Malware Analysis Report

2024-12-07 14:26

Sample ID 241118-mglccatrcy
Target e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe
SHA256 e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35
Tags
simda discovery persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35

Threat Level: Known bad

The file e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe was found to be: Known bad.

Malicious Activity Summary

simda discovery persistence stealer trojan

simda

Modifies WinLogon for persistence

Simda family

Loads dropped DLL

Executes dropped EXE

Modifies WinLogon

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Suspicious behavior: RenamesItself

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-18 10:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-18 10:26

Reported

2024-11-18 10:28

Platform

win7-20241010-en

Max time kernel

110s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe," C:\Windows\apppatch\svchost.exe N/A

Simda family

simda

simda

stealer trojan simda

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\apppatch\svchost.exe N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\2598358f = "C:\\Windows\\apppatch\\svchost.exe" C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\2598358f = "C:\\Windows\\apppatch\\svchost.exe" C:\Windows\apppatch\svchost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Windows Defender\vojyqem.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\qetyfuv.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\lygynud.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\pupydeq.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\pupycag.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\lygynud.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\vocyzit.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\qetyfuv.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\galyqaz.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\lymyxid.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\galyqaz.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\pupydeq.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\pupycag.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\vojyqem.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\vonypom.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\vonypom.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\vocyzit.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\lymyxid.com C:\Windows\apppatch\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\apppatch\svchost.exe C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A
File opened for modification C:\Windows\apppatch\svchost.exe C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\apppatch\svchost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\apppatch\svchost.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe

"C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe"

C:\Windows\apppatch\svchost.exe

"C:\Windows\apppatch\svchost.exe"

Network

Country Destination Domain Proto
GB 88.221.135.11:80 www.bing.com tcp
US 8.8.8.8:53 puvytuq.com udp
US 8.8.8.8:53 lyxywer.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 vojyjof.com udp
US 8.8.8.8:53 gatyvyz.com udp
US 8.8.8.8:53 qekyqop.com udp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 qeqyxov.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 pufygug.com udp
US 8.8.8.8:53 lygymoj.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 purydyv.com udp
US 8.8.8.8:53 qexylup.com udp
US 8.8.8.8:53 qebytiq.com udp
US 8.8.8.8:53 lykyjad.com udp
US 8.8.8.8:53 galykes.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 pupybul.com udp
US 8.8.8.8:53 qedynul.com udp
US 8.8.8.8:53 puzylyp.com udp
US 8.8.8.8:53 lymysan.com udp
US 8.8.8.8:53 vofymik.com udp
US 8.8.8.8:53 gaqydeb.com udp
US 8.8.8.8:53 pumyxiv.com udp
US 8.8.8.8:53 volyqat.com udp
US 8.8.8.8:53 vowycac.com udp
US 8.8.8.8:53 gacyryw.com udp
US 8.8.8.8:53 gadyfuh.com udp
US 8.8.8.8:53 lyryvex.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 qekykev.com udp
US 8.8.8.8:53 purycap.com udp
US 8.8.8.8:53 lysynur.com udp
US 8.8.8.8:53 qexyryl.com udp
US 8.8.8.8:53 lygygin.com udp
US 8.8.8.8:53 gaqycos.com udp
US 8.8.8.8:53 puzywel.com udp
US 8.8.8.8:53 vofygum.com udp
US 8.8.8.8:53 pumypog.com udp
US 8.8.8.8:53 volykyc.com udp
US 8.8.8.8:53 gadyniw.com udp
US 8.8.8.8:53 qeqysag.com udp
US 8.8.8.8:53 lyxylux.com udp
US 8.8.8.8:53 pufymoq.com udp
US 8.8.8.8:53 vowydef.com udp
US 8.8.8.8:53 gacyzuz.com udp
US 8.8.8.8:53 qegyqaq.com udp
US 8.8.8.8:53 lyryfyd.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 puvyxil.com udp
US 8.8.8.8:53 qedyfyq.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 vonyzuf.com udp
US 8.8.8.8:53 gatyfus.com udp
US 8.8.8.8:53 ganypih.com udp
US 8.8.8.8:53 vopybyt.com udp
US 8.8.8.8:53 lyvytuj.com udp
US 8.8.8.8:53 pujyjav.com udp
US 8.8.8.8:53 vocyruk.com udp
US 8.8.8.8:53 qetyvep.com udp
US 8.8.8.8:53 gahyhob.com udp
US 18.208.156.248:80 vonypom.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 99.83.170.3:80 puzylyp.com tcp
NL 5.79.71.225:80 gatyfus.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 104.21.30.183:80 qegyhig.com tcp
US 208.100.26.245:80 lyvyxor.com tcp
US 23.253.46.64:80 gahyqah.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 3.94.10.34:80 lymyxid.com tcp
US 199.59.243.227:80 vojyqem.com tcp
US 8.8.8.8:53 lysyfyj.com udp
US 99.83.170.3:80 puzylyp.com tcp
US 23.253.46.64:80 gahyqah.com tcp
US 104.21.30.183:443 qegyhig.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
HK 154.212.231.82:80 gadyniw.com tcp
US 104.21.30.183:443 qegyhig.com tcp
NL 85.17.31.82:80 gatyfus.com tcp
NL 85.17.31.82:80 gatyfus.com tcp
DE 178.162.203.202:80 gatyfus.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
DE 178.162.217.107:80 gatyfus.com tcp
NL 5.79.71.205:80 gatyfus.com tcp
US 8.8.8.8:53 ganyzub.com udp
US 8.8.8.8:53 vopydek.com udp
US 8.8.8.8:53 pupydeq.com udp
US 8.8.8.8:53 lyvylyn.com udp
US 8.8.8.8:53 lykymox.com udp
US 8.8.8.8:53 qebylug.com udp
US 8.8.8.8:53 qetysal.com udp
US 8.8.8.8:53 gahynus.com udp
US 8.8.8.8:53 vocykem.com udp
US 8.8.8.8:53 purypol.com udp
US 8.8.8.8:53 lygynud.com udp
US 8.8.8.8:53 qexykaq.com udp
US 8.8.8.8:53 pujymip.com udp
US 8.8.8.8:53 gaqypiz.com udp
US 8.8.8.8:53 vofybyf.com udp
US 8.8.8.8:53 puzyjoq.com udp
US 8.8.8.8:53 lymytux.com udp
US 8.8.8.8:53 qedyveg.com udp
US 8.8.8.8:53 galyhiw.com udp
US 8.8.8.8:53 vonyryc.com udp
US 8.8.8.8:53 pupycag.com udp
US 8.8.8.8:53 lykygur.com udp
US 8.8.8.8:53 qebyrev.com udp
US 8.8.8.8:53 gatycoh.com udp
US 8.8.8.8:53 gatydaw.com udp
US 8.8.8.8:53 vojygut.com udp
US 8.8.8.8:53 puvywav.com udp
US 8.8.8.8:53 lyryxij.com udp
US 8.8.8.8:53 qegyfyp.com udp
US 8.8.8.8:53 gacyqob.com udp
US 8.8.8.8:53 vowyzuk.com udp
US 8.8.8.8:53 pufydep.com udp
US 8.8.8.8:53 lyxymin.com udp
US 8.8.8.8:53 qeqylyl.com udp
US 8.8.8.8:53 gadydas.com udp
US 8.8.8.8:53 volymum.com udp
US 8.8.8.8:53 vojymic.com udp
US 8.8.8.8:53 puvylyg.com udp
US 8.8.8.8:53 lyrysor.com udp
US 8.8.8.8:53 qegynuv.com udp
US 8.8.8.8:53 gacykeh.com udp
US 8.8.8.8:53 vowypit.com udp
US 8.8.8.8:53 pufybyv.com udp
US 8.8.8.8:53 lyxyjaj.com udp
US 8.8.8.8:53 qeqytup.com udp
US 8.8.8.8:53 gadyveb.com udp
US 8.8.8.8:53 pumytup.com udp
US 8.8.8.8:53 lysyvan.com udp
US 8.8.8.8:53 volyjok.com udp
US 8.8.8.8:53 ganyrys.com udp
US 8.8.8.8:53 vopycom.com udp
US 8.8.8.8:53 pujygul.com udp
US 8.8.8.8:53 lyvywed.com udp
US 8.8.8.8:53 qetyxiq.com udp
US 8.8.8.8:53 vocyqaf.com udp
US 8.8.8.8:53 gahyfyz.com udp
US 8.8.8.8:53 puryxuq.com udp
US 8.8.8.8:53 lygyfex.com udp
US 8.8.8.8:53 qexyqog.com udp
US 8.8.8.8:53 vofydac.com udp
US 8.8.8.8:53 gaqyzuw.com udp
US 8.8.8.8:53 puzymig.com udp
US 8.8.8.8:53 lymylyr.com udp
US 13.248.169.48:80 pupydeq.com tcp
US 18.208.156.248:80 pupycag.com tcp
US 172.67.136.136:80 lysyvan.com tcp
CN 103.150.10.48:80 lyrysor.com tcp
US 172.67.136.136:443 lysyvan.com tcp
US 3.94.10.34:80 lygynud.com tcp
US 172.67.136.136:443 lysyvan.com tcp
CN 103.150.10.48:80 lyrysor.com tcp

