US 8.8.8.8:53 xvbazgrquxxx.net udp
US 8.8.8.8:53 uiqaueqkeq.org udp
US 8.8.8.8:53 iiekfdukb.net udp
US 8.8.8.8:53 daffdtoahq.info udp
US 8.8.8.8:53 kayomsqccs.org udp
US 8.8.8.8:53 twdulv.info udp
US 8.8.8.8:53 gxovrewca.info udp
US 208.117.43.225:80 gxovrewca.info tcp
US 8.8.8.8:53 igyvtpdik.info udp
US 8.8.8.8:53 iqsdjmza.info udp
US 8.8.8.8:53 ycaoka.org udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 225.43.117.208.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 eohkcsksh.info udp
US 8.8.8.8:53 kglkferkp.net udp
US 8.8.8.8:53 fnvgospwc.net udp
US 8.8.8.8:53 nayqksxdeoyy.net udp
US 8.8.8.8:53 yaxpgshqjy.net udp
US 8.8.8.8:53 scouvhemn.net udp
US 8.8.8.8:53 iqtcpyft.info udp
US 8.8.8.8:53 lkpfthcneopu.info udp
US 8.8.8.8:53 imlwhd.net udp
US 8.8.8.8:53 plizzmkxkdvo.info udp
US 8.8.8.8:53 wewijbyz.net udp
US 8.8.8.8:53 zalsht.info udp
US 8.8.8.8:53 onbcnr.net udp
US 8.8.8.8:53 ugwikuki.com udp
US 8.8.8.8:53 ycsqgi.com udp
US 8.8.8.8:53 bcljyzibrk.info udp
US 8.8.8.8:53 xkhiwdp.org udp
US 8.8.8.8:53 bjkmaphq.info udp
US 8.8.8.8:53 tvtumycbj.info udp
US 8.8.8.8:53 hnmqqyvqk.net udp
US 8.8.8.8:53 xsctfdhpiwod.info udp
US 8.8.8.8:53 fveqxixlnj.info udp
US 8.8.8.8:53 gsbjzqw.info udp
US 8.8.8.8:53 qqkoymaw.com udp
US 8.8.8.8:53 cwtseitwpdb.net udp
US 8.8.8.8:53 urhqez.net udp
US 8.8.8.8:53 ibajfb.info udp
US 8.8.8.8:53 hbnihmmot.info udp
US 8.8.8.8:53 wudrlgzax.info udp
US 8.8.8.8:53 fahlytmmlz.info udp
US 8.8.8.8:53 ajjpigfggb.net udp
US 8.8.8.8:53 zeogwjwsnslb.info udp
US 8.8.8.8:53 ydkotrvkhl.net udp
US 8.8.8.8:53 nanehgtr.net udp
US 8.8.8.8:53 blfsfjll.net udp
US 8.8.8.8:53 dixzdew.net udp
US 8.8.8.8:53 lbmajwuuq.com udp
US 8.8.8.8:53 znpdlfmejihe.net udp
US 8.8.8.8:53 iocomypijct.info udp
US 8.8.8.8:53 mefkhug.net udp
US 8.8.8.8:53 tcbopdsif.net udp
US 8.8.8.8:53 entqdjaf.net udp
US 8.8.8.8:53 quakmmsyem.org udp
US 8.8.8.8:53 makyqycm.com udp
US 8.8.8.8:53 jxeygb.net udp
US 8.8.8.8:53 ovqodpzd.net udp
US 8.8.8.8:53 xtkmlhp.info udp
US 8.8.8.8:53 jqpeboe.com udp
US 8.8.8.8:53 fazbdjijxaqt.net udp
US 8.8.8.8:53 lsrxfm.net udp
US 8.8.8.8:53 flnwhwwxfarv.net udp
US 8.8.8.8:53 pcjpnotj.info udp
US 8.8.8.8:53 dtjulkfi.info udp
US 8.8.8.8:53 koymoq.com udp
US 8.8.8.8:53 qninxsgta.info udp
US 8.8.8.8:53 resivmhzh.net udp
US 8.8.8.8:53 idnmjdeb.info udp
US 8.8.8.8:53 bqglsw.info udp
US 8.8.8.8:53 xczvodoqqrbf.net udp
US 8.8.8.8:53 vzdbnquot.org udp
US 8.8.8.8:53 qcweqows.com udp
US 8.8.8.8:53 tlpzjoysgy.info udp
US 8.8.8.8:53 mcgslskwd.info udp
US 8.8.8.8:53 folwthrqhvbo.info udp
US 8.8.8.8:53 iogazasyw.net udp
US 8.8.8.8:53 kwegyi.org udp
US 8.8.8.8:53 swjmhihwl.info udp
US 8.8.8.8:53 bwwdfdzs.info udp
US 8.8.8.8:53 qxnovodjnwph.net udp
US 8.8.8.8:53 fctmuiu.org udp
US 8.8.8.8:53 dabtkfv.net udp
US 8.8.8.8:53 fymbfdrqb.org udp
US 8.8.8.8:53 vyyersapaa.info udp
US 8.8.8.8:53 qigeuwgc.com udp
US 8.8.8.8:53 rzadlipg.net udp
US 8.8.8.8:53 kedaukfm.info udp
US 8.8.8.8:53 ygkigukuqi.org udp
US 8.8.8.8:53 fxtipsji.info udp
US 8.8.8.8:53 zdaymc.info udp
US 8.8.8.8:53 komoaauqyyim.org udp
US 8.8.8.8:53 gqcvuitbbgto.info udp
US 8.8.8.8:53 kyxkljw.info udp
US 8.8.8.8:53 inllquav.info udp
US 8.8.8.8:53 scytoow.info udp
US 8.8.8.8:53 bcakgxpwp.net udp
US 8.8.8.8:53 rjzebiy.org udp
US 8.8.8.8:53 fjcqiy.net udp
US 8.8.8.8:53 ookllofsbuf.info udp
US 8.8.8.8:53 zmzehifwl.info udp
US 8.8.8.8:53 goydcebort.info udp
US 8.8.8.8:53 cknujdulnim.info udp
US 8.8.8.8:53 irfdvndbbaiy.info udp
US 8.8.8.8:53 fwfeexky.info udp
US 8.8.8.8:53 dgnplqx.net udp
US 8.8.8.8:53 aeawuiyaagmw.org udp
US 8.8.8.8:53 bsrbmvfyhz.info udp
US 8.8.8.8:53 lnvgrtrihab.info udp
US 8.8.8.8:53 biolfkjr.info udp
US 8.8.8.8:53 dytmpmhvv.com udp
US 8.8.8.8:53 oygobwpqj.info udp
US 8.8.8.8:53 ouussmaquo.com udp
US 8.8.8.8:53 imbtbbln.net udp
US 8.8.8.8:53 narkymuuf.com udp
US 8.8.8.8:53 yayfqlmmnc.net udp
US 8.8.8.8:53 gcseyiicsuua.org udp
US 8.8.8.8:53 vqxxfkf.net udp
US 8.8.8.8:53 blqehiounii.info udp
US 8.8.8.8:53 qiswcwuswm.org udp
US 8.8.8.8:53 btnsxanx.net udp
US 8.8.8.8:53 ncbmohv.org udp
US 8.8.8.8:53 bbhtrv.info udp
LT 81.7.66.153:32089 tcp
US 8.8.8.8:53 zqjclbuuh.org udp
US 8.8.8.8:53 vmgkpvrhzejx.net udp
US 8.8.8.8:53 xolqtrc.info udp
US 8.8.8.8:53 tlxttjksnrxh.net udp
US 8.8.8.8:53 yagskq.org udp
US 8.8.8.8:53 psnibdfgf.com udp
US 8.8.8.8:53 ukaygoeumggm.org udp
US 8.8.8.8:53 moiwegceskca.com udp
US 8.8.8.8:53 gyawye.org udp
US 8.8.8.8:53 hkxhzqtcjvg.net udp
US 8.8.8.8:53 bzfofooyjid.net udp
US 8.8.8.8:53 jxjkotukgu.net udp
US 8.8.8.8:53 iejiqapby.info udp
US 8.8.8.8:53 woztlczgt.info udp
US 8.8.8.8:53 kckqgksqlsn.info udp
US 8.8.8.8:53 tegqmlalhbzt.net udp
US 8.8.8.8:53 vkquzkfac.info udp
US 8.8.8.8:53 cvsczqkmh.net udp
US 8.8.8.8:53 pddxhqkj.info udp
US 8.8.8.8:53 nermleugbb.info udp
US 8.8.8.8:53 xfvpqk.net udp
US 8.8.8.8:53 nobyrszgnub.com udp
US 8.8.8.8:53 iqsvsh.net udp
US 8.8.8.8:53 fynmvr.info udp
US 8.8.8.8:53 qyxcvwfeda.net udp
US 8.8.8.8:53 dtxlvhyxgw.info udp
US 8.8.8.8:53 bkrlbpag.net udp
US 8.8.8.8:53 cvlarvyjqcze.info udp
US 8.8.8.8:53 uijpkypud.net udp
US 8.8.8.8:53 tahkmkiso.net udp
US 8.8.8.8:53 scmgyeekkwyk.org udp
US 8.8.8.8:53 llypmzuhyptw.net udp
US 8.8.8.8:53 islbdyeap.net udp
US 8.8.8.8:53 bsocxcnvh.org udp
US 8.8.8.8:53 ogqkugkyocem.org udp
US 8.8.8.8:53 rabnldyt.info udp
US 8.8.8.8:53 eriqloferm.info udp
US 8.8.8.8:53 lzydnmfiix.info udp
US 8.8.8.8:53 iidcfctuz.net udp
US 8.8.8.8:53 sigmamkgiueu.com udp
US 8.8.8.8:53 uvygrcpnecc.info udp
US 8.8.8.8:53 ewaqvor.info udp
US 8.8.8.8:53 hosafkfafrbk.info udp
US 8.8.8.8:53 jxpktyhgd.info udp
US 8.8.8.8:53 lkjjlghm.info udp
US 8.8.8.8:53 qhlqtvxo.info udp
US 8.8.8.8:53 gdnnqzhkwiu.info udp
US 8.8.8.8:53 sfybtzvclo.net udp
US 8.8.8.8:53 xknqkxw.com udp
US 8.8.8.8:53 lxdgbska.net udp
US 8.8.8.8:53 ptjavojos.info udp
US 8.8.8.8:53 osmekouk.org udp
US 8.8.8.8:53 caswck.com udp
US 8.8.8.8:53 vkeeji.net udp
US 8.8.8.8:53 hyonbmbik.info udp
US 8.8.8.8:53 oouwimuame.org udp
US 8.8.8.8:53 qebzlkrrba.info udp
US 8.8.8.8:53 cihwbypmk.net udp
US 8.8.8.8:53 bkrhdabtbp.net udp
US 8.8.8.8:53 fkdiugboa.org udp
US 8.8.8.8:53 mszlkuldj.net udp
US 8.8.8.8:53 vvznyu.info udp
US 8.8.8.8:53 qmgsik.org udp
US 8.8.8.8:53 uqykymisaa.com udp
US 8.8.8.8:53 xszsuwzph.info udp
US 8.8.8.8:53 meqkiyucoc.org udp
US 8.8.8.8:53 uyewwgeokm.com udp
US 8.8.8.8:53 jbmlzw.net udp
US 8.8.8.8:53 umkqxamcgri.net udp
US 8.8.8.8:53 izeafastp.net udp
US 8.8.8.8:53 csauyeasyaes.org udp
US 8.8.8.8:53 kuoisbvsdjs.net udp
US 8.8.8.8:53 qophjsbo.net udp
US 8.8.8.8:53 bikjkdotpidw.info udp
US 8.8.8.8:53 qjhaagv.net udp
US 8.8.8.8:53 kgjemi.net udp
US 8.8.8.8:53 tmqbzrxplz.net udp
US 8.8.8.8:53 fdfzvcdw.net udp
US 8.8.8.8:53 tsgved.info udp
US 8.8.8.8:53 dhoszass.net udp
US 8.8.8.8:53 aockyykq.org udp
US 8.8.8.8:53 lumcgayqt.info udp
US 8.8.8.8:53 yaesaqygoqqc.com udp
US 8.8.8.8:53 wpcqhg.net udp
US 8.8.8.8:53 vpzdismu.net udp
US 8.8.8.8:53 otpgdwp.net udp
US 8.8.8.8:53 rcpizmsudgo.net udp
US 8.8.8.8:53 amjtbgmm.info udp
US 8.8.8.8:53 gujwxiyhdd.net udp
US 8.8.8.8:53 cjzgrlb.net udp
US 8.8.8.8:53 bjjhnpvzhy.net udp
US 8.8.8.8:53 ytmpxlwoedik.net udp
US 8.8.8.8:53 osmcaaks.com udp
US 8.8.8.8:53 uqboaiac.net udp
US 8.8.8.8:53 oaocpkidgphv.net udp
US 8.8.8.8:53 bffybjxil.net udp
US 8.8.8.8:53 xaqgdsluqadh.net udp
US 8.8.8.8:53 pvmyqjxnnclx.net udp
US 8.8.8.8:53 cgfrjezoq.info udp
US 8.8.8.8:53 muzlbtvoxejb.net udp
US 8.8.8.8:53 btpqhngg.info udp
US 8.8.8.8:53 hujopdekjus.com udp
US 8.8.8.8:53 yuzhnmhy.info udp
US 8.8.8.8:53 xgtzdkxz.info udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 zezmfqtoo.info udp
US 8.8.8.8:53 jonafcrlvuv.com udp
US 8.8.8.8:53 vkhoaejkl.net udp
US 8.8.8.8:53 cpokycgluune.info udp
US 8.8.8.8:53 qiqwyykeysys.com udp
US 8.8.8.8:53 wkqmkc.com udp
US 8.8.8.8:53 sujpnhteqcoz.info udp
US 8.8.8.8:53 rucapjxynsu.com udp
US 8.8.8.8:53 kwyokgew.com udp
US 8.8.8.8:53 phbtxiqv.net udp
US 8.8.8.8:53 jinillvc.info udp
US 8.8.8.8:53 citmhfxal.info udp
US 8.8.8.8:53 iogaioqygaoe.org udp
US 8.8.8.8:53 dyuwroqhh.info udp
US 8.8.8.8:53 hmhotnkdkue.net udp
US 8.8.8.8:53 vxybtikwd.info udp
US 8.8.8.8:53 climfkwxze.info udp
US 8.8.8.8:53 wujujiodygs.info udp
US 8.8.8.8:53 tpuojfhjkb.info udp
US 8.8.8.8:53 nwlgenn.org udp
US 8.8.8.8:53 asuiugmm.org udp
US 8.8.8.8:53 vmgypyuuhwd.com udp
US 8.8.8.8:53 fojcixvwpzd.org udp
US 8.8.8.8:53 rikpmvbezwjz.info udp
US 8.8.8.8:53 ugfjcuvmwp.info udp
US 8.8.8.8:53 ssgyquamtpjp.info udp
US 8.8.8.8:53 xlzbnkcrrkgh.net udp
US 8.8.8.8:53 mbcqvg.net udp
US 8.8.8.8:53 asvuzodtda.net udp
US 8.8.8.8:53 mfvomkg.info udp
BG 79.100.76.218:41234 tcp
US 8.8.8.8:53 fkxzohntsugj.info udp
US 8.8.8.8:53 ovstxcdlgwdv.net udp
US 8.8.8.8:53 asmqyg.org udp
US 8.8.8.8:53 cgbuekprhuk.info udp
US 8.8.8.8:53 ncdqfzhp.info udp
US 8.8.8.8:53 bkvcnvtmy.net udp
US 8.8.8.8:53 okkaomykwy.org udp
US 8.8.8.8:53 sudfnqtnsuxu.info udp
US 8.8.8.8:53 guomuaiy.com udp
US 8.8.8.8:53 holshweltha.net udp
US 8.8.8.8:53 gwyogqoe.org udp
US 8.8.8.8:53 inpjcxrlce.net udp
US 8.8.8.8:53 fwyuaimem.info udp
US 8.8.8.8:53 ibsfmbxoyhda.net udp
US 8.8.8.8:53 ndfioknz.info udp
US 8.8.8.8:53 nxzombzf.net udp
US 8.8.8.8:53 ywhhcipewd.net udp
US 8.8.8.8:53 tssyqtxn.net udp
US 8.8.8.8:53 vzndzlxtz.info udp
US 8.8.8.8:53 zvomqup.com udp
US 8.8.8.8:53 mmigyzwyiif.net udp
US 8.8.8.8:53 dkxqdkvidzbv.net udp
US 8.8.8.8:53 raciatxuhg.info udp
US 8.8.8.8:53 guiamg.org udp
US 8.8.8.8:53 qnfmjxz.info udp
US 8.8.8.8:53 qxrkvi.info udp
US 8.8.8.8:53 dlblbdjazgxf.info udp
US 8.8.8.8:53 odjnfatkvlgr.net udp
US 8.8.8.8:53 gqpmvadulae.net udp
US 8.8.8.8:53 phdifqsxye.info udp
US 8.8.8.8:53 vrzain.net udp
US 8.8.8.8:53 mmtunsztu.info udp
US 8.8.8.8:53 jcxyfkzonhl.net udp
US 8.8.8.8:53 kweswqma.com udp
US 8.8.8.8:53 nvzykyqqgqr.org udp
US 8.8.8.8:53 coxgtpn.info udp
US 8.8.8.8:53 ueausame.org udp
US 8.8.8.8:53 nqtkgofrsg.info udp
US 8.8.8.8:53 uqefngb.net udp
US 8.8.8.8:53 omxjlgxoqis.info udp
US 8.8.8.8:53 llvozjjmi.com udp
US 8.8.8.8:53 hsrupyh.org udp
US 8.8.8.8:53 hjmhldqmwf.info udp
US 8.8.8.8:53 uknszyb.net udp
US 8.8.8.8:53 vphzty.info udp
US 8.8.8.8:53 wnruvo.net udp
US 8.8.8.8:53 loboje.info udp
US 8.8.8.8:53 qqhotaylpev.info udp
US 8.8.8.8:53 oqoaymeqye.com udp
US 8.8.8.8:53 cylkfmgluvz.info udp
US 8.8.8.8:53 muamegzjiibr.net udp
US 8.8.8.8:53 jqiibhoylx.info udp
US 8.8.8.8:53 asqokeugye.com udp
US 8.8.8.8:53 caxhsn.net udp
US 8.8.8.8:53 hmevjc.net udp
US 8.8.8.8:53 iucccige.org udp
US 8.8.8.8:53 ljgstpbimkn.org udp
US 8.8.8.8:53 ntkpdz.net udp
US 8.8.8.8:53 casyscua.com udp
US 8.8.8.8:53 buisur.info udp
US 8.8.8.8:53 pyasfkd.info udp
US 8.8.8.8:53 hajwjyvcbbc.info udp
US 8.8.8.8:53 nyzgjdx.com udp
US 8.8.8.8:53 zfubcpzi.info udp
US 8.8.8.8:53 qumwgm.com udp
US 8.8.8.8:53 avetemrnen.net udp
US 8.8.8.8:53 vgaftibz.info udp
US 8.8.8.8:53 kyizjibldu.info udp
US 8.8.8.8:53 khdqhpb.net udp
US 8.8.8.8:53 zmbqxhvkn.info udp
US 8.8.8.8:53 mssmge.org udp
US 8.8.8.8:53 zisyqyrsj.org udp
US 8.8.8.8:53 onzlafj.info udp
US 8.8.8.8:53 aiaqiqohnxw.info udp
