Analysis Overview
SHA256
2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118
Threat Level: Known bad
The file 2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe was found to be: Known bad.
Malicious Activity Summary
simda
Modifies WinLogon for persistence
Simda family
Loads dropped DLL
Executes dropped EXE
Modifies WinLogon
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-19 21:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-19 21:25
Reported
2024-11-19 21:27
Platform
win7-20241010-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe," | C:\Windows\apppatch\svchost.exe | N/A |
Simda family
simda
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\apppatch\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\bc947019 = "ΰ\x7fEK!—„êÁ\x7f[‚—âãºPç[Ü)Á¢,øÙì¯s>eúÍò\x15ßomC\x16\u008d‹G-OªZ…µjâ\x12;[Ë%¿}®Wove\u008dób\x03Ã\x02¥u½C“/K[\x7fVkk*Kw[K˲+/…å3ÇwÏ>n§ƒ\x1a\v\x1a.{²fÆ\v\n;ꃻ½BS>¢uý£íÿ¿Š•ÕR›2[.·Ï*\ae‚\x1ag[j6B÷‹¾š†÷¿×E~kBª‚G¯JcãW]r=Í\x03‹{ߺ\x03â…\x133¯‚RË\u008f‚\x05\x13·\x12\x15?\x1b†ï§»Ý7’ó>Š\x03÷ÚúW½–çS#Ïâ·\x03ej¥kÏ\x12Öê}•rWÊ\aoc&òö\x03\x0f-\x12ú2¯Ž\x06ß랯ºÞ“FÓ'\x13Ê" | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\bc947019 = "ΰ\x7fEK!—„êÁ\x7f[‚—âãºPç[Ü)Á¢,øÙì¯s>eúÍò\x15ßomC\x16\u008d‹G-OªZ…µjâ\x12;[Ë%¿}®Wove\u008dób\x03Ã\x02¥u½C“/K[\x7fVkk*Kw[K˲+/…å3ÇwÏ>n§ƒ\x1a\v\x1a.{²fÆ\v\n;ꃻ½BS>¢uý£íÿ¿Š•ÕR›2[.·Ï*\ae‚\x1ag[j6B÷‹¾š†÷¿×E~kBª‚G¯JcãW]r=Í\x03‹{ߺ\x03â…\x133¯‚RË\u008f‚\x05\x13·\x12\x15?\x1b†ï§»Ý7’ó>Š\x03÷ÚúW½–çS#Ïâ·\x03ej¥kÏ\x12Öê}•rWÊ\aoc&òö\x03\x0f-\x12ú2¯Ž\x06ß랯ºÞ“FÓ'\x13Ê" | C:\Windows\apppatch\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
| File created | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\apppatch\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe
"C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe"
C:\Windows\apppatch\svchost.exe
"C:\Windows\apppatch\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 95.100.195.190:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | purydyv.com | udp |
| US | 8.8.8.8:53 | lygymoj.com | udp |
| US | 8.8.8.8:53 | qexylup.com | udp |
| US | 8.8.8.8:53 | gaqydeb.com | udp |
| US | 8.8.8.8:53 | vofymik.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | lymysan.com | udp |
| US | 8.8.8.8:53 | qedynul.com | udp |
| US | 8.8.8.8:53 | galykes.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | pupybul.com | udp |
| US | 8.8.8.8:53 | lykyjad.com | udp |
| US | 8.8.8.8:53 | qebytiq.com | udp |
| US | 8.8.8.8:53 | gatyvyz.com | udp |
| US | 8.8.8.8:53 | vojyjof.com | udp |
| US | 8.8.8.8:53 | puvytuq.com | udp |
| US | 8.8.8.8:53 | lyryvex.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | gacyryw.com | udp |
| US | 8.8.8.8:53 | vowycac.com | udp |
| US | 8.8.8.8:53 | pufygug.com | udp |
| US | 8.8.8.8:53 | lyxywer.com | udp |
| US | 8.8.8.8:53 | qeqyxov.com | udp |
| US | 8.8.8.8:53 | gadyfuh.com | udp |
| US | 8.8.8.8:53 | volyqat.com | udp |
| US | 8.8.8.8:53 | pumyxiv.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | qekyqop.com | udp |
| US | 8.8.8.8:53 | puvyxil.com | udp |
| US | 8.8.8.8:53 | lyryfyd.com | udp |
| US | 8.8.8.8:53 | qegyqaq.com | udp |
| US | 8.8.8.8:53 | gacyzuz.com | udp |
| US | 8.8.8.8:53 | vowydef.com | udp |
| US | 8.8.8.8:53 | pufymoq.com | udp |
| US | 8.8.8.8:53 | lyxylux.com | udp |
| US | 8.8.8.8:53 | qeqysag.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | volykyc.com | udp |
| US | 8.8.8.8:53 | pumypog.com | udp |
| US | 8.8.8.8:53 | lysynur.com | udp |
| US | 8.8.8.8:53 | qekykev.com | udp |
| US | 8.8.8.8:53 | ganypih.com | udp |
| US | 8.8.8.8:53 | vopybyt.com | udp |
| US | 8.8.8.8:53 | pujyjav.com | udp |
| US | 8.8.8.8:53 | lyvytuj.com | udp |
| US | 8.8.8.8:53 | qetyvep.com | udp |
| US | 8.8.8.8:53 | gahyhob.com | udp |
| US | 8.8.8.8:53 | vocyruk.com | udp |
| US | 8.8.8.8:53 | purycap.com | udp |
| US | 8.8.8.8:53 | lygygin.com | udp |
| US | 8.8.8.8:53 | qexyryl.com | udp |
| US | 8.8.8.8:53 | gaqycos.com | udp |
| US | 8.8.8.8:53 | vofygum.com | udp |
| US | 8.8.8.8:53 | puzywel.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | qedyfyq.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | vonyzuf.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 75.2.71.199:80 | puzylyp.com | tcp |
| US | 18.208.156.248:80 | vonypom.com | tcp |
| US | 162.255.119.102:80 | gahyqah.com | tcp |
| US | 208.100.26.245:80 | lyvyxor.com | tcp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| US | 199.59.243.227:80 | vojyqem.com | tcp |
| US | 104.21.30.183:80 | qegyhig.com | tcp |
| DE | 178.162.203.211:80 | gatyfus.com | tcp |
| US | 3.94.10.34:80 | lymyxid.com | tcp |
| US | 199.191.50.83:80 | galyqaz.com | tcp |
| HK | 154.212.231.82:80 | gadyniw.com | tcp |
| US | 75.2.71.199:80 | puzylyp.com | tcp |
| US | 8.8.8.8:53 | www.gahyqah.com | udp |
| US | 104.21.30.183:443 | qegyhig.com | tcp |
| DE | 91.195.240.19:80 | www.gahyqah.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 104.21.30.183:443 | qegyhig.com | tcp |
| DE | 178.162.217.107:80 | gatyfus.com | tcp |
| DE | 178.162.203.202:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.22.5.218:80 | www.microsoft.com | tcp |
| NL | 85.17.31.122:80 | gatyfus.com | tcp |
| NL | 85.17.31.122:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | lykymox.com | udp |
| US | 8.8.8.8:53 | ganyzub.com | udp |
| US | 8.8.8.8:53 | qebylug.com | udp |
| US | 8.8.8.8:53 | pujymip.com | udp |
| US | 8.8.8.8:53 | vopydek.com | udp |
| US | 8.8.8.8:53 | lyvylyn.com | udp |
| US | 8.8.8.8:53 | qetysal.com | udp |
| US | 8.8.8.8:53 | gahynus.com | udp |
| US | 8.8.8.8:53 | vocykem.com | udp |
| US | 8.8.8.8:53 | purypol.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | gatydaw.com | udp |
| US | 8.8.8.8:53 | gaqypiz.com | udp |
| US | 8.8.8.8:53 | qexykaq.com | udp |
| US | 8.8.8.8:53 | vojymic.com | udp |
| US | 8.8.8.8:53 | vofybyf.com | udp |
| US | 8.8.8.8:53 | puzyjoq.com | udp |
| US | 8.8.8.8:53 | puvylyg.com | udp |
| US | 8.8.8.8:53 | lymytux.com | udp |
| US | 8.8.8.8:53 | qedyveg.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 8.8.8.8:53 | galyhiw.com | udp |
| US | 8.8.8.8:53 | vonyryc.com | udp |
| US | 8.8.8.8:53 | qegynuv.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 8.8.8.8:53 | gacykeh.com | udp |
| US | 8.8.8.8:53 | lykygur.com | udp |
| US | 8.8.8.8:53 | vowypit.com | udp |
| US | 8.8.8.8:53 | qebyrev.com | udp |
| US | 8.8.8.8:53 | gatycoh.com | udp |
| US | 8.8.8.8:53 | pufybyv.com | udp |
| US | 8.8.8.8:53 | vojygut.com | udp |
| US | 8.8.8.8:53 | puvywav.com | udp |
| US | 8.8.8.8:53 | lyryxij.com | udp |
| US | 8.8.8.8:53 | qegyfyp.com | udp |
| US | 8.8.8.8:53 | gacyqob.com | udp |
| US | 8.8.8.8:53 | pufydep.com | udp |
| US | 8.8.8.8:53 | vowyzuk.com | udp |
| US | 8.8.8.8:53 | lyxymin.com | udp |
| US | 8.8.8.8:53 | qeqylyl.com | udp |
| US | 8.8.8.8:53 | gadydas.com | udp |
| US | 8.8.8.8:53 | volymum.com | udp |
| US | 8.8.8.8:53 | lyxyjaj.com | udp |
| US | 8.8.8.8:53 | qeqytup.com | udp |
| US | 8.8.8.8:53 | gadyveb.com | udp |
| US | 8.8.8.8:53 | volyjok.com | udp |
| US | 8.8.8.8:53 | pumytup.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | qekyhil.com | udp |
| US | 8.8.8.8:53 | vopycom.com | udp |
| US | 8.8.8.8:53 | ganyrys.com | udp |
| US | 8.8.8.8:53 | pujygul.com | udp |
| US | 8.8.8.8:53 | qetyxiq.com | udp |
| US | 8.8.8.8:53 | lyvywed.com | udp |
| US | 8.8.8.8:53 | gahyfyz.com | udp |
| US | 8.8.8.8:53 | vocyqaf.com | udp |
| US | 8.8.8.8:53 | puryxuq.com | udp |
| US | 8.8.8.8:53 | lygyfex.com | udp |
| US | 8.8.8.8:53 | qexyqog.com | udp |
| US | 8.8.8.8:53 | gaqyzuw.com | udp |
| US | 8.8.8.8:53 | vofydac.com | udp |
| US | 8.8.8.8:53 | puzymig.com | udp |
| US | 8.8.8.8:53 | lymylyr.com | udp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 13.248.169.48:80 | pupydeq.com | tcp |
| US | 3.94.10.34:80 | lygynud.com | tcp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| CN | 103.150.10.48:80 | lyrysor.com | tcp |
| US | 104.21.26.151:80 | lysyvan.com | tcp |
| US | 18.208.156.248:80 | pupycag.com | tcp |
| US | 104.21.26.151:443 | lysyvan.com | tcp |
| US | 104.21.26.151:443 | lysyvan.com | tcp |
| US | 13.248.169.48:80 | pupydeq.com | tcp |
| CN | 103.150.10.48:80 | lyrysor.com | tcp |
| US | 8.8.8.8:53 | qedysov.com | udp |
| US | 8.8.8.8:53 | galynuh.com | udp |
| US | 8.8.8.8:53 | vonyket.com | udp |
| US | 8.8.8.8:53 | pumylel.com | udp |
| US | 8.8.8.8:53 | pupypiv.com | udp |
| US | 8.8.8.8:53 | lysysod.com | udp |
| US | 8.8.8.8:53 | qebykap.com | udp |
| US | 8.8.8.8:53 | puvyjop.com | udp |
| US | 8.8.8.8:53 | lykynyj.com | udp |
| US | 8.8.8.8:53 | gatypub.com | udp |
| US | 8.8.8.8:53 | qegyval.com | udp |
| US | 8.8.8.8:53 | vojybek.com | udp |
| US | 8.8.8.8:53 | lyrytun.com | udp |
| US | 8.8.8.8:53 | vowyrym.com | udp |
| US | 8.8.8.8:53 | gacyhis.com | udp |
| US | 8.8.8.8:53 | pufycol.com | udp |
| US | 8.8.8.8:53 | gadyciz.com | udp |
| US | 8.8.8.8:53 | qeqyreq.com | udp |
| US | 8.8.8.8:53 | lyxygud.com | udp |
| US | 8.8.8.8:53 | volygyf.com | udp |
| US | 8.8.8.8:53 | pumywaq.com | udp |
| US | 8.8.8.8:53 | qekynuq.com | udp |
| US | 8.8.8.8:53 | qekyfeg.com | udp |
| US | 8.8.8.8:53 | lysyxux.com | udp |
| US | 8.8.8.8:53 | ganykaz.com | udp |
| US | 8.8.8.8:53 | ganyqow.com | udp |
| US | 8.8.8.8:53 | pujydag.com | udp |
| US | 8.8.8.8:53 | lyvymir.com | udp |
| US | 8.8.8.8:53 | vopypif.com | udp |
| US | 8.8.8.8:53 | pujybyq.com | udp |
| US | 8.8.8.8:53 | qetylyv.com | udp |
| US | 8.8.8.8:53 | gahydoh.com | udp |
| US | 8.8.8.8:53 | vocymut.com | udp |
| US | 8.8.8.8:53 | purylev.com | udp |
| US | 8.8.8.8:53 | lygysij.com | udp |
| US | 8.8.8.8:53 | lyvyjox.com | udp |
| US | 8.8.8.8:53 | qexynyp.com | udp |
| US | 8.8.8.8:53 | gaqykab.com | udp |
| US | 8.8.8.8:53 | gaqyreh.com | udp |
| US | 8.8.8.8:53 | vopyzuc.com | udp |
| US | 8.8.8.8:53 | qetytug.com | udp |
| US | 8.8.8.8:53 | gahyvew.com | udp |
| US | 8.8.8.8:53 | vocyjic.com | udp |
| US | 8.8.8.8:53 | lygyvar.com | udp |
| US | 8.8.8.8:53 | purytyg.com | udp |
| US | 8.8.8.8:53 | vofycot.com | udp |
| US | 8.8.8.8:53 | puzyguv.com | udp |
| US | 8.8.8.8:53 | lymywaj.com | udp |
| US | 8.8.8.8:53 | qedyxip.com | udp |
| US | 8.8.8.8:53 | galyfyb.com | udp |
| US | 8.8.8.8:53 | vonyqok.com | udp |
| US | 8.8.8.8:53 | pupyxup.com | udp |
| US | 8.8.8.8:53 | qebyqil.com | udp |
| US | 8.8.8.8:53 | lykyfen.com | udp |
| US | 8.8.8.8:53 | gatyzys.com | udp |
| US | 8.8.8.8:53 | puvymul.com | udp |
| US | 8.8.8.8:53 | qegysoq.com | udp |
| US | 8.8.8.8:53 | lyryled.com | udp |