Files

memory/1796-0-0x0000000000400000-0x0000000000491000-memory.dmp

memory/1796-1-0x0000000000270000-0x00000000002BF000-memory.dmp

memory/1796-2-0x0000000000400000-0x000000000045C000-memory.dmp

\Windows\AppPatch\svchost.exe

MD5 317a35dfb97cda6a174d6cbff9f3eb08
SHA1 39d401451f0ceaee3753d94d7c8ba33f12c5d844
SHA256 6ec2abc65e554bf923d5656dbd6055789bfdfd3a3fe2283e6e1f5fe305bf41b8
SHA512 6b95e8fd007de496ec68838e00c2576cf27fac37a131e0f5e991d6c8e019eb6257fad4a689260c06fd73638e690099c70e9c10c5e536ad039ccb0c214a70604c

memory/1796-19-0x0000000000400000-0x000000000045C000-memory.dmp

memory/824-20-0x0000000000400000-0x0000000000491000-memory.dmp

memory/824-18-0x0000000000400000-0x0000000000491000-memory.dmp

memory/1796-17-0x0000000000270000-0x00000000002BF000-memory.dmp

memory/1796-16-0x0000000000400000-0x0000000000491000-memory.dmp

memory/824-21-0x0000000000400000-0x0000000000491000-memory.dmp

memory/824-22-0x0000000001E60000-0x0000000001F04000-memory.dmp

memory/824-28-0x0000000001E60000-0x0000000001F04000-memory.dmp

memory/824-32-0x0000000001E60000-0x0000000001F04000-memory.dmp

memory/824-33-0x0000000000400000-0x0000000000491000-memory.dmp

memory/824-30-0x0000000001E60000-0x0000000001F04000-memory.dmp

memory/824-26-0x0000000001E60000-0x0000000001F04000-memory.dmp

memory/824-24-0x0000000001E60000-0x0000000001F04000-memory.dmp

memory/824-34-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-36-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-38-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-41-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-48-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-69-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-84-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-83-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-82-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-81-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-80-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-78-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-77-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-76-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-74-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-73-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-72-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-71-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-70-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-68-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-67-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-66-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-65-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-64-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-63-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-62-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-61-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-60-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-59-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-58-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-57-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-56-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-55-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-54-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-53-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-52-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-51-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-50-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-79-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-75-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-49-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-47-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-46-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-45-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-44-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-40-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-43-0x0000000001F10000-0x0000000001FC2000-memory.dmp

memory/824-42-0x0000000001F10000-0x0000000001FC2000-memory.dmp

C:\Program Files (x86)\Windows Defender\pupydeq.com

MD5 bfde1e9e9c32c1681a16139450c6909d
SHA1 7e669b927e6a75a10a0ca29e38e58ddcb49b725e
SHA256 e0d020ba1cb6506cee234903a44c747ee0cfa7e2d1e60029e4cd8de9a431512a
SHA512 781fd54f155442dd34f9919b3cd063ee399db411bbfe15f2bdc43d3ab8ac2d04e1011b2c99fab42bebf7b903a94e09aaaef71b7a465d2d04b417f6dad8e8e396

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-18 10:26

Reported

2024-11-18 10:28

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe," C:\Windows\apppatch\svchost.exe N/A

Simda family

simda

simda

stealer trojan simda

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\apppatch\svchost.exe N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\579589b5 = "C:\\Windows\\apppatch\\svchost.exe" C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\579589b5 = "C:\\Windows\\apppatch\\svchost.exe" C:\Windows\apppatch\svchost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Defender\vofycot.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\vofycot.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\gahyhiz.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\lymyxid.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\lymyxid.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\gahyqah.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\galyqaz.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\gadyciz.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\vojyqem.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\galyqaz.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\galynuh.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\galynuh.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\vonypom.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\lygyvuj.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\gahyhiz.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\qexyhuv.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\qetyfuv.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\vocyzit.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\pupydeq.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\pupycag.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\pupycag.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\gadyciz.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\lyxynyx.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\qetyhyg.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\qetyhyg.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\vojyqem.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\vocyzit.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\gahyqah.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\lygynud.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\lygyvuj.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\vonypom.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\pupydeq.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\lyxynyx.com C:\Windows\apppatch\svchost.exe N/A
File created C:\Program Files (x86)\Windows Defender\qetyfuv.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\lygynud.com C:\Windows\apppatch\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Windows Defender\qexyhuv.com C:\Windows\apppatch\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\apppatch\svchost.exe C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A
File opened for modification C:\Windows\apppatch\svchost.exe C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\apppatch\svchost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\apppatch\svchost.exe N/A
N/A N/A C:\Windows\apppatch\svchost.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe

"C:\Users\Admin\AppData\Local\Temp\e88a6dc649e7fefc6235169d82384737674493bdaa06113c2340bb5067360c35.exe"

C:\Windows\apppatch\svchost.exe

"C:\Windows\apppatch\svchost.exe"