US 8.8.8.8:53 muwiui.org udp
US 8.8.8.8:53 dmjpmerk.info udp
US 8.8.8.8:53 zphohizwlw.net udp
US 8.8.8.8:53 wwlqzmnar.info udp
US 8.8.8.8:53 deprfzdbx.info udp
US 8.8.8.8:53 urdowgdb.net udp
US 8.8.8.8:53 dkyajdhktea.net udp
US 8.8.8.8:53 farxfzt.net udp
US 8.8.8.8:53 jcsotdhkfet.net udp
US 8.8.8.8:53 pndshdzgdu.info udp
US 8.8.8.8:53 ttpsoenl.net udp
US 8.8.8.8:53 oqsgddkegscp.info udp
US 8.8.8.8:53 jadvbzpmzde.net udp
US 8.8.8.8:53 kmskpu.info udp
US 8.8.8.8:53 urjvplc.info udp
US 8.8.8.8:53 jbyzhqopxu.info udp
US 8.8.8.8:53 iwwygrqykt.info udp
US 8.8.8.8:53 xsgufxlxdb.net udp
US 8.8.8.8:53 lgzgdscu.info udp
US 8.8.8.8:53 lrtupmqkjjs.org udp
US 8.8.8.8:53 nazlbsguutp.info udp
US 8.8.8.8:53 maeuejyp.info udp
US 8.8.8.8:53 tmeiltb.org udp
US 8.8.8.8:53 aksahmdab.net udp
US 8.8.8.8:53 omfmnsz.net udp
US 8.8.8.8:53 aeyhafxuznah.net udp
US 8.8.8.8:53 igayyogm.org udp
US 8.8.8.8:53 sqvkykd.info udp
US 8.8.8.8:53 oyzrnh.info udp
US 8.8.8.8:53 sdgctvrac.net udp
US 8.8.8.8:53 veqmkccs.info udp
US 8.8.8.8:53 juebxppmjybb.info udp
US 8.8.8.8:53 exgfba.info udp
US 8.8.8.8:53 yuhmwgt.info udp
US 8.8.8.8:53 urgwesgmp.info udp
US 8.8.8.8:53 nsgpro.info udp
US 8.8.8.8:53 bicoljrkh.org udp
US 8.8.8.8:53 rqvzuewwpmj.net udp
US 8.8.8.8:53 rspxfkvezu.info udp
US 8.8.8.8:53 gquywyqgmq.org udp
US 8.8.8.8:53 uezshegdt.net udp
US 8.8.8.8:53 pjumnwnmv.com udp
US 8.8.8.8:53 sfjbrurzhktc.info udp
US 8.8.8.8:53 fkiokat.com udp
US 8.8.8.8:53 qhphjcwruv.info udp
US 8.8.8.8:53 dchkpjhixjds.net udp
US 8.8.8.8:53 kgkwikgwsa.com udp
US 8.8.8.8:53 fafpcex.org udp
US 8.8.8.8:53 bhhchgi.com udp
US 8.8.8.8:53 reusxqdwpsk.info udp
US 8.8.8.8:53 nffcghjfkxlo.info udp
US 8.8.8.8:53 qufvlvhib.net udp
US 8.8.8.8:53 yjtupendkkxe.info udp
US 8.8.8.8:53 rlhlbkjny.com udp
US 8.8.8.8:53 vmlipme.net udp
US 8.8.8.8:53 vvkccluqn.net udp
BG 87.97.198.24:43316 tcp
US 8.8.8.8:53 dabjlwlk.net udp
US 8.8.8.8:53 cxjstyd.net udp
US 8.8.8.8:53 rcxcgvlkjgk.org udp
US 8.8.8.8:53 iabiqtduaqn.info udp
US 8.8.8.8:53 motsour.info udp
US 8.8.8.8:53 qiqmec.org udp
US 8.8.8.8:53 tunadk.net udp
US 8.8.8.8:53 fijtvqndryp.org udp
US 8.8.8.8:53 eipzrslud.info udp
US 8.8.8.8:53 oysaaiqgsu.org udp
US 8.8.8.8:53 yadmwvuppi.info udp
US 8.8.8.8:53 dpdrwx.net udp
US 8.8.8.8:53 urpywwpqmcv.net udp
US 8.8.8.8:53 iaiugq.org udp
US 8.8.8.8:53 acqywq.com udp
US 8.8.8.8:53 asoovocg.net udp
US 8.8.8.8:53 fotswjslma.net udp
US 8.8.8.8:53 jdydxkpfmtl.net udp
US 8.8.8.8:53 qwkakg.org udp
US 8.8.8.8:53 dkpeeocmxpjs.info udp
US 8.8.8.8:53 bfetne.net udp
US 8.8.8.8:53 dfwhrojfrjcd.info udp
US 8.8.8.8:53 ayugwm.org udp
US 8.8.8.8:53 hqlleahr.net udp
US 8.8.8.8:53 eukqapdidrk.info udp
US 8.8.8.8:53 yjftgnxdfo.info udp
US 8.8.8.8:53 aceyysck.com udp
US 8.8.8.8:53 rmwbsmjktg.net udp
US 8.8.8.8:53 cwuquw.com udp
US 8.8.8.8:53 dhrdzrzkhxzd.info udp
US 8.8.8.8:53 cexubyc.info udp
US 8.8.8.8:53 zgbyzgamn.info udp
US 8.8.8.8:53 kwoghyvym.net udp
US 8.8.8.8:53 mqrect.net udp
US 8.8.8.8:53 kyvmsxhzaz.info udp
US 8.8.8.8:53 gwbchvpmv.info udp
US 8.8.8.8:53 yroymt.net udp
US 8.8.8.8:53 dqsdzd.info udp
US 8.8.8.8:53 gyaqiqcg.org udp
US 8.8.8.8:53 nyxilsggp.info udp
US 8.8.8.8:53 bwzwfpynkd.net udp
US 8.8.8.8:53 ikzggyomf.net udp
US 8.8.8.8:53 efbepnwi.net udp
US 8.8.8.8:53 qqxfsislwlzo.info udp
US 8.8.8.8:53 qbzcetzv.info udp
US 8.8.8.8:53 nilkdixen.net udp
US 8.8.8.8:53 asgyeomy.org udp
US 8.8.8.8:53 hfbgabb.org udp
US 8.8.8.8:53 ixitmx.info udp
US 8.8.8.8:53 lpnxdfigts.info udp
US 8.8.8.8:53 rrpglwh.com udp
US 8.8.8.8:53 mogtmbtlwt.net udp
US 8.8.8.8:53 tglfxcnlsqi.net udp
US 8.8.8.8:53 bsvnpeteyek.net udp
US 8.8.8.8:53 jskiwxbggo.info udp
US 8.8.8.8:53 izpzpgblh.net udp
US 8.8.8.8:53 hhaukgdixgc.com udp
US 8.8.8.8:53 tonipijzr.info udp
US 8.8.8.8:53 sgcjjzhz.info udp
US 8.8.8.8:53 oweaau.org udp
US 8.8.8.8:53 krwxhyzumn.net udp
US 8.8.8.8:53 tdgzfidr.info udp
US 8.8.8.8:53 unubkvbgps.info udp
US 8.8.8.8:53 cdoabwxwzgb.net udp
US 8.8.8.8:53 gutafuz.info udp
US 8.8.8.8:53 jqlutmrcr.info udp
US 8.8.8.8:53 pwhftuysn.info udp
US 8.8.8.8:53 bodnqycddaju.net udp
US 8.8.8.8:53 qepxrlt.net udp
US 8.8.8.8:53 rmpynsoon.info udp
US 8.8.8.8:53 nbidpxcn.net udp
US 8.8.8.8:53 rwkqnpl.info udp
US 8.8.8.8:53 oxyexk.info udp
US 8.8.8.8:53 zfdtygrazjd.org udp
US 8.8.8.8:53 citepix.info udp
US 8.8.8.8:53 bmlmzuz.net udp
US 8.8.8.8:53 eaicecqawoqg.org udp
US 8.8.8.8:53 xahqdbpt.info udp
US 8.8.8.8:53 amgyik.com udp
US 8.8.8.8:53 oquzjzqoikt.net udp
US 8.8.8.8:53 dxvjvtpimdj.net udp
US 8.8.8.8:53 qceqikaekkqc.com udp
US 8.8.8.8:53 wwruhosvmg.info udp
US 8.8.8.8:53 klcbqrbrtb.info udp
US 8.8.8.8:53 poegpspul.info udp
US 8.8.8.8:53 tdlchsbj.info udp
US 8.8.8.8:53 hcfqhcj.com udp
US 8.8.8.8:53 pirubsjsea.net udp
US 8.8.8.8:53 zbiuymud.net udp
US 8.8.8.8:53 gupksvbt.net udp
US 8.8.8.8:53 cpigudnc.info udp
US 8.8.8.8:53 lcvkrftoyru.net udp
US 8.8.8.8:53 mazivzlqmeh.net udp
US 8.8.8.8:53 ewwdtspcn.info udp
US 8.8.8.8:53 pmidxai.info udp
US 8.8.8.8:53 kaieuyciegaa.com udp
US 8.8.8.8:53 ravoeyj.org udp
US 8.8.8.8:53 ydoefmtxm.info udp
US 8.8.8.8:53 sdfaiwpmqot.info udp
US 8.8.8.8:53 kppmoy.net udp
US 8.8.8.8:53 ewoextrab.net udp
US 8.8.8.8:53 xtzlwwzqj.org udp
US 8.8.8.8:53 cgqqzbjjo.net udp
US 8.8.8.8:53 mqrrkx.info udp
US 8.8.8.8:53 sidgxcze.info udp
US 8.8.8.8:53 gfggfnuyrxa.net udp
US 8.8.8.8:53 tedodftzd.com udp
US 8.8.8.8:53 aiggkiokkymi.org udp
US 8.8.8.8:53 oexbzdqeuw.net udp
US 8.8.8.8:53 iblnzidililt.net udp
US 8.8.8.8:53 srjdkocppz.net udp
US 8.8.8.8:53 gabmxgxco.net udp
US 8.8.8.8:53 skwukseimm.com udp
US 8.8.8.8:53 wnxsox.info udp
US 8.8.8.8:53 xqqgytzbgnyi.info udp
US 8.8.8.8:53 iqkamaueuwyg.com udp
US 8.8.8.8:53 zpvrqtxn.info udp
US 8.8.8.8:53 ooaemaqkisiq.org udp
US 8.8.8.8:53 tocgsqr.org udp
US 8.8.8.8:53 whskrg.net udp
US 8.8.8.8:53 sykage.org udp
US 8.8.8.8:53 dadqhmotvc.info udp
US 8.8.8.8:53 nnrmawm.net udp
US 8.8.8.8:53 sbywvpmhcvmm.info udp
US 8.8.8.8:53 nexihlcmpox.info udp
US 8.8.8.8:53 utubpdsxsv.net udp
US 8.8.8.8:53 geecyc.com udp
US 8.8.8.8:53 gxanleunlt.net udp
LT 78.57.238.81:31713 tcp
US 8.8.8.8:53 ntdgkmipjcdx.info udp
US 8.8.8.8:53 boyspw.info udp
US 8.8.8.8:53 vvzbqi.info udp
US 8.8.8.8:53 tjkkvlhfhbfo.net udp
US 8.8.8.8:53 khtyvnpcsx.net udp
US 8.8.8.8:53 hyigua.net udp
US 8.8.8.8:53 tkfonuhla.net udp
US 8.8.8.8:53 ekvmumt.net udp
US 8.8.8.8:53 popczs.info udp
US 8.8.8.8:53 vxlunydxpu.info udp
US 8.8.8.8:53 ekgeguieum.org udp
US 8.8.8.8:53 izzshp.net udp
US 8.8.8.8:53 qysmmosewu.org udp
US 8.8.8.8:53 pyokfpv.info udp
US 8.8.8.8:53 qmexcovrdqux.info udp
US 8.8.8.8:53 scdylinel.info udp
US 8.8.8.8:53 vqyrvxiot.info udp
US 8.8.8.8:53 gjljrdnz.net udp
US 8.8.8.8:53 dptmekdd.info udp
US 8.8.8.8:53 xmnhxwblfst.net udp
US 8.8.8.8:53 dnokev.info udp
US 8.8.8.8:53 jjbzrfg.org udp
US 8.8.8.8:53 qpnofzkk.net udp
US 8.8.8.8:53 ewmmuqmqkqye.com udp
US 8.8.8.8:53 wrwrqnof.net udp
US 8.8.8.8:53 xrdsbgmgui.net udp
US 8.8.8.8:53 xpbctuhz.net udp
US 8.8.8.8:53 xkmgseqryuol.info udp
US 8.8.8.8:53 zmriexres.org udp
US 8.8.8.8:53 aiaqmocoks.org udp
US 8.8.8.8:53 ereicbtufu.net udp
US 8.8.8.8:53 qcvbcci.net udp
US 8.8.8.8:53 amguzpbvm.info udp
US 8.8.8.8:53 inxrdyntchyu.info udp
US 8.8.8.8:53 ptjdxyjmg.net udp
US 8.8.8.8:53 lbjrgpoucoex.info udp
US 8.8.8.8:53 cdwepwvgu.info udp
US 8.8.8.8:53 rkbvuq.net udp
US 8.8.8.8:53 ewioce.org udp
US 8.8.8.8:53 ayciqpozwea.info udp
US 8.8.8.8:53 hdeyuhk.info udp
US 8.8.8.8:53 scnsesrmchy.info udp
US 8.8.8.8:53 hfjfqthasdbv.info udp
US 8.8.8.8:53 vkhbhch.info udp
US 8.8.8.8:53 rqobkubxdc.net udp
US 8.8.8.8:53 rgpgdaz.info udp
US 8.8.8.8:53 cbztfskkwj.info udp
US 8.8.8.8:53 ycjetyzukb.net udp
US 8.8.8.8:53 mpfvguaylyh.info udp
US 8.8.8.8:53 mgtqwigjx.info udp
US 8.8.8.8:53 hvuplo.net udp
US 8.8.8.8:53 jcmcalnjybd.info udp
US 8.8.8.8:53 pabchqe.com udp
US 8.8.8.8:53 aazvhf.net udp
US 8.8.8.8:53 ogcogeskuauo.com udp
US 8.8.8.8:53 rgacdcur.info udp
US 8.8.8.8:53 dhcebyjy.info udp
US 8.8.8.8:53 iouqsuqk.org udp
US 8.8.8.8:53 uguepm.info udp
US 8.8.8.8:53 ceiiouiy.com udp
US 8.8.8.8:53 egkrcedjov.info udp
US 8.8.8.8:53 kphkkrtjtg.info udp
US 8.8.8.8:53 hetqjsknfitk.net udp
US 8.8.8.8:53 iyzkpeyqm.net udp
US 8.8.8.8:53 ydveluanv.info udp
US 8.8.8.8:53 tjdeuoco.info udp
US 8.8.8.8:53 cxpifww.net udp
US 8.8.8.8:53 rdjxrzpdlv.net udp
US 8.8.8.8:53 bcvzzboe.net udp
US 8.8.8.8:53 lelndhouzvb.org udp
US 8.8.8.8:53 rtxrksgkohn.net udp
US 8.8.8.8:53 gjlotqtjzqtk.info udp
US 8.8.8.8:53 pxfqrhhm.net udp
US 8.8.8.8:53 ntzfwvejio.net udp
US 8.8.8.8:53 fatwcxv.com udp
US 8.8.8.8:53 edscdef.net udp
US 8.8.8.8:53 xbibjqj.com udp
US 8.8.8.8:53 faavipbtdvtm.net udp
US 8.8.8.8:53 wwsmae.org udp
US 8.8.8.8:53 yowway.com udp
US 8.8.8.8:53 sgqfpophtuto.net udp
US 8.8.8.8:53 imayak.org udp
US 8.8.8.8:53 ajymvdtu.net udp
US 8.8.8.8:53 ysbbnp.net udp
US 8.8.8.8:53 iifxvqscy.net udp
US 8.8.8.8:53 gnhhfpfz.info udp
US 8.8.8.8:53 cuyyee.com udp
US 8.8.8.8:53 zsviaj.info udp
US 8.8.8.8:53 gzhovjzy.info udp
US 8.8.8.8:53 amwqcmqw.com udp
US 8.8.8.8:53 vdxqjf.info udp
US 8.8.8.8:53 foawrqz.info udp
US 8.8.8.8:53 gslpnul.net udp
US 8.8.8.8:53 cjwimtimson.info udp
US 8.8.8.8:53 zczzekazkkn.com udp
US 8.8.8.8:53 jhxeoocoyerw.net udp
US 8.8.8.8:53 pvnylxrzvawr.net udp
US 8.8.8.8:53 vogqsod.info udp
US 8.8.8.8:53 zfkvrm.net udp
US 8.8.8.8:53 wlanyvxrow.net udp
US 8.8.8.8:53 nvzihpnwf.net udp
US 8.8.8.8:53 ggvtjua.info udp
US 8.8.8.8:53 aqttqmnitpv.info udp
US 8.8.8.8:53 vgazeqpkxhoy.net udp
US 8.8.8.8:53 ymeijavkltbp.info udp
US 8.8.8.8:53 nsrorb.info udp
US 8.8.8.8:53 ltzypxrqsw.info udp
US 8.8.8.8:53 mwltwnvjhu.net udp
US 8.8.8.8:53 ztpvkfdmt.info udp
US 8.8.8.8:53 kknrkuuinil.info udp
US 8.8.8.8:53 fpogbrsi.net udp
US 8.8.8.8:53 seiybm.net udp
US 8.8.8.8:53 tbythjsl.net udp
US 8.8.8.8:53 cussqcakoese.com udp
US 8.8.8.8:53 joppgbkfpy.info udp
US 8.8.8.8:53 fxbcpzrz.info udp
US 8.8.8.8:53 caekukmc.org udp
US 8.8.8.8:53 vpdosnvj.info udp
US 8.8.8.8:53 oqwuyo.com udp
US 8.8.8.8:53 psjkrhgqgcwt.net udp
US 8.8.8.8:53 jyvhnnz.info udp
US 8.8.8.8:53 torpxf.net udp
US 8.8.8.8:53 eoscqw.org udp
DE 94.156.201.116:19145 tcp
US 8.8.8.8:53 uyyawsckycgo.org udp
US 8.8.8.8:53 soumqigk.com udp
US 8.8.8.8:53 mlmwhqpjjsm.info udp
US 8.8.8.8:53 itmpmc.info udp
US 8.8.8.8:53 ggnsfif.info udp
US 8.8.8.8:53 psbyne.net udp
US 8.8.8.8:53 futgwarn.info udp
US 8.8.8.8:53 bkzdez.info udp
US 8.8.8.8:53 tflozmkmbnr.com udp
US 8.8.8.8:53 aqthmyfpqbf.net udp
US 8.8.8.8:53 llwmrkyqr.info udp
US 8.8.8.8:53 nggstmdljra.com udp
US 8.8.8.8:53 hjzmmoelxn.info udp
US 8.8.8.8:53 251.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 uwlgayfb.net udp
US 8.8.8.8:53 wegadal.net udp
US 8.8.8.8:53 hhpapq.info udp
US 8.8.8.8:53 jgqfeydtglit.net udp
US 8.8.8.8:53 jjsqbffahanq.info udp
US 8.8.8.8:53 cgaaqcokee.com udp
US 8.8.8.8:53 pmrczexx.net udp
US 8.8.8.8:53 bsntzlnmt.com udp
US 8.8.8.8:53 raeclzljhdfp.net udp
US 8.8.8.8:53 uikokwui.com udp
US 8.8.8.8:53 qqgvwgn.info udp
US 8.8.8.8:53 jalglyvgcnh.org udp
US 8.8.8.8:53 manystu.net udp
US 8.8.8.8:53 vwhscqbwh.org udp
