Malware Analysis Report

2024-12-07 15:00

Sample ID 241030-qzw4cavbma
Target 7f684be9d9727ab07499a72d9d56f976_JaffaCakes118
SHA256 7aa922bdbbf7654afb30d30c0f8aeb27c89d615ddb64f98ed6ec6108c5978cdb
Tags
simda discovery persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7aa922bdbbf7654afb30d30c0f8aeb27c89d615ddb64f98ed6ec6108c5978cdb

Threat Level: Known bad

The file 7f684be9d9727ab07499a72d9d56f976_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

simda discovery persistence stealer trojan

Modifies WinLogon for persistence

Simda family

simda

Modifies WinLogon

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 13:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 13:42

Reported

2024-10-30 13:45

Platform

win7-20240903-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\AppData\\Local\\Temp\\7F684B~1.EXE," C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

Simda family

simda

simda

stealer trojan simda

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\a1b7ddc6 = "óZì”SìK\v-è=M1f$¹hh|x<\u00a0]\x1d__\x01”yü\r=\u0090¬\u008f¿g\büê„IÌ\x10·r‡\x01⹦•ÈXñ\x7fëE\x11ä\u009d¿×)\x1f>¶:¨û^ J¡Ã\x14›\x14aàvý¸¤)\u008dð" C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 95.100.195.57:80 www.bing.com tcp
US 8.8.8.8:53 gatyvyz.com udp
US 8.8.8.8:53 qebytiq.com udp
US 8.8.8.8:53 lykyjad.com udp
US 8.8.8.8:53 pupybul.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 galykes.com udp
US 8.8.8.8:53 qedynul.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 lymysan.com udp
US 8.8.8.8:53 puzylyp.com udp
US 8.8.8.8:53 vofymik.com udp
US 8.8.8.8:53 gaqydeb.com udp
US 8.8.8.8:53 qexylup.com udp
US 8.8.8.8:53 lygymoj.com udp
US 8.8.8.8:53 purydyv.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 gatyfus.com udp
US 8.8.8.8:53 pumypog.com udp
US 8.8.8.8:53 volykyc.com udp
US 8.8.8.8:53 lyvytuj.com udp
US 8.8.8.8:53 pujyjav.com udp
US 8.8.8.8:53 vopybyt.com udp
US 8.8.8.8:53 ganypih.com udp
US 8.8.8.8:53 qekykev.com udp
US 8.8.8.8:53 lysynur.com udp
US 8.8.8.8:53 gadyniw.com udp
US 8.8.8.8:53 qeqysag.com udp
US 8.8.8.8:53 lyxylux.com udp
US 8.8.8.8:53 pufymoq.com udp
US 8.8.8.8:53 vowydef.com udp
US 8.8.8.8:53 gacyzuz.com udp
US 8.8.8.8:53 qegyqaq.com udp
US 8.8.8.8:53 lyryfyd.com udp
US 8.8.8.8:53 puvyxil.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 vojyjof.com udp
US 8.8.8.8:53 puvytuq.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 lyryvex.com udp
US 8.8.8.8:53 gacyryw.com udp
US 8.8.8.8:53 vowycac.com udp
US 8.8.8.8:53 pufygug.com udp
US 8.8.8.8:53 lyxywer.com udp
US 8.8.8.8:53 qeqyxov.com udp
US 8.8.8.8:53 gadyfuh.com udp
US 8.8.8.8:53 volyqat.com udp
US 8.8.8.8:53 pumyxiv.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 qekyqop.com udp
US 8.8.8.8:53 qetyvep.com udp
US 8.8.8.8:53 gahyhob.com udp
US 8.8.8.8:53 vocyruk.com udp
US 8.8.8.8:53 purycap.com udp
US 8.8.8.8:53 lygygin.com udp
US 8.8.8.8:53 qexyryl.com udp
US 8.8.8.8:53 gaqycos.com udp
US 8.8.8.8:53 vofygum.com udp
US 8.8.8.8:53 puzywel.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 qedyfyq.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 vonyzuf.com udp
US 8.8.8.8:53 puzylyp.com udp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 gatyfus.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 gadyniw.com udp
HK 154.212.231.82:80 gadyniw.com tcp
US 104.21.30.183:80 qegyhig.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 69.162.80.55:80 lysyfyj.com tcp
US 23.253.46.64:80 gahyqah.com tcp
DE 178.162.203.202:80 gatyfus.com tcp
US 172.234.222.143:80 vojyqem.com tcp
US 18.208.156.248:80 vonypom.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 75.2.71.199:80 puzylyp.com tcp
US 208.100.26.245:80 lyvyxor.com tcp
US 3.94.10.34:80 lymyxid.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 23.253.46.64:80 gahyqah.com tcp
US 172.234.222.143:80 vojyqem.com tcp
US 8.8.8.8:53 survey-smiles.com udp
US 104.21.30.183:443 qegyhig.com tcp
US 199.59.243.227:80 survey-smiles.com tcp
US 75.2.71.199:80 puzylyp.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 104.21.30.183:443 qegyhig.com tcp
NL 5.79.71.205:80 gatyfus.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
NL 85.17.31.122:80 gatyfus.com tcp
NL 85.17.31.122:80 gatyfus.com tcp
US 8.8.8.8:53 pupydeq.com udp
US 8.8.8.8:53 lykymox.com udp
US 8.8.8.8:53 qebylug.com udp
US 8.8.8.8:53 gatydaw.com udp
US 8.8.8.8:53 vojymic.com udp
US 8.8.8.8:53 lyrysor.com udp
US 8.8.8.8:53 ganyzub.com udp
US 8.8.8.8:53 qegynuv.com udp
US 8.8.8.8:53 gacykeh.com udp
US 8.8.8.8:53 vowypit.com udp
US 8.8.8.8:53 pufybyv.com udp
US 8.8.8.8:53 puvylyg.com udp
US 8.8.8.8:53 lyxyjaj.com udp
US 8.8.8.8:53 qeqytup.com udp
US 8.8.8.8:53 volyjok.com udp
US 8.8.8.8:53 gadyveb.com udp
US 8.8.8.8:53 pumytup.com udp
US 8.8.8.8:53 lysyvan.com udp
US 8.8.8.8:53 ganyrys.com udp
US 8.8.8.8:53 vopycom.com udp
US 8.8.8.8:53 pujygul.com udp
US 8.8.8.8:53 lyvywed.com udp
US 8.8.8.8:53 qekyhil.com udp
US 8.8.8.8:53 qetyxiq.com udp
US 8.8.8.8:53 lygyfex.com udp
US 8.8.8.8:53 gahyfyz.com udp
US 8.8.8.8:53 vocyqaf.com udp
US 8.8.8.8:53 puryxuq.com udp
US 8.8.8.8:53 gaqyzuw.com udp
US 8.8.8.8:53 qexyqog.com udp
US 8.8.8.8:53 vofydac.com udp
US 8.8.8.8:53 puzymig.com udp
US 8.8.8.8:53 lymylyr.com udp
US 8.8.8.8:53 vopydek.com udp
US 8.8.8.8:53 pujymip.com udp
US 8.8.8.8:53 qetysal.com udp
US 8.8.8.8:53 lyvylyn.com udp
US 8.8.8.8:53 gahynus.com udp
US 8.8.8.8:53 purypol.com udp
US 8.8.8.8:53 lygynud.com udp
US 8.8.8.8:53 qexykaq.com udp
US 8.8.8.8:53 gaqypiz.com udp
US 8.8.8.8:53 vofybyf.com udp
US 8.8.8.8:53 puzyjoq.com udp
US 8.8.8.8:53 lymytux.com udp
US 8.8.8.8:53 qedyveg.com udp
US 8.8.8.8:53 galyhiw.com udp
US 8.8.8.8:53 vonyryc.com udp
US 8.8.8.8:53 pupycag.com udp
US 8.8.8.8:53 lykygur.com udp
US 8.8.8.8:53 qebyrev.com udp
US 8.8.8.8:53 gatycoh.com udp
US 8.8.8.8:53 vojygut.com udp
US 8.8.8.8:53 puvywav.com udp
US 8.8.8.8:53 lyryxij.com udp
US 8.8.8.8:53 qegyfyp.com udp
US 8.8.8.8:53 gacyqob.com udp
US 8.8.8.8:53 vowyzuk.com udp
US 8.8.8.8:53 pufydep.com udp
US 8.8.8.8:53 lyxymin.com udp
US 8.8.8.8:53 qeqylyl.com udp
US 8.8.8.8:53 gadydas.com udp
US 8.8.8.8:53 vocykem.com udp
US 8.8.8.8:53 volymum.com udp
US 8.8.8.8:53 lysyvan.com udp
US 8.8.8.8:53 pupydeq.com udp
US 172.67.136.136:80 lysyvan.com tcp