Network

Country Destination Domain Proto
GB 88.221.135.57:80 www.bing.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 volyqat.com udp
US 8.8.8.8:53 qedyfyq.com udp
US 8.8.8.8:53 pumyxiv.com udp
US 8.8.8.8:53 galyqaz.com udp
US 8.8.8.8:53 lysyfyj.com udp
US 8.8.8.8:53 vonyzuf.com udp
US 8.8.8.8:53 qekyqop.com udp
US 8.8.8.8:53 lyvyxor.com udp
US 8.8.8.8:53 vojyqem.com udp
US 8.8.8.8:53 qetyfuv.com udp
US 8.8.8.8:53 vocyruk.com udp
US 8.8.8.8:53 lyryvex.com udp
US 8.8.8.8:53 gahyhob.com udp
US 8.8.8.8:53 puvytuq.com udp
US 8.8.8.8:53 qetyvep.com udp
US 8.8.8.8:53 vojyjof.com udp
US 8.8.8.8:53 lyvytuj.com udp
US 8.8.8.8:53 gatyvyz.com udp
US 8.8.8.8:53 pujyjav.com udp
US 8.8.8.8:53 vopybyt.com udp
US 8.8.8.8:53 qebytiq.com udp
US 8.8.8.8:53 lykyjad.com udp
US 8.8.8.8:53 gacyryw.com udp
US 8.8.8.8:53 qegyhig.com udp
US 8.8.8.8:53 purycap.com udp
US 8.8.8.8:53 lygygin.com udp
US 8.8.8.8:53 vowycac.com udp
US 8.8.8.8:53 qexyryl.com udp
US 8.8.8.8:53 pufygug.com udp
US 8.8.8.8:53 gaqycos.com udp
US 8.8.8.8:53 vofygum.com udp
US 8.8.8.8:53 lyxywer.com udp
US 8.8.8.8:53 qeqyxov.com udp
US 8.8.8.8:53 puzywel.com udp
US 8.8.8.8:53 gadyfuh.com udp
US 8.8.8.8:53 lymyxid.com udp
US 8.8.8.8:53 ganypih.com udp
US 8.8.8.8:53 pupybul.com udp
US 8.8.8.8:53 lymysan.com udp
US 8.8.8.8:53 volykyc.com udp
US 8.8.8.8:53 qedynul.com udp
US 8.8.8.8:53 pumypog.com udp
US 8.8.8.8:53 galykes.com udp
US 8.8.8.8:53 lysynur.com udp
US 8.8.8.8:53 vonypom.com udp
US 8.8.8.8:53 gahyqah.com udp
US 8.8.8.8:53 puvyxil.com udp
US 8.8.8.8:53 gatyfus.com udp
US 8.8.8.8:53 lyryfyd.com udp
US 8.8.8.8:53 vocyzit.com udp
US 8.8.8.8:53 qegyqaq.com udp
US 8.8.8.8:53 purydyv.com udp
US 8.8.8.8:53 gacyzuz.com udp
US 8.8.8.8:53 lygymoj.com udp
US 8.8.8.8:53 vowydef.com udp
US 8.8.8.8:53 qexylup.com udp
US 8.8.8.8:53 pufymoq.com udp
US 8.8.8.8:53 gaqydeb.com udp
US 8.8.8.8:53 lyxylux.com udp
US 8.8.8.8:53 vofymik.com udp
US 8.8.8.8:53 qeqysag.com udp
US 8.8.8.8:53 puzylyp.com udp
US 8.8.8.8:53 qekykev.com udp
US 8.8.8.8:53 gadyniw.com udp
US 208.100.26.245:80 lyvyxor.com tcp
US 199.191.50.83:80 galyqaz.com tcp
US 172.67.173.131:80 qegyhig.com tcp
US 44.221.84.105:80 vocyzit.com tcp
US 3.94.10.34:80 lymyxid.com tcp
US 162.255.119.102:80 gahyqah.com tcp
US 18.208.156.248:80 vonypom.com tcp
US 199.59.243.227:80 vojyqem.com tcp
US 99.83.170.3:80 puzylyp.com tcp
DE 178.162.217.107:80 gatyfus.com tcp
US 44.221.84.105:80 vocyzit.com tcp
HK 154.212.231.82:80 gadyniw.com tcp
US 99.83.170.3:80 puzylyp.com tcp
US 8.8.8.8:53 www.gahyqah.com udp
US 172.67.173.131:443 qegyhig.com tcp
DE 91.195.240.19:80 www.gahyqah.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 57.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 34.10.94.3.in-addr.arpa udp
US 8.8.8.8:53 3.170.83.99.in-addr.arpa udp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 102.119.255.162.in-addr.arpa udp
US 8.8.8.8:53 131.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 83.50.191.199.in-addr.arpa udp
US 8.8.8.8:53 82.231.212.154.in-addr.arpa udp
US 8.8.8.8:53 19.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 172.67.173.131:443 qegyhig.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
NL 5.79.71.225:80 gatyfus.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 225.71.79.5.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 5.79.71.225:80 gatyfus.com tcp
US 8.8.8.8:53 gatydaw.com udp
US 8.8.8.8:53 puvylyg.com udp
US 8.8.8.8:53 vojymic.com udp
US 8.8.8.8:53 gacyqob.com udp
US 8.8.8.8:53 puryxuq.com udp
US 8.8.8.8:53 qegyfyp.com udp
US 8.8.8.8:53 vocyqaf.com udp
US 8.8.8.8:53 lyryxij.com udp
US 8.8.8.8:53 qebyrev.com udp
US 8.8.8.8:53 pujymip.com udp
US 8.8.8.8:53 vopycom.com udp
US 8.8.8.8:53 ganyzub.com udp
US 8.8.8.8:53 vonyryc.com udp
US 8.8.8.8:53 puvywav.com udp
US 8.8.8.8:53 qebylug.com udp
US 8.8.8.8:53 lysyvan.com udp
US 8.8.8.8:53 qekyhil.com udp
US 8.8.8.8:53 pumytup.com udp
US 8.8.8.8:53 qedyveg.com udp
US 8.8.8.8:53 volyjok.com udp
US 8.8.8.8:53 gadyveb.com udp
US 8.8.8.8:53 qetyxiq.com udp
US 8.8.8.8:53 lygyfex.com udp
US 8.8.8.8:53 vojygut.com udp
US 8.8.8.8:53 vowyzuk.com udp
US 8.8.8.8:53 qexyqog.com udp
US 8.8.8.8:53 pufydep.com udp
US 8.8.8.8:53 gaqyzuw.com udp
US 8.8.8.8:53 lyxymin.com udp
US 8.8.8.8:53 vofydac.com udp
US 8.8.8.8:53 puzymig.com udp
US 8.8.8.8:53 qeqylyl.com udp
US 8.8.8.8:53 gadydas.com udp
US 8.8.8.8:53 lymylyr.com udp
US 8.8.8.8:53 volymum.com udp
US 8.8.8.8:53 pupydeq.com udp
US 8.8.8.8:53 lyvylyn.com udp
US 8.8.8.8:53 lykymox.com udp
US 8.8.8.8:53 galyhiw.com udp
US 8.8.8.8:53 vofybyf.com udp
US 8.8.8.8:53 qeqytup.com udp
US 8.8.8.8:53 gaqypiz.com udp
US 8.8.8.8:53 pufybyv.com udp
US 8.8.8.8:53 purypol.com udp
US 8.8.8.8:53 qegynuv.com udp
US 8.8.8.8:53 puzyjoq.com udp
US 8.8.8.8:53 lyxyjaj.com udp
US 8.8.8.8:53 qexykaq.com udp
US 8.8.8.8:53 lyrysor.com udp
US 8.8.8.8:53 vocykem.com udp
US 8.8.8.8:53 gahyfyz.com udp
US 8.8.8.8:53 gahynus.com udp
US 8.8.8.8:53 qetysal.com udp
US 8.8.8.8:53 pujygul.com udp
US 8.8.8.8:53 gatycoh.com udp
US 8.8.8.8:53 pupycag.com udp
US 8.8.8.8:53 lyvywed.com udp
US 8.8.8.8:53 ganyrys.com udp
US 8.8.8.8:53 lykygur.com udp
US 8.8.8.8:53 vopydek.com udp
US 8.8.8.8:53 lygynud.com udp
US 8.8.8.8:53 gacykeh.com udp
US 8.8.8.8:53 vowypit.com udp
US 8.8.8.8:53 lymytux.com udp
US 104.21.26.151:80 lysyvan.com tcp
US 3.94.10.34:80 lygynud.com tcp
US 76.223.54.146:80 pupydeq.com tcp
CN 103.150.10.48:80 lyrysor.com tcp
US 104.21.26.151:443 lysyvan.com tcp
US 8.8.8.8:53 151.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 104.21.26.151:443 lysyvan.com tcp
US 18.208.156.248:80 pupycag.com tcp
CN 103.150.10.48:80 lyrysor.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 gacyhis.com udp
US 8.8.8.8:53 qegyval.com udp
US 8.8.8.8:53 purytyg.com udp
US 8.8.8.8:53 ganykaz.com udp