| US | 8.8.8.8:53 | gacynuz.com | udp |
| US | 8.8.8.8:53 | vowykaf.com | udp |
| US | 8.8.8.8:53 | pufypiq.com | udp |
| US | 8.8.8.8:53 | vojydam.com | udp |
| US | 8.8.8.8:53 | lyxynyx.com | udp |
| US | 8.8.8.8:53 | qexyhuv.com | udp |
| US | 8.8.8.8:53 | qegyval.com | udp |
| US | 8.8.8.8:53 | lyxynyx.com | udp |
| US | 8.8.8.8:53 | galynuh.com | udp |
| US | 8.8.8.8:53 | gadyciz.com | udp |
| US | 8.8.8.8:53 | qexyhuv.com | udp |
| US | 44.221.84.105:80 | gadyciz.com | tcp |
| US | 64.225.91.73:80 | galynuh.com | tcp |
| US | 76.223.67.189:80 | qexyhuv.com | tcp |
| US | 103.224.182.252:80 | vofycot.com | tcp |
| US | 103.224.212.210:80 | lyxynyx.com | tcp |
| HK | 154.85.183.50:80 | qegyval.com | tcp |
| US | 8.8.8.8:53 | ww16.vofycot.com | udp |
| US | 8.8.8.8:53 | ww25.lyxynyx.com | udp |
| US | 199.59.243.227:80 | ww25.lyxynyx.com | tcp |
| DE | 64.190.63.136:80 | ww16.vofycot.com | tcp |
| US | 76.223.67.189:80 | qexyhuv.com | tcp |
| US | 8.8.8.8:53 | puzybep.com | udp |
| US | 8.8.8.8:53 | lymyjon.com | udp |
| US | 8.8.8.8:53 | qeqykog.com | udp |
| US | 8.8.8.8:53 | gadypuw.com | udp |
| US | 8.8.8.8:53 | qedytul.com | udp |
| US | 8.8.8.8:53 | volybec.com | udp |
| US | 8.8.8.8:53 | pumyjig.com | udp |
| US | 8.8.8.8:53 | galyvas.com | udp |
| US | 8.8.8.8:53 | lysytyr.com | udp |
| US | 8.8.8.8:53 | vonyjim.com | udp |
| US | 8.8.8.8:53 | pupytyl.com | udp |
| US | 8.8.8.8:53 | qekyvav.com | udp |
| US | 8.8.8.8:53 | ganyhuh.com | udp |
| US | 8.8.8.8:53 | vopyret.com | udp |
| US | 8.8.8.8:53 | lykyvod.com | udp |
| US | 8.8.8.8:53 | pujycov.com | udp |
| US | 8.8.8.8:53 | qebyhuq.com | udp |
| US | 8.8.8.8:53 | lyvyguj.com | udp |
| US | 8.8.8.8:53 | qetyrap.com | udp |
| US | 8.8.8.8:53 | gatyrez.com | udp |
| US | 8.8.8.8:53 | vocygyk.com | udp |
| US | 8.8.8.8:53 | purywop.com | udp |
| US | 8.8.8.8:53 | gahycib.com | udp |
| US | 8.8.8.8:53 | lygyxun.com | udp |
| US | 8.8.8.8:53 | qexyfel.com | udp |
| US | 8.8.8.8:53 | gaqyqis.com | udp |
| US | 8.8.8.8:53 | vofyzym.com | udp |
| US | 8.8.8.8:53 | puzydal.com | udp |
| US | 8.8.8.8:53 | lymymud.com | udp |
| US | 8.8.8.8:53 | qedyleq.com | udp |
| US | 8.8.8.8:53 | galydoz.com | udp |
| US | 8.8.8.8:53 | vonymuf.com | udp |
| US | 8.8.8.8:53 | vojycif.com | udp |
| US | 8.8.8.8:53 | pupylaq.com | udp |
| US | 8.8.8.8:53 | lykysix.com | udp |
| US | 8.8.8.8:53 | qebynyg.com | udp |
| US | 8.8.8.8:53 | gatykow.com | udp |
| US | 8.8.8.8:53 | vojypuc.com | udp |
| US | 8.8.8.8:53 | puvybeg.com | udp |
| US | 8.8.8.8:53 | lyryjir.com | udp |
| US | 8.8.8.8:53 | gacyvah.com | udp |
| US | 8.8.8.8:53 | qegytyv.com | udp |
| US | 8.8.8.8:53 | puvygyq.com | udp |
| US | 8.8.8.8:53 | lyrywax.com | udp |
| US | 8.8.8.8:53 | qegyxug.com | udp |
| US | 8.8.8.8:53 | gacyfew.com | udp |
| US | 8.8.8.8:53 | pufyxug.com | udp |
| US | 8.8.8.8:53 | vowyqoc.com | udp |
| US | 8.8.8.8:53 | lyxyfar.com | udp |
| US | 8.8.8.8:53 | qeqyqiv.com | udp |
| US | 8.8.8.8:53 | gadyzyh.com | udp |
| US | 8.8.8.8:53 | volydot.com | udp |
| US | 8.8.8.8:53 | pumymuv.com | udp |
| US | 8.8.8.8:53 | lysylej.com | udp |
| US | 8.8.8.8:53 | qekysip.com | udp |
| US | 8.8.8.8:53 | ganynyb.com | udp |
| US | 8.8.8.8:53 | vopykak.com | udp |
| US | 8.8.8.8:53 | pujypup.com | udp |
| US | 8.8.8.8:53 | lyvynen.com | udp |
| US | 8.8.8.8:53 | qetykol.com | udp |
| US | 8.8.8.8:53 | gahypus.com | udp |
| US | 8.8.8.8:53 | vocybam.com | udp |
| US | 8.8.8.8:53 | puryjil.com | udp |
| US | 8.8.8.8:53 | lygytyd.com | udp |
| US | 8.8.8.8:53 | qexyvoq.com | udp |
| US | 8.8.8.8:53 | vofyref.com | udp |
| US | 8.8.8.8:53 | puzyciq.com | udp |
| US | 8.8.8.8:53 | lykyxur.com | udp |
| US | 8.8.8.8:53 | lymygyx.com | udp |
| US | 8.8.8.8:53 | qedyrag.com | udp |
| US | 8.8.8.8:53 | qebyfav.com | udp |
| US | 8.8.8.8:53 | gatyqih.com | udp |
| US | 8.8.8.8:53 | galycuw.com | udp |
| US | 8.8.8.8:53 | vonygec.com | udp |
| US | 8.8.8.8:53 | vojyzyt.com | udp |
| US | 8.8.8.8:53 | puvydov.com | udp |
| US | 8.8.8.8:53 | lyrymuj.com | udp |
| US | 8.8.8.8:53 | pupywog.com | udp |
| US | 8.8.8.8:53 | gacydib.com | udp |
| US | 8.8.8.8:53 | qegylep.com | udp |
| US | 8.8.8.8:53 | vowymyk.com | udp |
| US | 8.8.8.8:53 | pufylap.com | udp |
| US | 8.8.8.8:53 | qeqynel.com | udp |
| US | 8.8.8.8:53 | lyxysun.com | udp |
| US | 8.8.8.8:53 | gadykos.com | udp |
| US | 8.8.8.8:53 | volypum.com | udp |
| US | 8.8.8.8:53 | pumybal.com | udp |
| US | 8.8.8.8:53 | lysyjid.com | udp |
| US | 8.8.8.8:53 | qekytyq.com | udp |
| US | 8.8.8.8:53 | lyvyvix.com | udp |
| US | 8.8.8.8:53 | ganyvoz.com | udp |
| US | 8.8.8.8:53 | vopyjuf.com | udp |
| US | 8.8.8.8:53 | vowyjut.com | udp |
| US | 8.8.8.8:53 | pujyteq.com | udp |
| US | 8.8.8.8:53 | qetyhyg.com | udp |
| US | 8.8.8.8:53 | pufytev.com | udp |
| US | 8.8.8.8:53 | lyxyvoj.com | udp |
| US | 8.8.8.8:53 | qeqyhup.com | udp |
| US | 8.8.8.8:53 | gadyrab.com | udp |
| US | 8.8.8.8:53 | volycik.com | udp |
| US | 8.8.8.8:53 | pumygyp.com | udp |
| US | 8.8.8.8:53 | lysywon.com | udp |
| US | 8.8.8.8:53 | qekyxul.com | udp |
| US | 8.8.8.8:53 | ganyfes.com | udp |
| US | 8.8.8.8:53 | vopyqim.com | udp |
| US | 8.8.8.8:53 | pujyxyl.com | udp |
| US | 8.8.8.8:53 | lyvyfad.com | udp |
| US | 8.8.8.8:53 | qetyquq.com | udp |
| US | 8.8.8.8:53 | gahyzez.com | udp |
| US | 8.8.8.8:53 | gaqyhuz.com | udp |
| US | 8.8.8.8:53 | vocydof.com | udp |
| US | 8.8.8.8:53 | lygylax.com | udp |
| US | 8.8.8.8:53 | qexysig.com | udp |
| US | 8.8.8.8:53 | gaqynyw.com | udp |
| US | 8.8.8.8:53 | purymuq.com | udp |
| US | 8.8.8.8:53 | vofykoc.com | udp |
| US | 8.8.8.8:53 | puzypug.com | udp |
| US | 8.8.8.8:53 | qedykiv.com | udp |
| US | 8.8.8.8:53 | lymyner.com | udp |
| US | 8.8.8.8:53 | galypyh.com | udp |
| US | 8.8.8.8:53 | vonybat.com | udp |
| US | 8.8.8.8:53 | pupyjuv.com | udp |
| US | 8.8.8.8:53 | qebyvop.com | udp |
| US | 8.8.8.8:53 | gatyhub.com | udp |
| US | 8.8.8.8:53 | vojyrak.com | udp |
| US | 8.8.8.8:53 | puvycip.com | udp |
| US | 8.8.8.8:53 | lykytej.com | udp |
| US | 8.8.8.8:53 | qetyhyg.com | udp |
| US | 8.8.8.8:53 | gatyhub.com | udp |
| US | 64.225.91.73:80 | qetyhyg.com | tcp |
| US | 72.52.179.174:80 | gatyhub.com | tcp |
| US | 72.52.179.174:80 | gatyhub.com | tcp |
| US | 8.8.8.8:53 | gahyraw.com | udp |
| US | 8.8.8.8:53 | purygeg.com | udp |
| US | 8.8.8.8:53 | lygywor.com | udp |
| US | 8.8.8.8:53 | qexyxuv.com | udp |
| US | 8.8.8.8:53 | gaqyfah.com | udp |
| US | 8.8.8.8:53 | vofyqit.com | udp |
| US | 8.8.8.8:53 | puzyxyv.com | udp |
| US | 8.8.8.8:53 | lymyfoj.com | udp |
| US | 8.8.8.8:53 | qedyqup.com | udp |
| US | 8.8.8.8:53 | galyzeb.com | udp |
| US | 8.8.8.8:53 | vonydik.com | udp |
| US | 8.8.8.8:53 | pupymyp.com | udp |
| US | 8.8.8.8:53 | lykylan.com | udp |
| US | 8.8.8.8:53 | qebysul.com | udp |
| US | 8.8.8.8:53 | vojykom.com | udp |
| US | 8.8.8.8:53 | puvypul.com | udp |
| US | 8.8.8.8:53 | lyrynad.com | udp |
| US | 8.8.8.8:53 | qegykiq.com | udp |
| US | 8.8.8.8:53 | gacypyz.com | udp |
| US | 8.8.8.8:53 | vowybof.com | udp |
| US | 8.8.8.8:53 | pufyjuq.com | udp |
| US | 8.8.8.8:53 | qeqyvig.com | udp |
| US | 8.8.8.8:53 | lyxytex.com | udp |
| US | 8.8.8.8:53 | gadyhyw.com | udp |
| US | 8.8.8.8:53 | pumycug.com | udp |
| US | 8.8.8.8:53 | volyrac.com | udp |
| US | 8.8.8.8:53 | lysyger.com | udp |
| US | 8.8.8.8:53 | qekyrov.com | udp |
| US | 8.8.8.8:53 | ganycuh.com | udp |
| US | 8.8.8.8:53 | vopygat.com | udp |
| US | 8.8.8.8:53 | lyrygyn.com | udp |
| US | 8.8.8.8:53 | qegyrol.com | udp |
| US | 8.8.8.8:53 | gacycus.com | udp |
| US | 8.8.8.8:53 | vowygem.com | udp |
| US | 8.8.8.8:53 | pufywil.com | udp |
| US | 8.8.8.8:53 | lyxyxyd.com | udp |
| US | 8.8.8.8:53 | qeqyfaq.com | udp |
| US | 8.8.8.8:53 | gadyquz.com | udp |
| US | 8.8.8.8:53 | volyzef.com | udp |
| US | 8.8.8.8:53 | pumydoq.com | udp |
| US | 8.8.8.8:53 | lysymux.com | udp |
| US | 8.8.8.8:53 | qekylag.com | udp |
| US | 8.8.8.8:53 | ganydiw.com | udp |
| US | 8.8.8.8:53 | vopymyc.com | udp |
| US | 8.8.8.8:53 | pujylog.com | udp |
| US | 8.8.8.8:53 | lyvysur.com | udp |
| US | 8.8.8.8:53 | qetynev.com | udp |
| US | 8.8.8.8:53 | gahykih.com | udp |
| US | 8.8.8.8:53 | vocypyt.com | udp |
| US | 8.8.8.8:53 | purybav.com | udp |
| US | 8.8.8.8:53 | lygyjuj.com | udp |
| US | 8.8.8.8:53 | qexytep.com | udp |
| US | 8.8.8.8:53 | gaqyvob.com | udp |
| US | 8.8.8.8:53 | vofyjuk.com | udp |
| US | 8.8.8.8:53 | puzytap.com | udp |
| US | 8.8.8.8:53 | lymyvin.com | udp |
| US | 8.8.8.8:53 | qedyhyl.com | udp |
| US | 8.8.8.8:53 | galyros.com | udp |
| US | 8.8.8.8:53 | vonycum.com | udp |
| US | 8.8.8.8:53 | pupygel.com | udp |
| US | 8.8.8.8:53 | lykywid.com | udp |
| US | 8.8.8.8:53 | qebyxyq.com | udp |
| US | 8.8.8.8:53 | pujywiv.com | udp |
| US | 8.8.8.8:53 | lyvyxyj.com | udp |
| US | 8.8.8.8:53 | qetyfop.com | udp |
| US | 8.8.8.8:53 | gahyqub.com | udp |
| US | 8.8.8.8:53 | vocyzek.com | udp |
| US | 8.8.8.8:53 | purydip.com | udp |
| US | 8.8.8.8:53 | lygymyn.com | udp |
| US | 8.8.8.8:53 | qexylal.com | udp |
| US | 8.8.8.8:53 | vofymem.com | udp |
| US | 8.8.8.8:53 | puzylol.com | udp |
| US | 8.8.8.8:53 | lymysud.com | udp |
| US | 8.8.8.8:53 | qedynaq.com | udp |
| US | 8.8.8.8:53 | galykiz.com | udp |
| US | 8.8.8.8:53 | vonypyf.com | udp |
| US | 8.8.8.8:53 | pupyboq.com | udp |
| US | 8.8.8.8:53 | lykyjux.com | udp |
| US | 8.8.8.8:53 | qebyteg.com | udp |
| US | 8.8.8.8:53 | gatyviw.com | udp |
| US | 8.8.8.8:53 | gatyfaz.com | udp |
| US | 8.8.8.8:53 | vojyquf.com | udp |
| US | 8.8.8.8:53 | puvytag.com | udp |
| US | 8.8.8.8:53 | puvyxeq.com | udp |
| US | 8.8.8.8:53 | lyryfox.com | udp |
| US | 8.8.8.8:53 | qegyhev.com | udp |
| US | 8.8.8.8:53 | lyryvur.com | udp |
| US | 8.8.8.8:53 | qegyqug.com | udp |
| US | 8.8.8.8:53 | gacyroh.com | udp |
| US | 8.8.8.8:53 | gacyzaw.com | udp |
| US | 8.8.8.8:53 | vowycut.com | udp |
| US | 8.8.8.8:53 | vowydic.com | udp |
| US | 8.8.8.8:53 | pufygav.com | udp |
| US | 8.8.8.8:53 | pufymyg.com | udp |
| US | 8.8.8.8:53 | lyxywij.com | udp |
| US | 8.8.8.8:53 | lyxylor.com | udp |
| US | 8.8.8.8:53 | qeqyxyp.com | udp |
| US | 8.8.8.8:53 | qeqysuv.com | udp |
| US | 8.8.8.8:53 | gadyfob.com | udp |
| US | 8.8.8.8:53 | volyquk.com | udp |
| US | 8.8.8.8:53 | lysyfin.com | udp |
| US | 8.8.8.8:53 | pumyxep.com | udp |
| US | 8.8.8.8:53 | gadyneh.com | udp |
| US | 8.8.8.8:53 | pumypyv.com | udp |
| US | 8.8.8.8:53 | lysynaj.com | udp |
| US | 8.8.8.8:53 | volykit.com | udp |
| US | 8.8.8.8:53 | qekykup.com | udp |