US 8.8.8.8:53 xzxdhyfmrq.net udp
US 8.8.8.8:53 ntjyht.info udp
US 8.8.8.8:53 fafwizutysbn.info udp
US 8.8.8.8:53 faqcowdvb.org udp
US 8.8.8.8:53 mqturgpkvcn.net udp
US 8.8.8.8:53 cwwgicwkoa.org udp
US 8.8.8.8:53 lhtaojpn.info udp
US 8.8.8.8:53 xksdtasj.info udp
US 8.8.8.8:53 bowvfj.net udp
US 8.8.8.8:53 qowhhghq.net udp
US 8.8.8.8:53 vazutursr.com udp
US 8.8.8.8:53 ptjxnmtpat.net udp
US 8.8.8.8:53 bedfmldkjroh.info udp
US 8.8.8.8:53 uwuycykqiiic.com udp
US 8.8.8.8:53 ikmgioey.com udp
US 8.8.8.8:53 erxacranvsjj.info udp
US 8.8.8.8:53 ergbotllwu.info udp
US 8.8.8.8:53 palclqf.org udp
US 8.8.8.8:53 hulsluqzmpkq.net udp
US 8.8.8.8:53 hernaktkk.net udp
US 8.8.8.8:53 kygams.org udp
US 8.8.8.8:53 bosunoa.info udp
US 8.8.8.8:53 btsfbwtdkj.info udp
US 8.8.8.8:53 berjrmfg.net udp
US 8.8.8.8:53 xmdniaje.net udp
US 8.8.8.8:53 fthnjif.info udp
US 8.8.8.8:53 pazmpovqsib.info udp
US 8.8.8.8:53 xpvkpz.info udp
US 8.8.8.8:53 rnashg.info udp
US 8.8.8.8:53 jmvxzbbimvlu.net udp
US 8.8.8.8:53 foutzjtzmo.info udp
US 8.8.8.8:53 lcpyvyxicon.org udp
US 8.8.8.8:53 lgkwbqtalsp.com udp
US 8.8.8.8:53 cuhfjl.net udp
US 8.8.8.8:53 nionwdjuczvq.net udp
US 8.8.8.8:53 tvfqtiwpsuje.info udp
US 8.8.8.8:53 iuhjbrarnaaa.info udp
US 8.8.8.8:53 wepslo.info udp
US 8.8.8.8:53 ikwheynod.net udp
US 8.8.8.8:53 fhqrmk.info udp
US 8.8.8.8:53 umytgvejjm.net udp
US 8.8.8.8:53 btckbjpa.info udp
US 8.8.8.8:53 fqbmotumywbl.info udp
US 8.8.8.8:53 zavugstmp.org udp
US 8.8.8.8:53 tynefilwn.org udp
US 8.8.8.8:53 qeqgowacekei.org udp
US 8.8.8.8:53 igsmqa.org udp
US 8.8.8.8:53 asusikmw.org udp
US 8.8.8.8:53 ucriuetlj.info udp
US 8.8.8.8:53 alrksdoidluz.net udp
US 8.8.8.8:53 kjvwnwhd.info udp
US 8.8.8.8:53 isvjzaf.info udp
US 8.8.8.8:53 qegiiyoyuy.org udp
US 8.8.8.8:53 uvsyzdcjjzpm.info udp
US 8.8.8.8:53 mglipq.net udp
US 8.8.8.8:53 hooonlzz.net udp
US 8.8.8.8:53 iwdxfuv.net udp
US 8.8.8.8:53 gejtbcfh.net udp
US 8.8.8.8:53 buzlyzlenvbq.net udp
US 8.8.8.8:53 tkbofwvhx.org udp
US 8.8.8.8:53 rcuetbvpfu.info udp
US 8.8.8.8:53 wdtenskox.info udp
US 8.8.8.8:53 dzhwvch.com udp
US 8.8.8.8:53 ukujpbvpbdqv.info udp
US 8.8.8.8:53 jdfynkemj.net udp
US 8.8.8.8:53 znrnvtzpoo.net udp
US 8.8.8.8:53 lqzozkewu.net udp
US 8.8.8.8:53 skpbiszrf.info udp
US 8.8.8.8:53 wunqzmxfl.net udp
US 8.8.8.8:53 ayeaoocgwg.com udp
US 8.8.8.8:53 ocowkmyqqa.com udp
US 8.8.8.8:53 yvfovkd.info udp
US 8.8.8.8:53 uimdhkpoxdli.net udp
US 8.8.8.8:53 ulzojllhjav.net udp
US 8.8.8.8:53 uybmbmsiv.net udp
US 8.8.8.8:53 uuwjmlab.net udp
US 8.8.8.8:53 makwuomssoio.com udp
US 8.8.8.8:53 kgbwdahrxuua.net udp
US 8.8.8.8:53 zrwjldnt.net udp
US 8.8.8.8:53 liwnymmm.net udp
US 8.8.8.8:53 defgnnkmw.org udp
US 8.8.8.8:53 qesyzqsys.info udp
US 8.8.8.8:53 nfjfpwxrbkpk.info udp
US 8.8.8.8:53 occvhhcm.info udp
US 8.8.8.8:53 jcyrpqlyjjug.info udp
US 8.8.8.8:53 wfqmhefhbw.info udp
US 8.8.8.8:53 nipaycn.info udp
US 8.8.8.8:53 zewctxkrn.com udp
US 8.8.8.8:53 ciqkuu.org udp
US 8.8.8.8:53 vwnxzu.net udp
US 8.8.8.8:53 epgqddz.net udp
BG 46.238.8.135:41875 tcp
US 8.8.8.8:53 eqcwrutmz.net udp
US 8.8.8.8:53 gkrmuedvg.info udp
US 8.8.8.8:53 akguummy.com udp
US 8.8.8.8:53 dvpztwugeh.net udp
US 8.8.8.8:53 cmrclkkfndd.info udp
US 8.8.8.8:53 lugdzgbcjso.info udp
US 8.8.8.8:53 kamsecqyiawk.org udp
US 8.8.8.8:53 xuqdkthxhe.info udp
US 8.8.8.8:53 dornhwvkb.com udp
US 8.8.8.8:53 ugokgc.com udp
US 8.8.8.8:53 bczkeicsobnr.net udp
US 8.8.8.8:53 ihznbttareh.info udp
US 8.8.8.8:53 tsxylz.info udp
US 8.8.8.8:53 acioxeb.net udp
US 8.8.8.8:53 txnoexua.info udp
US 8.8.8.8:53 jyrrfk.info udp
US 8.8.8.8:53 dkqprwe.info udp
US 8.8.8.8:53 pqjwtyslc.org udp
US 8.8.8.8:53 viqasnxylsv.info udp
US 8.8.8.8:53 zajsygfgbcjg.net udp
US 8.8.8.8:53 hgeddlft.net udp
US 8.8.8.8:53 aseaurdf.info udp
US 8.8.8.8:53 tcdqcl.net udp
US 8.8.8.8:53 mieuyycqccqw.org udp
US 8.8.8.8:53 onsicrdy.net udp
US 8.8.8.8:53 eqgkiksw.org udp
US 8.8.8.8:53 wmosxnjjtd.net udp
US 8.8.8.8:53 gycusayqms.org udp
US 8.8.8.8:53 wmaawoukeeym.com udp
US 8.8.8.8:53 girwrfo.net udp
US 8.8.8.8:53 sadhzf.info udp
US 8.8.8.8:53 xjvyqdxb.info udp
US 8.8.8.8:53 ymmkbf.info udp
US 8.8.8.8:53 iewqyakm.com udp
US 8.8.8.8:53 ecsjpl.info udp
US 8.8.8.8:53 omcxraxnirzt.net udp
US 8.8.8.8:53 cyhmjibjxv.info udp
US 8.8.8.8:53 nizmxpokxhar.info udp
US 8.8.8.8:53 nfdyjo.info udp
US 8.8.8.8:53 hhteuyr.info udp
US 8.8.8.8:53 yycnlpvf.net udp
US 8.8.8.8:53 fsombyl.com udp
US 8.8.8.8:53 moxrincvxu.info udp
US 8.8.8.8:53 ieiuui.com udp
US 8.8.8.8:53 qwbsxgmrbkz.net udp
US 8.8.8.8:53 twpnsenu.info udp
US 8.8.8.8:53 puagyconm.net udp
US 8.8.8.8:53 mffzpj.net udp
US 8.8.8.8:53 kmpgmfokfsc.info udp
US 8.8.8.8:53 rnrxva.net udp
US 8.8.8.8:53 edokhtykjc.info udp
US 8.8.8.8:53 ayutqm.net udp
US 8.8.8.8:53 usyssisesscc.com udp
US 8.8.8.8:53 xyuiho.info udp
US 8.8.8.8:53 iqamlhlkrpcw.net udp
US 8.8.8.8:53 cscjigjdydsn.net udp
US 8.8.8.8:53 wucsuszjlrdu.info udp
US 8.8.8.8:53 jmitjfwt.net udp
US 8.8.8.8:53 wwummkagkc.org udp
US 8.8.8.8:53 gkgyccyumy.com udp
US 8.8.8.8:53 ggxgbhvnuc.net udp
US 8.8.8.8:53 cksysywsmg.com udp
US 8.8.8.8:53 igcuwsewog.com udp
US 8.8.8.8:53 kfyqwq.info udp
US 8.8.8.8:53 vilwlevusar.info udp
US 8.8.8.8:53 jefgfeait.org udp
US 8.8.8.8:53 mkcgsowi.com udp
US 8.8.8.8:53 jxnilc.info udp
US 8.8.8.8:53 pltjplftcgva.info udp
US 8.8.8.8:53 gsucuweomy.org udp
US 8.8.8.8:53 ngkivmc.org udp
US 8.8.8.8:53 jznrjsrs.info udp
US 8.8.8.8:53 dyfoqfdwmj.info udp
US 8.8.8.8:53 xuwojvqqvej.com udp
US 8.8.8.8:53 eglfpihhaot.net udp
US 8.8.8.8:53 zzuijdutmibt.info udp
US 8.8.8.8:53 eyqqquioge.com udp
US 8.8.8.8:53 xxfcmsfcwa.net udp
US 8.8.8.8:53 gesokm.com udp
US 8.8.8.8:53 lkrley.info udp
US 8.8.8.8:53 lmdplrtatjbe.info udp
US 8.8.8.8:53 gqkkiaw.net udp
US 8.8.8.8:53 zwaktfbanh.info udp
US 8.8.8.8:53 lghfgsdfvpvx.info udp
US 8.8.8.8:53 kdqbhihpwnve.net udp
US 8.8.8.8:53 jakewiw.org udp
US 8.8.8.8:53 oopufaxwj.net udp
US 8.8.8.8:53 iqacwg.org udp
US 8.8.8.8:53 idubva.net udp
US 8.8.8.8:53 nvhqiaxfag.info udp
US 8.8.8.8:53 cbddpt.info udp
US 8.8.8.8:53 hckkxhmv.info udp
US 8.8.8.8:53 ssioosqq.com udp
US 8.8.8.8:53 pceffh.net udp
US 8.8.8.8:53 kgjnjqgtmxnz.net udp
US 8.8.8.8:53 nmdemyr.com udp
US 8.8.8.8:53 sgpupwhtdhy.net udp
US 8.8.8.8:53 azxarftxvyt.net udp
US 8.8.8.8:53 uaucisoooc.org udp
US 8.8.8.8:53 icuakquc.org udp
US 8.8.8.8:53 fhnuoozu.info udp
US 8.8.8.8:53 faxqua.net udp
US 8.8.8.8:53 mpggwyzyzqc.info udp
US 8.8.8.8:53 bzvqgk.info udp
US 8.8.8.8:53 iuqkiyoyuy.com udp
US 8.8.8.8:53 bdcaxqjqxnvs.net udp
US 8.8.8.8:53 fjtahhrwtrzq.net udp
US 8.8.8.8:53 oaoipsjsn.info udp
US 8.8.8.8:53 hydeharjluz.net udp
US 8.8.8.8:53 sifmtetcu.net udp
US 8.8.8.8:53 cghtruqwf.info udp
US 8.8.8.8:53 dinuwoejy.com udp
US 8.8.8.8:53 zwpcnrlz.net udp
US 8.8.8.8:53 ygzfpkiejb.info udp
US 8.8.8.8:53 lvvkla.net udp
US 8.8.8.8:53 vpyxrqapstki.info udp
US 8.8.8.8:53 pwhesqyux.net udp
US 8.8.8.8:53 oizpebbdyjm.info udp
US 8.8.8.8:53 cqkqsa.com udp
US 8.8.8.8:53 orxmjv.net udp
US 8.8.8.8:53 vpvxzwrzyhrg.info udp
US 8.8.8.8:53 roluxcp.net udp
US 8.8.8.8:53 ymqkmmkwmyoe.org udp
US 8.8.8.8:53 wrjzzfqx.net udp
US 8.8.8.8:53 nayuwciqh.net udp
US 8.8.8.8:53 lwxebgusd.com udp
US 8.8.8.8:53 aeocqh.net udp
US 8.8.8.8:53 xxrduem.org udp
US 8.8.8.8:53 wlbzkox.info udp
US 8.8.8.8:53 hocebyjez.info udp
US 8.8.8.8:53 zfpqbsxup.com udp
US 8.8.8.8:53 ooquecoq.org udp
US 8.8.8.8:53 jefwzetyf.info udp
US 8.8.8.8:53 foblzwhin.org udp
US 8.8.8.8:53 dcpkgstqebeg.info udp
US 8.8.8.8:53 iyculvv.net udp
US 8.8.8.8:53 oseook.com udp
US 8.8.8.8:53 okyakwmggm.com udp
US 8.8.8.8:53 vgcjcgcbn.info udp
US 8.8.8.8:53 uysumcsc.com udp
US 8.8.8.8:53 kwoueywsyi.org udp
US 8.8.8.8:53 mfbgugxgy.net udp
US 8.8.8.8:53 uywaasmm.org udp
US 8.8.8.8:53 fsewpzsbtlvh.net udp
RU 178.72.80.110:42827 tcp
US 8.8.8.8:53 zwmqxyi.net udp
US 8.8.8.8:53 jkhesyugm.net udp
US 8.8.8.8:53 apjxpnbdxrh.net udp
US 8.8.8.8:53 oiceyq.com udp
US 8.8.8.8:53 wezelmwqs.net udp
US 8.8.8.8:53 cnklwzgu.info udp
US 8.8.8.8:53 nsdafnv.net udp
US 8.8.8.8:53 waogum.org udp
US 8.8.8.8:53 rsnyven.net udp
US 8.8.8.8:53 uemeqq.org udp
US 8.8.8.8:53 aurbbojuc.net udp
US 8.8.8.8:53 eozwayt.net udp
US 8.8.8.8:53 nkxleqdfain.com udp
US 8.8.8.8:53 wcwqawswqska.com udp
US 8.8.8.8:53 zsxcjwvjmh.info udp
US 8.8.8.8:53 thfgnkxjoabp.info udp
US 8.8.8.8:53 fohilibcvup.com udp
US 8.8.8.8:53 mscesesy.org udp
US 8.8.8.8:53 bymsnchkjan.com udp
US 8.8.8.8:53 ceocqdnhugfj.info udp
US 8.8.8.8:53 vcngpmy.info udp
US 8.8.8.8:53 uwqeaymu.org udp
US 8.8.8.8:53 svsntp.net udp
US 8.8.8.8:53 tbxxwhpm.info udp
US 8.8.8.8:53 lhjijcdwlwxw.net udp
US 8.8.8.8:53 mcpjockfak.net udp
US 8.8.8.8:53 qebcrnnrh.net udp
US 8.8.8.8:53 zavzyudj.info udp
US 8.8.8.8:53 vwjafaecjyhr.info udp
US 8.8.8.8:53 ovjthhbn.net udp
US 8.8.8.8:53 lgvgqaf.net udp
US 8.8.8.8:53 qqmmogomcoei.com udp
US 8.8.8.8:53 ykmeagkasw.org udp
US 8.8.8.8:53 ryimnkm.net udp
US 8.8.8.8:53 bbugmrnz.info udp
US 8.8.8.8:53 rohfvfbr.net udp
US 8.8.8.8:53 edejlfbdnp.info udp
US 8.8.8.8:53 qvblrqz.info udp
US 8.8.8.8:53 tjkirdbumaf.info udp
US 8.8.8.8:53 wnlztgrrzyrv.info udp
US 8.8.8.8:53 icsegmoqwg.org udp
US 8.8.8.8:53 eumewe.org udp
US 8.8.8.8:53 linbbyvblyxt.net udp
US 8.8.8.8:53 hbjxbitwltb.com udp
US 8.8.8.8:53 zapixvhc.net udp
US 8.8.8.8:53 zmijiwzmlwaw.net udp
US 8.8.8.8:53 ruygxkybpob.org udp
US 8.8.8.8:53 vyzsinfsy.info udp
US 8.8.8.8:53 fubsovxnmvgp.info udp
US 8.8.8.8:53 bcxpzyvgqhp.com udp
US 8.8.8.8:53 drtbuwftqeyz.net udp
US 8.8.8.8:53 dgdejlj.com udp
US 8.8.8.8:53 qpbybaxc.info udp
US 8.8.8.8:53 zelijdchkol.com udp
US 8.8.8.8:53 jwriqalwxrv.info udp
US 8.8.8.8:53 pykztbsjmo.net udp
US 8.8.8.8:53 ocmzofzajw.net udp
US 8.8.8.8:53 ugdrja.net udp
US 8.8.8.8:53 dujmywmyw.com udp
US 8.8.8.8:53 dxtfqnwy.net udp
US 8.8.8.8:53 perwemhgh.net udp
US 8.8.8.8:53 avhqgr.net udp
US 8.8.8.8:53 oukgysgakw.org udp
US 8.8.8.8:53 puppymtel.org udp
US 8.8.8.8:53 ukhwpvpzj.net udp
US 8.8.8.8:53 xymohloop.org udp
US 8.8.8.8:53 mvfzzttt.net udp
US 8.8.8.8:53 nkmwdxgipsr.net udp
US 8.8.8.8:53 jggazivqwh.info udp
US 8.8.8.8:53 rxzqcgm.net udp
US 8.8.8.8:53 eckgsyqyusaq.org udp
US 8.8.8.8:53 gtlyfp.info udp
US 8.8.8.8:53 iijaadysmch.info udp
US 8.8.8.8:53 jmvjyquz.info udp
US 8.8.8.8:53 xhrsvoiq.info udp
US 8.8.8.8:53 euprohpc.info udp
US 8.8.8.8:53 gsacdejgt.info udp
US 8.8.8.8:53 nklodouec.info udp
US 8.8.8.8:53 dzhbuv.info udp
US 34.227.7.138:80 zagyxzu.net tcp
US 8.8.8.8:53 mcqlfeobl.info udp
DE 85.214.228.140:80 yvlevtbtem.info tcp
US 8.8.8.8:53 rzvgqzoqqlzs.info udp
US 8.8.8.8:53 tzjwdtjs.info udp
US 8.8.8.8:53 vqbizkz.org udp
US 8.8.8.8:53 isiqwy.org udp
US 8.8.8.8:53 khsktyr.info udp
US 8.8.8.8:53 ekinxs.net udp
US 8.8.8.8:53 imsefqsjjty.net udp
US 8.8.8.8:53 vauvovlapzvl.net udp
US 8.8.8.8:53 cdrubdlzbz.net udp
US 8.8.8.8:53 sacaesqakk.org udp
US 8.8.8.8:53 sfklalwt.info udp
US 8.8.8.8:53 quxslcvwbsx.net udp
US 8.8.8.8:53 gyfkxogkw.net udp
US 208.117.43.225:80 gxovrewca.info tcp
BG 85.91.130.138:40620 tcp
US 8.8.8.8:53 wiswdcqndvz.info udp
US 8.8.8.8:53 nsqrpg.net udp
US 8.8.8.8:53 autwpptdv.net udp
US 8.8.8.8:53 xgjqblxbp.org udp