US 8.8.8.8:53 gahyvew.com udp
US 8.8.8.8:53 qetytug.com udp
US 8.8.8.8:53 vonyket.com udp
US 8.8.8.8:53 vojybek.com udp
US 8.8.8.8:53 qekynuq.com udp
US 8.8.8.8:53 gaqykab.com udp
US 8.8.8.8:53 lyxynyx.com udp
US 8.8.8.8:53 pufypiq.com udp
US 8.8.8.8:53 qexynyp.com udp
US 8.8.8.8:53 vowykaf.com udp
US 8.8.8.8:53 lygysij.com udp
US 8.8.8.8:53 purylev.com udp
US 8.8.8.8:53 gacynuz.com udp
US 8.8.8.8:53 qegysoq.com udp
US 8.8.8.8:53 vocymut.com udp
US 8.8.8.8:53 puvymul.com udp
US 8.8.8.8:53 gahydoh.com udp
US 8.8.8.8:53 lyryled.com udp
US 8.8.8.8:53 qetylyv.com udp
US 8.8.8.8:53 vojydam.com udp
US 8.8.8.8:53 lykynyj.com udp
US 8.8.8.8:53 lymywaj.com udp
US 8.8.8.8:53 gadyciz.com udp
US 8.8.8.8:53 puzyguv.com udp
US 8.8.8.8:53 qebykap.com udp
US 8.8.8.8:53 pujybyq.com udp
US 8.8.8.8:53 qeqyreq.com udp
US 8.8.8.8:53 vocyjic.com udp
US 8.8.8.8:53 lyvyjox.com udp
US 8.8.8.8:53 gatypub.com udp
US 8.8.8.8:53 lyrytun.com udp
US 8.8.8.8:53 pumylel.com udp
US 8.8.8.8:53 qedysov.com udp
US 8.8.8.8:53 vopypif.com udp
US 8.8.8.8:53 pupypiv.com udp
US 8.8.8.8:53 vowyrym.com udp
US 8.8.8.8:53 lyxygud.com udp
US 8.8.8.8:53 gaqyreh.com udp
US 8.8.8.8:53 qexyhuv.com udp
US 8.8.8.8:53 puvyjop.com udp
US 8.8.8.8:53 lygyvar.com udp
US 8.8.8.8:53 volygyf.com udp
US 8.8.8.8:53 qedyxip.com udp
US 8.8.8.8:53 pumywaq.com udp
US 8.8.8.8:53 galyfyb.com udp
US 8.8.8.8:53 pupyxup.com udp
US 8.8.8.8:53 lykyfen.com udp
US 8.8.8.8:53 ganyqow.com udp
US 8.8.8.8:53 vopyzuc.com udp
US 8.8.8.8:53 galynuh.com udp
US 8.8.8.8:53 lysyxux.com udp
US 8.8.8.8:53 qebyqil.com udp
US 8.8.8.8:53 pujydag.com udp
US 8.8.8.8:53 gatyzys.com udp
US 8.8.8.8:53 lysysod.com udp
US 8.8.8.8:53 pufycol.com udp
US 8.8.8.8:53 vonyqok.com udp
US 8.8.8.8:53 vofycot.com udp
US 103.224.212.210:80 lyxynyx.com tcp
US 44.221.84.105:80 gadyciz.com tcp
US 13.248.213.45:80 qexyhuv.com tcp
US 103.224.182.252:80 vofycot.com tcp
US 64.225.91.73:80 galynuh.com tcp
HK 154.85.183.50:80 qegyval.com tcp
US 8.8.8.8:53 ww25.lyxynyx.com udp
US 8.8.8.8:53 ww16.vofycot.com udp
DE 64.190.63.136:80 ww16.vofycot.com tcp
US 199.59.243.227:80 ww25.lyxynyx.com tcp
US 8.8.8.8:53 45.213.248.13.in-addr.arpa udp
US 8.8.8.8:53 252.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 210.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 73.91.225.64.in-addr.arpa udp
US 8.8.8.8:53 50.183.85.154.in-addr.arpa udp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 qebyhuq.com udp
US 8.8.8.8:53 pujycov.com udp
US 8.8.8.8:53 lyvyguj.com udp
US 8.8.8.8:53 pupytyl.com udp
US 8.8.8.8:53 puryjil.com udp
US 8.8.8.8:53 lykyvod.com udp
US 8.8.8.8:53 gatyrez.com udp
US 8.8.8.8:53 gacyvah.com udp
US 8.8.8.8:53 lyvynen.com udp
US 8.8.8.8:53 pujypup.com udp
US 8.8.8.8:53 gahypus.com udp
US 8.8.8.8:53 pupylaq.com udp
US 8.8.8.8:53 qegytyv.com udp
US 8.8.8.8:53 vopyret.com udp
US 8.8.8.8:53 gatykow.com udp
US 8.8.8.8:53 vojypuc.com udp
US 8.8.8.8:53 qekysip.com udp
US 8.8.8.8:53 vonymuf.com udp
US 8.8.8.8:53 lysylej.com udp
US 8.8.8.8:53 pumymuv.com udp
US 8.8.8.8:53 volydot.com udp
US 8.8.8.8:53 qedyleq.com udp
US 8.8.8.8:53 lymymud.com udp
US 8.8.8.8:53 gadyzyh.com udp
US 8.8.8.8:53 puzydal.com udp
US 8.8.8.8:53 qebynyg.com udp
US 8.8.8.8:53 qeqyqiv.com udp
US 8.8.8.8:53 vofyzym.com udp
US 8.8.8.8:53 lyxyfar.com udp
US 8.8.8.8:53 pufyxug.com udp
US 8.8.8.8:53 qexyfel.com udp
US 8.8.8.8:53 lygyxun.com udp
US 8.8.8.8:53 vopykak.com udp
US 8.8.8.8:53 gacyfew.com udp
US 8.8.8.8:53 purywop.com udp
US 8.8.8.8:53 qegyxug.com udp
US 8.8.8.8:53 lyrywax.com udp
US 8.8.8.8:53 gahycib.com udp
US 8.8.8.8:53 lyryjir.com udp
US 8.8.8.8:53 lykysix.com udp
US 8.8.8.8:53 vocygyk.com udp
US 8.8.8.8:53 qetyrap.com udp
US 8.8.8.8:53 puvygyq.com udp
US 8.8.8.8:53 vonyjim.com udp
US 8.8.8.8:53 vojycif.com udp
US 8.8.8.8:53 gaqyqis.com udp
US 8.8.8.8:53 qekyvav.com udp
US 8.8.8.8:53 volybec.com udp
US 8.8.8.8:53 lysytyr.com udp
US 8.8.8.8:53 qeqykog.com udp
US 8.8.8.8:53 galyvas.com udp
US 8.8.8.8:53 vowyqoc.com udp
US 8.8.8.8:53 pumyjig.com udp
US 8.8.8.8:53 qetykol.com udp
US 8.8.8.8:53 ganyhuh.com udp
US 8.8.8.8:53 puvybeg.com udp
US 8.8.8.8:53 vofypuk.com udp
US 8.8.8.8:53 gadypuw.com udp
US 8.8.8.8:53 qedytul.com udp
US 8.8.8.8:53 lymyjon.com udp
US 8.8.8.8:53 vocybam.com udp
US 8.8.8.8:53 puzybep.com udp
US 8.8.8.8:53 galydoz.com udp
US 8.8.8.8:53 lyvyvix.com udp
US 8.8.8.8:53 pujyteq.com udp
US 8.8.8.8:53 gatyhub.com udp
US 8.8.8.8:53 puvycip.com udp
US 8.8.8.8:53 qetyhyg.com udp
US 8.8.8.8:53 vojyrak.com udp
US 8.8.8.8:53 ganyvoz.com udp
US 8.8.8.8:53 vopyjuf.com udp
US 8.8.8.8:53 lykytej.com udp
US 8.8.8.8:53 pupyjuv.com udp
US 8.8.8.8:53 galypyh.com udp
US 8.8.8.8:53 qekytyq.com udp
US 8.8.8.8:53 pumybal.com udp
US 8.8.8.8:53 qedykiv.com udp
US 8.8.8.8:53 volypum.com udp
US 8.8.8.8:53 lymyner.com udp
US 8.8.8.8:53 gadykos.com udp
US 8.8.8.8:53 qeqynel.com udp
US 8.8.8.8:53 puzypug.com udp
US 8.8.8.8:53 vofykoc.com udp
US 8.8.8.8:53 gaqynyw.com udp
US 8.8.8.8:53 lyxysun.com udp
US 8.8.8.8:53 pufylap.com udp
US 8.8.8.8:53 qexysig.com udp
US 8.8.8.8:53 vowymyk.com udp
US 8.8.8.8:53 lygylax.com udp
US 8.8.8.8:53 gacydib.com udp
US 8.8.8.8:53 purymuq.com udp
US 8.8.8.8:53 lyxyvoj.com udp
US 8.8.8.8:53 qexyvoq.com udp
US 8.8.8.8:53 pupywog.com udp
US 8.8.8.8:53 gaqyhuz.com udp
US 8.8.8.8:53 pufytev.com udp
US 8.8.8.8:53 vowyjut.com udp
US 8.8.8.8:53 lygytyd.com udp
US 8.8.8.8:53 qebyvop.com udp
US 64.225.91.73:80 qetyhyg.com tcp
US 8.8.8.8:53 lysyjid.com udp
US 8.8.8.8:53 qekyxul.com udp
US 8.8.8.8:53 qegylep.com udp
US 8.8.8.8:53 galycuw.com udp
US 72.52.179.174:80 gatyhub.com tcp
US 8.8.8.8:53 vonygec.com udp
US 8.8.8.8:53 qedyrag.com udp
US 8.8.8.8:53 gadyrab.com udp
US 8.8.8.8:53 vonybat.com udp
US 8.8.8.8:53 puzyciq.com udp
US 8.8.8.8:53 lymygyx.com udp
US 8.8.8.8:53 volycik.com udp