| US | 8.8.8.8:53 | ganypeb.com | udp |
| US | 8.8.8.8:53 | vopybok.com | udp |
| US | 8.8.8.8:53 | pujyjup.com | udp |
| US | 8.8.8.8:53 | lyvytan.com | udp |
| US | 8.8.8.8:53 | qetyvil.com | udp |
| US | 8.8.8.8:53 | gahyhys.com | udp |
| US | 8.8.8.8:53 | purycul.com | udp |
| US | 8.8.8.8:53 | lygyged.com | udp |
| US | 8.8.8.8:53 | vocyrom.com | udp |
| US | 8.8.8.8:53 | qexyriq.com | udp |
| US | 8.8.8.8:53 | gaqycyz.com | udp |
| US | 8.8.8.8:53 | vofygaf.com | udp |
| US | 8.8.8.8:53 | puzywuq.com | udp |
| US | 8.8.8.8:53 | qedyfog.com | udp |
| US | 8.8.8.8:53 | galyquw.com | udp |
| US | 8.8.8.8:53 | vonyzac.com | udp |
| US | 8.8.8.8:53 | lymyxex.com | udp |
| US | 8.8.8.8:53 | qekyqyl.com | udp |
| US | 8.8.8.8:53 | ganyzas.com | udp |
| US | 8.8.8.8:53 | qetysuq.com | udp |
| US | 8.8.8.8:53 | gahynaz.com | udp |
| US | 8.8.8.8:53 | lyvylod.com | udp |
| US | 8.8.8.8:53 | vocykif.com | udp |
| US | 8.8.8.8:53 | purypyq.com | udp |
| US | 8.8.8.8:53 | qexykug.com | udp |
| US | 8.8.8.8:53 | lygynox.com | udp |
| US | 8.8.8.8:53 | vofybic.com | udp |
| US | 8.8.8.8:53 | puzyjyg.com | udp |
| US | 8.8.8.8:53 | pujymel.com | udp |
| US | 8.8.8.8:53 | qedyvuv.com | udp |
| US | 8.8.8.8:53 | lyryxen.com | udp |
| US | 8.8.8.8:53 | galyheh.com | udp |
| US | 8.8.8.8:53 | vonyrot.com | udp |
| US | 8.8.8.8:53 | pupycuv.com | udp |
| US | 8.8.8.8:53 | lykygaj.com | udp |
| US | 8.8.8.8:53 | gatycyb.com | udp |
| US | 8.8.8.8:53 | lymytar.com | udp |
| US | 8.8.8.8:53 | vojygok.com | udp |
| US | 8.8.8.8:53 | qegyfil.com | udp |
| US | 8.8.8.8:53 | gacyqys.com | udp |
| US | 8.8.8.8:53 | vowyzam.com | udp |
| US | 8.8.8.8:53 | pufydul.com | udp |
| US | 8.8.8.8:53 | qebyrip.com | udp |
| US | 8.8.8.8:53 | pupydig.com | udp |
| US | 8.8.8.8:53 | lykymyr.com | udp |
| US | 8.8.8.8:53 | qebylov.com | udp |
| US | 8.8.8.8:53 | qeqyloq.com | udp |
| US | 8.8.8.8:53 | gatyduh.com | udp |
| US | 8.8.8.8:53 | gadyduz.com | udp |
| US | 8.8.8.8:53 | lyxymed.com | udp |
| US | 8.8.8.8:53 | vojymet.com | udp |
| US | 8.8.8.8:53 | lyrysyj.com | udp |
| US | 8.8.8.8:53 | qegynap.com | udp |
| US | 8.8.8.8:53 | puvyliv.com | udp |
| US | 8.8.8.8:53 | gacykub.com | udp |
| US | 8.8.8.8:53 | vowypek.com | udp |
| US | 8.8.8.8:53 | pufybop.com | udp |
| US | 8.8.8.8:53 | qeqytal.com | udp |
| US | 8.8.8.8:53 | gadyvis.com | udp |
| US | 8.8.8.8:53 | volyjym.com | udp |
| US | 8.8.8.8:53 | pumytol.com | udp |
| US | 8.8.8.8:53 | lyxyjun.com | udp |
| US | 8.8.8.8:53 | lysyvud.com | udp |
| US | 8.8.8.8:53 | qekyheq.com | udp |
| US | 8.8.8.8:53 | vopycyf.com | udp |
| US | 8.8.8.8:53 | ganyriz.com | udp |
| US | 8.8.8.8:53 | pujygaq.com | udp |
| US | 8.8.8.8:53 | lyvywux.com | udp |
| US | 8.8.8.8:53 | qetyxeg.com | udp |
| US | 8.8.8.8:53 | gahyfow.com | udp |
| US | 8.8.8.8:53 | vocyquc.com | udp |
| US | 8.8.8.8:53 | puryxag.com | udp |
| US | 8.8.8.8:53 | lygyfir.com | udp |
| US | 8.8.8.8:53 | qexyqyv.com | udp |
| US | 8.8.8.8:53 | gaqyzoh.com | udp |
| US | 8.8.8.8:53 | vofydut.com | udp |
| US | 8.8.8.8:53 | puzymev.com | udp |
| US | 8.8.8.8:53 | lymylij.com | udp |
Files
memory/2712-0-0x0000000000240000-0x0000000000243000-memory.dmp
memory/2712-1-0x0000000000400000-0x000000000045F000-memory.dmp
\Windows\AppPatch\svchost.exe
| MD5 | 0288962d66844d8c3f598bbab5a09caf |
| SHA1 | 1add6ddf1730921dc5f1862482fbf0176de2dd7d |
| SHA256 | 3a6c98c1e9dd4f05bf6d241999519e0944703800fb779ed6f871b115097dcf10 |
| SHA512 | eabd14cc77ceb05427eae0c5d353cacd131450bc330ef211b84834969869de87085797b25777e43baea89f3f85c005a85bcd40119dd0cd33acf2252137513a4e |
memory/2712-14-0x0000000000400000-0x000000000045F000-memory.dmp
memory/2712-13-0x0000000000240000-0x0000000000243000-memory.dmp
memory/2712-12-0x0000000000400000-0x0000000000467000-memory.dmp
memory/2452-15-0x0000000000400000-0x0000000000467000-memory.dmp
memory/2452-16-0x0000000000400000-0x0000000000467000-memory.dmp
memory/2452-17-0x0000000001ED0000-0x0000000001F78000-memory.dmp
memory/2452-27-0x0000000001ED0000-0x0000000001F78000-memory.dmp
memory/2452-25-0x0000000001ED0000-0x0000000001F78000-memory.dmp
memory/2452-28-0x0000000000400000-0x0000000000467000-memory.dmp
memory/2452-23-0x0000000001ED0000-0x0000000001F78000-memory.dmp
memory/2452-21-0x0000000001ED0000-0x0000000001F78000-memory.dmp
memory/2452-19-0x0000000001ED0000-0x0000000001F78000-memory.dmp
memory/2452-29-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-31-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-33-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-43-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-61-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-81-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-80-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-79-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-78-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-77-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-75-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-74-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-73-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-72-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-71-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-70-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-69-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-68-0x00000000024E0000-0x0000000002596000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A7AE.tmp
| MD5 | 101ed8139d91a394044fe8f8b42eae7a |
| SHA1 | c7cf5775d2b8880cfff13039e2ba9f6c16e9030e |
| SHA256 | 5c7771ab0140df71bbda9b0c365139d6f7a497a1b801c87349c69bf36d4eebc9 |
| SHA512 | aac6b55af3d727fb309f84206a09475567ddb77c54d7f70913cbedf24495e73e274825ad701262dcdb5b29c86eb9f5b22773564629778d19ec08f7048aa34482 |
memory/2452-67-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-66-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-65-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-64-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-63-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-62-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-60-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-59-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-58-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-57-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-56-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-55-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-54-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-53-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-52-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-51-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-50-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-49-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-48-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-47-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-46-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-76-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-45-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-44-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-42-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-41-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-40-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-39-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-38-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-35-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-37-0x00000000024E0000-0x0000000002596000-memory.dmp
memory/2452-36-0x00000000024E0000-0x0000000002596000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A73A.tmp
| MD5 | 6b8e5c8973310c2fced323f99cfe80f2 |
| SHA1 | 4acdbf85db87d1ba9a20f8dedc18d17602d0f2f7 |
| SHA256 | 38e2efad7b9acb897104501471dd3a5f27b1606afebe0ed824b193505ee08f79 |
| SHA512 | 1941e04a5caf4894fe3a6e8bb79791ac8279725dbf02e67db0272011ae25303ddfb8957d73402b60de6ad1209f050c58e558d7a2444ed47cf4b7c6325eb557b6 |
C:\Users\Admin\AppData\Local\Temp\FD2A.tmp
| MD5 | 926512864979bc27cf187f1de3f57aff |
| SHA1 | acdeb9d6187932613c7fa08eaf28f0cd8116f4b5 |
| SHA256 | b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f |
| SHA512 | f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b |
C:\Users\Admin\AppData\Local\Temp\FD29.tmp
| MD5 | 7caa626d7c7852d18d24a528222a9bab |
| SHA1 | 13397ce75c6b3cc7e13d8e23450054eba62928d7 |
| SHA256 | d55d64bade6271373a71c9a8bcf70052f8f9009b04b6006978a2832b74af8e4b |
| SHA512 | 3e89e8837f89e0715a2ee4e4c17059a21a936df82734932f28bb7ee53bc599b4f00859db20609aadc7339ae2aad6dfe8485444ebd9de16136ccadbd8c9aeeaae |
C:\Users\Admin\AppData\Local\Temp\FDB8.tmp
| MD5 | 2a8f45bd741909364c048c1d3620478b |
| SHA1 | 1f0aaeb14e374721b34e974552ce10da5597851c |
| SHA256 | 12eccf99a4fa8b0fa615052e17e0ff021b7b8e97fb994be276b5b3acf5f2370f |
| SHA512 | 12977fa80123ff6393ffccda522b8d8bdbebd6c8db3f21ee5fdc267131b65d8762b95c75857ae6705c83256d888fbd6a7a9c53c384dbc447b8bbe0b19f3eaf61 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-19 21:25
Reported
2024-11-19 21:27
Platform
win10v2004-20241007-en
Max time kernel
111s
Max time network
121s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe," | C:\Windows\apppatch\svchost.exe | N/A |
Simda family
simda
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\apppatch\svchost.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\622216d3 = "F‰îQ_Ã\u0081z2è?ˆ«\x13O¸X¦h\bO\"\u009dšµø6~P\r;3}\x1c5\x1bCSî›\x18 ºY(knP\fËšÜJ0" | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\622216d3 = "F‰îQ_Ã\u0081z2è?ˆ«\x13O¸X¦h\bO\"\u009dšµø6~P\r;3}\x1c5\x1bCSî›\x18 ºY(knP\fËšÜJ0" | C:\Windows\apppatch\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
| File opened for modification | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\apppatch\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1116 wrote to memory of 1660 | N/A | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | C:\Windows\apppatch\svchost.exe |
| PID 1116 wrote to memory of 1660 | N/A | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | C:\Windows\apppatch\svchost.exe |
| PID 1116 wrote to memory of 1660 | N/A | C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe | C:\Windows\apppatch\svchost.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe
"C:\Users\Admin\AppData\Local\Temp\2b9ae335343202fce88a1f8875b2875afb9e7869a4439bf5db595147aa7b7118.exe"
C:\Windows\apppatch\svchost.exe
"C:\Windows\apppatch\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 95.100.195.132:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | puvyxil.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | lyryfyd.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | qegyqaq.com | udp |