US 8.8.8.8:53 lygynud.com udp
US 8.8.8.8:53 pupycag.com udp
US 8.8.8.8:53 lyrysor.com udp
US 76.223.54.146:80 pupydeq.com tcp
CN 111.6.96.18:80 lyrysor.com tcp
US 18.208.156.248:80 pupycag.com tcp
US 104.155.138.21:80 lygynud.com tcp
US 172.67.136.136:443 lysyvan.com tcp
US 76.223.54.146:80 pupydeq.com tcp
US 172.67.136.136:443 lysyvan.com tcp
CN 111.6.96.18:80 lyrysor.com tcp
US 8.8.8.8:53 qedysov.com udp
US 8.8.8.8:53 galynuh.com udp
US 8.8.8.8:53 vonyket.com udp
US 8.8.8.8:53 pupypiv.com udp
US 8.8.8.8:53 pumylel.com udp
US 8.8.8.8:53 lykynyj.com udp
US 8.8.8.8:53 qebykap.com udp
US 8.8.8.8:53 gatypub.com udp
US 8.8.8.8:53 vojybek.com udp
US 8.8.8.8:53 puvyjop.com udp
US 8.8.8.8:53 lyrytun.com udp
US 8.8.8.8:53 qegyval.com udp
US 8.8.8.8:53 gacyhis.com udp
US 8.8.8.8:53 vowyrym.com udp
US 8.8.8.8:53 pufycol.com udp
US 8.8.8.8:53 lysysod.com udp
US 8.8.8.8:53 lyxygud.com udp
US 8.8.8.8:53 qekynuq.com udp
US 8.8.8.8:53 qeqyreq.com udp
US 8.8.8.8:53 ganykaz.com udp
US 8.8.8.8:53 gadyciz.com udp
US 8.8.8.8:53 volygyf.com udp
US 8.8.8.8:53 vopypif.com udp
US 8.8.8.8:53 pumywaq.com udp
US 8.8.8.8:53 lysyxux.com udp
US 8.8.8.8:53 qekyfeg.com udp
US 8.8.8.8:53 pujybyq.com udp
US 8.8.8.8:53 lyvyjox.com udp
US 8.8.8.8:53 ganyqow.com udp
US 8.8.8.8:53 qetytug.com udp
US 8.8.8.8:53 lyvymir.com udp
US 8.8.8.8:53 pujydag.com udp
US 8.8.8.8:53 gahyvew.com udp
US 8.8.8.8:53 qetylyv.com udp
US 8.8.8.8:53 vocyjic.com udp
US 8.8.8.8:53 gahydoh.com udp
US 8.8.8.8:53 vocymut.com udp
US 8.8.8.8:53 purytyg.com udp
US 8.8.8.8:53 purylev.com udp
US 8.8.8.8:53 lygyvar.com udp
US 8.8.8.8:53 lygysij.com udp
US 8.8.8.8:53 qexynyp.com udp
US 8.8.8.8:53 qexyhuv.com udp
US 8.8.8.8:53 gaqykab.com udp
US 8.8.8.8:53 gaqyreh.com udp
US 8.8.8.8:53 vopyzuc.com udp
US 8.8.8.8:53 vofycot.com udp
US 8.8.8.8:53 puzyguv.com udp
US 8.8.8.8:53 qedyxip.com udp
US 8.8.8.8:53 lymywaj.com udp
US 8.8.8.8:53 galyfyb.com udp
US 8.8.8.8:53 qebyqil.com udp
US 8.8.8.8:53 vonyqok.com udp
US 8.8.8.8:53 pupyxup.com udp
US 8.8.8.8:53 lykyfen.com udp
US 8.8.8.8:53 gatyzys.com udp
US 8.8.8.8:53 vojydam.com udp
US 8.8.8.8:53 puvymul.com udp
US 8.8.8.8:53 lyryled.com udp
US 8.8.8.8:53 gacynuz.com udp
US 8.8.8.8:53 qegysoq.com udp
US 8.8.8.8:53 vowykaf.com udp
US 8.8.8.8:53 lyxynyx.com udp
US 8.8.8.8:53 pufypiq.com udp
US 8.8.8.8:53 galynuh.com udp
US 8.8.8.8:53 vofycot.com udp
US 64.225.91.73:80 galynuh.com tcp
US 8.8.8.8:53 gadyciz.com udp
US 8.8.8.8:53 lyxynyx.com udp
US 8.8.8.8:53 qexyhuv.com udp
US 8.8.8.8:53 qegyval.com udp
US 15.197.240.20:80 qexyhuv.com tcp
US 44.221.84.105:80 gadyciz.com tcp
HK 154.85.183.50:80 qegyval.com tcp
US 103.224.182.252:80 vofycot.com tcp
US 103.224.212.210:80 lyxynyx.com tcp
US 15.197.240.20:80 qexyhuv.com tcp
US 8.8.8.8:53 ww16.vofycot.com udp
US 8.8.8.8:53 ww25.lyxynyx.com udp
DE 64.190.63.136:80 ww16.vofycot.com tcp
US 199.59.243.227:80 ww25.lyxynyx.com tcp
HK 154.85.183.50:80 qegyval.com tcp
US 8.8.8.8:53 qeqykog.com udp
US 8.8.8.8:53 gadypuw.com udp
US 8.8.8.8:53 pumyjig.com udp
US 8.8.8.8:53 volybec.com udp
US 8.8.8.8:53 qekyvav.com udp
US 8.8.8.8:53 lysytyr.com udp
US 8.8.8.8:53 ganyhuh.com udp
US 8.8.8.8:53 vofypuk.com udp
US 8.8.8.8:53 vopyret.com udp
US 8.8.8.8:53 pujycov.com udp
US 8.8.8.8:53 lyvyguj.com udp
US 8.8.8.8:53 qetyrap.com udp
US 8.8.8.8:53 gahycib.com udp
US 8.8.8.8:53 purywop.com udp
US 8.8.8.8:53 vocygyk.com udp
US 8.8.8.8:53 qexyfel.com udp
US 8.8.8.8:53 lygyxun.com udp
US 8.8.8.8:53 gaqyqis.com udp
US 8.8.8.8:53 vofyzym.com udp
US 8.8.8.8:53 lymymud.com udp
US 8.8.8.8:53 puzydal.com udp
US 8.8.8.8:53 galydoz.com udp
US 8.8.8.8:53 qedyleq.com udp
US 8.8.8.8:53 vonymuf.com udp
US 8.8.8.8:53 pupylaq.com udp
US 8.8.8.8:53 qebynyg.com udp
US 8.8.8.8:53 lykysix.com udp
US 8.8.8.8:53 gatykow.com udp
US 8.8.8.8:53 vojypuc.com udp
US 8.8.8.8:53 puvybeg.com udp
US 8.8.8.8:53 lyryjir.com udp
US 8.8.8.8:53 qegytyv.com udp
US 8.8.8.8:53 gacyvah.com udp
US 8.8.8.8:53 puzybep.com udp
US 8.8.8.8:53 lymyjon.com udp
US 8.8.8.8:53 qedytul.com udp
US 8.8.8.8:53 galyvas.com udp
US 8.8.8.8:53 vonyjim.com udp
US 8.8.8.8:53 lykyvod.com udp
US 8.8.8.8:53 qebyhuq.com udp
US 8.8.8.8:53 gatyrez.com udp
US 8.8.8.8:53 vojycif.com udp
US 8.8.8.8:53 lyrywax.com udp
US 8.8.8.8:53 qegyxug.com udp
US 8.8.8.8:53 gacyfew.com udp
US 8.8.8.8:53 vowyqoc.com udp
US 8.8.8.8:53 pufyxug.com udp
US 8.8.8.8:53 lyxyfar.com udp
US 8.8.8.8:53 qeqyqiv.com udp
US 8.8.8.8:53 gadyzyh.com udp
US 8.8.8.8:53 volydot.com udp
US 8.8.8.8:53 pumymuv.com udp
US 8.8.8.8:53 lysylej.com udp
US 8.8.8.8:53 qekysip.com udp
US 8.8.8.8:53 ganynyb.com udp
US 8.8.8.8:53 vopykak.com udp
US 8.8.8.8:53 pujypup.com udp
US 8.8.8.8:53 lyvynen.com udp
US 8.8.8.8:53 qetykol.com udp
US 8.8.8.8:53 gahypus.com udp
US 8.8.8.8:53 vocybam.com udp
US 8.8.8.8:53 puryjil.com udp
US 8.8.8.8:53 vowyjut.com udp
US 8.8.8.8:53 pufytev.com udp
US 8.8.8.8:53 lyxyvoj.com udp
US 8.8.8.8:53 qeqyhup.com udp
US 8.8.8.8:53 gadyrab.com udp
US 8.8.8.8:53 volycik.com udp
US 8.8.8.8:53 pumygyp.com udp
US 8.8.8.8:53 lysywon.com udp
US 8.8.8.8:53 qekyxul.com udp
US 8.8.8.8:53 ganyfes.com udp
US 8.8.8.8:53 vopyqim.com udp
US 8.8.8.8:53 lygytyd.com udp
US 8.8.8.8:53 lyvyfad.com udp
US 8.8.8.8:53 pujyxyl.com udp
US 8.8.8.8:53 qexyvoq.com udp
US 8.8.8.8:53 qetyquq.com udp
US 8.8.8.8:53 gaqyhuz.com udp
US 8.8.8.8:53 gahyzez.com udp
US 8.8.8.8:53 purymuq.com udp
US 8.8.8.8:53 vocydof.com udp
US 8.8.8.8:53 lygylax.com udp
US 8.8.8.8:53 qexysig.com udp
US 8.8.8.8:53 gaqynyw.com udp
US 8.8.8.8:53 vofykoc.com udp
US 8.8.8.8:53 puzypug.com udp
US 8.8.8.8:53 lymyner.com udp
US 8.8.8.8:53 qedykiv.com udp
US 8.8.8.8:53 galypyh.com udp
US 8.8.8.8:53 vonybat.com udp
US 8.8.8.8:53 pupyjuv.com udp
US 8.8.8.8:53 lykytej.com udp
US 8.8.8.8:53 qebyvop.com udp
US 8.8.8.8:53 vojyrak.com udp
US 8.8.8.8:53 gatyhub.com udp
US 8.8.8.8:53 puvycip.com udp
US 8.8.8.8:53 puzyciq.com udp
US 8.8.8.8:53 vofyref.com udp
US 8.8.8.8:53 lymygyx.com udp
US 8.8.8.8:53 qedyrag.com udp
US 8.8.8.8:53 galycuw.com udp
US 8.8.8.8:53 vonygec.com udp
US 8.8.8.8:53 pupywog.com udp
US 8.8.8.8:53 lykyxur.com udp
US 8.8.8.8:53 qebyfav.com udp
US 8.8.8.8:53 gatyqih.com udp
US 8.8.8.8:53 vojyzyt.com udp
US 8.8.8.8:53 puvydov.com udp
US 8.8.8.8:53 qegylep.com udp