US 8.8.8.8:53 kglkferkp.net udp
US 8.8.8.8:53 yaxpgshqjy.net udp
US 8.8.8.8:53 dwtmrtauh.net udp
US 8.8.8.8:53 lkpfthcneopu.info udp
US 8.8.8.8:53 fsvoaogof.org udp
US 8.8.8.8:53 tvloihjbsb.net udp
US 8.8.8.8:53 nevideuo.info udp
US 8.8.8.8:53 kcocqqwwkcsm.org udp
US 8.8.8.8:53 eiaagytyy.info udp
US 8.8.8.8:53 ugwikuki.com udp
US 8.8.8.8:53 wwrfdwk.net udp
US 8.8.8.8:53 tjhrztqbpfhw.net udp
US 8.8.8.8:53 oeakqsiiugsu.org udp
US 8.8.8.8:53 uqxdcy.net udp
US 8.8.8.8:53 tvtumycbj.info udp
US 8.8.8.8:53 kioquvhbf.info udp
US 8.8.8.8:53 usuygtfz.net udp
US 8.8.8.8:53 qsqgyycuoy.com udp
US 8.8.8.8:53 gsbjzqw.info udp
US 8.8.8.8:53 rogwdgjqk.org udp
US 8.8.8.8:53 dekcetwykm.net udp
US 8.8.8.8:53 bubtcdxlfaqp.info udp
US 8.8.8.8:53 aqqckymemy.com udp
US 8.8.8.8:53 eikxnspqxuf.info udp
US 8.8.8.8:53 wudrlgzax.info udp
US 8.8.8.8:53 kuftfbvup.info udp
US 8.8.8.8:53 jmbozkdve.net udp
US 8.8.8.8:53 bwfgqykjpmmv.net udp
US 8.8.8.8:53 lbmajwuuq.com udp
US 8.8.8.8:53 fwaneylwz.com udp
US 8.8.8.8:53 rjkuffif.info udp
US 8.8.8.8:53 tcbopdsif.net udp
US 8.8.8.8:53 eiwqqo.com udp
US 8.8.8.8:53 atgddvetdmmi.info udp
US 8.8.8.8:53 vsfctwl.com udp
US 8.8.8.8:53 ovqodpzd.net udp
US 8.8.8.8:53 rylsbwaix.com udp
US 8.8.8.8:53 crnvkwkg.net udp
US 8.8.8.8:53 fgzerawqz.com udp
US 8.8.8.8:53 cgwucwuy.com udp
US 8.8.8.8:53 dtjulkfi.info udp
US 8.8.8.8:53 jobjpk.info udp
US 8.8.8.8:53 jflyjmn.com udp
US 8.8.8.8:53 nenctuyaj.com udp
US 8.8.8.8:53 jjfltdperf.net udp
US 8.8.8.8:53 idnmjdeb.info udp
US 8.8.8.8:53 xczvodoqqrbf.net udp
US 8.8.8.8:53 mzoshovltpyr.info udp
US 8.8.8.8:53 fqnwxuk.info udp
US 8.8.8.8:53 mgcesumccm.com udp
US 8.8.8.8:53 lsghprkecgo.org udp
US 8.8.8.8:53 lgmgcdygf.com udp
US 8.8.8.8:53 swjmhihwl.info udp
US 8.8.8.8:53 cdfmblcf.info udp
US 8.8.8.8:53 acgaoqww.com udp
US 8.8.8.8:53 xbwkjoszfjw.org udp
US 8.8.8.8:53 pmnquhf.org udp
US 8.8.8.8:53 kujqvevcnpt.info udp
US 8.8.8.8:53 qxnovodjnwph.net udp
US 8.8.8.8:53 wymyckya.com udp
US 8.8.8.8:53 iyjxjjvajyp.info udp
US 8.8.8.8:53 ketwcpl.net udp
US 8.8.8.8:53 kedaukfm.info udp
US 8.8.8.8:53 oxnutcxouw.net udp
US 8.8.8.8:53 wpwnksjsdm.net udp
US 8.8.8.8:53 wisikukgcq.org udp
US 8.8.8.8:53 uovyresga.net udp
US 8.8.8.8:53 kyxkljw.info udp
US 8.8.8.8:53 zmzehifwl.info udp
US 8.8.8.8:53 mugbnvyd.info udp
US 8.8.8.8:53 irfdvndbbaiy.info udp
US 8.8.8.8:53 xtlbisdp.info udp
US 8.8.8.8:53 fwfeexky.info udp
US 8.8.8.8:53 lgnrgqpc.net udp
US 8.8.8.8:53 tyljfojal.com udp
US 8.8.8.8:53 ymnypcr.net udp
US 8.8.8.8:53 biolfkjr.info udp
US 8.8.8.8:53 jnerxggo.info udp
US 8.8.8.8:53 yvwtursp.net udp
US 8.8.8.8:53 dlpywqnqj.org udp
US 8.8.8.8:53 xopybuh.net udp
US 8.8.8.8:53 ghspla.net udp
US 8.8.8.8:53 ouussmaquo.com udp
US 8.8.8.8:53 vjvqrkgcr.info udp
US 8.8.8.8:53 cdbrks.net udp
US 8.8.8.8:53 vqxxfkf.net udp
US 8.8.8.8:53 kfzfgdnu.info udp
US 8.8.8.8:53 rylvtpm.net udp
US 8.8.8.8:53 bqkkuwuxmgxr.info udp
US 8.8.8.8:53 upajaajl.info udp
US 8.8.8.8:53 qgzxlexab.info udp
US 8.8.8.8:53 tamelysw.info udp
US 8.8.8.8:53 yfdcuttz.info udp
US 8.8.8.8:53 tlxttjksnrxh.net udp
US 8.8.8.8:53 iimeiekscs.org udp
US 8.8.8.8:53 guzhlwbwp.info udp
US 8.8.8.8:53 xmxnqsf.com udp
US 8.8.8.8:53 swyvegxdtrlb.net udp
US 8.8.8.8:53 psnibdfgf.com udp
US 8.8.8.8:53 purujsfkd.net udp
US 8.8.8.8:53 vsbrzkx.info udp
US 8.8.8.8:53 hkxhzqtcjvg.net udp
US 8.8.8.8:53 dprelo.info udp
US 8.8.8.8:53 ymtylzbaezgu.net udp
US 8.8.8.8:53 kckqgksqlsn.info udp
US 8.8.8.8:53 ewntdc.net udp
US 8.8.8.8:53 rxzznxveuf.net udp
US 8.8.8.8:53 idisnoxetot.info udp
US 8.8.8.8:53 udwimtbhnc.net udp
US 8.8.8.8:53 pddxhqkj.info udp
US 8.8.8.8:53 ropgkxok.net udp
US 8.8.8.8:53 nermleugbb.info udp
US 8.8.8.8:53 qxttnyjhrkvd.net udp
US 8.8.8.8:53 tkhqlwnkcol.com udp
US 8.8.8.8:53 dwwolbqplsfz.net udp
US 8.8.8.8:53 acxops.net udp
US 8.8.8.8:53 raxxxsiav.info udp
US 8.8.8.8:53 dxoyavtivwpv.net udp
US 8.8.8.8:53 hcsyhvohz.com udp
US 8.8.8.8:53 tpursd.info udp
US 8.8.8.8:53 iidcfctuz.net udp
US 8.8.8.8:53 tesgncp.org udp
US 8.8.8.8:53 iwmaqwweyuce.com udp
US 8.8.8.8:53 szxkwwk.net udp
US 8.8.8.8:53 xqyymedwahor.net udp
US 8.8.8.8:53 pdnqheedzf.net udp
US 8.8.8.8:53 lxdgbska.net udp
US 8.8.8.8:53 qbbavakgt.info udp
US 8.8.8.8:53 cglmrcfapyq.net udp
US 8.8.8.8:53 guwtpuxmp.info udp
US 8.8.8.8:53 cckxjf.info udp
US 8.8.8.8:53 hyonbmbik.info udp
US 8.8.8.8:53 nxnifstiasx.org udp
US 8.8.8.8:53 xvkkipmizjoj.net udp
US 8.8.8.8:53 fkdiugboa.org udp
US 8.8.8.8:53 vvznyu.info udp
US 8.8.8.8:53 miuqgwqk.org udp
US 8.8.8.8:53 kpvyegoz.info udp
US 8.8.8.8:53 xoxvvtjcsjyf.info udp
BG 213.167.28.200:34894 tcp
US 8.8.8.8:53 uyewwgeokm.com udp
US 8.8.8.8:53 zoxuris.net udp
US 8.8.8.8:53 ggdcgp.net udp
US 8.8.8.8:53 umkqxamcgri.net udp
US 8.8.8.8:53 qnvozydmn.info udp
US 8.8.8.8:53 rxpdncbgvan.info udp
US 8.8.8.8:53 umewqmmeuy.com udp
US 8.8.8.8:53 agemmmoygqcg.org udp
US 8.8.8.8:53 brjtiihgpj.net udp
US 8.8.8.8:53 jmkpjqn.net udp
US 8.8.8.8:53 nphglxd.org udp
US 8.8.8.8:53 kgjemi.net udp
US 8.8.8.8:53 osvmpyyeyue.net udp
US 8.8.8.8:53 fysorvjcpyaw.info udp
US 8.8.8.8:53 frdltl.info udp
US 8.8.8.8:53 nkumkkiddegt.net udp
US 8.8.8.8:53 dhoszass.net udp
US 8.8.8.8:53 wphexgvozwt.info udp
US 8.8.8.8:53 lumcgayqt.info udp
US 8.8.8.8:53 eytjeqgsp.info udp
US 8.8.8.8:53 ssjqthw.info udp
US 8.8.8.8:53 lgluxdzgz.info udp
US 8.8.8.8:53 jjgoaixj.info udp
US 8.8.8.8:53 wojmlyunjyn.net udp
US 8.8.8.8:53 wpcqhg.net udp
US 8.8.8.8:53 jskkjdnlngh.net udp
US 8.8.8.8:53 mowkmckiqgeo.com udp
US 8.8.8.8:53 tuutoxsynoyk.net udp
US 8.8.8.8:53 osmcaaks.com udp
US 8.8.8.8:53 jmegkkp.com udp
US 8.8.8.8:53 bhdwdokib.org udp
US 8.8.8.8:53 pfnqtp.net udp
US 8.8.8.8:53 hujopdekjus.com udp
US 8.8.8.8:53 zgudvcwxr.com udp
US 8.8.8.8:53 umlzvkqgx.info udp
US 8.8.8.8:53 vszknwoqd.net udp
US 8.8.8.8:53 yuzhnmhy.info udp
US 8.8.8.8:53 yhbfozcm.info udp
US 8.8.8.8:53 vkhoaejkl.net udp
US 8.8.8.8:53 owukiyuqeaic.com udp
US 8.8.8.8:53 nglddwzpiwf.com udp
US 8.8.8.8:53 zncmww.info udp
US 8.8.8.8:53 qiqwyykeysys.com udp
US 8.8.8.8:53 rhaestmtdb.net udp
US 8.8.8.8:53 qktgjtqajtz.net udp
US 8.8.8.8:53 xkumavlp.info udp
US 8.8.8.8:53 rkuexkbwvufy.info udp
US 8.8.8.8:53 blfaox.info udp
US 8.8.8.8:53 pfvbnklr.net udp
US 8.8.8.8:53 sszextain.net udp
US 8.8.8.8:53 dyuwroqhh.info udp
US 8.8.8.8:53 uqvqvof.net udp
US 8.8.8.8:53 vxybtikwd.info udp
US 8.8.8.8:53 vcrgfsaqx.org udp
US 8.8.8.8:53 xgbarhd.com udp
US 8.8.8.8:53 vmgypyuuhwd.com udp
US 8.8.8.8:53 cuevmsdbpm.net udp
US 8.8.8.8:53 vansyum.com udp
US 8.8.8.8:53 gmyems.org udp
US 8.8.8.8:53 undsfetreaew.info udp
US 8.8.8.8:53 suiyeayi.org udp
US 8.8.8.8:53 mbcqvg.net udp
US 8.8.8.8:53 wprulitqrkti.info udp
US 8.8.8.8:53 zrrsxztpjfem.net udp
US 8.8.8.8:53 mfvomkg.info udp
US 8.8.8.8:53 ovstxcdlgwdv.net udp
US 8.8.8.8:53 mwgmfszwfsh.net udp
US 8.8.8.8:53 ncdqfzhp.info udp
US 8.8.8.8:53 imkgswak.org udp
US 8.8.8.8:53 mmzehxgnpohx.net udp
US 8.8.8.8:53 aahalsz.net udp
US 8.8.8.8:53 acnubebmn.info udp
US 8.8.8.8:53 nxzombzf.net udp
US 8.8.8.8:53 rntvzyvsqj.info udp
US 8.8.8.8:53 edasqspseum.info udp
US 8.8.8.8:53 xdjcla.info udp
US 8.8.8.8:53 eempsu.info udp
US 8.8.8.8:53 pwdooyphk.net udp
US 8.8.8.8:53 qsbersvx.info udp
US 8.8.8.8:53 odjnfatkvlgr.net udp
US 8.8.8.8:53 gmhtxuhhcz.info udp
US 8.8.8.8:53 timvskcsh.net udp
US 8.8.8.8:53 waqxblbomoh.net udp
US 8.8.8.8:53 eiyykeo.info udp
US 8.8.8.8:53 uqefngb.net udp
US 8.8.8.8:53 pffuoiumv.net udp
US 8.8.8.8:53 rybsdpxvmnws.info udp
US 8.8.8.8:53 llvozjjmi.com udp
US 8.8.8.8:53 fginxixq.net udp
US 8.8.8.8:53 zzjknggkwxhz.net udp
US 8.8.8.8:53 hjmhldqmwf.info udp
US 8.8.8.8:53 twzcmuxgx.info udp
US 8.8.8.8:53 pstizcp.net udp
US 8.8.8.8:53 loboje.info udp
US 8.8.8.8:53 qqhotaylpev.info udp
US 8.8.8.8:53 oapzhsk.info udp
US 8.8.8.8:53 ypkuwkxk.net udp
US 8.8.8.8:53 asqokeugye.com udp
US 8.8.8.8:53 itkrkepifm.info udp
US 8.8.8.8:53 caxhsn.net udp
US 8.8.8.8:53 qwxqytjvo.net udp
US 8.8.8.8:53 mcmlhits.info udp
US 8.8.8.8:53 juronwf.net udp
US 8.8.8.8:53 jwioqov.info udp
US 8.8.8.8:53 buisur.info udp
US 8.8.8.8:53 ldirdi.info udp
US 8.8.8.8:53 qqwwgqtzbjd.info udp
US 8.8.8.8:53 pmopzqljjgne.info udp
US 8.8.8.8:53 lyzebuhs.info udp
US 8.8.8.8:53 tibdhnvakd.net udp
US 8.8.8.8:53 khdqhpb.net udp
US 8.8.8.8:53 zisyqyrsj.org udp
US 8.8.8.8:53 hppzuatio.com udp
US 8.8.8.8:53 aiaqiqohnxw.info udp
US 8.8.8.8:53 wydszav.net udp
US 8.8.8.8:53 rgrcrtgum.com udp
US 8.8.8.8:53 rnvyumslvgot.net udp
US 8.8.8.8:53 jmnoexwhge.info udp
US 8.8.8.8:53 eqpyndl.net udp
US 8.8.8.8:53 hpaenwbetwq.com udp
US 8.8.8.8:53 wwlqzmnar.info udp
US 8.8.8.8:53 oyafuoxhdky.info udp
US 8.8.8.8:53 mpbidmzm.net udp
US 8.8.8.8:53 tjrkrqprbevj.net udp
US 8.8.8.8:53 cktlmrenxe.info udp
US 8.8.8.8:53 yiiioofyx.info udp
US 8.8.8.8:53 pndshdzgdu.info udp
US 8.8.8.8:53 ekcyoa.org udp
BG 84.40.115.39:34181 tcp
US 8.8.8.8:53 bobijjkdnwnu.net udp
US 8.8.8.8:53 kmskpu.info udp
US 8.8.8.8:53 reqlfebe.info udp
US 8.8.8.8:53 aetgjbrvrovv.info udp
US 8.8.8.8:53 guqocqkg.org udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 iokkgmiioq.com udp
US 8.8.8.8:53 xqkcnggkj.info udp
US 8.8.8.8:53 trwidfy.net udp
US 8.8.8.8:53 juqqizbyk.com udp
US 8.8.8.8:53 agykeqksuosy.org udp
US 8.8.8.8:53 sdgctvrac.net udp
US 8.8.8.8:53 femeebwa.info udp
US 8.8.8.8:53 nelooxrwbs.net udp
US 8.8.8.8:53 znzkewnog.info udp
US 8.8.8.8:53 zksypckon.net udp
US 8.8.8.8:53 urgwesgmp.info udp
US 8.8.8.8:53 bawwqwmsbiah.net udp
US 8.8.8.8:53 eqawok.com udp
US 8.8.8.8:53 oefnjlji.net udp
US 8.8.8.8:53 rspxfkvezu.info udp
US 8.8.8.8:53 hmoajsdal.info udp
US 8.8.8.8:53 somslvl.net udp
US 8.8.8.8:53 nglkhzsvsav.com udp
US 8.8.8.8:53 pjumnwnmv.com udp
US 8.8.8.8:53 lgnhfztlzlcj.info udp
US 8.8.8.8:53 dchkpjhixjds.net udp
US 8.8.8.8:53 ydhwywhk.info udp
US 8.8.8.8:53 ioabvszktayp.net udp
US 8.8.8.8:53 bhhchgi.com udp
US 8.8.8.8:53 mehcvmrex.info udp
US 8.8.8.8:53 vejudutqs.org udp
US 8.8.8.8:53 aaucsaaqkmio.org udp
US 8.8.8.8:53 xkhbnqy.info udp
US 8.8.8.8:53 dabjlwlk.net udp
US 8.8.8.8:53 zdnqvcltvsz.net udp
US 8.8.8.8:53 wkzxzk.net udp
US 8.8.8.8:53 xsuchgz.info udp
US 8.8.8.8:53 zwletaitq.info udp
US 8.8.8.8:53 cndwjgbknnm.info udp
US 8.8.8.8:53 qyyeqmuiig.com udp
US 8.8.8.8:53 jezspuu.com udp
US 8.8.8.8:53 jdydxkpfmtl.net udp
US 8.8.8.8:53 mvvszipnr.net udp
US 8.8.8.8:53 tztyhwta.info udp
US 8.8.8.8:53 pqywiermbym.net udp
US 8.8.8.8:53 dkpeeocmxpjs.info udp
US 8.8.8.8:53 lexllnh.net udp
US 8.8.8.8:53 lswnqnqzwa.info udp
US 8.8.8.8:53 nqhurimfj.org udp
US 8.8.8.8:53 aaycawagsi.org udp
US 8.8.8.8:53 eukqapdidrk.info udp
US 8.8.8.8:53 rmwbsmjktg.net udp
US 8.8.8.8:53 nepxrapdj.net udp
US 8.8.8.8:53 gojrlnj.info udp
US 8.8.8.8:53 mhysxrscpzh.net udp
US 8.8.8.8:53 xptedduulxgb.info udp
US 8.8.8.8:53 aqtwyyewv.info udp
US 8.8.8.8:53 snnoegdwryno.net udp
US 8.8.8.8:53 ajhodtvkc.net udp
US 8.8.8.8:53 qwumyggu.org udp
US 8.8.8.8:53 yroymt.net udp
US 8.8.8.8:53 pujucdsk.net udp
US 8.8.8.8:53 dqsdzd.info udp
US 8.8.8.8:53 bnsyzgr.com udp
US 8.8.8.8:53 hbzjdizb.info udp
US 8.8.8.8:53 yuumqaasygmw.org udp