| US | 8.8.8.8:53 | purydyv.com | udp |
| US | 8.8.8.8:53 | gacyzuz.com | udp |
| US | 8.8.8.8:53 | lygymoj.com | udp |
| US | 8.8.8.8:53 | vowydef.com | udp |
| US | 8.8.8.8:53 | qexylup.com | udp |
| US | 8.8.8.8:53 | pufymoq.com | udp |
| US | 8.8.8.8:53 | gaqydeb.com | udp |
| US | 8.8.8.8:53 | lyxylux.com | udp |
| US | 8.8.8.8:53 | vofymik.com | udp |
| US | 8.8.8.8:53 | qeqysag.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | lymysan.com | udp |
| US | 8.8.8.8:53 | volykyc.com | udp |
| US | 8.8.8.8:53 | qedynul.com | udp |
| US | 8.8.8.8:53 | pumypog.com | udp |
| US | 8.8.8.8:53 | galykes.com | udp |
| US | 8.8.8.8:53 | lysynur.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | qekykev.com | udp |
| US | 8.8.8.8:53 | pupybul.com | udp |
| US | 8.8.8.8:53 | ganypih.com | udp |
| US | 8.8.8.8:53 | lykyjad.com | udp |
| US | 8.8.8.8:53 | vopybyt.com | udp |
| US | 8.8.8.8:53 | qebytiq.com | udp |
| US | 8.8.8.8:53 | pujyjav.com | udp |
| US | 8.8.8.8:53 | gatyvyz.com | udp |
| US | 8.8.8.8:53 | lyvytuj.com | udp |
| US | 8.8.8.8:53 | vojyjof.com | udp |
| US | 8.8.8.8:53 | qetyvep.com | udp |
| US | 8.8.8.8:53 | puvytuq.com | udp |
| US | 8.8.8.8:53 | gahyhob.com | udp |
| US | 8.8.8.8:53 | lyryvex.com | udp |
| US | 8.8.8.8:53 | vocyruk.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | purycap.com | udp |
| US | 8.8.8.8:53 | gacyryw.com | udp |
| US | 8.8.8.8:53 | lygygin.com | udp |
| US | 8.8.8.8:53 | vowycac.com | udp |
| US | 8.8.8.8:53 | qexyryl.com | udp |
| US | 8.8.8.8:53 | pufygug.com | udp |
| US | 8.8.8.8:53 | gaqycos.com | udp |
| US | 8.8.8.8:53 | lyxywer.com | udp |
| US | 8.8.8.8:53 | vofygum.com | udp |
| US | 8.8.8.8:53 | qeqyxov.com | udp |
| US | 8.8.8.8:53 | puzywel.com | udp |
| US | 8.8.8.8:53 | gadyfuh.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | volyqat.com | udp |
| US | 8.8.8.8:53 | qedyfyq.com | udp |
| US | 8.8.8.8:53 | pumyxiv.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | qekyqop.com | udp |
| US | 8.8.8.8:53 | vonyzuf.com | udp |
| US | 8.8.8.8:53 | 132.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 208.100.26.245:80 | lyvyxor.com | tcp |
| NL | 85.17.31.82:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 99.83.170.3:80 | puzylyp.com | tcp |
| US | 44.221.84.105:80 | qetyfuv.com | tcp |
| US | 162.255.119.102:80 | gahyqah.com | tcp |
| US | 199.191.50.83:80 | galyqaz.com | tcp |
| US | 44.221.84.105:80 | qetyfuv.com | tcp |
| US | 18.208.156.248:80 | vonypom.com | tcp |
| US | 172.67.173.131:80 | qegyhig.com | tcp |
| US | 3.94.10.34:80 | lymyxid.com | tcp |
| US | 199.59.243.227:80 | vojyqem.com | tcp |
| US | 99.83.170.3:443 | puzylyp.com | tcp |
| US | 8.8.8.8:53 | www.gahyqah.com | udp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| DE | 91.195.240.19:80 | www.gahyqah.com | tcp |
| NL | 85.17.31.82:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 3.170.83.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.119.255.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.50.191.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.31.17.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.240.195.91.in-addr.arpa | udp |
| HK | 154.212.231.82:80 | gadyniw.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.231.212.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | ganyzub.com | udp |
| US | 8.8.8.8:53 | lykymox.com | udp |
| US | 8.8.8.8:53 | vopydek.com | udp |
| US | 8.8.8.8:53 | qebylug.com | udp |
| US | 8.8.8.8:53 | pujymip.com | udp |
| US | 8.8.8.8:53 | gatydaw.com | udp |
| US | 8.8.8.8:53 | lyvylyn.com | udp |
| US | 8.8.8.8:53 | vojymic.com | udp |
| US | 8.8.8.8:53 | qetysal.com | udp |
| US | 8.8.8.8:53 | puvylyg.com | udp |
| US | 8.8.8.8:53 | gahynus.com | udp |
| US | 8.8.8.8:53 | vocykem.com | udp |
| US | 8.8.8.8:53 | qegynuv.com | udp |
| US | 8.8.8.8:53 | purypol.com | udp |
| US | 8.8.8.8:53 | gacykeh.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | vowypit.com | udp |
| US | 8.8.8.8:53 | qexykaq.com | udp |
| US | 8.8.8.8:53 | pufybyv.com | udp |
| US | 8.8.8.8:53 | gaqypiz.com | udp |
| US | 8.8.8.8:53 | lyxyjaj.com | udp |
| US | 8.8.8.8:53 | vofybyf.com | udp |
| US | 8.8.8.8:53 | qeqytup.com | udp |
| US | 8.8.8.8:53 | puzyjoq.com | udp |
| US | 8.8.8.8:53 | gadyveb.com | udp |
| US | 8.8.8.8:53 | lymytux.com | udp |
| US | 8.8.8.8:53 | volyjok.com | udp |
| US | 8.8.8.8:53 | qedyveg.com | udp |
| US | 8.8.8.8:53 | pumytup.com | udp |
| US | 8.8.8.8:53 | galyhiw.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | vonyryc.com | udp |
| US | 8.8.8.8:53 | qekyhil.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 8.8.8.8:53 | ganyrys.com | udp |
| US | 8.8.8.8:53 | lykygur.com | udp |
| US | 8.8.8.8:53 | vopycom.com | udp |
| US | 8.8.8.8:53 | qebyrev.com | udp |
| US | 8.8.8.8:53 | pujygul.com | udp |
| US | 8.8.8.8:53 | gatycoh.com | udp |
| US | 8.8.8.8:53 | lyvywed.com | udp |
| US | 8.8.8.8:53 | qetyxiq.com | udp |
| US | 8.8.8.8:53 | puvywav.com | udp |
| US | 8.8.8.8:53 | gahyfyz.com | udp |
| US | 8.8.8.8:53 | lyryxij.com | udp |
| US | 8.8.8.8:53 | qegyfyp.com | udp |
| US | 8.8.8.8:53 | vocyqaf.com | udp |
| US | 8.8.8.8:53 | puryxuq.com | udp |
| US | 8.8.8.8:53 | gacyqob.com | udp |
| US | 8.8.8.8:53 | lygyfex.com | udp |
| US | 8.8.8.8:53 | vowyzuk.com | udp |
| US | 8.8.8.8:53 | qexyqog.com | udp |
| US | 8.8.8.8:53 | pufydep.com | udp |
| US | 8.8.8.8:53 | gaqyzuw.com | udp |
| US | 8.8.8.8:53 | lyxymin.com | udp |
| US | 8.8.8.8:53 | vofydac.com | udp |
| US | 8.8.8.8:53 | qeqylyl.com | udp |
| US | 8.8.8.8:53 | puzymig.com | udp |
| US | 8.8.8.8:53 | gadydas.com | udp |
| US | 8.8.8.8:53 | lymylyr.com | udp |
| US | 8.8.8.8:53 | volymum.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 172.67.136.136:80 | lysyvan.com | tcp |
| US | 13.248.169.48:80 | pupydeq.com | tcp |
| US | 18.208.156.248:80 | pupycag.com | tcp |
| US | 3.94.10.34:80 | lygynud.com | tcp |
| CN | 103.150.10.48:80 | lyrysor.com | tcp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
| US | 8.8.8.8:53 | 136.136.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 13.248.169.48:80 | pupydeq.com | tcp |
| CN | 103.150.10.48:80 | lyrysor.com | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qedysov.com | udp |
| US | 8.8.8.8:53 | pumylel.com | udp |
| US | 8.8.8.8:53 | galynuh.com | udp |
| US | 8.8.8.8:53 | lysysod.com | udp |
| US | 8.8.8.8:53 | vonyket.com | udp |
| US | 8.8.8.8:53 | qekynuq.com | udp |
| US | 8.8.8.8:53 | pupypiv.com | udp |
| US | 8.8.8.8:53 | ganykaz.com | udp |
| US | 8.8.8.8:53 | lykynyj.com | udp |
| US | 8.8.8.8:53 | vopypif.com | udp |
| US | 8.8.8.8:53 | qebykap.com | udp |
| US | 8.8.8.8:53 | pujybyq.com | udp |
| US | 8.8.8.8:53 | gatypub.com | udp |
| US | 8.8.8.8:53 | lyvyjox.com | udp |
| US | 8.8.8.8:53 | vojybek.com | udp |
| US | 8.8.8.8:53 | qetytug.com | udp |
| US | 8.8.8.8:53 | puvyjop.com | udp |
| US | 8.8.8.8:53 | gahyvew.com | udp |
| US | 8.8.8.8:53 | lyrytun.com | udp |
| US | 8.8.8.8:53 | vocyjic.com | udp |
| US | 8.8.8.8:53 | qegyval.com | udp |
| US | 8.8.8.8:53 | purytyg.com | udp |
| US | 8.8.8.8:53 | gacyhis.com | udp |
| US | 8.8.8.8:53 | lygyvar.com | udp |
| US | 8.8.8.8:53 | vowyrym.com | udp |
| US | 8.8.8.8:53 | qexyhuv.com | udp |
| US | 8.8.8.8:53 | pufycol.com | udp |
| US | 8.8.8.8:53 | gaqyreh.com | udp |
| US | 8.8.8.8:53 | lyxygud.com | udp |
| US | 8.8.8.8:53 | vofycot.com | udp |
| US | 8.8.8.8:53 | qeqyreq.com | udp |
| US | 8.8.8.8:53 | puzyguv.com | udp |
| US | 8.8.8.8:53 | lymywaj.com | udp |
| US | 8.8.8.8:53 | volygyf.com | udp |
| US | 8.8.8.8:53 | qedyxip.com | udp |
| US | 8.8.8.8:53 | gadyciz.com | udp |
| US | 8.8.8.8:53 | pumywaq.com | udp |
| US | 8.8.8.8:53 | galyfyb.com | udp |
| US | 8.8.8.8:53 | lysyxux.com | udp |
| US | 8.8.8.8:53 | vonyqok.com | udp |
| US | 8.8.8.8:53 | qekyfeg.com | udp |
| US | 8.8.8.8:53 | pupyxup.com | udp |
| US | 8.8.8.8:53 | ganyqow.com | udp |
| US | 8.8.8.8:53 | lykyfen.com | udp |
| US | 8.8.8.8:53 | vopyzuc.com | udp |
| US | 8.8.8.8:53 | qebyqil.com | udp |
| US | 8.8.8.8:53 | pujydag.com | udp |
| US | 8.8.8.8:53 | gatyzys.com | udp |
| US | 8.8.8.8:53 | lyvymir.com | udp |
| US | 8.8.8.8:53 | vojydam.com | udp |
| US | 8.8.8.8:53 | qetylyv.com | udp |
| US | 8.8.8.8:53 | puvymul.com | udp |
| US | 8.8.8.8:53 | gahydoh.com | udp |
| US | 8.8.8.8:53 | lyryled.com | udp |
| US | 8.8.8.8:53 | vocymut.com | udp |
| US | 8.8.8.8:53 | qegysoq.com | udp |
| US | 8.8.8.8:53 | purylev.com | udp |
| US | 8.8.8.8:53 | gacynuz.com | udp |
| US | 8.8.8.8:53 | lygysij.com | udp |
| US | 8.8.8.8:53 | vowykaf.com | udp |
| US | 8.8.8.8:53 | qexynyp.com | udp |
| US | 8.8.8.8:53 | pufypiq.com | udp |
| US | 8.8.8.8:53 | gaqykab.com | udp |
| US | 8.8.8.8:53 | lyxynyx.com | udp |
| US | 8.8.8.8:53 | qexyhuv.com | udp |
| US | 8.8.8.8:53 | galynuh.com | udp |
| US | 64.225.91.73:80 | galynuh.com | tcp |
| US | 8.8.8.8:53 | lyxynyx.com | udp |
| US | 76.223.67.189:80 | qexyhuv.com | tcp |
| US | 8.8.8.8:53 | vofycot.com | udp |
| US | 8.8.8.8:53 | gadyciz.com | udp |
| US | 8.8.8.8:53 | qegyval.com | udp |
| US | 103.224.212.210:80 | lyxynyx.com | tcp |
| US | 103.224.182.252:80 | vofycot.com | tcp |
| US | 44.221.84.105:80 | gadyciz.com | tcp |
| HK | 154.85.183.50:80 | qegyval.com | tcp |
| US | 8.8.8.8:53 | ww25.lyxynyx.com | udp |
| US | 8.8.8.8:53 | ww16.vofycot.com | udp |
| DE | 64.190.63.136:80 | ww16.vofycot.com | tcp |
| US | 199.59.243.227:80 | ww25.lyxynyx.com | tcp |
| US | 8.8.8.8:53 | 189.67.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.91.225.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.182.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.183.85.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 76.223.67.189:80 | qexyhuv.com | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vofypuk.com | udp |
| US | 8.8.8.8:53 | qeqykog.com | udp |
| US | 8.8.8.8:53 | puzybep.com | udp |
| US | 8.8.8.8:53 | gadypuw.com | udp |
| US | 8.8.8.8:53 | lymyjon.com | udp |
| US | 8.8.8.8:53 | volybec.com | udp |
| US | 8.8.8.8:53 | pumyjig.com | udp |
| US | 8.8.8.8:53 | galyvas.com | udp |
| US | 8.8.8.8:53 | lysytyr.com | udp |
| US | 8.8.8.8:53 | vonyjim.com | udp |
| US | 8.8.8.8:53 | qekyvav.com | udp |
| US | 8.8.8.8:53 | pupytyl.com | udp |
| US | 8.8.8.8:53 | ganyhuh.com | udp |
| US | 8.8.8.8:53 | lykyvod.com | udp |
| US | 8.8.8.8:53 | vopyret.com | udp |