US 8.8.8.8:53 gacydib.com udp
US 8.8.8.8:53 lyrymuj.com udp
US 8.8.8.8:53 lyxysun.com udp
US 8.8.8.8:53 pufylap.com udp
US 8.8.8.8:53 gadykos.com udp
US 8.8.8.8:53 vowymyk.com udp
US 8.8.8.8:53 lysyjid.com udp
US 8.8.8.8:53 qekytyq.com udp
US 8.8.8.8:53 ganyvoz.com udp
US 8.8.8.8:53 pumybal.com udp
US 8.8.8.8:53 pujyteq.com udp
US 8.8.8.8:53 qetyhyg.com udp
US 8.8.8.8:53 lyvyvix.com udp
US 8.8.8.8:53 volypum.com udp
US 8.8.8.8:53 qetyhyg.com udp
US 64.225.91.73:80 qetyhyg.com tcp
US 8.8.8.8:53 gatyhub.com udp
US 72.52.179.174:80 gatyhub.com tcp
US 72.52.179.174:80 gatyhub.com tcp
US 8.8.8.8:53 lyrygyn.com udp
US 8.8.8.8:53 qegyrol.com udp
US 8.8.8.8:53 gacycus.com udp
US 8.8.8.8:53 vowygem.com udp
US 8.8.8.8:53 pufywil.com udp
US 8.8.8.8:53 lyxyxyd.com udp
US 8.8.8.8:53 qeqyfaq.com udp
US 8.8.8.8:53 gadyquz.com udp
US 8.8.8.8:53 volyzef.com udp
US 8.8.8.8:53 lysymux.com udp
US 8.8.8.8:53 pumydoq.com udp
US 8.8.8.8:53 qekylag.com udp
US 8.8.8.8:53 vopymyc.com udp
US 8.8.8.8:53 ganydiw.com udp
US 8.8.8.8:53 pujylog.com udp
US 8.8.8.8:53 lyvysur.com udp
US 8.8.8.8:53 qetynev.com udp
US 8.8.8.8:53 gahykih.com udp
US 8.8.8.8:53 vocypyt.com udp
US 8.8.8.8:53 lygyjuj.com udp
US 8.8.8.8:53 purybav.com udp
US 8.8.8.8:53 qexytep.com udp
US 8.8.8.8:53 gaqyvob.com udp
US 8.8.8.8:53 vofyjuk.com udp
US 8.8.8.8:53 puzytap.com udp
US 8.8.8.8:53 lymyvin.com udp
US 8.8.8.8:53 qedyhyl.com udp
US 8.8.8.8:53 galyros.com udp
US 8.8.8.8:53 vonycum.com udp
US 8.8.8.8:53 pupygel.com udp
US 8.8.8.8:53 lykywid.com udp
US 8.8.8.8:53 gahyraw.com udp
US 8.8.8.8:53 qebyxyq.com udp
US 8.8.8.8:53 vocycuc.com udp
US 8.8.8.8:53 purygeg.com udp
US 8.8.8.8:53 qexyxuv.com udp
US 8.8.8.8:53 lygywor.com udp
US 8.8.8.8:53 gaqyfah.com udp
US 8.8.8.8:53 vofyqit.com udp
US 8.8.8.8:53 puzyxyv.com udp
US 8.8.8.8:53 lymyfoj.com udp
US 8.8.8.8:53 galyzeb.com udp
US 8.8.8.8:53 vonydik.com udp
US 8.8.8.8:53 qeqyvig.com udp
US 8.8.8.8:53 pupymyp.com udp
US 8.8.8.8:53 lykylan.com udp
US 8.8.8.8:53 qedyqup.com udp
US 8.8.8.8:53 qebysul.com udp
US 8.8.8.8:53 vojykom.com udp
US 8.8.8.8:53 puvypul.com udp
US 8.8.8.8:53 qegykiq.com udp
US 8.8.8.8:53 gatynes.com udp
US 8.8.8.8:53 gacypyz.com udp
US 8.8.8.8:53 vowybof.com udp
US 8.8.8.8:53 pufyjuq.com udp
US 8.8.8.8:53 lyrynad.com udp
US 8.8.8.8:53 volyrac.com udp
US 8.8.8.8:53 pumycug.com udp
US 8.8.8.8:53 lyxytex.com udp
US 8.8.8.8:53 qekyrov.com udp
US 8.8.8.8:53 ganycuh.com udp
US 8.8.8.8:53 vopygat.com udp
US 8.8.8.8:53 lysyger.com udp
US 8.8.8.8:53 gatyfaz.com udp
US 8.8.8.8:53 vojyquf.com udp
US 8.8.8.8:53 lyryfox.com udp
US 8.8.8.8:53 qegyqug.com udp
US 8.8.8.8:53 gacyzaw.com udp
US 8.8.8.8:53 vowydic.com udp
US 8.8.8.8:53 gadyneh.com udp
US 8.8.8.8:53 pufymyg.com udp
US 8.8.8.8:53 lyxylor.com udp
US 8.8.8.8:53 qeqysuv.com udp
US 8.8.8.8:53 pumypyv.com udp
US 8.8.8.8:53 lysynaj.com udp
US 8.8.8.8:53 lyvytan.com udp
US 8.8.8.8:53 ganypeb.com udp
US 8.8.8.8:53 volykit.com udp
US 8.8.8.8:53 vopybok.com udp
US 8.8.8.8:53 pujyjup.com udp
US 8.8.8.8:53 qekykup.com udp
US 8.8.8.8:53 qetyvil.com udp
US 8.8.8.8:53 gahyhys.com udp
US 8.8.8.8:53 vocyrom.com udp
US 8.8.8.8:53 purycul.com udp
US 8.8.8.8:53 lygyged.com udp
US 8.8.8.8:53 qexyriq.com udp
US 8.8.8.8:53 gaqycyz.com udp
US 8.8.8.8:53 vofygaf.com udp
US 8.8.8.8:53 puzywuq.com udp
US 8.8.8.8:53 lymyxex.com udp
US 8.8.8.8:53 qedyfog.com udp
US 8.8.8.8:53 galyquw.com udp
US 8.8.8.8:53 vonyzac.com udp
US 8.8.8.8:53 lyvyxyj.com udp
US 8.8.8.8:53 pujywiv.com udp
US 8.8.8.8:53 qetyfop.com udp
US 8.8.8.8:53 gahyqub.com udp
US 8.8.8.8:53 purydip.com udp
US 8.8.8.8:53 vocyzek.com udp
US 8.8.8.8:53 lygymyn.com udp
US 8.8.8.8:53 qexylal.com udp
US 8.8.8.8:53 vofymem.com udp
US 8.8.8.8:53 puzylol.com udp
US 8.8.8.8:53 gaqydus.com udp
US 8.8.8.8:53 lymysud.com udp
US 8.8.8.8:53 qedynaq.com udp
US 8.8.8.8:53 vonypyf.com udp
US 8.8.8.8:53 galykiz.com udp
US 8.8.8.8:53 pupyboq.com udp
US 8.8.8.8:53 lykyjux.com udp
US 8.8.8.8:53 qebyteg.com udp
US 8.8.8.8:53 gatyviw.com udp
US 8.8.8.8:53 vojyjyc.com udp
US 8.8.8.8:53 puvytag.com udp
US 8.8.8.8:53 lyryvur.com udp
US 8.8.8.8:53 gacyroh.com udp
US 8.8.8.8:53 vowycut.com udp
US 8.8.8.8:53 pufygav.com udp
US 8.8.8.8:53 lyxywij.com udp
US 8.8.8.8:53 qegyhev.com udp
US 8.8.8.8:53 gadyfob.com udp
US 8.8.8.8:53 volyquk.com udp
US 8.8.8.8:53 lysyfin.com udp
US 8.8.8.8:53 pumyxep.com udp
US 8.8.8.8:53 pupydig.com udp
US 8.8.8.8:53 lykymyr.com udp
US 8.8.8.8:53 qebylov.com udp
US 8.8.8.8:53 gatyduh.com udp
US 8.8.8.8:53 vojymet.com udp
US 8.8.8.8:53 gacykub.com udp
US 8.8.8.8:53 lyrysyj.com udp
US 8.8.8.8:53 puvyliv.com udp
US 8.8.8.8:53 qegynap.com udp
US 8.8.8.8:53 vowypek.com udp
US 8.8.8.8:53 pufybop.com udp
US 8.8.8.8:53 lyxyjun.com udp
US 8.8.8.8:53 qeqytal.com udp
US 8.8.8.8:53 volyjym.com udp
US 8.8.8.8:53 pumytol.com udp
US 8.8.8.8:53 lysyvud.com udp
US 8.8.8.8:53 qekyheq.com udp
US 8.8.8.8:53 ganyriz.com udp
US 8.8.8.8:53 vopycyf.com udp
US 8.8.8.8:53 pujygaq.com udp
US 8.8.8.8:53 qetyxeg.com udp
US 8.8.8.8:53 lyvywux.com udp
US 8.8.8.8:53 gahyfow.com udp
US 8.8.8.8:53 vocyquc.com udp
US 8.8.8.8:53 puryxag.com udp
US 8.8.8.8:53 lygyfir.com udp
US 8.8.8.8:53 qexyqyv.com udp
US 8.8.8.8:53 gaqyzoh.com udp
US 8.8.8.8:53 vofydut.com udp
US 8.8.8.8:53 lymylij.com udp
US 8.8.8.8:53 puzymev.com udp
US 8.8.8.8:53 qekyqyl.com udp
US 8.8.8.8:53 ganyzas.com udp
US 8.8.8.8:53 vopydum.com udp
US 8.8.8.8:53 lyvylod.com udp
US 8.8.8.8:53 qetysuq.com udp
US 8.8.8.8:53 pujymel.com udp
US 8.8.8.8:53 gahynaz.com udp
US 8.8.8.8:53 vocykif.com udp
US 8.8.8.8:53 purypyq.com udp
US 8.8.8.8:53 lygynox.com udp
US 8.8.8.8:53 qexykug.com udp
US 8.8.8.8:53 gaqypew.com udp
US 8.8.8.8:53 vofybic.com udp
US 8.8.8.8:53 puzyjyg.com udp
US 8.8.8.8:53 qedyvuv.com udp
US 8.8.8.8:53 galyheh.com udp
US 8.8.8.8:53 lymytar.com udp
US 8.8.8.8:53 vonyrot.com udp
US 8.8.8.8:53 pupycuv.com udp
US 8.8.8.8:53 lykygaj.com udp
US 8.8.8.8:53 qebyrip.com udp
US 8.8.8.8:53 gatycyb.com udp
US 8.8.8.8:53 lyryxen.com udp
US 8.8.8.8:53 vojygok.com udp
US 8.8.8.8:53 puvywup.com udp
US 8.8.8.8:53 qegyfil.com udp
US 8.8.8.8:53 gacyqys.com udp
US 8.8.8.8:53 vowyzam.com udp
US 8.8.8.8:53 pufydul.com udp
US 8.8.8.8:53 gadyduz.com udp
US 8.8.8.8:53 lyxymed.com udp
US 8.8.8.8:53 qeqyloq.com udp
US 8.8.8.8:53 qedysyp.com udp