US 8.8.8.8:53 pumygyp.com udp
US 8.8.8.8:53 lysywon.com udp
US 8.8.8.8:53 vofyref.com udp
US 8.8.8.8:53 qeqyhup.com udp
US 8.8.8.8:53 vocydof.com udp
US 8.8.8.8:53 lyrymuj.com udp
US 8.8.8.8:53 puvydov.com udp
US 8.8.8.8:53 gahyzez.com udp
US 8.8.8.8:53 qetyquq.com udp
US 8.8.8.8:53 gatyqih.com udp
US 8.8.8.8:53 pujyxyl.com udp
US 8.8.8.8:53 vojyzyt.com udp
US 8.8.8.8:53 lykyxur.com udp
US 8.8.8.8:53 lyvyfad.com udp
US 72.52.179.174:80 gatyhub.com tcp
US 8.8.8.8:53 174.179.52.72.in-addr.arpa udp
US 8.8.8.8:53 lysymux.com udp
US 8.8.8.8:53 pumydoq.com udp
US 8.8.8.8:53 galyzeb.com udp
US 8.8.8.8:53 pupymyp.com udp
US 8.8.8.8:53 qekylag.com udp
US 8.8.8.8:53 gadyquz.com udp
US 8.8.8.8:53 puzyxyv.com udp
US 8.8.8.8:53 lymyfoj.com udp
US 8.8.8.8:53 qeqyfaq.com udp
US 8.8.8.8:53 gaqyfah.com udp
US 8.8.8.8:53 ganycuh.com udp
US 8.8.8.8:53 vocycuc.com udp
US 8.8.8.8:53 gahyraw.com udp
US 8.8.8.8:53 volyrac.com udp
US 8.8.8.8:53 lymyvin.com udp
US 8.8.8.8:53 pupygel.com udp
US 8.8.8.8:53 qeqyvig.com udp
US 8.8.8.8:53 puzytap.com udp
US 8.8.8.8:53 vofyjuk.com udp
US 8.8.8.8:53 lyxytex.com udp
US 8.8.8.8:53 gaqyvob.com udp
US 8.8.8.8:53 pufyjuq.com udp
US 8.8.8.8:53 qexytep.com udp
US 8.8.8.8:53 vowybof.com udp
US 8.8.8.8:53 lygyjuj.com udp
US 8.8.8.8:53 gacypyz.com udp
US 8.8.8.8:53 lygywor.com udp
US 8.8.8.8:53 qegykiq.com udp
US 8.8.8.8:53 vocypyt.com udp
US 8.8.8.8:53 lyrynad.com udp
US 8.8.8.8:53 gahykih.com udp
US 8.8.8.8:53 lykywid.com udp
US 8.8.8.8:53 lyrygyn.com udp
US 8.8.8.8:53 lykylan.com udp
US 8.8.8.8:53 qekyrov.com udp
US 8.8.8.8:53 lysyger.com udp
US 8.8.8.8:53 lyvysur.com udp
US 8.8.8.8:53 galyros.com udp
US 8.8.8.8:53 qedyhyl.com udp
US 8.8.8.8:53 qegyrol.com udp
US 8.8.8.8:53 qebyxyq.com udp
US 8.8.8.8:53 pumycug.com udp
US 8.8.8.8:53 qedyqup.com udp
US 8.8.8.8:53 vofyqit.com udp
US 8.8.8.8:53 pufywil.com udp
US 8.8.8.8:53 qexyxuv.com udp
US 8.8.8.8:53 vonycum.com udp
US 8.8.8.8:53 vowygem.com udp
US 8.8.8.8:53 gacycus.com udp
US 8.8.8.8:53 purygeg.com udp
US 8.8.8.8:53 volyzef.com udp
US 8.8.8.8:53 qetynev.com udp
US 8.8.8.8:53 gadyhyw.com udp
US 8.8.8.8:53 ganydiw.com udp
US 8.8.8.8:53 qebysul.com udp
US 8.8.8.8:53 pujylog.com udp
US 8.8.8.8:53 lyxyxyd.com udp
US 8.8.8.8:53 vojykom.com udp
US 8.8.8.8:53 puvypul.com udp
US 8.8.8.8:53 vonydik.com udp
US 8.8.8.8:53 gatynes.com udp
US 8.8.8.8:53 vopygat.com udp
US 8.8.8.8:53 volyquk.com udp
US 8.8.8.8:53 qedyfog.com udp
US 8.8.8.8:53 vonyzac.com udp
US 8.8.8.8:53 gadyfob.com udp
US 8.8.8.8:53 qeqyxyp.com udp
US 8.8.8.8:53 pumyxep.com udp
US 8.8.8.8:53 puzywuq.com udp
US 8.8.8.8:53 gacyroh.com udp
US 8.8.8.8:53 lyxywij.com udp
US 8.8.8.8:53 lymyxex.com udp
US 8.8.8.8:53 lysyfin.com udp
US 8.8.8.8:53 vocyrom.com udp
US 8.8.8.8:53 galyquw.com udp
US 8.8.8.8:53 pufygav.com udp
US 8.8.8.8:53 purycul.com udp
US 8.8.8.8:53 lyryvur.com udp
US 8.8.8.8:53 lygyged.com udp
US 8.8.8.8:53 lyvytan.com udp
US 8.8.8.8:53 vojyjyc.com udp
US 8.8.8.8:53 qetyvil.com udp
US 8.8.8.8:53 gatyviw.com udp
US 8.8.8.8:53 gahyhys.com udp
US 8.8.8.8:53 qeqysuv.com udp
US 8.8.8.8:53 vofymem.com udp
US 8.8.8.8:53 lyxylor.com udp
US 8.8.8.8:53 gaqydus.com udp
US 8.8.8.8:53 pufymyg.com udp
US 8.8.8.8:53 vowydic.com udp
US 8.8.8.8:53 qexylal.com udp
US 8.8.8.8:53 purydip.com udp
US 8.8.8.8:53 gacyzaw.com udp
US 8.8.8.8:53 qegyqug.com udp
US 8.8.8.8:53 lyryfox.com udp
US 8.8.8.8:53 vocyzek.com udp
US 8.8.8.8:53 qegyhev.com udp
US 8.8.8.8:53 gaqycyz.com udp
US 8.8.8.8:53 vofygaf.com udp
US 8.8.8.8:53 qexyriq.com udp
US 8.8.8.8:53 vowycut.com udp
US 8.8.8.8:53 qekykup.com udp
US 8.8.8.8:53 gadyneh.com udp
US 8.8.8.8:53 pujywiv.com udp
US 8.8.8.8:53 lymysud.com udp
US 8.8.8.8:53 gatyfaz.com udp
US 8.8.8.8:53 puvytag.com udp
US 8.8.8.8:53 lyvyxyj.com udp
US 8.8.8.8:53 puvyxeq.com udp
US 8.8.8.8:53 gahyqub.com udp
US 8.8.8.8:53 volykit.com udp
US 8.8.8.8:53 pumypyv.com udp
US 8.8.8.8:53 vojyquf.com udp
US 8.8.8.8:53 qedynaq.com udp
US 8.8.8.8:53 lysynaj.com udp
US 8.8.8.8:53 vonypyf.com udp
US 8.8.8.8:53 pupyboq.com udp
US 8.8.8.8:53 lygymyn.com udp
US 8.8.8.8:53 lykyjux.com udp
US 8.8.8.8:53 vopybok.com udp
US 8.8.8.8:53 ganypeb.com udp
US 8.8.8.8:53 qebyteg.com udp
US 8.8.8.8:53 pujyjup.com udp
US 8.8.8.8:53 galykiz.com udp
US 8.8.8.8:53 vofydut.com udp
US 8.8.8.8:53 lymylij.com udp
US 8.8.8.8:53 lyxymed.com udp
US 8.8.8.8:53 vowyzam.com udp
US 8.8.8.8:53 qeqyloq.com udp
US 8.8.8.8:53 gaqyzoh.com udp
US 8.8.8.8:53 lygyfir.com udp
US 8.8.8.8:53 gadyduz.com udp
US 8.8.8.8:53 vojygok.com udp
US 8.8.8.8:53 puryxag.com udp
US 8.8.8.8:53 qebyrip.com udp
US 8.8.8.8:53 qegyfil.com udp
US 8.8.8.8:53 qexyqyv.com udp
US 8.8.8.8:53 pufydul.com udp
US 8.8.8.8:53 puzymev.com udp
US 8.8.8.8:53 gatycyb.com udp
US 8.8.8.8:53 pujygaq.com udp
US 8.8.8.8:53 lymytar.com udp
US 8.8.8.8:53 gadyvis.com udp
US 8.8.8.8:53 puzyjyg.com udp
US 8.8.8.8:53 qeqytal.com udp
US 8.8.8.8:53 vofybic.com udp
US 8.8.8.8:53 lyxyjun.com udp
US 8.8.8.8:53 gaqypew.com udp
US 8.8.8.8:53 pufybop.com udp
US 8.8.8.8:53 vopycyf.com udp
US 8.8.8.8:53 purypyq.com udp
US 8.8.8.8:53 qebylov.com udp
US 8.8.8.8:53 gahynaz.com udp
US 8.8.8.8:53 gatyduh.com udp
US 8.8.8.8:53 puvyliv.com udp
US 8.8.8.8:53 pupydig.com udp
US 8.8.8.8:53 gahyfow.com udp
US 8.8.8.8:53 vocykif.com udp
US 8.8.8.8:53 lyrysyj.com udp
US 8.8.8.8:53 vopydum.com udp
US 8.8.8.8:53 pujymel.com udp
US 8.8.8.8:53 lyvylod.com udp
US 8.8.8.8:53 vojymet.com udp
US 8.8.8.8:53 qetysuq.com udp
US 8.8.8.8:53 lykymyr.com udp
US 8.8.8.8:53 qetyxeg.com udp
US 8.8.8.8:53 ganyzas.com udp
US 8.8.8.8:53 vowypek.com udp
US 8.8.8.8:53 vocyquc.com udp
US 8.8.8.8:53 lyryxen.com udp
US 8.8.8.8:53 qegynap.com udp
US 8.8.8.8:53 lykygaj.com udp
US 8.8.8.8:53 puvywup.com udp
US 8.8.8.8:53 volyjym.com udp
US 8.8.8.8:53 qekyheq.com udp
US 8.8.8.8:53 pumytol.com udp