| US | 8.8.8.8:53 | qebyhuq.com | udp |
| US | 8.8.8.8:53 | pujycov.com | udp |
| US | 8.8.8.8:53 | gatyrez.com | udp |
| US | 8.8.8.8:53 | lyvyguj.com | udp |
| US | 8.8.8.8:53 | vojycif.com | udp |
| US | 8.8.8.8:53 | qetyrap.com | udp |
| US | 8.8.8.8:53 | puvygyq.com | udp |
| US | 8.8.8.8:53 | gahycib.com | udp |
| US | 8.8.8.8:53 | lyrywax.com | udp |
| US | 8.8.8.8:53 | vocygyk.com | udp |
| US | 8.8.8.8:53 | qegyxug.com | udp |
| US | 8.8.8.8:53 | purywop.com | udp |
| US | 8.8.8.8:53 | gacyfew.com | udp |
| US | 8.8.8.8:53 | lygyxun.com | udp |
| US | 8.8.8.8:53 | vowyqoc.com | udp |
| US | 8.8.8.8:53 | qexyfel.com | udp |
| US | 8.8.8.8:53 | pufyxug.com | udp |
| US | 8.8.8.8:53 | gaqyqis.com | udp |
| US | 8.8.8.8:53 | lyxyfar.com | udp |
| US | 8.8.8.8:53 | vofyzym.com | udp |
| US | 8.8.8.8:53 | qeqyqiv.com | udp |
| US | 8.8.8.8:53 | puzydal.com | udp |
| US | 8.8.8.8:53 | gadyzyh.com | udp |
| US | 8.8.8.8:53 | lymymud.com | udp |
| US | 8.8.8.8:53 | volydot.com | udp |
| US | 8.8.8.8:53 | qedyleq.com | udp |
| US | 8.8.8.8:53 | pumymuv.com | udp |
| US | 8.8.8.8:53 | galydoz.com | udp |
| US | 8.8.8.8:53 | lysylej.com | udp |
| US | 8.8.8.8:53 | vonymuf.com | udp |
| US | 8.8.8.8:53 | qekysip.com | udp |
| US | 8.8.8.8:53 | pupylaq.com | udp |
| US | 8.8.8.8:53 | ganynyb.com | udp |
| US | 8.8.8.8:53 | lykysix.com | udp |
| US | 8.8.8.8:53 | vopykak.com | udp |
| US | 8.8.8.8:53 | qebynyg.com | udp |
| US | 8.8.8.8:53 | pujypup.com | udp |
| US | 8.8.8.8:53 | gatykow.com | udp |
| US | 8.8.8.8:53 | lyvynen.com | udp |
| US | 8.8.8.8:53 | vojypuc.com | udp |
| US | 8.8.8.8:53 | qetykol.com | udp |
| US | 8.8.8.8:53 | puvybeg.com | udp |
| US | 8.8.8.8:53 | gahypus.com | udp |
| US | 8.8.8.8:53 | vocybam.com | udp |
| US | 8.8.8.8:53 | qegytyv.com | udp |
| US | 8.8.8.8:53 | puryjil.com | udp |
| US | 8.8.8.8:53 | gacyvah.com | udp |
| US | 8.8.8.8:53 | lyryjir.com | udp |
| US | 8.8.8.8:53 | lygytyd.com | udp |
| US | 8.8.8.8:53 | vowyjut.com | udp |
| US | 8.8.8.8:53 | qexyvoq.com | udp |
| US | 8.8.8.8:53 | pufytev.com | udp |
| US | 8.8.8.8:53 | gaqyhuz.com | udp |
| US | 8.8.8.8:53 | lyxyvoj.com | udp |
| US | 8.8.8.8:53 | vofyref.com | udp |
| US | 8.8.8.8:53 | qeqyhup.com | udp |
| US | 8.8.8.8:53 | puzyciq.com | udp |
| US | 8.8.8.8:53 | gadyrab.com | udp |
| US | 8.8.8.8:53 | lymygyx.com | udp |
| US | 8.8.8.8:53 | volycik.com | udp |
| US | 8.8.8.8:53 | qedyrag.com | udp |
| US | 8.8.8.8:53 | pumygyp.com | udp |
| US | 8.8.8.8:53 | galycuw.com | udp |
| US | 8.8.8.8:53 | lysywon.com | udp |
| US | 8.8.8.8:53 | vonygec.com | udp |
| US | 8.8.8.8:53 | qekyxul.com | udp |
| US | 8.8.8.8:53 | pupywog.com | udp |
| US | 8.8.8.8:53 | ganyfes.com | udp |
| US | 8.8.8.8:53 | lykyxur.com | udp |
| US | 8.8.8.8:53 | vopyqim.com | udp |
| US | 8.8.8.8:53 | qebyfav.com | udp |
| US | 8.8.8.8:53 | pujyxyl.com | udp |
| US | 8.8.8.8:53 | gatyqih.com | udp |
| US | 8.8.8.8:53 | lyvyfad.com | udp |
| US | 8.8.8.8:53 | vojyzyt.com | udp |
| US | 8.8.8.8:53 | puvydov.com | udp |
| US | 8.8.8.8:53 | gahyzez.com | udp |
| US | 8.8.8.8:53 | lyrymuj.com | udp |
| US | 8.8.8.8:53 | vocydof.com | udp |
| US | 8.8.8.8:53 | qegylep.com | udp |
| US | 8.8.8.8:53 | purymuq.com | udp |
| US | 8.8.8.8:53 | gacydib.com | udp |
| US | 8.8.8.8:53 | lygylax.com | udp |
| US | 8.8.8.8:53 | vowymyk.com | udp |
| US | 8.8.8.8:53 | qexysig.com | udp |
| US | 8.8.8.8:53 | pufylap.com | udp |
| US | 8.8.8.8:53 | gaqynyw.com | udp |
| US | 8.8.8.8:53 | lyxysun.com | udp |
| US | 8.8.8.8:53 | vofykoc.com | udp |
| US | 8.8.8.8:53 | qeqynel.com | udp |
| US | 8.8.8.8:53 | puzypug.com | udp |
| US | 8.8.8.8:53 | gadykos.com | udp |
| US | 8.8.8.8:53 | lymyner.com | udp |
| US | 8.8.8.8:53 | volypum.com | udp |
| US | 8.8.8.8:53 | pumybal.com | udp |
| US | 8.8.8.8:53 | qedykiv.com | udp |
| US | 8.8.8.8:53 | galypyh.com | udp |
| US | 8.8.8.8:53 | lysyjid.com | udp |
| US | 8.8.8.8:53 | qekytyq.com | udp |
| US | 8.8.8.8:53 | vonybat.com | udp |
| US | 8.8.8.8:53 | pupyjuv.com | udp |
| US | 8.8.8.8:53 | ganyvoz.com | udp |
| US | 8.8.8.8:53 | lykytej.com | udp |
| US | 8.8.8.8:53 | vopyjuf.com | udp |
| US | 8.8.8.8:53 | qebyvop.com | udp |
| US | 8.8.8.8:53 | pujyteq.com | udp |
| US | 8.8.8.8:53 | lyvyvix.com | udp |
| US | 8.8.8.8:53 | vojyrak.com | udp |
| US | 8.8.8.8:53 | gatyhub.com | udp |
| US | 8.8.8.8:53 | qetyhyg.com | udp |
| US | 8.8.8.8:53 | puvycip.com | udp |
| US | 8.8.8.8:53 | gatyhub.com | udp |
| US | 8.8.8.8:53 | qetyhyg.com | udp |
| US | 72.52.179.174:80 | gatyhub.com | tcp |
| US | 64.225.91.73:80 | qetyhyg.com | tcp |
| US | 72.52.179.174:80 | gatyhub.com | tcp |
| US | 8.8.8.8:53 | gahyraw.com | udp |
| US | 8.8.8.8:53 | lyrygyn.com | udp |
| US | 8.8.8.8:53 | vocycuc.com | udp |
| US | 8.8.8.8:53 | qegyrol.com | udp |
| US | 8.8.8.8:53 | purygeg.com | udp |
| US | 8.8.8.8:53 | gacycus.com | udp |
| US | 8.8.8.8:53 | lygywor.com | udp |
| US | 8.8.8.8:53 | vowygem.com | udp |
| US | 8.8.8.8:53 | qexyxuv.com | udp |
| US | 8.8.8.8:53 | pufywil.com | udp |
| US | 8.8.8.8:53 | gaqyfah.com | udp |
| US | 8.8.8.8:53 | lyxyxyd.com | udp |
| US | 8.8.8.8:53 | vofyqit.com | udp |
| US | 8.8.8.8:53 | qeqyfaq.com | udp |
| US | 8.8.8.8:53 | puzyxyv.com | udp |
| US | 8.8.8.8:53 | gadyquz.com | udp |
| US | 8.8.8.8:53 | lymyfoj.com | udp |
| US | 8.8.8.8:53 | volyzef.com | udp |
| US | 8.8.8.8:53 | qedyqup.com | udp |
| US | 8.8.8.8:53 | pumydoq.com | udp |
| US | 8.8.8.8:53 | galyzeb.com | udp |
| US | 8.8.8.8:53 | lysymux.com | udp |
| US | 8.8.8.8:53 | vonydik.com | udp |
| US | 8.8.8.8:53 | qekylag.com | udp |
| US | 8.8.8.8:53 | pupymyp.com | udp |
| US | 8.8.8.8:53 | ganydiw.com | udp |
| US | 8.8.8.8:53 | lykylan.com | udp |
| US | 8.8.8.8:53 | vopymyc.com | udp |
| US | 8.8.8.8:53 | qebysul.com | udp |
| US | 8.8.8.8:53 | pujylog.com | udp |
| US | 8.8.8.8:53 | gatynes.com | udp |
| US | 8.8.8.8:53 | lyvysur.com | udp |
| US | 8.8.8.8:53 | vojykom.com | udp |
| US | 8.8.8.8:53 | qetynev.com | udp |
| US | 8.8.8.8:53 | gahykih.com | udp |
| US | 8.8.8.8:53 | vocypyt.com | udp |
| US | 8.8.8.8:53 | lyrynad.com | udp |
| US | 8.8.8.8:53 | purybav.com | udp |
| US | 8.8.8.8:53 | gacypyz.com | udp |
| US | 8.8.8.8:53 | vowybof.com | udp |
| US | 8.8.8.8:53 | lygyjuj.com | udp |
| US | 8.8.8.8:53 | pufyjuq.com | udp |
| US | 8.8.8.8:53 | gaqyvob.com | udp |
| US | 8.8.8.8:53 | qexytep.com | udp |
| US | 8.8.8.8:53 | lyxytex.com | udp |
| US | 8.8.8.8:53 | vofyjuk.com | udp |
| US | 8.8.8.8:53 | qeqyvig.com | udp |
| US | 8.8.8.8:53 | puzytap.com | udp |
| US | 8.8.8.8:53 | gadyhyw.com | udp |
| US | 8.8.8.8:53 | lymyvin.com | udp |
| US | 8.8.8.8:53 | volyrac.com | udp |
| US | 8.8.8.8:53 | qedyhyl.com | udp |
| US | 8.8.8.8:53 | galyros.com | udp |
| US | 8.8.8.8:53 | pumycug.com | udp |
| US | 8.8.8.8:53 | lysyger.com | udp |
| US | 8.8.8.8:53 | vonycum.com | udp |
| US | 8.8.8.8:53 | qekyrov.com | udp |
| US | 8.8.8.8:53 | pupygel.com | udp |
| US | 8.8.8.8:53 | ganycuh.com | udp |
| US | 8.8.8.8:53 | vopygat.com | udp |
| US | 8.8.8.8:53 | qebyxyq.com | udp |
| US | 8.8.8.8:53 | lykywid.com | udp |
| US | 8.8.8.8:53 | pujywiv.com | udp |
| US | 8.8.8.8:53 | gatyfaz.com | udp |
| US | 8.8.8.8:53 | lyvyxyj.com | udp |
| US | 8.8.8.8:53 | vojyquf.com | udp |
| US | 8.8.8.8:53 | qetyfop.com | udp |
| US | 8.8.8.8:53 | puvyxeq.com | udp |
| US | 8.8.8.8:53 | gahyqub.com | udp |
| US | 8.8.8.8:53 | lyryfox.com | udp |
| US | 8.8.8.8:53 | vocyzek.com | udp |
| US | 8.8.8.8:53 | purydip.com | udp |
| US | 8.8.8.8:53 | lygymyn.com | udp |
| US | 8.8.8.8:53 | vowydic.com | udp |
| US | 8.8.8.8:53 | qexylal.com | udp |
| US | 8.8.8.8:53 | pufymyg.com | udp |
| US | 8.8.8.8:53 | gaqydus.com | udp |
| US | 8.8.8.8:53 | lyxylor.com | udp |
| US | 8.8.8.8:53 | vofymem.com | udp |
| US | 8.8.8.8:53 | qeqysuv.com | udp |
| US | 8.8.8.8:53 | puzylol.com | udp |
| US | 8.8.8.8:53 | gadyneh.com | udp |
| US | 8.8.8.8:53 | lymysud.com | udp |
| US | 8.8.8.8:53 | volykit.com | udp |
| US | 8.8.8.8:53 | qedynaq.com | udp |
| US | 8.8.8.8:53 | pumypyv.com | udp |
| US | 8.8.8.8:53 | galykiz.com | udp |
| US | 8.8.8.8:53 | lysynaj.com | udp |
| US | 8.8.8.8:53 | vonypyf.com | udp |
| US | 8.8.8.8:53 | qekykup.com | udp |
| US | 8.8.8.8:53 | pupyboq.com | udp |
| US | 8.8.8.8:53 | ganypeb.com | udp |
| US | 8.8.8.8:53 | lykyjux.com | udp |
| US | 8.8.8.8:53 | vopybok.com | udp |
| US | 8.8.8.8:53 | qebyteg.com | udp |
| US | 8.8.8.8:53 | pujyjup.com | udp |
| US | 8.8.8.8:53 | gatyviw.com | udp |
| US | 8.8.8.8:53 | lyvytan.com | udp |
| US | 8.8.8.8:53 | vojyjyc.com | udp |
| US | 8.8.8.8:53 | qetyvil.com | udp |
| US | 8.8.8.8:53 | gahyhys.com | udp |
| US | 8.8.8.8:53 | lyryvur.com | udp |
| US | 8.8.8.8:53 | vocyrom.com | udp |
| US | 8.8.8.8:53 | qegyhev.com | udp |
| US | 8.8.8.8:53 | purycul.com | udp |
| US | 8.8.8.8:53 | gacyroh.com | udp |
| US | 8.8.8.8:53 | lygyged.com | udp |
| US | 8.8.8.8:53 | vowycut.com | udp |
| US | 8.8.8.8:53 | qexyriq.com | udp |
| US | 8.8.8.8:53 | pufygav.com | udp |
| US | 8.8.8.8:53 | gaqycyz.com | udp |
| US | 8.8.8.8:53 | lyxywij.com | udp |
| US | 8.8.8.8:53 | vofygaf.com | udp |
| US | 8.8.8.8:53 | qeqyxyp.com | udp |
| US | 8.8.8.8:53 | puzywuq.com | udp |
| US | 8.8.8.8:53 | gadyfob.com | udp |
| US | 8.8.8.8:53 | lymyxex.com | udp |
| US | 8.8.8.8:53 | volyquk.com | udp |
| US | 8.8.8.8:53 | pumyxep.com | udp |
| US | 8.8.8.8:53 | qedyfog.com | udp |
| US | 8.8.8.8:53 | galyquw.com | udp |
| US | 8.8.8.8:53 | vonyzac.com | udp |
| US | 8.8.8.8:53 | qekyqyl.com | udp |
| US | 8.8.8.8:53 | pupydig.com | udp |
| US | 8.8.8.8:53 | ganyzas.com | udp |
| US | 8.8.8.8:53 | lykymyr.com | udp |
| US | 8.8.8.8:53 | vopydum.com | udp |
| US | 8.8.8.8:53 | qebylov.com | udp |
| US | 8.8.8.8:53 | pujymel.com | udp |
| US | 8.8.8.8:53 | gatyduh.com | udp |
| US | 8.8.8.8:53 | lyvylod.com | udp |
| US | 8.8.8.8:53 | vojymet.com | udp |
| US | 8.8.8.8:53 | qetysuq.com | udp |
| US | 8.8.8.8:53 | puvyliv.com | udp |
| US | 8.8.8.8:53 | gahynaz.com | udp |
| US | 8.8.8.8:53 | lyrysyj.com | udp |
| US | 8.8.8.8:53 | vocykif.com | udp |
| US | 8.8.8.8:53 | qegynap.com | udp |
| US | 8.8.8.8:53 | purypyq.com | udp |
| US | 8.8.8.8:53 | gacykub.com | udp |
| US | 8.8.8.8:53 | lygynox.com | udp |
| US | 8.8.8.8:53 | vowypek.com | udp |
| US | 8.8.8.8:53 | qexykug.com | udp |
| US | 8.8.8.8:53 | pufybop.com | udp |
| US | 8.8.8.8:53 | gaqypew.com | udp |
| US | 8.8.8.8:53 | lyxyjun.com | udp |
| US | 8.8.8.8:53 | vofybic.com | udp |