US 8.8.8.8:53 galynab.com udp
US 8.8.8.8:53 vonykuk.com udp
US 8.8.8.8:53 pupypep.com udp
US 8.8.8.8:53 lykynon.com udp
US 8.8.8.8:53 qebykul.com udp
US 8.8.8.8:53 gatypas.com udp
US 8.8.8.8:53 vojybim.com udp
US 8.8.8.8:53 puvyjyl.com udp
US 8.8.8.8:53 qegyvuq.com udp
US 8.8.8.8:53 lyrytod.com udp
US 8.8.8.8:53 gacyhez.com udp
US 8.8.8.8:53 gadycew.com udp
US 8.8.8.8:53 pufycyq.com udp
US 8.8.8.8:53 volygoc.com udp
US 8.8.8.8:53 qeqyrug.com udp
US 8.8.8.8:53 lyxygax.com udp
US 8.8.8.8:53 pumywug.com udp
US 8.8.8.8:53 lysyxar.com udp
US 8.8.8.8:53 qekyfiv.com udp
US 8.8.8.8:53 vopyzot.com udp
US 8.8.8.8:53 pujyduv.com udp
US 8.8.8.8:53 lyvymej.com udp
US 8.8.8.8:53 qetylip.com udp
US 8.8.8.8:53 gahydyb.com udp
US 8.8.8.8:53 vocymak.com udp
US 8.8.8.8:53 purylup.com udp
US 8.8.8.8:53 lygysen.com udp
US 8.8.8.8:53 qexynol.com udp
US 8.8.8.8:53 gaqykus.com udp
US 8.8.8.8:53 volymaf.com udp
US 8.8.8.8:53 pumyliq.com udp
US 8.8.8.8:53 lysysyx.com udp
US 8.8.8.8:53 qekynog.com udp
US 8.8.8.8:53 ganykuw.com udp
US 8.8.8.8:53 vopypec.com udp
US 8.8.8.8:53 pujybig.com udp
US 8.8.8.8:53 lyvyjyr.com udp
US 8.8.8.8:53 qetytav.com udp
US 8.8.8.8:53 gahyvuh.com udp
US 8.8.8.8:53 vocyjet.com udp
US 8.8.8.8:53 purytov.com udp
US 8.8.8.8:53 lygyvuj.com udp
US 8.8.8.8:53 qexyhap.com udp
US 8.8.8.8:53 gaqyrib.com udp
US 8.8.8.8:53 vofycyk.com udp
US 8.8.8.8:53 puzygop.com udp
US 8.8.8.8:53 lymywun.com udp
US 8.8.8.8:53 qedyxel.com udp
US 8.8.8.8:53 galyfis.com udp
US 8.8.8.8:53 vonyqym.com udp
US 8.8.8.8:53 pupyxal.com udp
US 8.8.8.8:53 lykyfud.com udp
US 8.8.8.8:53 qebyqeq.com udp
US 8.8.8.8:53 gatyzoz.com udp
US 8.8.8.8:53 vojyduf.com udp
US 8.8.8.8:53 puvymaq.com udp
US 8.8.8.8:53 lyrylix.com udp
US 8.8.8.8:53 qegysyg.com udp
US 8.8.8.8:53 gacynow.com udp
US 8.8.8.8:53 vowykuc.com udp
US 8.8.8.8:53 lygyvuj.com udp
US 52.34.198.229:80 lygyvuj.com tcp
US 8.8.8.8:53 vofypam.com udp
US 8.8.8.8:53 puzybil.com udp
US 8.8.8.8:53 qedytoq.com udp
US 8.8.8.8:53 gatyruw.com udp
US 8.8.8.8:53 galyvuz.com udp
US 8.8.8.8:53 vonyjef.com udp
US 8.8.8.8:53 pupytiq.com udp
US 8.8.8.8:53 lykyvyx.com udp
US 8.8.8.8:53 lymyjyd.com udp
US 8.8.8.8:53 lyxynir.com udp
US 8.8.8.8:53 vojycec.com udp
US 8.8.8.8:53 puvygog.com udp
US 8.8.8.8:53 lyrywur.com udp
US 8.8.8.8:53 qegyxav.com udp
US 8.8.8.8:53 gacyfih.com udp
US 8.8.8.8:53 qeqykyv.com udp
US 8.8.8.8:53 vowyqyt.com udp
US 8.8.8.8:53 gadypah.com udp
US 8.8.8.8:53 lyxyfuj.com udp
US 8.8.8.8:53 pufyxov.com udp
US 8.8.8.8:53 qeqyqep.com udp
US 8.8.8.8:53 volybut.com udp
US 8.8.8.8:53 pumyjev.com udp
US 8.8.8.8:53 volydyk.com udp
US 8.8.8.8:53 gadyzib.com udp
US 8.8.8.8:53 lysytoj.com udp
US 8.8.8.8:53 pumymap.com udp
US 8.8.8.8:53 qekyvup.com udp
US 8.8.8.8:53 qekysel.com udp
US 8.8.8.8:53 lysylun.com udp
US 8.8.8.8:53 ganyhab.com udp
US 8.8.8.8:53 vopyrik.com udp
US 8.8.8.8:53 vopykum.com udp
US 8.8.8.8:53 pujypal.com udp
US 8.8.8.8:53 pujycyp.com udp
US 8.8.8.8:53 lyvynid.com udp
US 8.8.8.8:53 gahypoz.com udp
US 8.8.8.8:53 vocybuf.com udp
US 8.8.8.8:53 lyvygon.com udp
US 8.8.8.8:53 qetykyq.com udp
US 8.8.8.8:53 qetyrul.com udp
US 8.8.8.8:53 puryjeq.com udp
US 8.8.8.8:53 gahyces.com udp
US 8.8.8.8:53 vocygim.com udp
US 8.8.8.8:53 purywyl.com udp
US 8.8.8.8:53 lygyxad.com udp
US 8.8.8.8:53 qexyfuq.com udp
US 8.8.8.8:53 gaqyqez.com udp
US 8.8.8.8:53 vofyzof.com udp
US 8.8.8.8:53 puzyduq.com udp
US 8.8.8.8:53 lymymax.com udp
US 8.8.8.8:53 qedylig.com udp
US 8.8.8.8:53 galydyw.com udp
US 8.8.8.8:53 vonymoc.com udp
US 8.8.8.8:53 lykyser.com udp
US 8.8.8.8:53 qebyniv.com udp
US 8.8.8.8:53 gatykyh.com udp
US 8.8.8.8:53 vojypat.com udp
US 8.8.8.8:53 lyryjej.com udp
US 8.8.8.8:53 puvybuv.com udp
US 8.8.8.8:53 qegytop.com udp
US 8.8.8.8:53 pupylug.com udp
US 8.8.8.8:53 lygytix.com udp
US 8.8.8.8:53 qexyvyg.com udp
US 8.8.8.8:53 gaqyhaw.com udp
US 8.8.8.8:53 puzyceg.com udp
US 8.8.8.8:53 vofyruc.com udp
US 8.8.8.8:53 qedyruv.com udp
US 8.8.8.8:53 galycah.com udp
US 8.8.8.8:53 lymygor.com udp
US 8.8.8.8:53 vonygit.com udp
US 8.8.8.8:53 lykyxoj.com udp
US 8.8.8.8:53 pupywyv.com udp
US 8.8.8.8:53 qebyfup.com udp
US 8.8.8.8:53 gatyqeb.com udp
US 8.8.8.8:53 vojyzik.com udp
US 8.8.8.8:53 puvydyp.com udp
US 8.8.8.8:53 lyryman.com udp
US 8.8.8.8:53 qegylul.com udp
US 8.8.8.8:53 gacydes.com udp
US 8.8.8.8:53 vowymom.com udp
US 8.8.8.8:53 pufylul.com udp
US 8.8.8.8:53 gacyvub.com udp
US 8.8.8.8:53 qeqyniq.com udp
US 8.8.8.8:53 lyxysad.com udp
US 8.8.8.8:53 vowyjak.com udp
US 8.8.8.8:53 gadykyz.com udp
US 8.8.8.8:53 pufytip.com udp
US 8.8.8.8:53 volypof.com udp
US 8.8.8.8:53 lyxyvyn.com udp
US 8.8.8.8:53 pumybuq.com udp
US 8.8.8.8:53 qeqyhol.com udp
US 8.8.8.8:53 lysyjex.com udp
US 8.8.8.8:53 qekytig.com udp
US 8.8.8.8:53 gadyrus.com udp
US 8.8.8.8:53 ganyvyw.com udp
US 8.8.8.8:53 volycem.com udp
US 8.8.8.8:53 vopyjac.com udp
US 8.8.8.8:53 pujytug.com udp
US 8.8.8.8:53 pumygil.com udp
US 8.8.8.8:53 lyvyver.com udp
US 8.8.8.8:53 qetyhov.com udp
US 8.8.8.8:53 gahyziw.com udp
US 8.8.8.8:53 qekyxaq.com udp
US 8.8.8.8:53 ganyfuz.com udp
US 8.8.8.8:53 vocydyc.com udp
US 8.8.8.8:53 purymog.com udp
US 8.8.8.8:53 vopyqef.com udp
US 8.8.8.8:53 lygylur.com udp
US 8.8.8.8:53 qexysev.com udp
US 8.8.8.8:53 puzypav.com udp
US 8.8.8.8:53 vofykyt.com udp
US 8.8.8.8:53 pujyxoq.com udp
US 8.8.8.8:53 lymynuj.com udp
US 8.8.8.8:53 qedykep.com udp
US 8.8.8.8:53 galypob.com udp
US 8.8.8.8:53 vonybuk.com udp
US 8.8.8.8:53 pupyjap.com udp
US 8.8.8.8:53 lykytin.com udp
US 8.8.8.8:53 qebyvyl.com udp
US 8.8.8.8:53 gatyhos.com udp
US 8.8.8.8:53 vojyrum.com udp
US 8.8.8.8:53 lyvyfux.com udp
US 8.8.8.8:53 qetyqag.com udp
US 8.8.8.8:53 lysywyd.com udp
US 8.8.8.8:53 gahyruh.com udp
US 8.8.8.8:53 lygywyj.com udp
US 8.8.8.8:53 qexyxop.com udp
US 8.8.8.8:53 gaqyfub.com udp
US 8.8.8.8:53 vofyqek.com udp
US 8.8.8.8:53 qedyqal.com udp
US 8.8.8.8:53 lymyfyn.com udp
US 8.8.8.8:53 galyzus.com udp
US 8.8.8.8:53 vonydem.com udp
US 8.8.8.8:53 pupymol.com udp
US 8.8.8.8:53 lykylud.com udp
US 8.8.8.8:53 qebysaq.com udp
US 8.8.8.8:53 gatyniz.com udp
US 8.8.8.8:53 vojykyf.com udp
US 8.8.8.8:53 puvypoq.com udp
US 8.8.8.8:53 lyrynux.com udp
US 8.8.8.8:53 qegykeg.com udp
US 8.8.8.8:53 gacypiw.com udp
US 8.8.8.8:53 vowybyc.com udp
US 8.8.8.8:53 pufyjag.com udp