US 8.8.8.8:53 hdotlurhwjvh.info udp
US 8.8.8.8:53 actqrjkmwwn.info udp
US 8.8.8.8:53 zuihdfmw.info udp
US 8.8.8.8:53 nennbgr.net udp
US 8.8.8.8:53 nyxilsggp.info udp
US 8.8.8.8:53 ucmypct.info udp
US 8.8.8.8:53 ayfckstsoch.net udp
US 8.8.8.8:53 efbepnwi.net udp
US 8.8.8.8:53 jwkcrxziv.com udp
US 8.8.8.8:53 mexyzadmp.net udp
US 8.8.8.8:53 gcgmkkeyagqe.com udp
US 8.8.8.8:53 licaosjgsjux.info udp
US 8.8.8.8:53 rrpglwh.com udp
US 8.8.8.8:53 npmfwrwekqzy.net udp
US 8.8.8.8:53 bsvnpeteyek.net udp
US 8.8.8.8:53 girwll.net udp
US 8.8.8.8:53 vanodzljqmn.com udp
US 8.8.8.8:53 rulaikhfxg.net udp
US 8.8.8.8:53 epjtnauthl.net udp
US 8.8.8.8:53 navaekxycd.net udp
US 8.8.8.8:53 sbjamlvaygh.info udp
US 8.8.8.8:53 npxszczafr.net udp
US 8.8.8.8:53 yaqygwmunw.net udp
US 8.8.8.8:53 bfmkioxbfdye.net udp
US 8.8.8.8:53 hhaukgdixgc.com udp
US 8.8.8.8:53 iiaoewusykqa.org udp
US 8.8.8.8:53 zqhzfbxl.net udp
US 8.8.8.8:53 unubkvbgps.info udp
US 8.8.8.8:53 rgniwdy.net udp
US 8.8.8.8:53 wvhadjhon.net udp
US 8.8.8.8:53 unptiolqxz.net udp
US 8.8.8.8:53 zczdzknqrpf.info udp
US 8.8.8.8:53 vpapyjclrwtu.net udp
US 8.8.8.8:53 qepxrlt.net udp
US 8.8.8.8:53 tkpcbwlejmut.info udp
US 8.8.8.8:53 jrgqzl.info udp
US 8.8.8.8:53 fqyobmfft.com udp
US 8.8.8.8:53 jcfysqgezkj.com udp
US 8.8.8.8:53 citepix.info udp
US 8.8.8.8:53 oquzjzqoikt.net udp
US 8.8.8.8:53 uuftlnp.info udp
US 8.8.8.8:53 xciruggv.net udp
US 8.8.8.8:53 qceqikaekkqc.com udp
US 8.8.8.8:53 sjvbxazftaa.net udp
US 8.8.8.8:53 wicstytgq.net udp
US 8.8.8.8:53 nwzayml.org udp
US 8.8.8.8:53 ggqoqwoc.com udp
US 8.8.8.8:53 keybxkj.net udp
US 8.8.8.8:53 myxwxzfwlyu.info udp
US 8.8.8.8:53 tdlchsbj.info udp
US 8.8.8.8:53 ltrnik.net udp
US 8.8.8.8:53 bizpsuebmt.info udp
US 8.8.8.8:53 hinwebnbjyh.com udp
US 8.8.8.8:53 mcewsaasss.org udp
US 8.8.8.8:53 gctmgcfq.net udp
US 8.8.8.8:53 ewoextrab.net udp
US 8.8.8.8:53 rabdscta.info udp
US 8.8.8.8:53 hgboqwg.info udp
US 8.8.8.8:53 xajeqhc.info udp
US 8.8.8.8:53 tedodftzd.com udp
US 8.8.8.8:53 zrnrvnpm.net udp
US 8.8.8.8:53 ruwcrbxaz.info udp
US 8.8.8.8:53 pgrfmktttwb.org udp
US 8.8.8.8:53 zgbwpalwl.net udp
US 8.8.8.8:53 gabmxgxco.net udp
US 8.8.8.8:53 gyfzbtmg.info udp
US 8.8.8.8:53 iqkamaueuwyg.com udp
US 8.8.8.8:53 dpjrdawwap.info udp
US 8.8.8.8:53 nnrmawm.net udp
US 8.8.8.8:53 vebsokjdxot.org udp
US 8.8.8.8:53 omcnccrgnor.net udp
US 8.8.8.8:53 umyikekmuw.org udp
US 8.8.8.8:53 msmeteo.net udp
US 8.8.8.8:53 kincpy.net udp
US 8.8.8.8:53 tlpmssa.net udp
US 8.8.8.8:53 ihnowjytmkku.info udp
US 8.8.8.8:53 rkrjzipmvht.org udp
US 8.8.8.8:53 ntdgkmipjcdx.info udp
US 8.8.8.8:53 nrbyxpgjdv.net udp
US 8.8.8.8:53 oipcikwcgqe.info udp
US 8.8.8.8:53 vvzbqi.info udp
US 8.8.8.8:53 orhapwzifcuc.info udp
US 8.8.8.8:53 rytdpp.net udp
US 8.8.8.8:53 myakiksuie.com udp
US 8.8.8.8:53 ilbzjcpxo.net udp
US 8.8.8.8:53 ydnqdafon.net udp
US 8.8.8.8:53 czqsbuz.info udp
US 8.8.8.8:53 vxlunydxpu.info udp
US 8.8.8.8:53 pnnohlhcs.info udp
US 8.8.8.8:53 ywkjyhaqjb.info udp
US 8.8.8.8:53 ilxcxyjpx.info udp
US 8.8.8.8:53 hcydwntgwywm.info udp
US 8.8.8.8:53 dnokev.info udp
US 8.8.8.8:53 lgymtxu.info udp
US 8.8.8.8:53 upvmswcyv.net udp
US 8.8.8.8:53 pqdsnxnkaq.net udp
US 8.8.8.8:53 vodrnedob.net udp
US 8.8.8.8:53 abblavog.net udp
US 8.8.8.8:53 lehdhu.net udp
US 8.8.8.8:53 ptjdxyjmg.net udp
US 8.8.8.8:53 msuglepurbr.info udp
US 8.8.8.8:53 bpptpmrzzyac.net udp
US 8.8.8.8:53 siuimksyyw.org udp
US 8.8.8.8:53 acgaiaie.com udp
US 8.8.8.8:53 wqywrcx.info udp
US 8.8.8.8:53 nqhldgj.org udp
US 8.8.8.8:53 mmopzitorat.net udp
US 8.8.8.8:53 sklsbwz.net udp
US 8.8.8.8:53 mmvqjexmd.info udp
US 8.8.8.8:53 dhrgeeqi.info udp
US 8.8.8.8:53 hujlebi.info udp
US 8.8.8.8:53 mgtqwigjx.info udp
US 8.8.8.8:53 yrozag.info udp
US 8.8.8.8:53 gkksiagmyy.org udp
US 8.8.8.8:53 dhcebyjy.info udp
US 8.8.8.8:53 osmlrkbsxspk.net udp
US 8.8.8.8:53 rbrungobaefb.net udp
US 8.8.8.8:53 tiyjcz.net udp
US 8.8.8.8:53 quyiwgpcx.net udp
US 8.8.8.8:53 tjdeuoco.info udp
US 8.8.8.8:53 weoghibqnsp.net udp
US 8.8.8.8:53 mguqekyc.com udp
US 8.8.8.8:53 gmgsbahdlrs.net udp
US 8.8.8.8:53 sqyvym.info udp
US 8.8.8.8:53 hhdhvtfwf.com udp
US 8.8.8.8:53 pxfqrhhm.net udp
US 8.8.8.8:53 wbbktstl.info udp
US 8.8.8.8:53 iuwwww.org udp
US 8.8.8.8:53 usnpkjhbly.net udp
US 8.8.8.8:53 fatwcxv.com udp
US 8.8.8.8:53 wzzfjkp.net udp
US 8.8.8.8:53 kmmiiuqmkosq.com udp
US 8.8.8.8:53 faavipbtdvtm.net udp
US 8.8.8.8:53 nwsedczktgo.info udp
US 8.8.8.8:53 hyiullfz.info udp
US 8.8.8.8:53 phyxbqjugr.info udp
US 8.8.8.8:53 lfzycnmnpua.com udp
US 8.8.8.8:53 zsviaj.info udp
US 8.8.8.8:53 csmyas.com udp
US 8.8.8.8:53 pknqhulhbx.net udp
US 8.8.8.8:53 effoeyrn.info udp
US 8.8.8.8:53 uuyqcs.org udp
US 8.8.8.8:53 vdxqjf.info udp
US 8.8.8.8:53 xfrfzb.net udp
US 8.8.8.8:53 hdkjbjcau.info udp
US 8.8.8.8:53 myrurnsai.net udp
US 8.8.8.8:53 uuoioo.org udp
US 8.8.8.8:53 omskemgmwe.org udp
US 8.8.8.8:53 ygicocmky.net udp
US 8.8.8.8:53 mjcfjqpv.net udp
US 8.8.8.8:53 kuuosoyy.com udp
US 8.8.8.8:53 yqbciur.info udp
US 8.8.8.8:53 ehpzpspfpt.info udp
US 8.8.8.8:53 etlolkngqeo.net udp
US 8.8.8.8:53 olysndmj.net udp
US 8.8.8.8:53 wlanyvxrow.net udp
US 8.8.8.8:53 kslmrbnhtbx.info udp
US 8.8.8.8:53 yimookay.com udp
US 8.8.8.8:53 eccmjudft.info udp
US 8.8.8.8:53 odjmnizmf.info udp
US 8.8.8.8:53 cfvejrduy.info udp
US 8.8.8.8:53 oeimqaek.org udp
US 8.8.8.8:53 wmlgoyhcc.info udp
US 8.8.8.8:53 dxugnzfn.info udp
US 8.8.8.8:53 hkqmwczspkp.net udp
US 8.8.8.8:53 vpgqiopawraa.info udp
US 8.8.8.8:53 nsrorb.info udp
US 8.8.8.8:53 ybpmldqkzgaj.info udp
US 8.8.8.8:53 fpplvl.info udp
US 8.8.8.8:53 fpogbrsi.net udp
US 8.8.8.8:53 ioryvqlapqz.net udp
US 8.8.8.8:53 qmjmwsb.info udp
US 8.8.8.8:53 polthkszom.info udp
US 8.8.8.8:53 hypqlamwx.net udp
US 8.8.8.8:53 drfllxxkrk.info udp
US 8.8.8.8:53 vtrudohq.info udp
US 8.8.8.8:53 joppgbkfpy.info udp
US 8.8.8.8:53 cqyaisekakms.org udp
US 8.8.8.8:53 psjkrhgqgcwt.net udp
US 8.8.8.8:53 zofinuvi.net udp
US 8.8.8.8:53 dsnjmut.net udp
US 8.8.8.8:53 mlmwhqpjjsm.info udp
US 8.8.8.8:53 pnqzqrjqthbg.info udp
US 8.8.8.8:53 aqthmyfpqbf.net udp
US 8.8.8.8:53 kvgkyklfvnfh.info udp
US 8.8.8.8:53 hhpapq.info udp
US 8.8.8.8:53 dxptryhkkxuw.info udp
US 8.8.8.8:53 lultdbo.info udp
US 8.8.8.8:53 hodphw.net udp
US 8.8.8.8:53 hqrbdvpagiv.info udp
US 8.8.8.8:53 cgaaqcokee.com udp
US 8.8.8.8:53 dxumgjwklz.net udp
US 8.8.8.8:53 qwfvtcbczad.net udp
US 8.8.8.8:53 qbzpeydhls.net udp
US 8.8.8.8:53 smjmlooxowj.net udp
US 8.8.8.8:53 yocxrurrzg.info udp
US 8.8.8.8:53 qqgvwgn.info udp
US 8.8.8.8:53 paqdtrzbfv.info udp
US 8.8.8.8:53 vwmunozv.info udp
US 8.8.8.8:53 aohgxbn.net udp
US 8.8.8.8:53 agwegiswsuwc.com udp
US 8.8.8.8:53 pkferezlzj.net udp
US 8.8.8.8:53 mqturgpkvcn.net udp
US 8.8.8.8:53 zixkkidkpet.com udp
US 8.8.8.8:53 ptjxnmtpat.net udp
US 8.8.8.8:53 ikmgioey.com udp
US 8.8.8.8:53 gmlpsuxv.info udp
US 8.8.8.8:53 fmsvnwai.net udp
US 8.8.8.8:53 vwmielaee.info udp
US 8.8.8.8:53 kwaaggim.org udp
US 8.8.8.8:53 palclqf.org udp
US 8.8.8.8:53 sycxtcpt.info udp
US 8.8.8.8:53 ejqrgacnvrfl.info udp
US 8.8.8.8:53 elrszi.net udp
US 8.8.8.8:53 qcwoiscegccm.org udp
US 8.8.8.8:53 pazmpovqsib.info udp
US 8.8.8.8:53 xppcdfoxen.net udp
US 8.8.8.8:53 jdgespwbrw.net udp
US 8.8.8.8:53 fexqnsyeo.com udp
US 8.8.8.8:53 ovvankxmfgw.info udp
US 8.8.8.8:53 zqbeeylqda.net udp
US 8.8.8.8:53 rnashg.info udp
US 8.8.8.8:53 ueuueyis.com udp
US 8.8.8.8:53 foutzjtzmo.info udp
US 8.8.8.8:53 zsfovwnhupb.org udp
US 8.8.8.8:53 luwdzm.info udp
US 8.8.8.8:53 nibalaqr.info udp
US 8.8.8.8:53 uaeimwes.org udp
US 8.8.8.8:53 ikwheynod.net udp
US 8.8.8.8:53 wuviebqgpgwu.net udp
US 8.8.8.8:53 yofqgk.net udp
US 8.8.8.8:53 kwafhljvkaj.net udp
US 8.8.8.8:53 eyscmq.org udp
US 8.8.8.8:53 igvblnrpb.net udp
US 8.8.8.8:53 dpfhotpoxql.org udp
US 8.8.8.8:53 tsivnkiuugu.org udp
US 8.8.8.8:53 agavlqjvuu.net udp
US 8.8.8.8:53 zavugstmp.org udp
US 8.8.8.8:53 ekwoyskqsoii.org udp
US 8.8.8.8:53 jkdvncbm.net udp
US 8.8.8.8:53 oeamwweeeyag.org udp
US 8.8.8.8:53 alrksdoidluz.net udp
US 8.8.8.8:53 gqfawac.net udp
US 8.8.8.8:53 bxjvos.net udp
US 8.8.8.8:53 yefosolgyae.net udp
US 8.8.8.8:53 bisqguvux.com udp
US 8.8.8.8:53 lmuzzo.info udp
US 8.8.8.8:53 rpfvxwbo.net udp
US 8.8.8.8:53 hooonlzz.net udp
US 8.8.8.8:53 xetwnbvfl.org udp
US 8.8.8.8:53 jenxtorin.net udp
US 8.8.8.8:53 cifceisebd.info udp
US 8.8.8.8:53 dzhwvch.com udp
US 8.8.8.8:53 rhwyry.net udp
US 8.8.8.8:53 fhpanl.net udp
US 8.8.8.8:53 qoumuoeewqwq.com udp
US 8.8.8.8:53 jbrplywd.net udp
US 8.8.8.8:53 xvmtilfy.net udp
US 8.8.8.8:53 boxbfd.net udp
US 8.8.8.8:53 lqzozkewu.net udp
US 8.8.8.8:53 xstxhcibpsj.net udp
US 8.8.8.8:53 cehfxuvon.net udp
US 8.8.8.8:53 wotmpm.net udp
US 8.8.8.8:53 ayeaoocgwg.com udp
US 8.8.8.8:53 hsyqnop.info udp
US 8.8.8.8:53 imoaqyowik.com udp
US 8.8.8.8:53 jgtcvuvyvrj.org udp
US 8.8.8.8:53 ulzojllhjav.net udp
US 8.8.8.8:53 lehvfou.org udp
US 8.8.8.8:53 bczgzzzvbb.net udp
US 8.8.8.8:53 zrwjldnt.net udp
US 8.8.8.8:53 itvyeybis.net udp
US 8.8.8.8:53 wsbiqd.net udp
US 8.8.8.8:53 smsowycm.org udp
US 8.8.8.8:53 vcfctggtvzs.info udp
US 8.8.8.8:53 xbxovtr.net udp
US 8.8.8.8:53 jcyrpqlyjjug.info udp
US 8.8.8.8:53 lbgatusqtrmg.info udp
US 8.8.8.8:53 grtllmbeq.net udp
US 8.8.8.8:53 debupglifrz.org udp
US 8.8.8.8:53 reybhpfhhvfu.net udp
US 8.8.8.8:53 yiauqiqs.org udp
US 8.8.8.8:53 azgczcxhvp.info udp
US 8.8.8.8:53 eitgtqyqbav.net udp
US 8.8.8.8:53 jjkllkvp.net udp
US 8.8.8.8:53 istvbjcfltt.info udp
US 8.8.8.8:53 sbuuby.net udp
US 8.8.8.8:53 cmrclkkfndd.info udp
US 8.8.8.8:53 iyhybidey.net udp
US 8.8.8.8:53 bczkeicsobnr.net udp
US 8.8.8.8:53 iyehjrhrqzpe.info udp
US 8.8.8.8:53 jwxikegm.net udp
US 8.8.8.8:53 jyrrfk.info udp
US 8.8.8.8:53 zsjsnohovfm.com udp
US 8.8.8.8:53 eangcvqqxgt.net udp
US 8.8.8.8:53 miqsezfrjeyd.net udp
US 8.8.8.8:53 viqasnxylsv.info udp
US 8.8.8.8:53 aeduifvt.net udp
US 8.8.8.8:53 vjtgcdnjzcjn.net udp
US 8.8.8.8:53 vciupst.org udp
US 8.8.8.8:53 zdqjymbaloec.info udp
US 8.8.8.8:53 affjpu.net udp
US 8.8.8.8:53 tcdqcl.net udp
US 8.8.8.8:53 wqruhetyv.net udp
US 8.8.8.8:53 zoxhlwpjje.net udp
US 8.8.8.8:53 mymacyegeyao.org udp
US 8.8.8.8:53 cljirl.net udp
US 8.8.8.8:53 gymawayosg.com udp
US 8.8.8.8:53 ydgioazk.info udp
US 8.8.8.8:53 ivrsfcacrcr.info udp
US 8.8.8.8:53 oqfidnf.net udp
US 8.8.8.8:53 jyjcjoparmdo.net udp
US 8.8.8.8:53 dkaeer.info udp
US 8.8.8.8:53 pomonejex.org udp
US 8.8.8.8:53 xjvyqdxb.info udp
US 8.8.8.8:53 homslkp.net udp
US 8.8.8.8:53 wevktat.info udp
US 8.8.8.8:53 zriykgz.info udp
US 8.8.8.8:53 cyhmjibjxv.info udp
US 8.8.8.8:53 iqoycacqoa.org udp
US 8.8.8.8:53 hnhksv.info udp
US 8.8.8.8:53 mhpznjajsf.net udp
US 8.8.8.8:53 rjbilspqfix.org udp
US 8.8.8.8:53 iidzzet.net udp
US 8.8.8.8:53 vowckplid.org udp
US 8.8.8.8:53 moxrincvxu.info udp
US 8.8.8.8:53 xcpwdclb.net udp
US 8.8.8.8:53 jujikgvepzy.com udp
US 8.8.8.8:53 fuosngkante.info udp
US 8.8.8.8:53 gkgtbq.net udp
US 8.8.8.8:53 nitexmjjz.net udp
US 8.8.8.8:53 rnrxva.net udp
US 8.8.8.8:53 tswdxkp.info udp
US 8.8.8.8:53 lhnetason.com udp
US 8.8.8.8:53 usyssisesscc.com udp
US 8.8.8.8:53 twhqzveavt.info udp
US 8.8.8.8:53 vcrcpkzvl.com udp