| US | 8.8.8.8:53 | qeqytal.com | udp |
| US | 8.8.8.8:53 | gadyvis.com | udp |
| US | 8.8.8.8:53 | lymytar.com | udp |
| US | 8.8.8.8:53 | volyjym.com | udp |
| US | 8.8.8.8:53 | qedyvuv.com | udp |
| US | 8.8.8.8:53 | pumytol.com | udp |
| US | 8.8.8.8:53 | galyheh.com | udp |
| US | 8.8.8.8:53 | lysyvud.com | udp |
| US | 8.8.8.8:53 | vonyrot.com | udp |
| US | 8.8.8.8:53 | qekyheq.com | udp |
| US | 8.8.8.8:53 | pupycuv.com | udp |
| US | 8.8.8.8:53 | ganyriz.com | udp |
| US | 8.8.8.8:53 | vopycyf.com | udp |
| US | 8.8.8.8:53 | qebyrip.com | udp |
| US | 8.8.8.8:53 | pujygaq.com | udp |
| US | 8.8.8.8:53 | gatycyb.com | udp |
| US | 8.8.8.8:53 | lyvywux.com | udp |
| US | 8.8.8.8:53 | vojygok.com | udp |
| US | 8.8.8.8:53 | qetyxeg.com | udp |
| US | 8.8.8.8:53 | puvywup.com | udp |
| US | 8.8.8.8:53 | gahyfow.com | udp |
| US | 8.8.8.8:53 | lyryxen.com | udp |
| US | 8.8.8.8:53 | vocyquc.com | udp |
| US | 8.8.8.8:53 | qegyfil.com | udp |
| US | 8.8.8.8:53 | puryxag.com | udp |
| US | 8.8.8.8:53 | gacyqys.com | udp |
| US | 8.8.8.8:53 | lygyfir.com | udp |
| US | 8.8.8.8:53 | vowyzam.com | udp |
| US | 8.8.8.8:53 | qexyqyv.com | udp |
| US | 8.8.8.8:53 | pufydul.com | udp |
| US | 8.8.8.8:53 | gaqyzoh.com | udp |
| US | 8.8.8.8:53 | lyxymed.com | udp |
| US | 8.8.8.8:53 | vofydut.com | udp |
| US | 8.8.8.8:53 | qeqyloq.com | udp |
| US | 8.8.8.8:53 | gadyduz.com | udp |
| US | 8.8.8.8:53 | lymylij.com | udp |
| US | 8.8.8.8:53 | puzymev.com | udp |
| US | 8.8.8.8:53 | volymaf.com | udp |
| US | 8.8.8.8:53 | qedysyp.com | udp |
| US | 8.8.8.8:53 | pumyliq.com | udp |
| US | 8.8.8.8:53 | galynab.com | udp |
| US | 8.8.8.8:53 | lysysyx.com | udp |
| US | 8.8.8.8:53 | vonykuk.com | udp |
| US | 8.8.8.8:53 | qekynog.com | udp |
| US | 8.8.8.8:53 | pupypep.com | udp |
| US | 8.8.8.8:53 | ganykuw.com | udp |
| US | 8.8.8.8:53 | lykynon.com | udp |
| US | 8.8.8.8:53 | qebykul.com | udp |
| US | 8.8.8.8:53 | pujybig.com | udp |
| US | 8.8.8.8:53 | gatypas.com | udp |
| US | 8.8.8.8:53 | lyvyjyr.com | udp |
| US | 8.8.8.8:53 | vojybim.com | udp |
| US | 8.8.8.8:53 | qetytav.com | udp |
| US | 8.8.8.8:53 | puvyjyl.com | udp |
| US | 8.8.8.8:53 | gahyvuh.com | udp |
| US | 8.8.8.8:53 | lyrytod.com | udp |
| US | 8.8.8.8:53 | vocyjet.com | udp |
| US | 8.8.8.8:53 | qegyvuq.com | udp |
| US | 8.8.8.8:53 | purytov.com | udp |
| US | 8.8.8.8:53 | gacyhez.com | udp |
| US | 8.8.8.8:53 | lygyvuj.com | udp |
| US | 8.8.8.8:53 | vowyrif.com | udp |
| US | 8.8.8.8:53 | qexyhap.com | udp |
| US | 8.8.8.8:53 | pufycyq.com | udp |
| US | 8.8.8.8:53 | gaqyrib.com | udp |
| US | 8.8.8.8:53 | lyxygax.com | udp |
| US | 8.8.8.8:53 | vofycyk.com | udp |
| US | 8.8.8.8:53 | qeqyrug.com | udp |
| US | 8.8.8.8:53 | puzygop.com | udp |
| US | 8.8.8.8:53 | gadycew.com | udp |
| US | 8.8.8.8:53 | lymywun.com | udp |
| US | 8.8.8.8:53 | volygoc.com | udp |
| US | 8.8.8.8:53 | qedyxel.com | udp |
| US | 8.8.8.8:53 | pumywug.com | udp |
| US | 8.8.8.8:53 | galyfis.com | udp |
| US | 8.8.8.8:53 | lysyxar.com | udp |
| US | 8.8.8.8:53 | vonyqym.com | udp |
| US | 8.8.8.8:53 | qekyfiv.com | udp |
| US | 8.8.8.8:53 | pupyxal.com | udp |
| US | 8.8.8.8:53 | ganyqyh.com | udp |
| US | 8.8.8.8:53 | lykyfud.com | udp |
| US | 8.8.8.8:53 | vopyzot.com | udp |
| US | 8.8.8.8:53 | qebyqeq.com | udp |
| US | 8.8.8.8:53 | gatyzoz.com | udp |
| US | 8.8.8.8:53 | lyvymej.com | udp |
| US | 8.8.8.8:53 | vojyduf.com | udp |
| US | 8.8.8.8:53 | qetylip.com | udp |
| US | 8.8.8.8:53 | puvymaq.com | udp |
| US | 8.8.8.8:53 | gahydyb.com | udp |
| US | 8.8.8.8:53 | lyrylix.com | udp |
| US | 8.8.8.8:53 | vocymak.com | udp |
| US | 8.8.8.8:53 | qegysyg.com | udp |
| US | 8.8.8.8:53 | purylup.com | udp |
| US | 8.8.8.8:53 | gacynow.com | udp |
| US | 8.8.8.8:53 | lygysen.com | udp |
| US | 8.8.8.8:53 | vowykuc.com | udp |
| US | 8.8.8.8:53 | qexynol.com | udp |
| US | 8.8.8.8:53 | pufypeg.com | udp |
| US | 8.8.8.8:53 | gaqykus.com | udp |
| US | 8.8.8.8:53 | 174.179.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lygyvuj.com | udp |
| US | 52.34.198.229:80 | lygyvuj.com | tcp |
| US | 8.8.8.8:53 | lyxynir.com | udp |
| US | 8.8.8.8:53 | vofypam.com | udp |
| US | 8.8.8.8:53 | qeqykyv.com | udp |
| US | 8.8.8.8:53 | gadypah.com | udp |
| US | 8.8.8.8:53 | lymyjyd.com | udp |
| US | 8.8.8.8:53 | volybut.com | udp |
| US | 8.8.8.8:53 | qedytoq.com | udp |
| US | 8.8.8.8:53 | pumyjev.com | udp |
| US | 8.8.8.8:53 | galyvuz.com | udp |
| US | 8.8.8.8:53 | lysytoj.com | udp |
| US | 8.8.8.8:53 | vonyjef.com | udp |
| US | 8.8.8.8:53 | qekyvup.com | udp |
| US | 8.8.8.8:53 | pupytiq.com | udp |
| US | 8.8.8.8:53 | ganyhab.com | udp |
| US | 8.8.8.8:53 | lykyvyx.com | udp |
| US | 8.8.8.8:53 | vopyrik.com | udp |
| US | 8.8.8.8:53 | qebyhag.com | udp |
| US | 8.8.8.8:53 | pujycyp.com | udp |
| US | 8.8.8.8:53 | gatyruw.com | udp |
| US | 8.8.8.8:53 | lyvygon.com | udp |
| US | 8.8.8.8:53 | vojycec.com | udp |
| US | 8.8.8.8:53 | qetyrul.com | udp |
| US | 8.8.8.8:53 | puvygog.com | udp |
| US | 8.8.8.8:53 | gahyces.com | udp |
| US | 8.8.8.8:53 | lyrywur.com | udp |
| US | 8.8.8.8:53 | vocygim.com | udp |
| US | 8.8.8.8:53 | qegyxav.com | udp |
| US | 8.8.8.8:53 | purywyl.com | udp |
| US | 8.8.8.8:53 | gacyfih.com | udp |
| US | 8.8.8.8:53 | lygyxad.com | udp |
| US | 8.8.8.8:53 | qexyfuq.com | udp |
| US | 8.8.8.8:53 | pufyxov.com | udp |
| US | 8.8.8.8:53 | gaqyqez.com | udp |
| US | 8.8.8.8:53 | lyxyfuj.com | udp |
| US | 8.8.8.8:53 | vofyzof.com | udp |
| US | 8.8.8.8:53 | qeqyqep.com | udp |
| US | 8.8.8.8:53 | puzyduq.com | udp |
| US | 8.8.8.8:53 | gadyzib.com | udp |
| US | 8.8.8.8:53 | lymymax.com | udp |
| US | 8.8.8.8:53 | volydyk.com | udp |
| US | 8.8.8.8:53 | qedylig.com | udp |
| US | 8.8.8.8:53 | pumymap.com | udp |
| US | 8.8.8.8:53 | galydyw.com | udp |
| US | 8.8.8.8:53 | qekysel.com | udp |
| US | 8.8.8.8:53 | vonymoc.com | udp |
| US | 8.8.8.8:53 | pupylug.com | udp |
| US | 8.8.8.8:53 | ganynos.com | udp |
| US | 8.8.8.8:53 | lykyser.com | udp |
| US | 8.8.8.8:53 | vopykum.com | udp |
| US | 8.8.8.8:53 | qebyniv.com | udp |
| US | 8.8.8.8:53 | pujypal.com | udp |
| US | 8.8.8.8:53 | gatykyh.com | udp |
| US | 8.8.8.8:53 | lyvynid.com | udp |
| US | 8.8.8.8:53 | qetykyq.com | udp |
| US | 8.8.8.8:53 | gahypoz.com | udp |
| US | 8.8.8.8:53 | vocybuf.com | udp |
| US | 8.8.8.8:53 | qegytop.com | udp |
| US | 8.8.8.8:53 | puryjeq.com | udp |
| US | 8.8.8.8:53 | lyryjej.com | udp |
| US | 8.8.8.8:53 | gacyvub.com | udp |
| US | 8.8.8.8:53 | lygytix.com | udp |
| US | 8.8.8.8:53 | vowyjak.com | udp |
| US | 8.8.8.8:53 | qexyvyg.com | udp |
| US | 8.8.8.8:53 | pufytip.com | udp |
| US | 8.8.8.8:53 | gaqyhaw.com | udp |
| US | 8.8.8.8:53 | lyxyvyn.com | udp |
| US | 8.8.8.8:53 | vofyruc.com | udp |
| US | 8.8.8.8:53 | qeqyhol.com | udp |
| US | 8.8.8.8:53 | puzyceg.com | udp |
| US | 8.8.8.8:53 | gadyrus.com | udp |
| US | 8.8.8.8:53 | lymygor.com | udp |
| US | 8.8.8.8:53 | volycem.com | udp |
| US | 8.8.8.8:53 | qedyruv.com | udp |
| US | 8.8.8.8:53 | pumygil.com | udp |
| US | 8.8.8.8:53 | galycah.com | udp |
| US | 8.8.8.8:53 | lysywyd.com | udp |
| US | 8.8.8.8:53 | vonygit.com | udp |
| US | 8.8.8.8:53 | qekyxaq.com | udp |
| US | 8.8.8.8:53 | pupywyv.com | udp |
| US | 8.8.8.8:53 | ganyfuz.com | udp |
| US | 8.8.8.8:53 | lykyxoj.com | udp |
| US | 8.8.8.8:53 | vopyqef.com | udp |
| US | 8.8.8.8:53 | qebyfup.com | udp |
| US | 8.8.8.8:53 | pujyxoq.com | udp |
| US | 8.8.8.8:53 | gatyqeb.com | udp |
| US | 8.8.8.8:53 | lyvyfux.com | udp |
| US | 8.8.8.8:53 | vojyzik.com | udp |
| US | 8.8.8.8:53 | qetyqag.com | udp |
| US | 8.8.8.8:53 | puvydyp.com | udp |
| US | 8.8.8.8:53 | gahyziw.com | udp |
| US | 8.8.8.8:53 | lyryman.com | udp |
| US | 8.8.8.8:53 | vocydyc.com | udp |
| US | 8.8.8.8:53 | qegylul.com | udp |
| US | 8.8.8.8:53 | purymog.com | udp |
| US | 8.8.8.8:53 | gacydes.com | udp |
| US | 8.8.8.8:53 | lygylur.com | udp |
| US | 8.8.8.8:53 | vowymom.com | udp |
| US | 8.8.8.8:53 | qexysev.com | udp |
| US | 8.8.8.8:53 | pufylul.com | udp |
| US | 8.8.8.8:53 | gaqynih.com | udp |
| US | 8.8.8.8:53 | lyxysad.com | udp |
| US | 8.8.8.8:53 | vofykyt.com | udp |
| US | 8.8.8.8:53 | qeqyniq.com | udp |
| US | 8.8.8.8:53 | puzypav.com | udp |
| US | 8.8.8.8:53 | gadykyz.com | udp |
| US | 8.8.8.8:53 | lymynuj.com | udp |
| US | 8.8.8.8:53 | 229.198.34.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | volypof.com | udp |
| US | 8.8.8.8:53 | qedykep.com | udp |
| US | 8.8.8.8:53 | pumybuq.com | udp |
| US | 8.8.8.8:53 | galypob.com | udp |
| US | 8.8.8.8:53 | lysyjex.com | udp |
| US | 8.8.8.8:53 | vonybuk.com | udp |
| US | 8.8.8.8:53 | qekytig.com | udp |
| US | 8.8.8.8:53 | pupyjap.com | udp |
| US | 8.8.8.8:53 | ganyvyw.com | udp |
| US | 8.8.8.8:53 | lykytin.com | udp |
| US | 8.8.8.8:53 | vopyjac.com | udp |
| US | 8.8.8.8:53 | qebyvyl.com | udp |
| US | 8.8.8.8:53 | pujytug.com | udp |
| US | 8.8.8.8:53 | gatyhos.com | udp |
| US | 8.8.8.8:53 | lyvyver.com | udp |
| US | 8.8.8.8:53 | vojyrum.com | udp |
| US | 8.8.8.8:53 | qetyhov.com | udp |
| US | 8.8.8.8:53 | puvycel.com | udp |
| US | 8.8.8.8:53 | vocycat.com | udp |
| US | 8.8.8.8:53 | qegyryq.com | udp |
| US | 8.8.8.8:53 | purygiv.com | udp |
| US | 8.8.8.8:53 | gacycaz.com | udp |
| US | 8.8.8.8:53 | lygywyj.com | udp |
| US | 8.8.8.8:53 | vowyguf.com | udp |
| US | 8.8.8.8:53 | qexyxop.com | udp |
| US | 8.8.8.8:53 | pufyweq.com | udp |
| US | 8.8.8.8:53 | gaqyfub.com | udp |
| US | 8.8.8.8:53 | lyxyxox.com | udp |
| US | 8.8.8.8:53 | vofyqek.com | udp |
| US | 8.8.8.8:53 | qeqyfug.com | udp |
| US | 8.8.8.8:53 | puzyxip.com | udp |
| US | 8.8.8.8:53 | gadyqaw.com | udp |
| US | 8.8.8.8:53 | lymyfyn.com | udp |
| US | 8.8.8.8:53 | qedyqal.com | udp |
| US | 8.8.8.8:53 | pumydyg.com | udp |
| US | 8.8.8.8:53 | galyzus.com | udp |
| US | 8.8.8.8:53 | lysymor.com | udp |
| US | 8.8.8.8:53 | vonydem.com | udp |
| US | 8.8.8.8:53 | qekyluv.com | udp |
| US | 8.8.8.8:53 | pupymol.com | udp |
| US | 8.8.8.8:53 | ganydeh.com | udp |
| US | 8.8.8.8:53 | lykylud.com | udp |
| US | 8.8.8.8:53 | vopymit.com | udp |
| US | 8.8.8.8:53 | qebysaq.com | udp |
| US | 8.8.8.8:53 | pujylyv.com | udp |
| US | 8.8.8.8:53 | gatyniz.com | udp |
| US | 8.8.8.8:53 | lyvysaj.com | udp |
| US | 8.8.8.8:53 | vojykyf.com | udp |
| US | 8.8.8.8:53 | qetynup.com | udp |
| US | 8.8.8.8:53 | puvypoq.com | udp |
| US | 8.8.8.8:53 | gahykeb.com | udp |
| US | 8.8.8.8:53 | vocypok.com | udp |
| US | 8.8.8.8:53 | qegykeg.com | udp |