US 8.8.8.8:53 lyxytur.com udp
US 8.8.8.8:53 gadyhoh.com udp
US 8.8.8.8:53 qeqyvev.com udp
US 8.8.8.8:53 volyrut.com udp
US 8.8.8.8:53 pumycav.com udp
US 8.8.8.8:53 lysygij.com udp
US 8.8.8.8:53 ganycob.com udp
US 8.8.8.8:53 qekyryp.com udp
US 8.8.8.8:53 vopyguk.com udp
US 8.8.8.8:53 lyrygid.com udp
US 8.8.8.8:53 puvycel.com udp
US 8.8.8.8:53 gacycaz.com udp
US 8.8.8.8:53 qegyryq.com udp
US 8.8.8.8:53 vowyguf.com udp
US 8.8.8.8:53 lyxyxox.com udp
US 8.8.8.8:53 pufyweq.com udp
US 8.8.8.8:53 qeqyfug.com udp
US 8.8.8.8:53 ganydeh.com udp
US 8.8.8.8:53 gadyqaw.com udp
US 8.8.8.8:53 volyzic.com udp
US 8.8.8.8:53 vopymit.com udp
US 8.8.8.8:53 lysymor.com udp
US 8.8.8.8:53 pumydyg.com udp
US 8.8.8.8:53 qekyluv.com udp
US 8.8.8.8:53 pujylyv.com udp
US 8.8.8.8:53 lygyjan.com udp
US 8.8.8.8:53 lyvysaj.com udp
US 8.8.8.8:53 gahykeb.com udp
US 8.8.8.8:53 qexytil.com udp
US 8.8.8.8:53 gaqyvys.com udp
US 8.8.8.8:53 vocypok.com udp
US 8.8.8.8:53 qetynup.com udp
US 8.8.8.8:53 vofyjom.com udp
US 8.8.8.8:53 purybup.com udp
US 8.8.8.8:53 puzytul.com udp
US 8.8.8.8:53 lymyved.com udp
US 8.8.8.8:53 galyryz.com udp
US 8.8.8.8:53 qedyhiq.com udp
US 8.8.8.8:53 vonycaf.com udp
US 8.8.8.8:53 pupyguq.com udp
US 8.8.8.8:53 lykywex.com udp
US 8.8.8.8:53 pujywep.com udp
US 8.8.8.8:53 lyvyxin.com udp
US 8.8.8.8:53 qetyfyl.com udp
US 8.8.8.8:53 gahyqas.com udp
US 8.8.8.8:53 vocyzum.com udp
US 8.8.8.8:53 lygymod.com udp
US 8.8.8.8:53 gaqydaz.com udp
US 8.8.8.8:53 vofymif.com udp
US 8.8.8.8:53 purydel.com udp
US 8.8.8.8:53 puzylyq.com udp
US 8.8.8.8:53 lymysox.com udp
US 8.8.8.8:53 galykew.com udp
US 8.8.8.8:53 vonypic.com udp
US 8.8.8.8:53 qedynug.com udp
US 8.8.8.8:53 pupybyg.com udp
US 8.8.8.8:53 gatyveh.com udp
US 8.8.8.8:53 qebytuv.com udp
US 8.8.8.8:53 vojyjot.com udp
US 8.8.8.8:53 lyryvaj.com udp
US 8.8.8.8:53 puvytuv.com udp
US 8.8.8.8:53 gacyryb.com udp
US 8.8.8.8:53 qegyhip.com udp
US 8.8.8.8:53 vowycok.com udp
US 8.8.8.8:53 pufygup.com udp
US 8.8.8.8:53 lyxywen.com udp
US 8.8.8.8:53 gadyfys.com udp
US 8.8.8.8:53 qeqyxil.com udp
US 8.8.8.8:53 volyqam.com udp
US 8.8.8.8:53 pumyxul.com udp
US 8.8.8.8:53 lysyfed.com udp
US 8.8.8.8:53 qebyxog.com udp
US 8.8.8.8:53 gatyfuw.com udp
US 8.8.8.8:53 vojyqac.com udp
US 8.8.8.8:53 lyryfyr.com udp
US 8.8.8.8:53 puvyxig.com udp
US 8.8.8.8:53 qegyqov.com udp
US 8.8.8.8:53 gacyzuh.com udp
US 8.8.8.8:53 pufymiv.com udp
US 8.8.8.8:53 lyxylyj.com udp
US 8.8.8.8:53 qeqysap.com udp
US 8.8.8.8:53 vowydet.com udp
US 8.8.8.8:53 gadynub.com udp
US 8.8.8.8:53 volykek.com udp
US 8.8.8.8:53 pumypop.com udp
US 8.8.8.8:53 lysynun.com udp
US 8.8.8.8:53 qekykal.com udp
US 8.8.8.8:53 vopybym.com udp
US 8.8.8.8:53 ganypis.com udp
US 8.8.8.8:53 pujyjol.com udp
US 8.8.8.8:53 lyvytud.com udp
US 8.8.8.8:53 gaqycow.com udp
US 8.8.8.8:53 qetyveq.com udp
US 8.8.8.8:53 gahyhiz.com udp
US 8.8.8.8:53 purycaq.com udp
US 8.8.8.8:53 vocyryf.com udp
US 8.8.8.8:53 lygygux.com udp
US 8.8.8.8:53 qexyreg.com udp
US 8.8.8.8:53 puzywag.com udp
US 8.8.8.8:53 qedyfyv.com udp
US 8.8.8.8:53 galyqoh.com udp
US 8.8.8.8:53 lymyxir.com udp
US 44.221.84.105:80 gahyhiz.com tcp
US 8.8.8.8:53 qekyqoq.com udp
US 8.8.8.8:53 pujymiq.com udp
US 8.8.8.8:53 ganyzuz.com udp
US 8.8.8.8:53 lyvylyx.com udp
US 8.8.8.8:53 vopydaf.com udp
US 8.8.8.8:53 qetysog.com udp
US 8.8.8.8:53 vocykec.com udp
US 8.8.8.8:53 gadydow.com udp
US 8.8.8.8:53 gahynuw.com udp
US 8.8.8.8:53 purypig.com udp
US 8.8.8.8:53 lygynyr.com udp
US 8.8.8.8:53 qexykav.com udp
US 8.8.8.8:53 pupydev.com udp
US 8.8.8.8:53 gaqypuh.com udp
US 8.8.8.8:53 vofybet.com udp
US 8.8.8.8:53 puzyjov.com udp
US 8.8.8.8:53 lymytuj.com udp
US 8.8.8.8:53 qedyvap.com udp
US 8.8.8.8:53 vonyryk.com udp
US 8.8.8.8:53 galyhib.com udp
US 8.8.8.8:53 pupycop.com udp
US 8.8.8.8:53 qebyrel.com udp
US 8.8.8.8:53 lykymij.com udp
US 8.8.8.8:53 gatycis.com udp
US 8.8.8.8:53 vojygym.com udp
US 8.8.8.8:53 puvywal.com udp
US 8.8.8.8:53 lyryxud.com udp
US 8.8.8.8:53 qegyfeq.com udp
US 8.8.8.8:53 gacyqoz.com udp
US 8.8.8.8:53 qebylyp.com udp
US 8.8.8.8:53 vowyzuf.com udp
US 8.8.8.8:53 pufydaq.com udp
US 8.8.8.8:53 vonyzut.com udp
US 8.8.8.8:53 qeqylyg.com udp
US 8.8.8.8:53 gatydab.com udp
US 8.8.8.8:53 puvylep.com udp
US 8.8.8.8:53 lyryson.com udp
US 8.8.8.8:53 qegynul.com udp
US 8.8.8.8:53 vojymuk.com udp
US 8.8.8.8:53 gacykas.com udp
US 8.8.8.8:53 lyxyjod.com udp
US 8.8.8.8:53 pufybyl.com udp
US 8.8.8.8:53 gadyvez.com udp
US 8.8.8.8:53 pumytyq.com udp
US 8.8.8.8:53 volyjif.com udp
US 8.8.8.8:53 ganyrew.com udp
US 8.8.8.8:53 qekyhug.com udp
US 8.8.8.8:53 vopycoc.com udp
US 8.8.8.8:53 pujygug.com udp
US 8.8.8.8:53 lyvywar.com udp
US 8.8.8.8:53 qetyxiv.com udp
US 8.8.8.8:53 gahyfyh.com udp
US 8.8.8.8:53 puryxuv.com udp
US 8.8.8.8:53 vocyqot.com udp
US 8.8.8.8:53 lygyfej.com udp
US 8.8.8.8:53 qexyqip.com udp
US 8.8.8.8:53 puzymup.com udp
US 8.8.8.8:53 vofydak.com udp
US 8.8.8.8:53 gaqyzyb.com udp
US 8.8.8.8:53 volymuc.com udp
US 8.8.8.8:53 lysysir.com udp
US 8.8.8.8:53 qekynyv.com udp
US 8.8.8.8:53 ganykah.com udp
US 8.8.8.8:53 vopyput.com udp
US 8.8.8.8:53 pumyleg.com udp
US 8.8.8.8:53 qetytup.com udp
US 8.8.8.8:53 pujybev.com udp
US 8.8.8.8:53 gahyvab.com udp
US 8.8.8.8:53 vocyjik.com udp
US 8.8.8.8:53 purytyp.com udp
US 8.8.8.8:53 lygyvon.com udp
US 8.8.8.8:53 qexyhul.com udp
US 8.8.8.8:53 gaqyres.com udp
US 8.8.8.8:53 lymylen.com udp
US 8.8.8.8:53 vofycim.com udp
US 8.8.8.8:53 puzygyl.com udp
US 8.8.8.8:53 qedysol.com udp
US 8.8.8.8:53 galynus.com udp
US 8.8.8.8:53 qedyxuq.com udp
US 8.8.8.8:53 galyfez.com udp
US 8.8.8.8:53 vonykam.com udp
US 8.8.8.8:53 vonyqof.com udp
US 8.8.8.8:53 pupypil.com udp
US 8.8.8.8:53 lykyfax.com udp
US 8.8.8.8:53 qebyqig.com udp
US 8.8.8.8:53 qebykoq.com udp
US 8.8.8.8:53 gatyzyw.com udp
US 8.8.8.8:53 vojydoc.com udp
US 8.8.8.8:53 puvymug.com udp
US 8.8.8.8:53 lyryler.com udp
US 8.8.8.8:53 qegysiv.com udp
US 8.8.8.8:53 gacynyh.com udp
US 8.8.8.8:53 vowykat.com udp
US 8.8.8.8:53 pufypuv.com udp
US 8.8.8.8:53 pupyxuq.com udp
US 8.8.8.8:53 lykynyd.com udp
US 8.8.8.8:53 lyvyjoj.com udp
US 8.8.8.8:53 gatypuz.com udp
US 8.8.8.8:53 vojybef.com udp
US 8.8.8.8:53 puvyjiq.com udp
US 8.8.8.8:53 lyrytyx.com udp
US 8.8.8.8:53 gacyhuw.com udp
US 8.8.8.8:53 pufycog.com udp
US 8.8.8.8:53 vowyrec.com udp
US 8.8.8.8:53 lyxygur.com udp