US 8.8.8.8:53 gacyqys.com udp
US 8.8.8.8:53 pupycuv.com udp
US 8.8.8.8:53 vonyrot.com udp
US 8.8.8.8:53 lysyvud.com udp
US 8.8.8.8:53 lygynox.com udp
US 8.8.8.8:53 ganyriz.com udp
US 8.8.8.8:53 gacykub.com udp
US 8.8.8.8:53 lyvywux.com udp
US 8.8.8.8:53 galyheh.com udp
US 8.8.8.8:53 qekyqyl.com udp
US 8.8.8.8:53 qexykug.com udp
US 8.8.8.8:53 gahyvuh.com udp
US 8.8.8.8:53 pujybig.com udp
US 8.8.8.8:53 qetytav.com udp
US 8.8.8.8:53 gatypas.com udp
US 8.8.8.8:53 vojybim.com udp
US 8.8.8.8:53 lyvyjyr.com udp
US 8.8.8.8:53 qebykul.com udp
US 8.8.8.8:53 gacynow.com udp
US 8.8.8.8:53 pupypep.com udp
US 8.8.8.8:53 vopypec.com udp
US 8.8.8.8:53 vocymak.com udp
US 8.8.8.8:53 lyrylix.com udp
US 8.8.8.8:53 gaqykus.com udp
US 8.8.8.8:53 qegysyg.com udp
US 8.8.8.8:53 purylup.com udp
US 8.8.8.8:53 qekyfiv.com udp
US 8.8.8.8:53 pujyduv.com udp
US 8.8.8.8:53 lysyxar.com udp
US 8.8.8.8:53 pumywug.com udp
US 8.8.8.8:53 lykyfud.com udp
US 8.8.8.8:53 qebyqeq.com udp
US 8.8.8.8:53 qedyxel.com udp
US 8.8.8.8:53 volygoc.com udp
US 8.8.8.8:53 lymywun.com udp
US 8.8.8.8:53 gadycew.com udp
US 8.8.8.8:53 vonyqym.com udp
US 8.8.8.8:53 vofycyk.com udp
US 8.8.8.8:53 qeqyrug.com udp
US 8.8.8.8:53 puzygop.com udp
US 8.8.8.8:53 gaqyrib.com udp
US 8.8.8.8:53 lyxygax.com udp
US 8.8.8.8:53 pufycyq.com udp
US 8.8.8.8:53 gatyzoz.com udp
US 8.8.8.8:53 qexyhap.com udp
US 8.8.8.8:53 pumyliq.com udp
US 8.8.8.8:53 volymaf.com udp
US 8.8.8.8:53 vopyzot.com udp
US 8.8.8.8:53 galyfis.com udp
US 8.8.8.8:53 qegyvuq.com udp
US 8.8.8.8:53 vonykuk.com udp
US 8.8.8.8:53 qekynog.com udp
US 8.8.8.8:53 lysysyx.com udp
US 8.8.8.8:53 puvyjyl.com udp
US 8.8.8.8:53 lygyvuj.com udp
US 8.8.8.8:53 vocyjet.com udp
US 8.8.8.8:53 lygysen.com udp
US 8.8.8.8:53 purytov.com udp
US 8.8.8.8:53 vowyrif.com udp
US 8.8.8.8:53 lyrytod.com udp
US 8.8.8.8:53 gahydyb.com udp
US 8.8.8.8:53 ganyqyh.com udp
US 8.8.8.8:53 pupyxal.com udp
US 8.8.8.8:53 qetylip.com udp
US 8.8.8.8:53 lyvymej.com udp
US 8.8.8.8:53 puvymaq.com udp
US 8.8.8.8:53 vojyduf.com udp
US 8.8.8.8:53 ganykuw.com udp
US 8.8.8.8:53 qexynol.com udp
US 8.8.8.8:53 vowykuc.com udp
US 8.8.8.8:53 pufypeg.com udp
US 8.8.8.8:53 lykynon.com udp
US 8.8.8.8:53 galynab.com udp
US 52.34.198.229:80 lygyvuj.com tcp
US 8.8.8.8:53 pupylug.com udp
US 8.8.8.8:53 ganynos.com udp
US 8.8.8.8:53 lykyser.com udp
US 8.8.8.8:53 vopykum.com udp
US 8.8.8.8:53 qebyniv.com udp
US 8.8.8.8:53 pujypal.com udp
US 8.8.8.8:53 gatykyh.com udp
US 8.8.8.8:53 lyvynid.com udp
US 8.8.8.8:53 vojypat.com udp
US 8.8.8.8:53 qetykyq.com udp
US 8.8.8.8:53 puvybuv.com udp
US 8.8.8.8:53 qegytop.com udp
US 8.8.8.8:53 puryjeq.com udp
US 8.8.8.8:53 volydyk.com udp
US 8.8.8.8:53 gahypoz.com udp
US 8.8.8.8:53 lymymax.com udp
US 8.8.8.8:53 purywyl.com udp
US 8.8.8.8:53 gacyfih.com udp
US 8.8.8.8:53 qeqyqep.com udp
US 8.8.8.8:53 puzyduq.com udp
US 8.8.8.8:53 pujycyp.com udp
US 8.8.8.8:53 vocygim.com udp
US 8.8.8.8:53 lyrywur.com udp
US 8.8.8.8:53 pumyjev.com udp
US 8.8.8.8:53 qeqykyv.com udp
US 8.8.8.8:53 qedytoq.com udp
US 8.8.8.8:53 vofypam.com udp
US 8.8.8.8:53 volybut.com udp
US 8.8.8.8:53 vojycec.com udp
US 8.8.8.8:53 lyxynir.com udp
US 8.8.8.8:53 lymyjyd.com udp
US 8.8.8.8:53 puzybil.com udp
US 8.8.8.8:53 qedylig.com udp
US 8.8.8.8:53 galydyw.com udp
US 8.8.8.8:53 qekysel.com udp
US 8.8.8.8:53 lysylun.com udp
US 8.8.8.8:53 lyryjej.com udp
US 8.8.8.8:53 lygyxad.com udp
US 8.8.8.8:53 vowyqyt.com udp
US 8.8.8.8:53 qexyfuq.com udp
US 8.8.8.8:53 pufyxov.com udp
US 8.8.8.8:53 gaqyqez.com udp
US 8.8.8.8:53 lyxyfuj.com udp
US 8.8.8.8:53 vofyzof.com udp
US 8.8.8.8:53 gadyzib.com udp
US 8.8.8.8:53 lyvygon.com udp
US 8.8.8.8:53 gatyruw.com udp
US 8.8.8.8:53 qetyrul.com udp
US 8.8.8.8:53 puvygog.com udp
US 8.8.8.8:53 gahyces.com udp
US 8.8.8.8:53 lysytoj.com udp
US 8.8.8.8:53 galyvuz.com udp
US 8.8.8.8:53 vonyjef.com udp
US 8.8.8.8:53 qekyvup.com udp
US 8.8.8.8:53 pupytiq.com udp
US 8.8.8.8:53 lykyvyx.com udp
US 8.8.8.8:53 vopyrik.com udp
US 8.8.8.8:53 ganyhab.com udp
US 8.8.8.8:53 qebyhag.com udp
US 8.8.8.8:53 gadypah.com udp
US 8.8.8.8:53 qegyxav.com udp
US 8.8.8.8:53 pupywyv.com udp
US 8.8.8.8:53 qekyxaq.com udp
US 8.8.8.8:53 vonygit.com udp
US 8.8.8.8:53 vopyqef.com udp
US 8.8.8.8:53 ganyfuz.com udp
US 8.8.8.8:53 volycem.com udp
US 8.8.8.8:53 lykyxoj.com udp
US 8.8.8.8:53 vofyruc.com udp
US 8.8.8.8:53 lyxyvyn.com udp
US 8.8.8.8:53 qedyruv.com udp
US 8.8.8.8:53 pumygil.com udp
US 8.8.8.8:53 qexyvyg.com udp
US 8.8.8.8:53 lysyjex.com udp
US 8.8.8.8:53 lygytix.com udp
US 8.8.8.8:53 qedykep.com udp
US 8.8.8.8:53 lymynuj.com udp
US 8.8.8.8:53 gacyvub.com udp
US 8.8.8.8:53 gadykyz.com udp
US 8.8.8.8:53 puzypav.com udp
US 8.8.8.8:53 vofykyt.com udp
US 8.8.8.8:53 qeqyniq.com udp
US 8.8.8.8:53 lyxysad.com udp
US 8.8.8.8:53 gaqynih.com udp
US 8.8.8.8:53 pufylul.com udp
US 8.8.8.8:53 lygylur.com udp
US 8.8.8.8:53 vowyjak.com udp
US 8.8.8.8:53 gacydes.com udp
US 8.8.8.8:53 puvydyp.com udp
US 8.8.8.8:53 lyvyfux.com udp
US 8.8.8.8:53 gatyqeb.com udp
US 8.8.8.8:53 volypof.com udp
US 8.8.8.8:53 qexysev.com udp
US 8.8.8.8:53 qetyqag.com udp
US 8.8.8.8:53 qebyfup.com udp
US 8.8.8.8:53 pujyxoq.com udp
US 8.8.8.8:53 galycah.com udp
US 8.8.8.8:53 puzyceg.com udp
US 8.8.8.8:53 qeqyhol.com udp
US 8.8.8.8:53 gadyrus.com udp
US 8.8.8.8:53 lysywyd.com udp
US 8.8.8.8:53 lymygor.com udp
US 8.8.8.8:53 qekytig.com udp
US 8.8.8.8:53 pumybuq.com udp
US 8.8.8.8:53 qegylul.com udp
US 8.8.8.8:53 purymog.com udp
US 8.8.8.8:53 gahyziw.com udp
US 8.8.8.8:53 galypob.com udp
US 8.8.8.8:53 vowymom.com udp
US 8.8.8.8:53 vojyrum.com udp
US 8.8.8.8:53 gaqyhaw.com udp
US 8.8.8.8:53 pufytip.com udp
US 8.8.8.8:53 qetyhov.com udp
US 8.8.8.8:53 lyryman.com udp
US 8.8.8.8:53 vocydyc.com udp
US 8.8.8.8:53 lyvyver.com udp
US 8.8.8.8:53 gatyhos.com udp
US 8.8.8.8:53 pujytug.com udp