| US | 8.8.8.8:53 | purybup.com | udp |
| US | 8.8.8.8:53 | gacypiw.com | udp |
| US | 8.8.8.8:53 | lygyjan.com | udp |
| US | 8.8.8.8:53 | vowybyc.com | udp |
| US | 8.8.8.8:53 | qexytil.com | udp |
| US | 8.8.8.8:53 | pufyjag.com | udp |
| US | 8.8.8.8:53 | gaqyvys.com | udp |
| US | 8.8.8.8:53 | vofyjom.com | udp |
| US | 8.8.8.8:53 | lyxytur.com | udp |
| US | 8.8.8.8:53 | qeqyvev.com | udp |
| US | 8.8.8.8:53 | gadyhoh.com | udp |
| US | 8.8.8.8:53 | puzytul.com | udp |
| US | 8.8.8.8:53 | lymyved.com | udp |
| US | 8.8.8.8:53 | qedyhiq.com | udp |
| US | 8.8.8.8:53 | volyrut.com | udp |
| US | 8.8.8.8:53 | galyryz.com | udp |
| US | 8.8.8.8:53 | vonycaf.com | udp |
| US | 8.8.8.8:53 | qekyryp.com | udp |
| US | 8.8.8.8:53 | lysygij.com | udp |
| US | 8.8.8.8:53 | pupyguq.com | udp |
| US | 8.8.8.8:53 | ganycob.com | udp |
| US | 8.8.8.8:53 | lykywex.com | udp |
| US | 8.8.8.8:53 | vopyguk.com | udp |
| US | 8.8.8.8:53 | pumycav.com | udp |
| US | 8.8.8.8:53 | qebyxog.com | udp |
| US | 8.8.8.8:53 | pujywep.com | udp |
| US | 8.8.8.8:53 | gatyfuw.com | udp |
| US | 8.8.8.8:53 | lyvyxin.com | udp |
| US | 8.8.8.8:53 | vojyqac.com | udp |
| US | 8.8.8.8:53 | qetyfyl.com | udp |
| US | 8.8.8.8:53 | puvyxig.com | udp |
| US | 8.8.8.8:53 | gahyqas.com | udp |
| US | 8.8.8.8:53 | lyryfyr.com | udp |
| US | 8.8.8.8:53 | vocyzum.com | udp |
| US | 8.8.8.8:53 | qegyqov.com | udp |
| US | 8.8.8.8:53 | purydel.com | udp |
| US | 8.8.8.8:53 | gacyzuh.com | udp |
| US | 8.8.8.8:53 | lygymod.com | udp |
| US | 8.8.8.8:53 | vowydet.com | udp |
| US | 8.8.8.8:53 | gaqydaz.com | udp |
| US | 8.8.8.8:53 | lyxylyj.com | udp |
| US | 8.8.8.8:53 | vofymif.com | udp |
| US | 8.8.8.8:53 | qeqysap.com | udp |
| US | 8.8.8.8:53 | puzylyq.com | udp |
| US | 8.8.8.8:53 | gadynub.com | udp |
| US | 8.8.8.8:53 | lymysox.com | udp |
| US | 8.8.8.8:53 | volykek.com | udp |
| US | 8.8.8.8:53 | qedynug.com | udp |
| US | 8.8.8.8:53 | pumypop.com | udp |
| US | 8.8.8.8:53 | galykew.com | udp |
| US | 8.8.8.8:53 | lysynun.com | udp |
| US | 8.8.8.8:53 | vonypic.com | udp |
| US | 8.8.8.8:53 | qekykal.com | udp |
| US | 8.8.8.8:53 | pupybyg.com | udp |
| US | 8.8.8.8:53 | ganypis.com | udp |
| US | 8.8.8.8:53 | lykyjar.com | udp |
| US | 8.8.8.8:53 | vopybym.com | udp |
| US | 8.8.8.8:53 | qebytuv.com | udp |
| US | 8.8.8.8:53 | pujyjol.com | udp |
| US | 8.8.8.8:53 | gatyveh.com | udp |
| US | 8.8.8.8:53 | lyvytud.com | udp |
| US | 8.8.8.8:53 | vojyjot.com | udp |
| US | 8.8.8.8:53 | qetyveq.com | udp |
| US | 8.8.8.8:53 | puvytuv.com | udp |
| US | 8.8.8.8:53 | gahyhiz.com | udp |
| US | 8.8.8.8:53 | lyryvaj.com | udp |
| US | 8.8.8.8:53 | qegyhip.com | udp |
| US | 8.8.8.8:53 | vocyryf.com | udp |
| US | 8.8.8.8:53 | purycaq.com | udp |
| US | 8.8.8.8:53 | gacyryb.com | udp |
| US | 8.8.8.8:53 | lygygux.com | udp |
| US | 8.8.8.8:53 | vowycok.com | udp |
| US | 8.8.8.8:53 | qexyreg.com | udp |
| US | 8.8.8.8:53 | pufygup.com | udp |
| US | 8.8.8.8:53 | gaqycow.com | udp |
| US | 8.8.8.8:53 | lyxywen.com | udp |
| US | 8.8.8.8:53 | qeqyxil.com | udp |
| US | 8.8.8.8:53 | vofyguc.com | udp |
| US | 8.8.8.8:53 | puzywag.com | udp |
| US | 8.8.8.8:53 | gadyfys.com | udp |
| US | 8.8.8.8:53 | lymyxir.com | udp |
| US | 8.8.8.8:53 | volyqam.com | udp |
| US | 8.8.8.8:53 | qedyfyv.com | udp |
| US | 8.8.8.8:53 | pumyxul.com | udp |
| US | 8.8.8.8:53 | galyqoh.com | udp |
| US | 8.8.8.8:53 | lysyfed.com | udp |
| US | 8.8.8.8:53 | gahyhiz.com | udp |
| US | 44.221.84.105:80 | gahyhiz.com | tcp |
| US | 8.8.8.8:53 | vonyzut.com | udp |
| US | 8.8.8.8:53 | pupydev.com | udp |
| US | 8.8.8.8:53 | ganyzuz.com | udp |
| US | 8.8.8.8:53 | lykymij.com | udp |
| US | 8.8.8.8:53 | vopydaf.com | udp |
| US | 8.8.8.8:53 | qebylyp.com | udp |
| US | 8.8.8.8:53 | pujymiq.com | udp |
| US | 8.8.8.8:53 | gatydab.com | udp |
| US | 8.8.8.8:53 | lyvylyx.com | udp |
| US | 8.8.8.8:53 | vojymuk.com | udp |
| US | 8.8.8.8:53 | puvylep.com | udp |
| US | 8.8.8.8:53 | gahynuw.com | udp |
| US | 8.8.8.8:53 | lyryson.com | udp |
| US | 8.8.8.8:53 | vocykec.com | udp |
| US | 8.8.8.8:53 | qegynul.com | udp |
| US | 8.8.8.8:53 | gacykas.com | udp |
| US | 8.8.8.8:53 | lygynyr.com | udp |
| US | 8.8.8.8:53 | vowypim.com | udp |
| US | 8.8.8.8:53 | qexykav.com | udp |
| US | 8.8.8.8:53 | gaqypuh.com | udp |
| US | 8.8.8.8:53 | lyxyjod.com | udp |
| US | 8.8.8.8:53 | vofybet.com | udp |
| US | 8.8.8.8:53 | qeqytuq.com | udp |
| US | 8.8.8.8:53 | puzyjov.com | udp |
| US | 8.8.8.8:53 | gadyvez.com | udp |
| US | 8.8.8.8:53 | lymytuj.com | udp |
| US | 8.8.8.8:53 | volyjif.com | udp |
| US | 8.8.8.8:53 | qedyvap.com | udp |
| US | 8.8.8.8:53 | pumytyq.com | udp |
| US | 8.8.8.8:53 | galyhib.com | udp |
| US | 8.8.8.8:53 | lysyvax.com | udp |
| US | 8.8.8.8:53 | vonyryk.com | udp |
| US | 8.8.8.8:53 | qekyhug.com | udp |
| US | 8.8.8.8:53 | pupycop.com | udp |
| US | 8.8.8.8:53 | ganyrew.com | udp |
| US | 8.8.8.8:53 | lykygun.com | udp |
| US | 8.8.8.8:53 | vopycoc.com | udp |
| US | 8.8.8.8:53 | qebyrel.com | udp |
| US | 8.8.8.8:53 | pujygug.com | udp |
| US | 8.8.8.8:53 | gatycis.com | udp |
| US | 8.8.8.8:53 | lyvywar.com | udp |
| US | 8.8.8.8:53 | vojygym.com | udp |
| US | 8.8.8.8:53 | qetyxiv.com | udp |
| US | 8.8.8.8:53 | puvywal.com | udp |
| US | 8.8.8.8:53 | gahyfyh.com | udp |
| US | 8.8.8.8:53 | lyryxud.com | udp |
| US | 8.8.8.8:53 | vocyqot.com | udp |
| US | 8.8.8.8:53 | qegyfeq.com | udp |
| US | 8.8.8.8:53 | puryxuv.com | udp |
| US | 8.8.8.8:53 | gacyqoz.com | udp |
| US | 8.8.8.8:53 | lygyfej.com | udp |
| US | 8.8.8.8:53 | vowyzuf.com | udp |
| US | 8.8.8.8:53 | qexyqip.com | udp |
| US | 8.8.8.8:53 | pufydaq.com | udp |
| US | 8.8.8.8:53 | gaqyzyb.com | udp |
| US | 8.8.8.8:53 | lyxymix.com | udp |
| US | 8.8.8.8:53 | vofydak.com | udp |
| US | 8.8.8.8:53 | qeqylyg.com | udp |
| US | 8.8.8.8:53 | gadydow.com | udp |
| US | 8.8.8.8:53 | lymylen.com | udp |
| US | 8.8.8.8:53 | volymuc.com | udp |
| US | 8.8.8.8:53 | qedysol.com | udp |
| US | 8.8.8.8:53 | pumyleg.com | udp |
| US | 8.8.8.8:53 | galynus.com | udp |
| US | 8.8.8.8:53 | lysysir.com | udp |
| US | 8.8.8.8:53 | vonykam.com | udp |
| US | 8.8.8.8:53 | qekynyv.com | udp |
| US | 8.8.8.8:53 | pupypil.com | udp |
| US | 8.8.8.8:53 | ganykah.com | udp |
| US | 8.8.8.8:53 | lykynyd.com | udp |
| US | 8.8.8.8:53 | vopyput.com | udp |
| US | 8.8.8.8:53 | qebykoq.com | udp |
| US | 8.8.8.8:53 | pujybev.com | udp |
| US | 8.8.8.8:53 | gatypuz.com | udp |
| US | 8.8.8.8:53 | lyvyjoj.com | udp |
| US | 8.8.8.8:53 | vojybef.com | udp |
| US | 8.8.8.8:53 | puvyjiq.com | udp |
| US | 8.8.8.8:53 | gahyvab.com | udp |
| US | 8.8.8.8:53 | lyrytyx.com | udp |
| US | 8.8.8.8:53 | vocyjik.com | udp |
| US | 8.8.8.8:53 | qegyvag.com | udp |
| US | 8.8.8.8:53 | purytyp.com | udp |
| US | 8.8.8.8:53 | gacyhuw.com | udp |
| US | 8.8.8.8:53 | lygyvon.com | udp |
| US | 8.8.8.8:53 | vowyrec.com | udp |
| US | 8.8.8.8:53 | qexyhul.com | udp |
| US | 8.8.8.8:53 | pufycog.com | udp |
| US | 8.8.8.8:53 | gaqyres.com | udp |
| US | 8.8.8.8:53 | lyxygur.com | udp |
| US | 8.8.8.8:53 | vofycim.com | udp |
| US | 8.8.8.8:53 | qeqyrav.com | udp |
| US | 8.8.8.8:53 | puzygyl.com | udp |
| US | 8.8.8.8:53 | gadycih.com | udp |
| US | 8.8.8.8:53 | lymywad.com | udp |
| US | 8.8.8.8:53 | volygyt.com | udp |
| US | 8.8.8.8:53 | qedyxuq.com | udp |
| US | 8.8.8.8:53 | galyfez.com | udp |
| US | 8.8.8.8:53 | lysyxuj.com | udp |
| US | 8.8.8.8:53 | vonyqof.com | udp |
| US | 8.8.8.8:53 | qekyfep.com | udp |
| US | 8.8.8.8:53 | ganyqib.com | udp |
| US | 8.8.8.8:53 | lykyfax.com | udp |
| US | 8.8.8.8:53 | vopyzyk.com | udp |
| US | 8.8.8.8:53 | qebyqig.com | udp |
| US | 8.8.8.8:53 | lyvymun.com | udp |
| US | 8.8.8.8:53 | vojydoc.com | udp |
| US | 8.8.8.8:53 | puvymug.com | udp |
| US | 8.8.8.8:53 | gahydos.com | udp |
| US | 8.8.8.8:53 | lyryler.com | udp |
| US | 8.8.8.8:53 | qegysiv.com | udp |
| US | 8.8.8.8:53 | vocymum.com | udp |
| US | 8.8.8.8:53 | purylal.com | udp |
| US | 8.8.8.8:53 | lygysid.com | udp |
| US | 8.8.8.8:53 | vowykat.com | udp |
| US | 8.8.8.8:53 | qexynyq.com | udp |
| US | 8.8.8.8:53 | pufypuv.com | udp |
| US | 8.8.8.8:53 | gaqykoz.com | udp |
| US | 8.8.8.8:53 | lyxynej.com | udp |
| US | 8.8.8.8:53 | vofypuf.com | udp |
| US | 8.8.8.8:53 | qeqykop.com | udp |
| US | 8.8.8.8:53 | puzybeq.com | udp |
| US | 8.8.8.8:53 | gadypub.com | udp |
| US | 8.8.8.8:53 | lymyjix.com | udp |
| US | 8.8.8.8:53 | volybak.com | udp |
| US | 8.8.8.8:53 | qedytyg.com | udp |
| US | 8.8.8.8:53 | pumyjip.com | udp |
| US | 8.8.8.8:53 | galyvaw.com | udp |
| US | 8.8.8.8:53 | lysytyn.com | udp |
| US | 8.8.8.8:53 | vonyjuc.com | udp |
| US | 8.8.8.8:53 | qekyvol.com | udp |
| US | 8.8.8.8:53 | pupyteg.com | udp |
| US | 8.8.8.8:53 | ganyhus.com | udp |
| US | 8.8.8.8:53 | lykyvor.com | udp |
| US | 8.8.8.8:53 | vopyrem.com | udp |
| US | 8.8.8.8:53 | qebyhuv.com | udp |
| US | 8.8.8.8:53 | pujycil.com | udp |
| US | 8.8.8.8:53 | gatyrah.com | udp |
| US | 8.8.8.8:53 | lyvygyd.com | udp |
| US | 8.8.8.8:53 | vojycit.com | udp |
| US | 8.8.8.8:53 | qetyraq.com | udp |
| US | 8.8.8.8:53 | puvygyv.com | udp |
| US | 8.8.8.8:53 | gahycuz.com | udp |
| US | 8.8.8.8:53 | lyrywoj.com | udp |
| US | 8.8.8.8:53 | vocygef.com | udp |
| US | 8.8.8.8:53 | qegyxup.com | udp |
| US | 8.8.8.8:53 | purywoq.com | udp |
| US | 8.8.8.8:53 | gacyfeb.com | udp |
| US | 8.8.8.8:53 | lygyxux.com | udp |
| US | 8.8.8.8:53 | vowyqik.com | udp |
| US | 8.8.8.8:53 | qexyfag.com | udp |
| US | 8.8.8.8:53 | pufyxyp.com | udp |
| US | 8.8.8.8:53 | gaqyqiw.com | udp |
| US | 8.8.8.8:53 | lyxyfan.com | udp |
| US | 8.8.8.8:53 | vofyzyc.com | udp |
| US | 8.8.8.8:53 | qeqyqul.com | udp |
| US | 8.8.8.8:53 | puzydog.com | udp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | puvyxil.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | qegyqaq.com | udp |
| US | 8.8.8.8:53 | purydyv.com | udp |
| US | 8.8.8.8:53 | lygymoj.com | udp |
| US | 8.8.8.8:53 | gacyzuz.com | udp |
| US | 8.8.8.8:53 | vowydef.com | udp |
| US | 8.8.8.8:53 | qexylup.com | udp |
| US | 8.8.8.8:53 | gaqydeb.com | udp |
| US | 8.8.8.8:53 | lyxylux.com | udp |
| US | 8.8.8.8:53 | vofymik.com | udp |
| US | 8.8.8.8:53 | qeqysag.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | qedynul.com | udp |
| US | 8.8.8.8:53 | volykyc.com | udp |
| US | 8.8.8.8:53 | galykes.com | udp |
| US | 8.8.8.8:53 | pumypog.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | qekykev.com | udp |
| US | 8.8.8.8:53 | pupybul.com | udp |