US 8.8.8.8:53 qeqyrav.com udp
US 8.8.8.8:53 volygyt.com udp
US 8.8.8.8:53 lysyxuj.com udp
US 8.8.8.8:53 pumywov.com udp
US 8.8.8.8:53 qekyfep.com udp
US 8.8.8.8:53 ganyqib.com udp
US 8.8.8.8:53 vopyzyk.com udp
US 8.8.8.8:53 pujydap.com udp
US 8.8.8.8:53 lyvymun.com udp
US 8.8.8.8:53 qetylel.com udp
US 8.8.8.8:53 gahydos.com udp
US 8.8.8.8:53 vocymum.com udp
US 8.8.8.8:53 purylal.com udp
US 8.8.8.8:53 lygysid.com udp
US 8.8.8.8:53 qexynyq.com udp
US 8.8.8.8:53 lyxynej.com udp
US 8.8.8.8:53 qeqykop.com udp
US 8.8.8.8:53 gadypub.com udp
US 8.8.8.8:53 volybak.com udp
US 8.8.8.8:53 lysytyn.com udp
US 8.8.8.8:53 qekyvol.com udp
US 8.8.8.8:53 ganyhus.com udp
US 8.8.8.8:53 pumyjip.com udp
US 8.8.8.8:53 vopyrem.com udp
US 8.8.8.8:53 lyvygyd.com udp
US 8.8.8.8:53 qetyraq.com udp
US 8.8.8.8:53 gahycuz.com udp
US 8.8.8.8:53 vocygef.com udp
US 8.8.8.8:53 purywoq.com udp
US 8.8.8.8:53 lygyxux.com udp
US 8.8.8.8:53 qexyfag.com udp
US 8.8.8.8:53 gaqykoz.com udp
US 8.8.8.8:53 gaqyqiw.com udp
US 8.8.8.8:53 vofypuf.com udp
US 8.8.8.8:53 vofyzyc.com udp
US 8.8.8.8:53 puzydog.com udp
US 8.8.8.8:53 puzybeq.com udp
US 8.8.8.8:53 lymyjix.com udp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 qedytyg.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 galyvaw.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 vonyjuc.com udp
US 8.8.8.8:53 purydyv.com udp
US 8.8.8.8:53 pupyteg.com udp
US 8.8.8.8:53 lygymoj.com udp
US 8.8.8.8:53 lykyvor.com udp
US 8.8.8.8:53 qexylup.com udp
US 8.8.8.8:53 gaqydeb.com udp
US 8.8.8.8:53 qebyhuv.com udp
US 8.8.8.8:53 vofymik.com udp
US 8.8.8.8:53 gatyrah.com udp
US 8.8.8.8:53 vojycit.com udp
US 8.8.8.8:53 lymysan.com udp
US 8.8.8.8:53 puvygyv.com udp
US 8.8.8.8:53 qedynul.com udp
US 8.8.8.8:53 galykes.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 pupybul.com udp
US 8.8.8.8:53 qebytiq.com udp
US 8.8.8.8:53 lykyjad.com udp
US 8.8.8.8:53 gatyvyz.com udp
US 8.8.8.8:53 vojyjof.com udp
US 8.8.8.8:53 puvytuq.com udp
US 8.8.8.8:53 lyryvex.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 gacyryw.com udp
US 8.8.8.8:53 vowycac.com udp
US 8.8.8.8:53 lyrywoj.com udp
US 8.8.8.8:53 pufygug.com udp
US 8.8.8.8:53 lyxywer.com udp
US 8.8.8.8:53 gadyfuh.com udp
US 8.8.8.8:53 qeqyxov.com udp
US 8.8.8.8:53 volyqat.com udp
US 8.8.8.8:53 pumyxiv.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 qekyqop.com udp
US 8.8.8.8:53 gacyfeb.com udp
US 8.8.8.8:53 qegyxup.com udp
US 8.8.8.8:53 vowyqik.com udp
US 8.8.8.8:53 pufyxyp.com udp
US 8.8.8.8:53 lyxyfan.com udp
US 8.8.8.8:53 qeqyqul.com udp
US 8.8.8.8:53 gatyfus.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 puvyxil.com udp
US 8.8.8.8:53 lyryfyd.com udp
US 8.8.8.8:53 gacyzuz.com udp
US 8.8.8.8:53 vowydef.com udp
US 8.8.8.8:53 pufymoq.com udp
US 8.8.8.8:53 lyxylux.com udp
US 8.8.8.8:53 qeqysag.com udp
US 8.8.8.8:53 gadyniw.com udp
US 8.8.8.8:53 volykyc.com udp
US 8.8.8.8:53 lysynur.com udp
US 8.8.8.8:53 qekykev.com udp
US 8.8.8.8:53 ganypih.com udp
US 8.8.8.8:53 pujyjav.com udp
US 8.8.8.8:53 lyvytuj.com udp
US 8.8.8.8:53 qetyvep.com udp
US 8.8.8.8:53 vocyruk.com udp
US 8.8.8.8:53 lygygin.com udp
US 8.8.8.8:53 qexyryl.com udp
US 8.8.8.8:53 gaqycos.com udp
US 8.8.8.8:53 vofygum.com udp
US 8.8.8.8:53 purycap.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 qedyfyq.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 vonyzuf.com udp
US 8.8.8.8:53 puzywel.com udp
HK 154.212.231.82:80 gadyniw.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 172.234.222.143:80 vojyqem.com tcp
NL 85.17.31.122:80 gatyfus.com tcp
US 104.21.30.183:80 qegyhig.com tcp
US 23.253.46.64:80 gahyqah.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 18.208.156.248:80 vonypom.com tcp
US 75.2.71.199:80 puzylyp.com tcp
US 208.100.26.245:80 lyvyxor.com tcp
US 69.162.80.55:80 lysyfyj.com tcp
US 23.253.46.64:80 gahyqah.com tcp
US 172.234.222.143:80 vojyqem.com tcp
NL 85.17.31.122:80 gatyfus.com tcp
US 75.2.71.199:80 puzylyp.com tcp
US 199.59.243.227:80 ww25.lyxynyx.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 3.94.10.34:80 lymyxid.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 104.21.30.183:443 qegyhig.com tcp
US 104.21.30.183:443 qegyhig.com tcp
US 8.8.8.8:53 pupydeq.com udp
US 8.8.8.8:53 lykymox.com udp
US 8.8.8.8:53 qebylug.com udp
US 8.8.8.8:53 gatydaw.com udp
US 76.223.54.146:80 pupydeq.com tcp
US 8.8.8.8:53 vojymic.com udp
US 8.8.8.8:53 puvylyg.com udp
US 8.8.8.8:53 lyrysor.com udp
US 8.8.8.8:53 qegynuv.com udp
US 8.8.8.8:53 gacykeh.com udp
US 8.8.8.8:53 vowypit.com udp
US 8.8.8.8:53 pufybyv.com udp
US 8.8.8.8:53 qeqytup.com udp
US 8.8.8.8:53 lyxyjaj.com udp
US 8.8.8.8:53 gadyveb.com udp
US 8.8.8.8:53 volyjok.com udp
US 8.8.8.8:53 lysyvan.com udp
US 8.8.8.8:53 ganyrys.com udp
US 8.8.8.8:53 vopydek.com udp
US 8.8.8.8:53 pujymip.com udp
US 8.8.8.8:53 lyvylyn.com udp
US 8.8.8.8:53 qetysal.com udp
US 8.8.8.8:53 gahynus.com udp
US 8.8.8.8:53 vocykem.com udp
US 8.8.8.8:53 purypol.com udp
US 8.8.8.8:53 lygynud.com udp
US 8.8.8.8:53 qexykaq.com udp
US 8.8.8.8:53 gaqypiz.com udp
US 8.8.8.8:53 vofybyf.com udp
US 8.8.8.8:53 puzyjoq.com udp
US 8.8.8.8:53 qedyveg.com udp
US 8.8.8.8:53 galyhiw.com udp
US 8.8.8.8:53 vonyryc.com udp
US 8.8.8.8:53 pupycag.com udp
US 8.8.8.8:53 lykygur.com udp
US 8.8.8.8:53 qebyrev.com udp
US 8.8.8.8:53 gatycoh.com udp
US 8.8.8.8:53 vojygut.com udp
US 8.8.8.8:53 puvywav.com udp
US 8.8.8.8:53 lyryxij.com udp
CN 111.6.96.18:80 lyrysor.com tcp
US 8.8.8.8:53 qegyfyp.com udp
US 8.8.8.8:53 gacyqob.com udp
US 8.8.8.8:53 vowyzuk.com udp
US 8.8.8.8:53 pufydep.com udp
US 8.8.8.8:53 qeqylyl.com udp
US 8.8.8.8:53 lyxymin.com udp
US 8.8.8.8:53 gadydas.com udp
US 8.8.8.8:53 vopycom.com udp
US 8.8.8.8:53 volymum.com udp
US 8.8.8.8:53 pujygul.com udp
US 8.8.8.8:53 qetyxiq.com udp
US 8.8.8.8:53 gahyfyz.com udp
US 8.8.8.8:53 vocyqaf.com udp
US 8.8.8.8:53 puryxuq.com udp
US 8.8.8.8:53 qexyqog.com udp
US 8.8.8.8:53 lygyfex.com udp
US 8.8.8.8:53 gaqyzuw.com udp
US 8.8.8.8:53 vofydac.com udp
US 8.8.8.8:53 puzymig.com udp
US 8.8.8.8:53 lymylyr.com udp
US 104.155.138.21:80 lygynud.com tcp
US 18.208.156.248:80 pupycag.com tcp
US 172.67.136.136:80 lysyvan.com tcp
US 76.223.54.146:80 pupydeq.com tcp
US 172.67.136.136:443 lysyvan.com tcp
US 172.67.136.136:443 lysyvan.com tcp

