171df7489510cfb1b89a6d39d9bfd7e24b5a4f04


Zero‑Dwell Threat Intelligence Report

A narrative, executive‑ready view into the malware’s behavior, exposure, and reliable defenses.
Generated: 2025-09-05 11:03:36 UTC

Executive Overview — What We’re Dealing With

This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.

File
3fuas28v.exe
Type
PE32 executable (GUI) Intel 80386, for MS Windows
SHA‑1
171df7489510cfb1b89a6d39d9bfd7e24b5a4f04
MD5
4ac485dfbba54d83c5d34050d337e769
First Seen
2025-08-26 15:40:07.415412
Last Analysis
2025-08-27 15:34:37.539892
Dwell Time
0 days, 23 hours, 54 minutes

Extended Dwell Time Impact

For 23+ hours, this malware remained undetected — a half-day window that permitted the adversary to complete initial execution, establish basic persistence, and perform initial system enumeration.

Comparative Context

Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.

Timeline

Time (UTC) Event Elapsed
2025-08-15 13:02:45 UTC First VirusTotal submission
2025-08-29 09:08:02 UTC Latest analysis snapshot 13 days, 20 hours, 5 minutes
2025-09-05 11:03:36 UTC Report generation time 20 days, 22 hours, 0 minutes

Why It Matters

Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.

Global Detection Posture — Who Caught It, Who Missed It

VirusTotal engines: 73. Detected as malicious: 62. Missed: 11. Coverage: 84.9%.

Detected Vendors

  • Xcitium
  • +61 additional vendors (names not provided)

List includes Xcitium plus an additional 61 vendors per the provided summary.

Missed Vendors

  • Baidu
  • ClamAV
  • CMC
  • Jiangmin
  • SUPERAntiSpyware
  • tehtris
  • ViRobot
  • Webroot
  • Yandex
  • Zillya
  • Zoner

Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.

Behavioral Storyline — How the Malware Operates

Intensive file system activity (43.25% of behavior) indicates data harvesting, file encryption, or dropper behavior. The threat is actively searching for and manipulating files across the system.

Behavior Categories (weighted)

Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.

Category Weight Percentage
File System 242015 43.25%
System 168374 30.09%
Synchronization 80829 14.44%
Registry 36271 6.48%
Process 24899 4.45%
Device 2159 0.39%
Misc 2003 0.36%
Com 1169 0.21%
Threading 1081 0.19%
Network 329 0.06%
Services 226 0.04%
Windows 97 0.02%
Hooking 78 0.01%
Crypto 58 0.01%

MITRE ATT&CK Mapping

  • T1543.003 – create service
  • T1569.002 – create service
  • T1083 – enumerate files on Windows
  • T1033 – get token membership
  • T1543.003 – delete service
  • T1112 – delete registry key
  • T1543.003 – stop service
  • T1489 – stop service
  • T1112 – delete registry value
  • T1083 – check if file exists
  • T1083 – enumerate files recursively
  • T1012 – query or enumerate registry value
  • T1129 – link function at runtime on Windows
  • T1082 – get disk information
  • T1027 – encode data using XOR
  • T1083 – get common file path
  • T1083 – get file size

Following the Trail — Network & DNS Activity

Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.

Contacted Domains

Domain IP Country ASN/Org
vrrazpdh.biz 34.209.195.255 United States Amazon Technologies Inc.
oshhkdluh.biz 44.244.22.128 United States Amazon.com, Inc.
bumxkqgxu.biz 3.229.117.57 United States Amazon Technologies Inc.
ftxlah.biz 54.146.6.253 United States Amazon Technologies Inc.
www.aieov.com 76.223.54.146 United States Amazon.com, Inc.
jhvzpcfg.biz 3.229.117.57 United States Amazon Technologies Inc.
npukfztj.biz 3.229.117.57 United States Amazon Technologies Inc.
vyome.biz 34.209.195.255 United States Amazon Technologies Inc.
acwjcqqv.biz 50.16.27.236 United States Amazon.com, Inc.
gnqgo.biz 34.229.166.50 United States Amazon Technologies Inc.
myups.biz 165.160.15.20 United States Corporation Service Company
jpskm.biz 34.209.195.255 United States Amazon Technologies Inc.
qaynky.biz 3.238.30.69 United States Amazon Technologies Inc.
ifsaia.biz 3.238.30.69 United States Amazon Technologies Inc.
vcddkls.biz 50.16.27.236 United States Amazon.com, Inc.
xlfhhhm.biz 54.146.6.253 United States Amazon Technologies Inc.
tbjrpv.biz 3.250.92.156 United States Amazon Technologies Inc.
lpuegx.biz 176.100.243.135 Russian Federation Not known
iuzpxe.biz 3.238.30.69 United States Amazon Technologies Inc.
yauexmxk.biz 34.229.166.50 United States Amazon Technologies Inc.
pywolwnvd.biz 44.244.22.128 United States Amazon.com, Inc.
przvgke.biz 172.237.146.25 United States Akamai Technologies, Inc.
deoci.biz 34.229.166.50 United States Amazon Technologies Inc.
knjghuig.biz 50.16.27.236 United States Amazon.com, Inc.
fwiwk.biz 172.237.146.25 United States Akamai Technologies, Inc.
dwrqljrr.biz 44.244.22.128 United States Amazon.com, Inc.
sxmiywsfv.biz 3.238.30.69 United States Amazon Technologies Inc.
vjaxhpbji.biz 176.100.243.135 Russian Federation Not known
cvgrf.biz 44.244.22.128 United States Amazon.com, Inc.
nqwjmb.biz 52.43.119.120 United States Amazon Technologies Inc.
gytujflc.biz 104.156.155.94 United States Academy for Internet Research Limited Liability Company
ytctnunms.biz 54.85.87.184 United States Amazon Technologies Inc.
anpmnmxo.biz 192.64.119.165 United States Namecheap, Inc.
www.msftncsi.com 23.200.3.20 United States Akamai Technologies, Inc.
wllvnzb.biz 50.16.27.236 United States Amazon.com, Inc.
lrxdmhrr.biz 44.244.22.128 United States Amazon.com, Inc.
saytjshyf.biz 3.229.117.57 United States Amazon Technologies Inc.
ssbzmoy.biz 50.16.27.236 United States Amazon.com, Inc.
yunalwv.biz 104.156.155.94 United States Academy for Internet Research Limited Liability Company