US 8.8.8.8:53 xgsvxcreeve.net udp
US 8.8.8.8:53 yjxoddjunztx.info udp
US 8.8.8.8:53 jmitjfwt.net udp
US 8.8.8.8:53 ygtgllrlqww.net udp
US 8.8.8.8:53 revbpywao.info udp
US 8.8.8.8:53 vhxptg.net udp
US 8.8.8.8:53 kmzddnqrlb.info udp
US 8.8.8.8:53 zeimeaj.net udp
US 8.8.8.8:53 mkcgsowi.com udp
US 8.8.8.8:53 xfcmmgr.net udp
US 8.8.8.8:53 eglfpihhaot.net udp
US 8.8.8.8:53 oavubenylid.info udp
US 8.8.8.8:53 imvcaebcr.info udp
US 8.8.8.8:53 uukevcfubyf.info udp
US 8.8.8.8:53 ggjkqklibwd.info udp
US 8.8.8.8:53 nmxythmiroj.net udp
US 8.8.8.8:53 nvhqiaxfag.info udp
US 8.8.8.8:53 hkwksydnn.com udp
US 8.8.8.8:53 duyylibtp.com udp
US 8.8.8.8:53 pxxzlmegp.com udp
US 8.8.8.8:53 gjmotzptvcnj.net udp
US 8.8.8.8:53 xrpnpyfg.info udp
US 8.8.8.8:53 dzxzcqpopy.net udp
US 8.8.8.8:53 semijpfavi.info udp
US 8.8.8.8:53 jgnwhwt.org udp
US 8.8.8.8:53 xgvcdetmd.com udp
US 8.8.8.8:53 pceffh.net udp
US 8.8.8.8:53 bqkqkcdcakb.net udp
US 8.8.8.8:53 pppojfzyuq.net udp
US 8.8.8.8:53 swpogybfpmn.net udp
US 8.8.8.8:53 faxqua.net udp
US 8.8.8.8:53 csbfezhoxwgs.net udp
US 8.8.8.8:53 tkcdzw.info udp
US 8.8.8.8:53 mdmdswvioxdw.net udp
US 8.8.8.8:53 mjrlpqhb.info udp
US 8.8.8.8:53 iuqkiyoyuy.com udp
US 8.8.8.8:53 xqikwsvjj.com udp
US 8.8.8.8:53 sifmtetcu.net udp
US 8.8.8.8:53 aayecike.org udp
US 8.8.8.8:53 yphkii.info udp
US 8.8.8.8:53 nmpzibhj.info udp
US 8.8.8.8:53 xwwzlcbltdhu.net udp
US 8.8.8.8:53 dinuwoejy.com udp
US 8.8.8.8:53 doylban.net udp
US 8.8.8.8:53 pdpehac.info udp
US 8.8.8.8:53 bhnseh.info udp
US 8.8.8.8:53 ygzfpkiejb.info udp
US 8.8.8.8:53 jydojitelpi.com udp
US 8.8.8.8:53 uuljjctd.net udp
US 8.8.8.8:53 bqrqzwh.info udp
US 8.8.8.8:53 cqkqsa.com udp
US 8.8.8.8:53 vthhjwztnp.info udp
US 8.8.8.8:53 agpxwxhlguir.info udp
US 8.8.8.8:53 pkfkwmxgn.net udp
US 8.8.8.8:53 acxrtpwxbymx.info udp
US 8.8.8.8:53 aeocqh.net udp
US 8.8.8.8:53 netovscagwn.info udp
US 8.8.8.8:53 dtgibwp.info udp
US 8.8.8.8:53 gytonmx.info udp
US 8.8.8.8:53 swjnlwwvbonx.net udp
US 8.8.8.8:53 uurepoimh.info udp
US 8.8.8.8:53 zdfkdhjofcv.info udp
US 8.8.8.8:53 iyculvv.net udp
US 8.8.8.8:53 vwagzgxu.info udp
US 8.8.8.8:53 onccxbf.net udp
US 8.8.8.8:53 vztutgkkoi.info udp
US 8.8.8.8:53 jxckdkn.org udp
US 8.8.8.8:53 iieami.org udp
US 8.8.8.8:53 hvllbqpeqlnw.net udp
US 8.8.8.8:53 mwkqumcysq.org udp
US 8.8.8.8:53 iqfohce.info udp
US 8.8.8.8:53 uysumcsc.com udp
US 8.8.8.8:53 uksyrc.info udp
US 8.8.8.8:53 xyxptkmuw.info udp
US 8.8.8.8:53 uywaasmm.org udp
US 8.8.8.8:53 zwmqxyi.net udp
US 8.8.8.8:53 jkhesyugm.net udp
US 8.8.8.8:53 umujprwnjalw.info udp
US 8.8.8.8:53 mkqwom.com udp
US 8.8.8.8:53 mukhmcaupuhm.info udp
US 8.8.8.8:53 wmzjomtw.info udp
US 8.8.8.8:53 ibvumkeek.net udp
US 8.8.8.8:53 wcwqawswqska.com udp
US 8.8.8.8:53 zsxcjwvjmh.info udp
US 8.8.8.8:53 nqrdvkh.info udp
US 8.8.8.8:53 zvpvdvdnqkpm.info udp
US 8.8.8.8:53 cqeacy.org udp
US 8.8.8.8:53 acsoxyubjwdd.info udp
US 8.8.8.8:53 mscesesy.org udp
US 8.8.8.8:53 nqspqedyjgde.net udp
US 8.8.8.8:53 rtbwgc.info udp
US 8.8.8.8:53 wfvavg.info udp
US 8.8.8.8:53 djjsxpy.org udp
US 8.8.8.8:53 ikgmwesqeq.com udp
US 8.8.8.8:53 vturlctwz.net udp
US 8.8.8.8:53 svsntp.net udp
US 8.8.8.8:53 yayoiaau.org udp
US 8.8.8.8:53 kizbusdnu.info udp
US 8.8.8.8:53 ncvkfcm.info udp
US 8.8.8.8:53 mcpjockfak.net udp
US 8.8.8.8:53 jlpcfxk.org udp
US 8.8.8.8:53 mykvegowh.info udp
US 8.8.8.8:53 jafqdwogzen.com udp
US 8.8.8.8:53 lgvgqaf.net udp
US 8.8.8.8:53 toywknaxtjwx.info udp
US 8.8.8.8:53 zjwetanqyex.org udp
US 8.8.8.8:53 rohfvfbr.net udp
US 8.8.8.8:53 lycojkgo.net udp
US 8.8.8.8:53 fujmejelucer.info udp
US 8.8.8.8:53 gqpoza.info udp
US 8.8.8.8:53 hajapniijw.info udp
US 8.8.8.8:53 rrbdxruchqrd.info udp
US 8.8.8.8:53 wlxtixapea.info udp
US 8.8.8.8:53 wxsdpyeu.net udp
US 8.8.8.8:53 qvblrqz.info udp
US 8.8.8.8:53 xwynjprs.net udp
US 8.8.8.8:53 icsegmoqwg.org udp
US 8.8.8.8:53 eumewe.org udp
US 8.8.8.8:53 soxsea.info udp
US 8.8.8.8:53 ddxika.info udp
US 8.8.8.8:53 vyzsinfsy.info udp
US 8.8.8.8:53 apzointxt.info udp
US 8.8.8.8:53 qzmaverphgt.net udp
US 8.8.8.8:53 movlht.info udp
US 8.8.8.8:53 iocggcawqk.org udp
US 8.8.8.8:53 vkddgzzb.net udp
US 8.8.8.8:53 bcxpzyvgqhp.com udp
US 8.8.8.8:53 xfiaeczkp.info udp
US 8.8.8.8:53 iyakismo.com udp
US 8.8.8.8:53 bkhxjlqlonci.net udp
US 8.8.8.8:53 hpwyfqjyiqf.net udp
US 8.8.8.8:53 qofnbfptzuz.net udp
US 8.8.8.8:53 ocmzofzajw.net udp
US 8.8.8.8:53 ugdrja.net udp
US 8.8.8.8:53 wjsvti.info udp
GR 46.103.143.97:21802 tcp
US 8.8.8.8:53 lsfwqyq.net udp
US 8.8.8.8:53 goumuy.net udp
US 8.8.8.8:53 sbewyso.info udp
US 8.8.8.8:53 nwhhtptfk.info udp
US 8.8.8.8:53 qfdgjy.net udp
US 8.8.8.8:53 oukgysgakw.org udp
US 8.8.8.8:53 vavggaiojiy.net udp
US 8.8.8.8:53 xymohloop.org udp
US 8.8.8.8:53 gbhkxlijjpni.info udp
US 8.8.8.8:53 iybyzql.net udp
US 8.8.8.8:53 xedqiqrkt.org udp
US 8.8.8.8:53 sssoyemasioe.com udp
US 8.8.8.8:53 ucmisqkscaoq.org udp
US 8.8.8.8:53 lpqczzcitss.info udp
US 8.8.8.8:53 evfnyb.net udp
US 8.8.8.8:53 lusqvwp.info udp
US 8.8.8.8:53 pikbopns.net udp
US 8.8.8.8:53 cyxjcspqpwj.info udp
US 8.8.8.8:53 xhrsvoiq.info udp
US 8.8.8.8:53 uxayki.info udp
US 8.8.8.8:53 cdwwbxjgcqr.info udp
US 8.8.8.8:53 muztcezjff.net udp
US 8.8.8.8:53 euprohpc.info udp
US 8.8.8.8:53 tvcgqksjbf.net udp
US 8.8.8.8:53 rhvtootwqo.info udp
US 34.227.7.138:80 zagyxzu.net tcp
US 8.8.8.8:53 batydwbvagp.net udp
US 8.8.8.8:53 yuyccccs.org udp
DE 85.214.228.140:80 yvlevtbtem.info tcp
US 8.8.8.8:53 lppedez.org udp
US 8.8.8.8:53 fejjurjk.net udp
US 8.8.8.8:53 wotqgsxkv.info udp
US 8.8.8.8:53 waqouqcmykou.com udp
US 8.8.8.8:53 kupmfgvwc.info udp
US 8.8.8.8:53 imsefqsjjty.net udp
US 8.8.8.8:53 tngbcephbq.net udp
US 8.8.8.8:53 sacaesqakk.org udp
US 8.8.8.8:53 gbdlvuvuxxk.info udp
US 8.8.8.8:53 bqkbad.info udp
US 8.8.8.8:53 lggwexd.net udp
US 208.117.43.225:80 gxovrewca.info tcp
US 8.8.8.8:53 vsuaaetcu.net udp
US 8.8.8.8:53 xhzynlbzxqxv.info udp
US 8.8.8.8:53 bljdhiksh.com udp
US 8.8.8.8:53 aqxwvwrqsih.net udp
US 8.8.8.8:53 lkpfthcneopu.info udp
US 8.8.8.8:53 kjkfji.net udp
US 8.8.8.8:53 ufxxqyi.info udp
US 8.8.8.8:53 wewijbyz.net udp
US 8.8.8.8:53 osjhmum.info udp
US 8.8.8.8:53 uqsogakqosus.org udp
US 8.8.8.8:53 yqvwovxv.info udp
US 8.8.8.8:53 ugwikuki.com udp
US 8.8.8.8:53 ovgsapuejtt.info udp
US 8.8.8.8:53 jevqpqnafxpf.info udp
US 8.8.8.8:53 vitshrddxndk.net udp
US 8.8.8.8:53 tvtumycbj.info udp
US 8.8.8.8:53 ccqocqwa.com udp
US 8.8.8.8:53 hnmqqyvqk.net udp
US 8.8.8.8:53 ublruorlew.net udp
US 8.8.8.8:53 aumcosggaemu.com udp
US 8.8.8.8:53 xoymztwah.info udp
US 8.8.8.8:53 pabrupbr.info udp
US 8.8.8.8:53 geqkvsltxwv.info udp
US 8.8.8.8:53 wudrlgzax.info udp
US 8.8.8.8:53 pgyilcrkhb.info udp
US 8.8.8.8:53 cyfmajxcx.info udp
US 8.8.8.8:53 vrbxdcd.info udp
US 8.8.8.8:53 lbmajwuuq.com udp
US 8.8.8.8:53 dmvcpaoggka.net udp
US 8.8.8.8:53 iwzenuv.info udp
US 8.8.8.8:53 yzvqtqz.net udp
US 8.8.8.8:53 xuxlxqeibox.org udp
US 8.8.8.8:53 tcbopdsif.net udp
US 8.8.8.8:53 eiwqqo.com udp
US 8.8.8.8:53 ccukkyns.info udp
US 8.8.8.8:53 ovqodpzd.net udp
US 8.8.8.8:53 scrqtsmkr.info udp
US 8.8.8.8:53 zclgqxkephgj.info udp
US 8.8.8.8:53 fkbqpjbmb.info udp
US 8.8.8.8:53 bwzlxxdmnbzu.net udp
US 8.8.8.8:53 etozkleepu.net udp
US 8.8.8.8:53 cgwucwuy.com udp
US 8.8.8.8:53 dtjulkfi.info udp
US 8.8.8.8:53 kfpzxzucmqhx.net udp
US 8.8.8.8:53 xczvodoqqrbf.net udp
US 8.8.8.8:53 hgeeup.net udp
US 8.8.8.8:53 hxybpm.info udp
US 8.8.8.8:53 sdtivkp.net udp
BG 95.140.215.110:41508 tcp
US 8.8.8.8:53 gikzqvyvvbn.info udp
US 8.8.8.8:53 qxnovodjnwph.net udp
US 8.8.8.8:53 ucoqwy.com udp
US 8.8.8.8:53 qigeuwgc.com udp
US 8.8.8.8:53 fimqdwemx.com udp
US 8.8.8.8:53 ketwcpl.net udp
US 8.8.8.8:53 kedaukfm.info udp
US 8.8.8.8:53 ygsyka.org udp
US 8.8.8.8:53 urqvrirvsi.info udp
US 8.8.8.8:53 zfupudipwhqc.net udp
US 8.8.8.8:53 pjbeedt.org udp
US 8.8.8.8:53 kumwmc.org udp
US 8.8.8.8:53 agmaxulkhux.net udp
US 8.8.8.8:53 jhlczrkvml.info udp
US 8.8.8.8:53 yqmvwjv.info udp
US 8.8.8.8:53 lpvkzjlw.info udp
US 8.8.8.8:53 zmzehifwl.info udp
US 8.8.8.8:53 jkhbfge.org udp
US 8.8.8.8:53 qftzfwb.info udp
US 8.8.8.8:53 oebqttfile.net udp
US 8.8.8.8:53 fwfeexky.info udp
US 8.8.8.8:53 ytrbah.net udp
US 8.8.8.8:53 agnqhsril.info udp
US 8.8.8.8:53 vmhppvcxng.net udp
US 8.8.8.8:53 bntybbxl.net udp
US 8.8.8.8:53 wclefbh.info udp
US 8.8.8.8:53 ouussmaquo.com udp
US 8.8.8.8:53 tpisufx.net udp
US 8.8.8.8:53 xxvdvntceh.net udp
US 8.8.8.8:53 ldllpbzeil.info udp
US 8.8.8.8:53 cgieie.com udp
US 8.8.8.8:53 uucvsljpokao.net udp
US 8.8.8.8:53 qmtqjzvplb.info udp
US 8.8.8.8:53 vqxxfkf.net udp
US 8.8.8.8:53 fwlnure.org udp
US 8.8.8.8:53 knbhgohyuea.info udp
US 8.8.8.8:53 tctgotzgkqr.org udp
US 8.8.8.8:53 gbcdwcunpn.net udp
US 8.8.8.8:53 emsmqwiasywe.org udp
US 8.8.8.8:53 qyksaasgkk.com udp
US 8.8.8.8:53 xdlyjfqbsk.info udp
US 8.8.8.8:53 hmddibht.info udp
US 8.8.8.8:53 xnxcvxjks.net udp
US 8.8.8.8:53 tlxttjksnrxh.net udp
US 8.8.8.8:53 saeqga.com udp
US 8.8.8.8:53 gyooqcogiymu.org udp
US 8.8.8.8:53 psnibdfgf.com udp
US 8.8.8.8:53 swlwbairrnns.net udp
US 8.8.8.8:53 towaguhp.info udp
US 8.8.8.8:53 jszcbid.org udp
US 8.8.8.8:53 vsbrzkx.info udp
US 8.8.8.8:53 hkxhzqtcjvg.net udp
US 8.8.8.8:53 nwvdjh.info udp
US 8.8.8.8:53 twvycdjipka.net udp
US 8.8.8.8:53 hbjyol.info udp
US 8.8.8.8:53 kckqgksqlsn.info udp
US 8.8.8.8:53 ogrmskv.info udp
US 8.8.8.8:53 fdbvfxnqdg.info udp
US 8.8.8.8:53 vkquzkfac.info udp
US 8.8.8.8:53 uebyirfxj.info udp
US 8.8.8.8:53 mkoaqesusq.com udp
US 8.8.8.8:53 imvwiwp.info udp
US 8.8.8.8:53 cvsczqkmh.net udp
US 8.8.8.8:53 nermleugbb.info udp
US 8.8.8.8:53 wsgkgo.com udp
US 8.8.8.8:53 oghntipon.net udp
US 8.8.8.8:53 koqjxrhd.net udp
US 8.8.8.8:53 mceycsjghcp.info udp
US 8.8.8.8:53 yclhuqiyd.info udp
US 8.8.8.8:53 uoqoqwkigsqs.org udp
US 8.8.8.8:53 aacwuakk.com udp
US 8.8.8.8:53 ydwlllondrow.info udp
US 8.8.8.8:53 bqctrovitmd.com udp
US 8.8.8.8:53 iqsvsh.net udp
US 8.8.8.8:53 defffhl.net udp
US 8.8.8.8:53 uijpkypud.net udp
US 8.8.8.8:53 zfbkhupny.info udp
US 8.8.8.8:53 cuosew.net udp
US 8.8.8.8:53 xmpyfwrms.net udp
US 8.8.8.8:53 bsocxcnvh.org udp
US 8.8.8.8:53 pyjohgjqo.org udp
US 8.8.8.8:53 iidcfctuz.net udp
US 8.8.8.8:53 semwgwci.org udp
US 8.8.8.8:53 hrknsxgxkp.info udp
US 8.8.8.8:53 hosafkfafrbk.info udp
US 8.8.8.8:53 yvyaiwyd.info udp
US 8.8.8.8:53 cmtgrpr.net udp
US 8.8.8.8:53 sitaddtqfpoi.info udp
US 8.8.8.8:53 qyniyvt.net udp
US 8.8.8.8:53 vlzcuspqn.org udp
US 8.8.8.8:53 zgwzkcrcdmj.net udp
US 8.8.8.8:53 hyonbmbik.info udp
US 8.8.8.8:53 tixjqvjv.net udp
US 8.8.8.8:53 ymvchglkp.net udp
LT 86.38.55.89:33142 tcp
US 8.8.8.8:53 hxdrwuhigl.net udp
US 8.8.8.8:53 mszlkuldj.net udp
US 8.8.8.8:53 vvznyu.info udp
US 8.8.8.8:53 rojijyeyc.net udp
US 8.8.8.8:53 kvhkewqvaiz.net udp
US 8.8.8.8:53 tuxfnooadua.info udp
US 8.8.8.8:53 ciisue.com udp
US 8.8.8.8:53 uyewwgeokm.com udp
US 8.8.8.8:53 xczrdcnedyl.com udp
US 8.8.8.8:53 lbfnddr.net udp
US 8.8.8.8:53 rqmudon.org udp
US 8.8.8.8:53 umkqxamcgri.net udp
US 8.8.8.8:53 llqszvpmpqb.info udp
US 8.8.8.8:53 gqvepzxwzzr.info udp
US 8.8.8.8:53 cskoqkwgmi.org udp
US 8.8.8.8:53 gjofpsleyf.net udp