Files

memory/2356-0-0x0000000000400000-0x0000000000487000-memory.dmp

memory/2356-1-0x0000000000500000-0x0000000000558000-memory.dmp

memory/2356-2-0x0000000000400000-0x0000000000464000-memory.dmp

memory/2356-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/2356-6-0x0000000002320000-0x00000000023D4000-memory.dmp

memory/2356-4-0x0000000002320000-0x00000000023D4000-memory.dmp

memory/2356-10-0x0000000002320000-0x00000000023D4000-memory.dmp

memory/2356-14-0x0000000002320000-0x00000000023D4000-memory.dmp

memory/2356-15-0x0000000000400000-0x0000000000487000-memory.dmp

memory/2356-12-0x0000000002320000-0x00000000023D4000-memory.dmp

memory/2356-8-0x0000000002320000-0x00000000023D4000-memory.dmp

memory/2356-16-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-18-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-20-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-21-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-53-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-56-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-60-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-89-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-90-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-88-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-87-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-86-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-85-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-83-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-82-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-81-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-80-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-79-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-77-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-76-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-75-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-74-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-73-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-72-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-71-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-92-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-97-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-96-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-95-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-94-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-93-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-91-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-70-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-68-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-67-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-66-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-64-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-63-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-62-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-61-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-59-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-58-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-84-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-78-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-57-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-55-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-69-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-65-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-54-0x00000000024E0000-0x00000000025A3000-memory.dmp

memory/2356-209-0x0000000000500000-0x0000000000558000-memory.dmp

memory/2356-210-0x0000000000400000-0x0000000000464000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\8705.tmp

MD5 926512864979bc27cf187f1de3f57aff
SHA1 acdeb9d6187932613c7fa08eaf28f0cd8116f4b5
SHA256 b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f
SHA512 f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b

C:\Users\Admin\AppData\Local\Temp\F282.tmp

MD5 cb8c17cfaee84cb3716b112c03a8c004
SHA1 1fe7d0a569d4b8458804d2cb8dfc07eddbed8f7f
SHA256 338f5f5e114779a0b786f21c26f2bf0c17c26dae8cd1106f4d3a518fa4e7f2e2
SHA512 d6b2f54d45503dc98eb2531619f49c42dfd6137036868f56a30c979065f75932904d1b6447c4032679d96c3cb737b52d4bfc1fcebeec1648c7913de5402f455d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-30 13:42

Reported

2024-10-30 13:45

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe"