US 8.8.8.8:53 lykytin.com udp
US 8.8.8.8:53 ganyvyw.com udp
US 8.8.8.8:53 pupyjap.com udp
US 8.8.8.8:53 qebyvyl.com udp
US 8.8.8.8:53 vonybuk.com udp
US 8.8.8.8:53 vopyjac.com udp
US 8.8.8.8:53 lygywyj.com udp
US 8.8.8.8:53 vowyguf.com udp
US 8.8.8.8:53 gaqyfub.com udp
US 8.8.8.8:53 qexyxop.com udp
US 8.8.8.8:53 pufyweq.com udp
US 8.8.8.8:53 lyxyxox.com udp
US 8.8.8.8:53 lykywex.com udp
US 8.8.8.8:53 ganycob.com udp
US 8.8.8.8:53 vofyqek.com udp
US 8.8.8.8:53 qekyryp.com udp
US 8.8.8.8:53 galyryz.com udp
US 8.8.8.8:53 lygyjan.com udp
US 8.8.8.8:53 vonycaf.com udp
US 8.8.8.8:53 gadyhoh.com udp
US 8.8.8.8:53 lyrynux.com udp
US 8.8.8.8:53 qegykeg.com udp
US 8.8.8.8:53 vocypok.com udp
US 8.8.8.8:53 gaqyvys.com udp
US 8.8.8.8:53 lyvysaj.com udp
US 8.8.8.8:53 gatyniz.com udp
US 8.8.8.8:53 qebysaq.com udp
US 8.8.8.8:53 purybup.com udp
US 8.8.8.8:53 vopymit.com udp
US 8.8.8.8:53 vopyguk.com udp
US 8.8.8.8:53 qetynup.com udp
US 8.8.8.8:53 pupymol.com udp
US 8.8.8.8:53 ganydeh.com udp
US 8.8.8.8:53 qekyluv.com udp
US 8.8.8.8:53 puzytul.com udp
US 8.8.8.8:53 vonydem.com udp
US 8.8.8.8:53 galyzus.com udp
US 8.8.8.8:53 puvycel.com udp
US 8.8.8.8:53 gahyruh.com udp
US 8.8.8.8:53 gadyqaw.com udp
US 8.8.8.8:53 vocycat.com udp
US 8.8.8.8:53 lyrygid.com udp
US 8.8.8.8:53 qegyryq.com udp
US 8.8.8.8:53 purygiv.com udp
US 8.8.8.8:53 puzyxip.com udp
US 8.8.8.8:53 lykylud.com udp
US 8.8.8.8:53 gahykeb.com udp
US 8.8.8.8:53 vojykyf.com udp
US 8.8.8.8:53 volyzic.com udp
US 8.8.8.8:53 qeqyfug.com udp
US 8.8.8.8:53 pumydyg.com udp
US 8.8.8.8:53 qedyqal.com udp
US 8.8.8.8:53 lymyfyn.com udp
US 8.8.8.8:53 pupyguq.com udp
US 8.8.8.8:53 lysygij.com udp
US 8.8.8.8:53 vowybyc.com udp
US 8.8.8.8:53 lyxytur.com udp
US 8.8.8.8:53 pufyjag.com udp
US 8.8.8.8:53 qedyhiq.com udp
US 8.8.8.8:53 qexytil.com udp
US 8.8.8.8:53 vofyjom.com udp
US 8.8.8.8:53 lymyved.com udp
US 8.8.8.8:53 gacypiw.com udp
US 8.8.8.8:53 lysymor.com udp
US 8.8.8.8:53 volyrut.com udp
US 8.8.8.8:53 qeqyvev.com udp
US 8.8.8.8:53 qedynug.com udp
US 8.8.8.8:53 volykek.com udp
US 8.8.8.8:53 gaqydaz.com udp
US 8.8.8.8:53 lyryfyr.com udp
US 8.8.8.8:53 gadynub.com udp
US 8.8.8.8:53 lyvyxin.com udp
US 8.8.8.8:53 gatyfuw.com udp
US 8.8.8.8:53 lymysox.com udp
US 8.8.8.8:53 pufymiv.com udp
US 8.8.8.8:53 vocyzum.com udp
US 8.8.8.8:53 vocyryf.com udp
US 8.8.8.8:53 pujywep.com udp
US 8.8.8.8:53 lyryvaj.com udp
US 8.8.8.8:53 puvytuv.com udp
US 8.8.8.8:53 gahyhiz.com udp
US 8.8.8.8:53 qegyqov.com udp
US 8.8.8.8:53 galyqoh.com udp
US 8.8.8.8:53 purydel.com udp
US 8.8.8.8:53 gatyveh.com udp
US 8.8.8.8:53 qexyreg.com udp
US 8.8.8.8:53 vopybym.com udp
US 8.8.8.8:53 qebytuv.com udp
US 8.8.8.8:53 pujyjol.com udp
US 8.8.8.8:53 lykyjar.com udp
US 8.8.8.8:53 ganypis.com udp
US 8.8.8.8:53 pupybyg.com udp
US 8.8.8.8:53 vonypic.com udp
US 8.8.8.8:53 qegyhip.com udp
US 8.8.8.8:53 galykew.com udp
US 8.8.8.8:53 lysynun.com udp
US 8.8.8.8:53 gacyzuh.com udp
US 8.8.8.8:53 puzylyq.com udp
US 8.8.8.8:53 lygymod.com udp
US 8.8.8.8:53 vowydet.com udp
US 8.8.8.8:53 qexyluq.com udp
US 8.8.8.8:53 lyvytud.com udp
US 8.8.8.8:53 pumyxul.com udp
US 8.8.8.8:53 volyqam.com udp
US 8.8.8.8:53 qetyveq.com udp
US 8.8.8.8:53 pumypop.com udp
US 8.8.8.8:53 qekykal.com udp
US 8.8.8.8:53 lyxylyj.com udp
US 8.8.8.8:53 vojyqac.com udp
US 8.8.8.8:53 qetyfyl.com udp
US 8.8.8.8:53 qeqysap.com udp
US 8.8.8.8:53 puvyxig.com udp
US 8.8.8.8:53 gahyqas.com udp
US 8.8.8.8:53 vofymif.com udp
US 8.8.8.8:53 purycaq.com udp
US 8.8.8.8:53 lysyfed.com udp
US 8.8.8.8:53 gacyryb.com udp
US 8.8.8.8:53 lygygux.com udp
US 8.8.8.8:53 pufygup.com udp
US 8.8.8.8:53 gaqycow.com udp
US 8.8.8.8:53 lyxywen.com udp
US 8.8.8.8:53 vowycok.com udp
US 8.8.8.8:53 vofyguc.com udp
US 8.8.8.8:53 qedyfyv.com udp
US 8.8.8.8:53 qebyxog.com udp
US 44.221.84.105:80 gahyhiz.com tcp
US 8.8.8.8:53 lymyxir.com udp
US 8.8.8.8:53 gadyfys.com udp
US 8.8.8.8:53 puzywag.com udp
US 8.8.8.8:53 qeqyxil.com udp
US 8.8.8.8:53 qekyhug.com udp
US 8.8.8.8:53 vonyryk.com udp
US 8.8.8.8:53 pupycop.com udp
US 8.8.8.8:53 ganyrew.com udp
US 8.8.8.8:53 vopycoc.com udp
US 8.8.8.8:53 lykygun.com udp
US 8.8.8.8:53 qebyrel.com udp
US 8.8.8.8:53 pujygug.com udp
US 8.8.8.8:53 gacyqoz.com udp
US 8.8.8.8:53 lygyfej.com udp
US 8.8.8.8:53 gatycis.com udp
US 8.8.8.8:53 lyvywar.com udp
US 8.8.8.8:53 vojygym.com udp
US 8.8.8.8:53 qetyxiv.com udp
US 8.8.8.8:53 vowyzuf.com udp
US 8.8.8.8:53 pufybyl.com udp
US 8.8.8.8:53 vojymuk.com udp
US 8.8.8.8:53 gahyfyh.com udp
US 8.8.8.8:53 pufydaq.com udp
US 8.8.8.8:53 gaqypuh.com udp
US 8.8.8.8:53 puvywal.com udp
US 8.8.8.8:53 gatydab.com udp
US 8.8.8.8:53 qexyqip.com udp
US 8.8.8.8:53 qekyqoq.com udp
US 8.8.8.8:53 pupydev.com udp
US 8.8.8.8:53 qeqylyg.com udp
US 8.8.8.8:53 lyxyjod.com udp
US 8.8.8.8:53 vofybet.com udp
US 8.8.8.8:53 qeqytuq.com udp
US 8.8.8.8:53 puzyjov.com udp
US 8.8.8.8:53 gadyvez.com udp
US 8.8.8.8:53 lymytuj.com udp
US 8.8.8.8:53 volyjif.com udp
US 8.8.8.8:53 qedyvap.com udp
US 8.8.8.8:53 pumytyq.com udp
US 8.8.8.8:53 galyhib.com udp
US 8.8.8.8:53 puryxuv.com udp
US 8.8.8.8:53 lysyvax.com udp
US 8.8.8.8:53 qetysog.com udp
US 8.8.8.8:53 puvylep.com udp
US 8.8.8.8:53 gahynuw.com udp
US 8.8.8.8:53 lyryson.com udp
US 8.8.8.8:53 vocykec.com udp
US 8.8.8.8:53 qegynul.com udp
US 8.8.8.8:53 purypig.com udp
US 8.8.8.8:53 lygynyr.com udp
US 8.8.8.8:53 gacykas.com udp
US 8.8.8.8:53 vowypim.com udp
US 8.8.8.8:53 qexykav.com udp
US 8.8.8.8:53 vocyqot.com udp
US 8.8.8.8:53 gaqyzyb.com udp
US 8.8.8.8:53 lyxymix.com udp
US 8.8.8.8:53 vofydak.com udp
US 8.8.8.8:53 gadydow.com udp
US 8.8.8.8:53 puzymup.com udp
US 8.8.8.8:53 lyvylyx.com udp
US 8.8.8.8:53 vopydaf.com udp
US 8.8.8.8:53 ganyzuz.com udp
US 8.8.8.8:53 lykymij.com udp
US 8.8.8.8:53 pujymiq.com udp
US 8.8.8.8:53 qebylyp.com udp
US 8.8.8.8:53 lyryxud.com udp