| US | 8.8.8.8:53 | ganypih.com | udp |
| US | 8.8.8.8:53 | lykyjad.com | udp |
| US | 8.8.8.8:53 | qebytiq.com | udp |
| US | 8.8.8.8:53 | lysynur.com | udp |
| US | 8.8.8.8:53 | pujyjav.com | udp |
| US | 8.8.8.8:53 | vopybyt.com | udp |
| US | 8.8.8.8:53 | gatyvyz.com | udp |
| US | 8.8.8.8:53 | lyvytuj.com | udp |
| US | 8.8.8.8:53 | vojyjof.com | udp |
| US | 8.8.8.8:53 | qetyvep.com | udp |
| US | 8.8.8.8:53 | gahyhob.com | udp |
| US | 8.8.8.8:53 | puvytuq.com | udp |
| US | 8.8.8.8:53 | lyryvex.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | lygygin.com | udp |
| US | 8.8.8.8:53 | purycap.com | udp |
| US | 8.8.8.8:53 | gacyryw.com | udp |
| US | 8.8.8.8:53 | vowycac.com | udp |
| US | 8.8.8.8:53 | qexyryl.com | udp |
| US | 8.8.8.8:53 | pufygug.com | udp |
| US | 8.8.8.8:53 | gaqycos.com | udp |
| US | 8.8.8.8:53 | lyxywer.com | udp |
| US | 8.8.8.8:53 | qeqyxov.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | gadyfuh.com | udp |
| US | 8.8.8.8:53 | volyqat.com | udp |
| US | 8.8.8.8:53 | pumyxiv.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | qekyqop.com | udp |
| US | 8.8.8.8:53 | vonyzuf.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 199.59.243.227:80 | vojyqem.com | tcp |
| US | 99.83.170.3:80 | puzylyp.com | tcp |
| US | 162.255.119.102:80 | gahyqah.com | tcp |
| US | 18.208.156.248:80 | vonypom.com | tcp |
| US | 3.94.10.34:80 | lymyxid.com | tcp |
| US | 172.67.173.131:80 | qegyhig.com | tcp |
| US | 208.100.26.245:80 | lyvyxor.com | tcp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| US | 199.191.50.83:80 | galyqaz.com | tcp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| US | 99.83.170.3:80 | puzylyp.com | tcp |
| HK | 154.212.231.82:80 | gadyniw.com | tcp |
| DE | 91.195.240.19:80 | www.gahyqah.com | tcp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| NL | 85.17.31.82:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | ww6.galyqaz.com | udp |
| NL | 85.17.31.82:80 | gatyfus.com | tcp |
| US | 199.59.243.227:80 | ww6.galyqaz.com | tcp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | ganyzub.com | udp |
| US | 8.8.8.8:53 | vopydek.com | udp |
| US | 8.8.8.8:53 | pujymip.com | udp |
| US | 8.8.8.8:53 | gatydaw.com | udp |
| US | 8.8.8.8:53 | lyvylyn.com | udp |
| US | 8.8.8.8:53 | vojymic.com | udp |
| US | 8.8.8.8:53 | qetysal.com | udp |
| US | 8.8.8.8:53 | puvylyg.com | udp |
| US | 8.8.8.8:53 | gahynus.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 8.8.8.8:53 | vocykem.com | udp |
| US | 8.8.8.8:53 | qegynuv.com | udp |
| US | 8.8.8.8:53 | purypol.com | udp |
| US | 8.8.8.8:53 | gacykeh.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | vowypit.com | udp |
| US | 8.8.8.8:53 | qexykaq.com | udp |
| US | 8.8.8.8:53 | pufybyv.com | udp |
| US | 8.8.8.8:53 | gaqypiz.com | udp |
| US | 8.8.8.8:53 | lyxyjaj.com | udp |
| US | 8.8.8.8:53 | vofybyf.com | udp |
| US | 8.8.8.8:53 | qeqytup.com | udp |
| US | 8.8.8.8:53 | puzyjoq.com | udp |
| US | 8.8.8.8:53 | gadyveb.com | udp |
| US | 8.8.8.8:53 | lymytux.com | udp |
| US | 8.8.8.8:53 | volyjok.com | udp |
| US | 8.8.8.8:53 | qedyveg.com | udp |
| US | 8.8.8.8:53 | pumytup.com | udp |
| US | 8.8.8.8:53 | galyhiw.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | vonyryc.com | udp |
| US | 8.8.8.8:53 | qekyhil.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 8.8.8.8:53 | ganyrys.com | udp |
| US | 8.8.8.8:53 | lykygur.com | udp |
| US | 8.8.8.8:53 | vopycom.com | udp |
| US | 8.8.8.8:53 | qebyrev.com | udp |
| US | 8.8.8.8:53 | gatycoh.com | udp |
| US | 8.8.8.8:53 | vojygut.com | udp |
| US | 8.8.8.8:53 | lyvywed.com | udp |
| US | 8.8.8.8:53 | qetyxiq.com | udp |
| US | 8.8.8.8:53 | puvywav.com | udp |
| US | 8.8.8.8:53 | gahyfyz.com | udp |
| US | 8.8.8.8:53 | lyryxij.com | udp |
| US | 8.8.8.8:53 | vocyqaf.com | udp |
| US | 8.8.8.8:53 | puryxuq.com | udp |
| US | 8.8.8.8:53 | qegyfyp.com | udp |
| US | 8.8.8.8:53 | gacyqob.com | udp |
| US | 8.8.8.8:53 | vowyzuk.com | udp |
| US | 8.8.8.8:53 | lygyfex.com | udp |
| US | 8.8.8.8:53 | qexyqog.com | udp |
| US | 8.8.8.8:53 | pufydep.com | udp |
| US | 8.8.8.8:53 | gaqyzuw.com | udp |
| US | 8.8.8.8:53 | lyxymin.com | udp |
| US | 8.8.8.8:53 | vofydac.com | udp |
| US | 8.8.8.8:53 | puzymig.com | udp |
| US | 8.8.8.8:53 | qeqylyl.com | udp |
| US | 8.8.8.8:53 | gadydas.com | udp |
| US | 8.8.8.8:53 | lymylyr.com | udp |
| US | 8.8.8.8:53 | volymum.com | udp |
| US | 13.248.169.48:80 | pupydeq.com | tcp |
| CN | 103.150.10.48:80 | lyrysor.com | tcp |
| US | 18.208.156.248:80 | pupycag.com | tcp |
| US | 172.67.136.136:80 | lysyvan.com | tcp |
| US | 3.94.10.34:80 | lygynud.com | tcp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
| US | 13.248.169.48:80 | pupydeq.com | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| CN | 103.150.10.48:80 | lyrysor.com | tcp |
Files
memory/1116-0-0x0000000000590000-0x0000000000593000-memory.dmp
memory/1116-1-0x0000000000400000-0x000000000045F000-memory.dmp
C:\Windows\apppatch\svchost.exe
| MD5 | d7d67bbc558e01414bb3a432b5e3fd98 |
| SHA1 | 1d3a66c5a53441a1696f3f3af7334b6ff4217a24 |
| SHA256 | 42bc81ecfc4bf2bb23561d869a38cce3db99609b31a4add84deb9fcdded2e152 |
| SHA512 | b4ead9131eb0e7d2910d254c3e9daa8b2ef23a01d0ed2595887d79cad2af1839dc62c738f08ca5972a4bb56dacb5b518d78b2ff5278e8ff116843062f2541ff0 |
memory/1116-11-0x0000000000400000-0x0000000000467000-memory.dmp
memory/1116-13-0x0000000000400000-0x000000000045F000-memory.dmp
memory/1660-14-0x0000000000400000-0x0000000000467000-memory.dmp
memory/1116-12-0x0000000000590000-0x0000000000593000-memory.dmp
memory/1660-15-0x0000000000400000-0x0000000000467000-memory.dmp
memory/1660-16-0x0000000002A00000-0x0000000002AA8000-memory.dmp
memory/1660-17-0x0000000000400000-0x0000000000467000-memory.dmp
memory/1660-18-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-22-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-20-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-36-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-40-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-79-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-78-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-77-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-76-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-74-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-73-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-72-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-70-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-69-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-68-0x0000000002BB0000-0x0000000002C66000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B91F.tmp
| MD5 | f85ec9a5e0b54ae13472a63423478bfd |
| SHA1 | de93d459ef707e483f2a923913cb23f5528f5314 |
| SHA256 | 5ca07b2e6163cde3c2c552b83ac3ca8a602bb258cf81ab02768f0d780af11614 |
| SHA512 | 55714f45b69391d0821c727818219202eecb362132809823e7d3f912ed961dc5d872c7d14d2ca194d6d70097ca9f46e4cbac7c2811ecee118c5c660eb44a1c80 |
memory/1660-66-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-65-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-64-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-63-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-62-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-61-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-60-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-59-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-58-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-57-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-56-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-55-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-54-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-53-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-51-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-49-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-45-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-47-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-46-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-44-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-42-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-41-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-39-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-38-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-37-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-34-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-33-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-32-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-31-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-30-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-29-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-27-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-26-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-75-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-71-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-67-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-25-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-24-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-52-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-50-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-48-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-23-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-43-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-35-0x0000000002BB0000-0x0000000002C66000-memory.dmp
memory/1660-28-0x0000000002BB0000-0x0000000002C66000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\B930.tmp
| MD5 | 5ba416bc907cebb7496620296e6fe2b5 |
| SHA1 | 104009d74ccbfea34412cc89c19f156f88b91263 |
| SHA256 | 68366014188ae7f733c4346f2db87a3ba8585c2ccd1c7352b39db5e44e25bd60 |
| SHA512 | 6cca89043fa91b488f9f8daa61b74f1eed9d50169503f23ab60409ce67d947865421e31772538203f4118587f36c95c5003a84b452d256f451c887920722a9ae |
C:\Users\Admin\AppData\Local\Temp\C612.tmp
| MD5 | 926512864979bc27cf187f1de3f57aff |
| SHA1 | acdeb9d6187932613c7fa08eaf28f0cd8116f4b5 |
| SHA256 | b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f |
| SHA512 | f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X3JA8BBM\login[1].htm
| MD5 | d57e3a550060f85d44a175139ea23021 |
| SHA1 | 2c5cb3428a322c9709a34d04dd86fe7628f8f0a6 |
| SHA256 | 43edf068d34276e8ade4113d4d7207de19fc98a2ae1c07298e593edae2a8774c |
| SHA512 | 0364fe6a010fce7a3f4a6344c84468c64b20fd131f3160fc649db78f1075ba52d8a1c4496e50dbe27c357e01ee52e94cdcda8f7927cba28d5f2f45b9da690063 |