Signatures

Simda family

simda

simda

stealer trojan simda

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\31929a8c = "B—²\x11€\u0081a\x15Í5¸£ò}P2Œ$¹\n9ÂhŒ\x11Ú„¬jê~³\x04Ì‹z¢È×þÃ=¡š\\ñŸ\x1da„\v@eGªÓ\x13ßõ¯NÃEr£\x1aDã2b•XÚuE‹0*uë&ÍÈxT;“y\x06¨\u00adŽ#x\x05\x0eÐ\v\u008dvc=\x04«\x11ŽáXd0‰\f…~ý}žà\u0090£S\x05+#\x03lnˆ\x03%¬á`ÜÄy¸s\x03\b¸Á\u009dE™CdN–{#“Óä1$ã\u0081ëÖ\x1cž{<\x04hÓ´[,ý\\üËTÓœ®PݦØþdT\x04S¤Ü\x01^FÄÖä‹n“\u00adm\x0ed{cË‹ál9æ´¼\tÃჀ‹ôe\x13k\x19€ž«áË´\x05h[•\x05$\x1b[D‹<Ñ锜£¼<\u00ad¸Þ;#h>\x10Ù”\u008dä¤31929a8c" C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7f684be9d9727ab07499a72d9d56f976_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 95.100.195.45:80 www.bing.com tcp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 gatyfus.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 puvyxil.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 lyryfyd.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 qegyqaq.com udp
US 8.8.8.8:53 purydyv.com udp
US 8.8.8.8:53 gacyzuz.com udp
US 8.8.8.8:53 lygymoj.com udp
US 8.8.8.8:53 vowydef.com udp
US 8.8.8.8:53 qexylup.com udp
US 8.8.8.8:53 qetyvep.com udp
US 8.8.8.8:53 vojyjof.com udp
US 8.8.8.8:53 lyvytuj.com udp
US 8.8.8.8:53 gatyvyz.com udp
US 8.8.8.8:53 pujyjav.com udp
US 8.8.8.8:53 vopybyt.com udp
US 8.8.8.8:53 qebytiq.com udp
US 8.8.8.8:53 lykyjad.com udp
US 8.8.8.8:53 ganypih.com udp
US 8.8.8.8:53 pupybul.com udp
US 8.8.8.8:53 qekykev.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 lysynur.com udp
US 8.8.8.8:53 pumypog.com udp
US 8.8.8.8:53 galykes.com udp
US 8.8.8.8:53 qedynul.com udp
US 8.8.8.8:53 volykyc.com udp
US 8.8.8.8:53 lymysan.com udp
US 8.8.8.8:53 gadyniw.com udp
US 8.8.8.8:53 puzylyp.com udp
US 8.8.8.8:53 qeqysag.com udp
US 8.8.8.8:53 vofymik.com udp
US 8.8.8.8:53 gaqydeb.com udp
US 8.8.8.8:53 lyxylux.com udp
US 8.8.8.8:53 puvytuq.com udp
US 8.8.8.8:53 gahyhob.com udp
US 8.8.8.8:53 lyryvex.com udp
US 8.8.8.8:53 vocyruk.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 purycap.com udp
US 8.8.8.8:53 gacyryw.com udp
US 8.8.8.8:53 lygygin.com udp
US 8.8.8.8:53 vowycac.com udp
US 8.8.8.8:53 qexyryl.com udp
US 8.8.8.8:53 pufygug.com udp
US 8.8.8.8:53 gaqycos.com udp
US 8.8.8.8:53 lyxywer.com udp
US 8.8.8.8:53 vofygum.com udp
US 8.8.8.8:53 qeqyxov.com udp
US 8.8.8.8:53 puzywel.com udp
US 8.8.8.8:53 gadyfuh.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 volyqat.com udp
US 8.8.8.8:53 qedyfyq.com udp
US 8.8.8.8:53 pumyxiv.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 vonyzuf.com udp
US 8.8.8.8:53 qekyqop.com udp
US 8.8.8.8:53 pufymoq.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 puzylyp.com udp
US 99.83.170.3:80 puzylyp.com tcp
US 69.162.80.55:80 lysyfyj.com tcp
US 44.221.84.105:80 qetyfuv.com tcp
US 104.21.30.183:80 qegyhig.com tcp
US 44.221.84.105:80 qetyfuv.com tcp
US 8.8.8.8:53 survey-smiles.com udp
US 99.83.170.3:80 puzylyp.com tcp
US 199.59.243.227:80 survey-smiles.com tcp
US 104.21.30.183:443 qegyhig.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.204.67:80 c.pki.goog tcp
US 8.8.8.8:53 45.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 55.80.162.69.in-addr.arpa udp
US 8.8.8.8:53 3.170.83.99.in-addr.arpa udp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 183.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 gatyfus.com udp
US 208.100.26.245:80 lyvyxor.com tcp
US 18.208.156.248:80 vonypom.com tcp
US 172.234.222.138:80 vojyqem.com tcp
US 162.255.119.102:80 gahyqah.com tcp
DE 178.162.217.107:80 gatyfus.com tcp
US 3.94.10.34:80 lymyxid.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 172.234.222.138:80 vojyqem.com tcp
US 8.8.8.8:53 www.gahyqah.com udp
DE 91.195.240.19:80 www.gahyqah.com tcp
US 8.8.8.8:53 gadyniw.com udp
HK 154.212.231.82:80 gadyniw.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 104.21.30.183:443 qegyhig.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 138.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 102.119.255.162.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 83.50.191.199.in-addr.arpa udp
US 8.8.8.8:53 19.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 82.231.212.154.in-addr.arpa udp
NL 5.79.71.205:80 gatyfus.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 205.71.79.5.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 5.79.71.205:80 gatyfus.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
NL 85.17.31.122:80 gatyfus.com tcp
NL 5.79.71.225:80 gatyfus.com tcp
US 8.8.8.8:53 225.71.79.5.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 pupydeq.com udp
US 8.8.8.8:53 ganyzub.com udp
US 8.8.8.8:53 lykymox.com udp
US 8.8.8.8:53 vopydek.com udp
US 8.8.8.8:53 qebylug.com udp
US 8.8.8.8:53 gatydaw.com udp
US 8.8.8.8:53 pujymip.com udp
US 8.8.8.8:53 lyvylyn.com udp
US 8.8.8.8:53 vojymic.com udp
US 8.8.8.8:53 qetysal.com udp
US 8.8.8.8:53 puvylyg.com udp
US 8.8.8.8:53 gahynus.com udp
US 8.8.8.8:53 lyrysor.com udp
US 8.8.8.8:53 qegynuv.com udp
US 8.8.8.8:53 vocykem.com udp
US 8.8.8.8:53 purypol.com udp
US 8.8.8.8:53 gacykeh.com udp
US 8.8.8.8:53 lygynud.com udp
US 8.8.8.8:53 vowypit.com udp
US 8.8.8.8:53 qexykaq.com udp
US 8.8.8.8:53 pufybyv.com udp
US 8.8.8.8:53 gaqypiz.com udp
US 8.8.8.8:53 lyxyjaj.com udp
US 8.8.8.8:53 vofybyf.com udp
US 8.8.8.8:53 qeqytup.com udp
US 8.8.8.8:53 puzyjoq.com udp
US 8.8.8.8:53 gadyveb.com udp
US 8.8.8.8:53 lymytux.com udp
US 8.8.8.8:53 volyjok.com udp
US 8.8.8.8:53 qedyveg.com udp
US 8.8.8.8:53 pumytup.com udp
US 8.8.8.8:53 galyhiw.com udp
US 8.8.8.8:53 lysyvan.com udp
US 8.8.8.8:53 vonyryc.com udp
US 8.8.8.8:53 qekyhil.com udp
US 8.8.8.8:53 pupycag.com udp
US 8.8.8.8:53 ganyrys.com udp
US 8.8.8.8:53 lykygur.com udp
US 8.8.8.8:53 vopycom.com udp
US 8.8.8.8:53 qebyrev.com udp
US 8.8.8.8:53 pujygul.com udp
US 8.8.8.8:53 gatycoh.com udp
US 8.8.8.8:53 lyvywed.com udp
US 8.8.8.8:53 vojygut.com udp
US 8.8.8.8:53 qetyxiq.com udp
US 8.8.8.8:53 puvywav.com udp
US 8.8.8.8:53 gahyfyz.com udp
US 8.8.8.8:53 lyryxij.com udp
US 8.8.8.8:53 vocyqaf.com udp
US 8.8.8.8:53 qegyfyp.com udp
US 8.8.8.8:53 gacyqob.com udp
US 8.8.8.8:53 puryxuq.com udp
US 8.8.8.8:53 lygyfex.com udp
US 8.8.8.8:53 vowyzuk.com udp
US 8.8.8.8:53 qexyqog.com udp
US 8.8.8.8:53 pufydep.com udp
US 8.8.8.8:53 gaqyzuw.com udp
US 8.8.8.8:53 lyxymin.com udp
US 8.8.8.8:53 vofydac.com udp
US 8.8.8.8:53 qeqylyl.com udp
US 8.8.8.8:53 puzymig.com udp
US 8.8.8.8:53 gadydas.com udp
US 8.8.8.8:53 lymylyr.com udp
US 8.8.8.8:53 volymum.com udp
US 8.8.8.8:53 pupydeq.com udp
US 8.8.8.8:53 lysyvan.com udp
US 13.248.169.48:80 pupydeq.com tcp
US 8.8.8.8:53 lygynud.com udp
US 8.8.8.8:53 lyrysor.com udp
US 107.178.223.183:80 lygynud.com tcp
US 104.21.26.151:80 lysyvan.com tcp
US 18.208.156.248:80 pupycag.com tcp
CN 111.6.96.18:80 lyrysor.com tcp
US 104.21.26.151:443 lysyvan.com tcp
US 13.248.169.48:80 pupydeq.com tcp
US 8.8.8.8:53 151.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 183.223.178.107.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 104.21.26.151:443 lysyvan.com tcp
CN 111.6.96.18:80 lyrysor.com tcp
US 8.8.8.8:53 qedysov.com udp
US 8.8.8.8:53 pumylel.com udp
US 8.8.8.8:53 galynuh.com udp
US 8.8.8.8:53 lysysod.com udp
US 8.8.8.8:53 vonyket.com udp
US 8.8.8.8:53 qekynuq.com udp
US 8.8.8.8:53 pupypiv.com udp
US 8.8.8.8:53 ganykaz.com udp
US 8.8.8.8:53 lykynyj.com udp
US 8.8.8.8:53 vopypif.com udp
US 8.8.8.8:53 qebykap.com udp
US 8.8.8.8:53 pujybyq.com udp
US 8.8.8.8:53 gatypub.com udp
US 8.8.8.8:53 lyvyjox.com udp
US 8.8.8.8:53 vojybek.com udp
US 8.8.8.8:53 qetytug.com udp
US 8.8.8.8:53 puvyjop.com udp
US 8.8.8.8:53 gahyvew.com udp
US 8.8.8.8:53 lyrytun.com udp
US 8.8.8.8:53 vocyjic.com udp
US 8.8.8.8:53 qegyval.com udp
US 8.8.8.8:53 purytyg.com udp
US 8.8.8.8:53 gacyhis.com udp
US 8.8.8.8:53 lygyvar.com udp
US 8.8.8.8:53 vowyrym.com udp
US 8.8.8.8:53 qexyhuv.com udp
US 8.8.8.8:53 pufycol.com udp
US 8.8.8.8:53 gaqyreh.com udp
US 8.8.8.8:53 lyxygud.com udp
US 8.8.8.8:53 vofycot.com udp
US 8.8.8.8:53 qeqyreq.com udp
US 8.8.8.8:53 puzyguv.com udp
US 8.8.8.8:53 lymywaj.com udp
US 8.8.8.8:53 gadyciz.com udp
US 8.8.8.8:53 volygyf.com udp
US 8.8.8.8:53 qedyxip.com udp
US 8.8.8.8:53 pumywaq.com udp
US 8.8.8.8:53 galyfyb.com udp
US 8.8.8.8:53 lysyxux.com udp
US 8.8.8.8:53 vonyqok.com udp
US 8.8.8.8:53 qekyfeg.com udp
US 8.8.8.8:53 pupyxup.com udp
US 8.8.8.8:53 ganyqow.com udp
US 8.8.8.8:53 lykyfen.com udp
US 8.8.8.8:53 vopyzuc.com udp
US 8.8.8.8:53 qebyqil.com udp
US 8.8.8.8:53 gatyzys.com udp
US 8.8.8.8:53 pujydag.com udp
US 8.8.8.8:53 lyvymir.com udp
US 8.8.8.8:53 vojydam.com udp
US 8.8.8.8:53 qetylyv.com udp
US 8.8.8.8:53 puvymul.com udp
US 8.8.8.8:53 gahydoh.com udp
US 8.8.8.8:53 lyryled.com udp
US 8.8.8.8:53 vocymut.com udp
US 8.8.8.8:53 qegysoq.com udp
US 8.8.8.8:53 purylev.com udp
US 8.8.8.8:53 gacynuz.com udp
US 8.8.8.8:53 lygysij.com udp
US 8.8.8.8:53 qexynyp.com udp
US 8.8.8.8:53 vowykaf.com udp
US 8.8.8.8:53 pufypiq.com udp
US 8.8.8.8:53 gaqykab.com udp
US 8.8.8.8:53 lyxynyx.com udp
US 8.8.8.8:53 qegyval.com udp
US 8.8.8.8:53 gadyciz.com udp
US 44.221.84.105:80 gadyciz.com tcp
US 8.8.8.8:53 qexyhuv.com udp
US 8.8.8.8:53 vofycot.com udp
US 15.197.240.20:80 qexyhuv.com tcp
HK 154.85.183.50:80 qegyval.com tcp
US 103.224.182.252:80 vofycot.com tcp
US 15.197.240.20:80 qexyhuv.com tcp

Files

memory/2988-0-0x0000000000400000-0x0000000000487000-memory.dmp

memory/2988-1-0x0000000000660000-0x00000000006B8000-memory.dmp

memory/2988-2-0x0000000000400000-0x0000000000464000-memory.dmp

memory/2988-4-0x0000000002620000-0x00000000026D4000-memory.dmp

memory/2988-5-0x0000000000400000-0x0000000000487000-memory.dmp

memory/2988-6-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-11-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-10-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-8-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-111-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-164-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-163-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-162-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-161-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-160-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-159-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-158-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-156-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-155-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-154-0x0000000002820000-0x00000000028E3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\8872.tmp

MD5 5837b2be0ee78450445491f91b2bfffa
SHA1 27af5cfa99874ad70960086efce4c179c4bc1532
SHA256 b680ef6988cfd7d9685dced544010da6504bd8441125d97cc01b8a26fff40808
SHA512 bd04f804cc9100fb0b48b23dbfbeee50a6a8977a9e3f5bdf3ea4a30a161938e88eaa331f996c9e62c896c7ae7a1cb1014d4eb2ba8e6015de6cdc266eb9695e70

memory/2988-153-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-152-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-151-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-150-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-149-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-148-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-147-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-146-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-145-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-144-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-143-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-142-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-140-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-139-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-138-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-137-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-135-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-134-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-132-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-131-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-130-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-128-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-127-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-126-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-125-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-124-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-122-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-123-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-121-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-120-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-119-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-118-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-117-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-116-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-115-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-114-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-112-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-110-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-157-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-141-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-136-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-133-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-129-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-113-0x0000000002820000-0x00000000028E3000-memory.dmp

memory/2988-256-0x0000000000660000-0x00000000006B8000-memory.dmp

memory/2988-257-0x0000000000400000-0x0000000000464000-memory.dmp