Files

memory/760-0-0x0000000000400000-0x0000000000491000-memory.dmp

memory/760-1-0x0000000002260000-0x00000000022AF000-memory.dmp

memory/760-2-0x0000000000400000-0x000000000045C000-memory.dmp

C:\Windows\apppatch\svchost.exe

MD5 7f08963300718f53b8b61b931d357d25
SHA1 3a1734abfbef5d8b116dea3f21ae15b68b2d87b7
SHA256 e9c8864a6c64c2cc418ca2e2f941619103bdba0605c55c4e9f224e27c60bbc86
SHA512 d116046bfd3a06fb162443c7ebb8f61b8bcc897c919b9fb8057e9902582853a2cb2e62049929c542254468b5ee40fcc88aed2053fdb0547a032c37b402e3740f

memory/760-12-0x0000000000400000-0x0000000000491000-memory.dmp

memory/760-14-0x0000000000400000-0x000000000045C000-memory.dmp

memory/760-13-0x0000000002260000-0x00000000022AF000-memory.dmp

memory/2696-16-0x0000000000400000-0x0000000000491000-memory.dmp

memory/2696-15-0x0000000000400000-0x0000000000491000-memory.dmp

memory/2696-17-0x0000000000400000-0x0000000000491000-memory.dmp

memory/2696-18-0x0000000002A40000-0x0000000002AE4000-memory.dmp

memory/2696-19-0x0000000000400000-0x0000000000491000-memory.dmp

memory/2696-20-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-24-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-22-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-29-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-34-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-79-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-78-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-77-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-75-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-74-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-73-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

C:\Program Files (x86)\Windows Defender\vojyqem.com

MD5 6c21a259c7792e23d19d41d3be1843db
SHA1 6d07c05befc9961fe8994b8d53b9403a981bc5f8
SHA256 9169bce60becb3a12b07b6344ad743a0ce35573e3594f4aac45226f140154b4c
SHA512 1114c859eea4e77961d89148450950c0585791d62289cabd0fc9215bb86a52044214b9c78e4a27a8f64ff4d15d3732a541a43d4b110e7c304bcb9563ded510e3

memory/2696-72-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-71-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-69-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-68-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-67-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

C:\Program Files (x86)\Windows Defender\gahyqah.com

MD5 543b6e6b228a8311e7b692faedae36f7
SHA1 2f9c46f8a73705aad9b4d780d8512171cc8818a9
SHA256 620a63d6ce432fd24fc26ebff292bd24b0ea0e99b04d6f1f5d66befcf61d26b8
SHA512 2d75e7ac02f0594e11da5bfea96afdcdb8a44d355eb7bfdfc82f1afcefe7f2dd6678f912dc0a9018cf2b5ce92ccceca91a3debe44997b74be2f2b010f0023aef

memory/2696-66-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-64-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-62-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-61-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-60-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-58-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-59-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-57-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-56-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-55-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-54-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-53-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-52-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-51-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-50-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-49-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-48-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-47-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-46-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-45-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-44-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-42-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-41-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-39-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-38-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-37-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-36-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-33-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-32-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-31-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-30-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-28-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-27-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-26-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-76-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-70-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-65-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-63-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-43-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-40-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-35-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

memory/2696-25-0x0000000002BF0000-0x0000000002CA2000-memory.dmp

C:\Program Files (x86)\Windows Defender\galyqaz.com

MD5 309d5ba37e1848dc81f639c80d894461
SHA1 66a611b8bcef7c2aa130d6bca97fc7523980074e
SHA256 8156ad4c94c3295de42fdd8d2ebc95015c302392f2ab38930960c4382a77ddd2
SHA512 968cc61bc2ded885f7d1dd7be09892a3fa72ab88ada9b89ecc2438427494a0f41d7452bee4a604cabfaecd74bc100734ae383a9fde50f19e2c9b6beca9e9d13f

C:\Program Files (x86)\Windows Defender\qexyhuv.com

MD5 bfde1e9e9c32c1681a16139450c6909d
SHA1 7e669b927e6a75a10a0ca29e38e58ddcb49b725e
SHA256 e0d020ba1cb6506cee234903a44c747ee0cfa7e2d1e60029e4cd8de9a431512a
SHA512 781fd54f155442dd34f9919b3cd063ee399db411bbfe15f2bdc43d3ab8ac2d04e1011b2c99fab42bebf7b903a94e09aaaef71b7a465d2d04b417f6dad8e8e396

C:\Program Files (x86)\Windows Defender\qetyhyg.com

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files (x86)\Windows Defender\qetyhyg.com

MD5 926512864979bc27cf187f1de3f57aff
SHA1 acdeb9d6187932613c7fa08eaf28f0cd8116f4b5
SHA256 b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f
SHA512 f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b