US 8.8.8.8:53 jqzgvtro.info udp
US 8.8.8.8:53 oeogssyokiow.com udp
US 8.8.8.8:53 mqhjzzxajz.net udp
US 8.8.8.8:53 csauyeasyaes.org udp
US 8.8.8.8:53 gjdrqnpyeq.net udp
US 8.8.8.8:53 iqgwwsgayc.com udp
US 8.8.8.8:53 ycrbdtkajqi.net udp
US 8.8.8.8:53 pysntjmh.info udp
US 8.8.8.8:53 sciaca.com udp
FR 195.154.21.66:80 sciaca.com tcp
US 8.8.8.8:53 jmkpjqn.net udp
US 8.8.8.8:53 kgjemi.net udp
US 8.8.8.8:53 loevposqxros.net udp
US 8.8.8.8:53 ysukjkpuntr.info udp
US 8.8.8.8:53 66.21.154.195.in-addr.arpa udp
US 8.8.8.8:53 dnlmletvqw.net udp
US 8.8.8.8:53 ashmsqe.info udp
US 8.8.8.8:53 yulyvadrrehd.net udp
US 8.8.8.8:53 lumcgayqt.info udp
US 8.8.8.8:53 accqowiuoqmk.com udp
US 8.8.8.8:53 enwelgqyhyle.info udp
US 8.8.8.8:53 iptlasfcn.net udp
US 8.8.8.8:53 rwmthlryd.info udp
US 8.8.8.8:53 qalahvd.net udp
US 8.8.8.8:53 qwhnacl.info udp
US 8.8.8.8:53 wpcqhg.net udp
US 8.8.8.8:53 imculwbnhnyk.info udp
US 8.8.8.8:53 xmhwjgvayg.net udp
US 8.8.8.8:53 mecyeyss.org udp
US 8.8.8.8:53 mismlxr.info udp
US 8.8.8.8:53 osmcaaks.com udp
US 8.8.8.8:53 mkvpzlb.info udp
US 8.8.8.8:53 qgnecsrybid.net udp
US 8.8.8.8:53 jqhgtmjml.com udp
US 8.8.8.8:53 muzlbtvoxejb.net udp
US 8.8.8.8:53 xuqrxchaa.info udp
US 8.8.8.8:53 ynftcs.info udp
US 8.8.8.8:53 cmdilmzev.net udp
US 8.8.8.8:53 ltdhlkp.org udp
US 8.8.8.8:53 baetrkkie.org udp
US 8.8.8.8:53 jishrkxphdd.org udp
US 8.8.8.8:53 huripcrzuol.info udp
US 8.8.8.8:53 yeywkyys.com udp
US 8.8.8.8:53 yrdzod.net udp
US 8.8.8.8:53 uusihaxvs.info udp
US 8.8.8.8:53 hgrrmeayp.info udp
US 8.8.8.8:53 qiqwyykeysys.com udp
US 8.8.8.8:53 aglbrd.info udp
US 8.8.8.8:53 txpzfaap.info udp
US 8.8.8.8:53 qcqqmiqe.com udp
US 8.8.8.8:53 eoywoocosi.org udp
US 8.8.8.8:53 qktgjtqajtz.net udp
US 8.8.8.8:53 izjgfebikmp.info udp
US 8.8.8.8:53 zkedpaqn.info udp
US 8.8.8.8:53 vszbzuxcn.org udp
US 8.8.8.8:53 nyvarpt.org udp
US 8.8.8.8:53 cyyhydehqg.net udp
US 8.8.8.8:53 zibhfsfghu.info udp
US 8.8.8.8:53 urdttfg.info udp
US 8.8.8.8:53 udeclbpgxo.net udp
US 8.8.8.8:53 vxybtikwd.info udp
US 8.8.8.8:53 honzteycaex.info udp
US 8.8.8.8:53 vmgypyuuhwd.com udp
US 8.8.8.8:53 jpnelslrox.net udp
US 8.8.8.8:53 fvtlgq.info udp
US 8.8.8.8:53 xfvuqvvlbf.net udp
US 8.8.8.8:53 tpgvet.info udp
US 8.8.8.8:53 mbcqvg.net udp
US 8.8.8.8:53 eblenwi.net udp
US 8.8.8.8:53 zmjlbf.info udp
US 8.8.8.8:53 jcbytmsbh.org udp
US 8.8.8.8:53 egponxwii.info udp
US 8.8.8.8:53 gfqpod.net udp
US 8.8.8.8:53 sssgkeac.org udp
US 8.8.8.8:53 hgrgfvze.net udp
US 8.8.8.8:53 llxemc.info udp
US 8.8.8.8:53 dkdywssg.net udp
US 8.8.8.8:53 fslsnwtem.com udp
US 8.8.8.8:53 zqeawpqhbj.net udp
US 8.8.8.8:53 qpartys.net udp
US 8.8.8.8:53 iuiudkcpp.net udp
US 8.8.8.8:53 ncdqfzhp.info udp
US 8.8.8.8:53 kmhvmlhihjb.info udp
US 8.8.8.8:53 gwyogqoe.org udp
US 8.8.8.8:53 inpjcxrlce.net udp
US 8.8.8.8:53 kfywojekhg.info udp
US 8.8.8.8:53 oktltmnh.net udp
US 8.8.8.8:53 uaioieiaee.org udp
US 8.8.8.8:53 jimybut.info udp
US 8.8.8.8:53 nxzombzf.net udp
US 8.8.8.8:53 qpfxmp.info udp
US 8.8.8.8:53 swmyasuscm.com udp
US 8.8.8.8:53 raciatxuhg.info udp
US 8.8.8.8:53 guiamg.org udp
US 8.8.8.8:53 ptnuei.net udp
US 8.8.8.8:53 apywwxvwkans.net udp
US 8.8.8.8:53 odjnfatkvlgr.net udp
US 8.8.8.8:53 pwbshthony.net udp
US 8.8.8.8:53 kweswqma.com udp
US 8.8.8.8:53 xzokaoz.net udp
US 8.8.8.8:53 fxpqnenmja.net udp
US 8.8.8.8:53 rcmwvslym.info udp
US 8.8.8.8:53 ybzlnweojojr.net udp
US 8.8.8.8:53 swusyocs.org udp
US 8.8.8.8:53 uqefngb.net udp
LT 78.63.79.112:33079 tcp
US 8.8.8.8:53 ocyoen.info udp
US 8.8.8.8:53 vgjmfyh.info udp
US 8.8.8.8:53 eoyblb.net udp
US 8.8.8.8:53 llvozjjmi.com udp
US 8.8.8.8:53 twzcmuxgx.info udp
US 8.8.8.8:53 loboje.info udp
US 8.8.8.8:53 cylkfmgluvz.info udp
US 8.8.8.8:53 nxvteiutinru.info udp
US 8.8.8.8:53 avoalwpq.net udp
US 8.8.8.8:53 caxhsn.net udp
US 8.8.8.8:53 eshklee.info udp
US 8.8.8.8:53 misoluj.net udp
US 8.8.8.8:53 zydpicfmhnjm.info udp
US 8.8.8.8:53 uomsvkz.info udp
US 8.8.8.8:53 cueoemqiqi.org udp
US 8.8.8.8:53 mexghmyobsx.info udp
US 8.8.8.8:53 buisur.info udp
US 8.8.8.8:53 plnyuktb.net udp
US 8.8.8.8:53 mumxztvgt.net udp
US 8.8.8.8:53 xojopysfjov.org udp
US 8.8.8.8:53 avetemrnen.net udp
US 8.8.8.8:53 kyizjibldu.info udp
US 8.8.8.8:53 mhezxqhs.net udp
US 8.8.8.8:53 xusmrzzcrst.info udp
US 8.8.8.8:53 llhnywiltqos.info udp
US 8.8.8.8:53 aiaqiqohnxw.info udp
US 8.8.8.8:53 wwlqzmnar.info udp
US 8.8.8.8:53 gjjovfhkjsq.info udp
US 8.8.8.8:53 pndshdzgdu.info udp
US 8.8.8.8:53 zitmbzef.net udp
US 8.8.8.8:53 ymncdneqh.net udp
US 8.8.8.8:53 oyrwfsfwgci.info udp
US 8.8.8.8:53 fjpftebvhcmm.info udp
US 8.8.8.8:53 kmskpu.info udp
US 8.8.8.8:53 ieyeqi.com udp
US 8.8.8.8:53 cgocdfduuia.net udp
US 8.8.8.8:53 kduyxexpfkfv.net udp
US 8.8.8.8:53 hsnkmenwvof.com udp
US 8.8.8.8:53 dhlsxwzo.info udp
US 8.8.8.8:53 iwwygrqykt.info udp
US 8.8.8.8:53 cmngmodpikj.info udp
US 8.8.8.8:53 iafmfuwev.info udp
US 8.8.8.8:53 vpzddin.com udp
US 8.8.8.8:53 tmeiltb.org udp
US 8.8.8.8:53 yytqwyr.info udp
US 8.8.8.8:53 kuiwwaae.org udp
US 8.8.8.8:53 sdgctvrac.net udp
US 8.8.8.8:53 imkqguasoq.org udp
US 8.8.8.8:53 ebqyetdut.net udp
US 8.8.8.8:53 jmbqrehb.info udp
US 8.8.8.8:53 rspxfkvezu.info udp
US 8.8.8.8:53 nfdrqf.info udp
US 8.8.8.8:53 faklymxqz.com udp
US 8.8.8.8:53 psbalvmdesaw.net udp
US 8.8.8.8:53 pjumnwnmv.com udp
US 8.8.8.8:53 aeqske.com udp
US 8.8.8.8:53 ghrlqzjixm.info udp
US 8.8.8.8:53 umzbbf.info udp
US 8.8.8.8:53 kslsryhctml.net udp
US 8.8.8.8:53 kkceuwkecqoi.org udp
US 8.8.8.8:53 bydvwt.net udp
US 8.8.8.8:53 bhhchgi.com udp
US 8.8.8.8:53 wqbtdiq.net udp
US 8.8.8.8:53 rkxnhqior.net udp
US 8.8.8.8:53 uwlcchbldsn.info udp
US 8.8.8.8:53 dabjlwlk.net udp
US 8.8.8.8:53 bprecnih.net udp
US 8.8.8.8:53 fukfschpnxbo.net udp
US 8.8.8.8:53 rajmhwv.com udp
US 8.8.8.8:53 tjerkgthz.net udp
US 8.8.8.8:53 oysaaiqgsu.org udp
US 8.8.8.8:53 vwqrrd.net udp
US 8.8.8.8:53 nmnmbsvqfov.com udp
US 8.8.8.8:53 jezspuu.com udp
US 8.8.8.8:53 tiyffulgt.net udp
US 8.8.8.8:53 xibbfjnw.net udp
US 8.8.8.8:53 mvvszipnr.net udp
US 8.8.8.8:53 mcfqcijcfic.net udp
US 8.8.8.8:53 xkrsoef.net udp
US 8.8.8.8:53 juzgnwdgusx.com udp
US 8.8.8.8:53 samqiscsqs.com udp
US 8.8.8.8:53 dkpeeocmxpjs.info udp
US 8.8.8.8:53 cftgctyidaxi.net udp
US 8.8.8.8:53 xbdtdub.net udp
US 8.8.8.8:53 lswnqnqzwa.info udp
US 8.8.8.8:53 rekqpm.info udp
US 8.8.8.8:53 fiyepgdrzmg.net udp
US 8.8.8.8:53 zortbcxsh.net udp
US 8.8.8.8:53 vnvchqrcn.net udp
US 8.8.8.8:53 iawegfpc.info udp
US 8.8.8.8:53 eukqapdidrk.info udp
US 8.8.8.8:53 rmwbsmjktg.net udp
US 8.8.8.8:53 txrardnmpex.info udp
US 8.8.8.8:53 nepxrapdj.net udp
US 8.8.8.8:53 cexubyc.info udp
US 8.8.8.8:53 gojrlnj.info udp
US 8.8.8.8:53 xptedduulxgb.info udp
US 8.8.8.8:53 ufecsczymdqo.info udp
US 8.8.8.8:53 dqsdzd.info udp
US 8.8.8.8:53 qcmkwgekokkk.org udp
US 8.8.8.8:53 futluokpvkhe.net udp
US 8.8.8.8:53 yuumqaasygmw.org udp
US 8.8.8.8:53 vbyefcdryhnp.info udp
US 8.8.8.8:53 ocmmuwocciqy.org udp
US 8.8.8.8:53 behsesbyx.com udp
US 8.8.8.8:53 efbepnwi.net udp
US 8.8.8.8:53 kxyqiitsc.net udp
US 8.8.8.8:53 equzuyrayxzo.info udp
US 8.8.8.8:53 iapibwfkf.net udp
US 8.8.8.8:53 pglelalwggd.info udp
US 8.8.8.8:53 eelimwqij.info udp
US 8.8.8.8:53 hfbgabb.org udp
US 8.8.8.8:53 uwukygpulj.info udp
US 8.8.8.8:53 nvxoopjravwe.info udp
US 8.8.8.8:53 opzgucl.info udp
US 8.8.8.8:53 ezpeeyies.info udp
US 8.8.8.8:53 tglfxcnlsqi.net udp
BG 88.87.9.41:27251 tcp
US 8.8.8.8:53 rdllpdxevc.info udp
US 8.8.8.8:53 bsvnpeteyek.net udp
US 8.8.8.8:53 ggiwmqgkqcya.org udp
US 8.8.8.8:53 rulaikhfxg.net udp
US 8.8.8.8:53 cguoezr.net udp
US 8.8.8.8:53 tfjjnoqt.info udp
US 8.8.8.8:53 xxmigktyg.com udp
US 8.8.8.8:53 hhaukgdixgc.com udp
US 8.8.8.8:53 wauxvvykvg.net udp
US 8.8.8.8:53 unubkvbgps.info udp
US 8.8.8.8:53 lglwdnbd.info udp
US 8.8.8.8:53 donhjvaxpypp.net udp
US 8.8.8.8:53 akzaaqbjb.info udp
US 8.8.8.8:53 qepxrlt.net udp
US 8.8.8.8:53 aevuaqdsm.net udp
US 8.8.8.8:53 ngfkgqmgimh.org udp
US 8.8.8.8:53 bykyfi.net udp
US 8.8.8.8:53 lukihixjupr.org udp
US 8.8.8.8:53 citepix.info udp
US 8.8.8.8:53 jozxzgswmrh.net udp
US 8.8.8.8:53 wfflxru.info udp
US 8.8.8.8:53 nsrvwca.org udp
US 8.8.8.8:53 pmptcotx.net udp
US 8.8.8.8:53 huuonkc.org udp
US 8.8.8.8:53 qceqikaekkqc.com udp
US 8.8.8.8:53 eehpwazqnl.net udp
US 8.8.8.8:53 nwzayml.org udp
US 8.8.8.8:53 tdlchsbj.info udp
US 8.8.8.8:53 bohzzcvun.org udp
US 8.8.8.8:53 nkvyvami.net udp
US 8.8.8.8:53 hajyfalwmzr.org udp
US 8.8.8.8:53 ravoeyj.org udp
US 8.8.8.8:53 cxfbbvwq.net udp
US 8.8.8.8:53 mvzxwixogj.net udp
US 8.8.8.8:53 wwtfrd.net udp
US 8.8.8.8:53 rtcqudyyzhrh.info udp
US 8.8.8.8:53 xecwugtbc.org udp
US 8.8.8.8:53 wcibuwpqacr.info udp
US 8.8.8.8:53 sidgxcze.info udp
US 8.8.8.8:53 bslsxsdqqip.com udp
US 8.8.8.8:53 nhllcahi.net udp
US 8.8.8.8:53 wwuqyyeaysig.org udp
US 8.8.8.8:53 vzueywlonjeg.info udp
US 8.8.8.8:53 tedodftzd.com udp
US 8.8.8.8:53 savglsruj.net udp
US 8.8.8.8:53 rbpdbc.info udp
US 8.8.8.8:53 jszsdmxyjzh.org udp
US 8.8.8.8:53 yudrtnvbms.info udp
US 8.8.8.8:53 kmyjhlkza.info udp
US 8.8.8.8:53 emeiiwwysu.com udp
US 8.8.8.8:53 nytsmmzevyz.org udp
US 8.8.8.8:53 gabmxgxco.net udp
US 8.8.8.8:53 dthcmsus.net udp
US 8.8.8.8:53 iqkamaueuwyg.com udp
US 8.8.8.8:53 uouifea.info udp
US 8.8.8.8:53 ykirmubs.net udp
US 8.8.8.8:53 nrxkdj.net udp
US 8.8.8.8:53 kvnwxdblpopq.net udp
US 8.8.8.8:53 fbjwtayutuv.net udp
US 8.8.8.8:53 oeomrarwnkn.net udp
US 8.8.8.8:53 zgpyuiyjr.org udp
US 8.8.8.8:53 dfgpuv.net udp
US 8.8.8.8:53 vvzbqi.info udp
US 8.8.8.8:53 vusvdbpb.info udp
US 8.8.8.8:53 mphupunir.net udp
US 8.8.8.8:53 nhkidkzhkkx.net udp
US 8.8.8.8:53 ekvmumt.net udp
US 8.8.8.8:53 hppujkzs.net udp
US 8.8.8.8:53 fsfslefhtkxh.net udp
US 8.8.8.8:53 vxlunydxpu.info udp
US 8.8.8.8:53 pzdwcbsq.net udp
US 8.8.8.8:53 wianzn.info udp
US 8.8.8.8:53 fodslmimf.com udp
US 8.8.8.8:53 qmwgkcimaqes.org udp
US 8.8.8.8:53 pfhxkwihhg.info udp
US 8.8.8.8:53 dnokev.info udp
US 8.8.8.8:53 iaguysaysikg.com udp
US 8.8.8.8:53 zmystcv.org udp
US 8.8.8.8:53 fifesmrbm.net udp
US 8.8.8.8:53 zmriexres.org udp
US 8.8.8.8:53 vxakrkg.org udp
US 8.8.8.8:53 qemghpz.info udp
US 8.8.8.8:53 rqmcpmequ.info udp
US 8.8.8.8:53 wucwikkaai.com udp
US 8.8.8.8:53 ptjdxyjmg.net udp
US 8.8.8.8:53 bhcwvkk.org udp
US 8.8.8.8:53 rkbvuq.net udp
US 8.8.8.8:53 ewioce.org udp
US 8.8.8.8:53 fmmbktcgpkpx.info udp
US 8.8.8.8:53 scnsesrmchy.info udp
US 8.8.8.8:53 sklsbwz.net udp
US 8.8.8.8:53 ogiauweyooam.org udp
US 8.8.8.8:53 qkwecg.com udp
US 8.8.8.8:53 lnllqjoq.net udp
US 8.8.8.8:53 mgtqwigjx.info udp
US 8.8.8.8:53 jcmcalnjybd.info udp
US 8.8.8.8:53 miegswic.com udp
US 8.8.8.8:53 igccvtb.info udp
US 8.8.8.8:53 dhcebyjy.info udp
US 8.8.8.8:53 vqdogbsr.net udp
US 8.8.8.8:53 zaypbhfxoz.info udp
US 8.8.8.8:53 pndebrmtjnli.info udp
US 8.8.8.8:53 hetqjsknfitk.net udp
US 8.8.8.8:53 psotdycyp.com udp
US 8.8.8.8:53 tjdeuoco.info udp
US 8.8.8.8:53 gcckcwwicmug.org udp
US 8.8.8.8:53 oyyuyogo.com udp
US 8.8.8.8:53 uugges.com udp
US 8.8.8.8:53 funogbzuhx.info udp
US 8.8.8.8:53 kvejnumumq.info udp
US 8.8.8.8:53 pudvxgrauyf.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\wfsgytrrgpc.exe

MD5 5203b6ea0901877fbf2d8d6f6d8d338e
SHA1 c803e92561921b38abe13239c1fd85605b570936
SHA256 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060
SHA512 d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471

C:\Windows\SysWOW64\qcxtidrecppfzutvah.exe

MD5 43911114fe45fe2349eea1c3c5657bfd
SHA1 3ce01eaf787a67fd84d31bee4eddbeaab0b239c9
SHA256 371e7fce1fa40071ff8b99fa72a84f8697e26e8d43bc0932c9acc9ce4ba64a0d
SHA512 e333fa0db5a206dcbe32e385905aa71b09d3f09fbff449a65a6e5ea607ed9ab424595666d8603a173987f257735620d92942a7b420fdee049b281c4261018d35

C:\Users\Admin\AppData\Local\Temp\dcktv.exe

MD5 5b636d806943e2a0101554abbfe5becf
SHA1 69cba4316e8372a503597e5b5038262d3fa9e754
SHA256 f4bfd9762b293bb249923922549449a3f7de0098182bd4541420f3f681491be5
SHA512 fb11f42cb98ef9102c991525f198fa2794cfb7ada5c7264bdb7a9c31c8f51cb58532511a21c39b31b770c16154fe5e40c9ddc79d1a1b1515d9a2d9677ee8d378

C:\Users\Admin\AppData\Local\eybfcfbwcxfdfipzmbeybf.fbw

MD5 806d5645e36e7f3af966ea55a45418a2
SHA1 ca67edc927759345fd3e3dfb1aead5ccb9d0b282
SHA256 ec3233b21e98d4c1ced09ba15218c6b8d5eae460eec66e0faefb2f230e51d0a6
SHA512 9f35bd114bc2b99b26d44fe3d0d70c805582f57f7bdd1c7fba860eae5c21e485b19667253cc1a523c6bc371d36c8716793f04905cd3c6f5b0f6ff57556f0e8ba

C:\Users\Admin\AppData\Local\vaodlzgmdjclymezxxlqetbpwctzsbocu.nnb

MD5 b0561fa601778d6e41b4f0820cd5039f
SHA1 2e9911dee7d4cb2d6443eb6a710ad2b1d3974a1f
SHA256 6b53702d7c7478c104028f07731d6d359654e5df11d64650cde14380584f70d2
SHA512 a3c87384ae2737e0ec378e8438e5b9fcd78b2d3f24f5dd18b1b2c50d29e38583c897357b2029d3d650a04ae5e1bb69942b22603809876b3d54adc3c1fba98dac

C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw

MD5 9d971bb939383ead01574086c58ce0ff
SHA1 27395ad96b95e852c967153c81a269152e73d465
SHA256 0626436ccf6ca859ade4cc38becd95034974bb8cc82baa6e7f8e4324814420a5
SHA512 70d63ed496a0a2b2d1a918480251f1e21961f8d414657de4d1245fb00309c2b96e8f446ca1c07fb60c9e9818130da67979a8bac8a1d0a56e858924cf59d17872

C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw

MD5 27b709391b05c5cf4e6da762baabc203
SHA1 9d505cbbb0873d16d4434cbf025ebfd4ed7150f5
SHA256 147a8fd8bfbd0f97b2d55de2dd645ec8764bfca9d36fb574a313435b992fb70c
SHA512 3d19fd0b48cf4e1d387983a0cb717cdc4ad0f4abafdc19cdde3403cc049e3a5b42898e224421d2d894f3588dff5ff3dd3f829298d028fb29517f8b3002f1fba1

C:\aerfmzfkaf.bat

MD5 84465679e7c3bce67dc2f0661fc0603d
SHA1 998d70d34c516273a7aa75094fe6d70b2977a4aa
SHA256 b484afebbad6e16ca5b6c811a56df01f1702487c5383bade79fa59cfdd7e5484
SHA512 858a33f20565b10dcd997a0f9c102963497912b3d3d2a9c87396e6d003030b311fff19d965ca8fd4f6c39ef1dff6bb9642cf74cffd332ed2030c91e86459ba0b

C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw

MD5 b66c695bb2bb585453d473dceaaad72d
SHA1 5cb54ee5022d8c8ee417c9929f41dac4ba2c91a8
SHA256 2f73bd73da235039c90a41510754276a90d1d04ed11e2b7f1a6b6b6354b2bc09
SHA512 8b47f35d83aab3e339a927d7fc6c1f62516e4fb46c2a321f06fd85742ab52fe59a1472797cf970f2ca5ec774c7e40610fbe4391bc4799ebbcab145744bebb5f4

C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw

MD5 925d5e78dfa6620e403d77b90773af6b
SHA1 2e4ba0659d14f44a3fc25bb4554462fc121ff815
SHA256 514b83d0d720f34d5ca5b3e13eafb6c2ef8c7cf58d20ef4307c661325d8aa042
SHA512 8c48c26af0561c71f803498c2d8090e3b2af087d97f6c38a5f14a192e8b75355ede05014f67d42ea7c0fa932a5cf76c85330e470342eb56b2c78401e604384a4

C:\Program Files (x86)\eybfcfbwcxfdfipzmbeybf.fbw

MD5 f9f2b68ce86061c2980f2cad14ccca00
SHA1 ae3452cb6bbf0376ab5ac9759c9e349ab79ae078
SHA256 8b402cc186592d185d8f709b8fd744b8a94d5380954d70ddaa3cbe65baeb4551
SHA512 82c5d7f8875a15a13d74ddd90ba9eb71486028ff4d8c32257a768bf6a6fa82baca28c2b686f5fde9ae898a0cb6a53049e3f6f25b79d3c670006f129330bdbc99

C:\Users\Admin\AppData\Local\eybfcfbwcxfdfipzmbeybf.fbw

MD5 a07907e60b5e38cdb25cb9e80bb8bfb9
SHA1 9658e6a1f5f5233482f540326a9c4b2e64e72d30
SHA256 150486e0062c1187df54d5c040964e0297ade2d19ca61a190799c0051372079f
SHA512 ba721d075471ea07aab1935b2b58ccbc75b762743d9458ef5e57a5290659530fb9b9b8b1df0dc191c045f1aa9aab368e06418e921a1abce51f22488f093c5049