Observed IPs

IP Country ASN/Org
224.0.0.252
239.255.255.250
8.8.4.4 United States Google LLC
8.8.8.8 United States Google LLC

DNS Queries

Request Type
pywolwnvd.biz A
5isohu.com A
www.msftncsi.com A
ssbzmoy.biz A
www.aieov.com A
cvgrf.biz A
npukfztj.biz A
przvgke.biz A
zlenh.biz A
knjghuig.biz A
uhxqin.biz A
anpmnmxo.biz A
lpuegx.biz A
vjaxhpbji.biz A
xlfhhhm.biz A
ifsaia.biz A
saytjshyf.biz A
vcddkls.biz A
fwiwk.biz A
tbjrpv.biz A
deoci.biz A
gytujflc.biz A
qaynky.biz A
bumxkqgxu.biz A
dwrqljrr.biz A
nqwjmb.biz A
ytctnunms.biz A
myups.biz A
oshhkdluh.biz A
yunalwv.biz A
jpskm.biz A
lrxdmhrr.biz A
wllvnzb.biz A
gnqgo.biz A
jhvzpcfg.biz A
acwjcqqv.biz A
lejtdj.biz A
vyome.biz A
yauexmxk.biz A
iuzpxe.biz A
sxmiywsfv.biz A
vrrazpdh.biz A
ftxlah.biz A

Contacted IPs

IP Country ASN/Org
224.0.0.252
239.255.255.250
8.8.4.4 United States Google LLC
8.8.8.8 United States Google LLC

Port Distribution

Port Count Protocols
137 1 udp
138 1 udp
5355 5 udp
1900 1 udp
53 240 udp
3702 1 udp

UDP Packets

Source IP Dest IP Sport Dport Time Proto
192.168.56.13 192.168.56.255 137 137 7.20434308052063 udp
192.168.56.13 192.168.56.255 138 138 13.23438310623169 udp
192.168.56.13 224.0.0.252 49311 5355 9.758026123046875 udp
192.168.56.13 224.0.0.252 55150 5355 7.155753135681152 udp
192.168.56.13 224.0.0.252 60010 5355 9.160980939865112 udp
192.168.56.13 224.0.0.252 62406 5355 7.165298938751221 udp
192.168.56.13 224.0.0.252 64801 5355 40.948338985443115 udp
192.168.56.13 239.255.255.250 52252 3702 7.170598030090332 udp
192.168.56.13 239.255.255.250 58699 1900 19.66164493560791 udp
192.168.56.13 8.8.4.4 49655 53 522.11159491539 udp
192.168.56.13 8.8.4.4 49789 53 350.1031651496887 udp
192.168.56.13 8.8.4.4 49995 53 272.10462498664856 udp
192.168.56.13 8.8.4.4 50091 53 224.10812306404114 udp
192.168.56.13 8.8.4.4 50184 53 534.1412880420685 udp
192.168.56.13 8.8.4.4 50297 53 313.1560549736023 udp
192.168.56.13 8.8.4.4 50335 53 204.10090398788452 udp
192.168.56.13 8.8.4.4 50433 53 282.1041829586029 udp
192.168.56.13 8.8.4.4 50479 53 430.1555459499359 udp
192.168.56.13 8.8.4.4 50554 53 44.882508993148804 udp
192.168.56.13 8.8.4.4 50600 53 313.1559410095215 udp
192.168.56.13 8.8.4.4 50628 53 469.17762303352356 udp
192.168.56.13 8.8.4.4 50880 53 442.1508049964905 udp
192.168.56.13 8.8.4.4 51051 53 414.14636611938477 udp
192.168.56.13 8.8.4.4 51068 53 279.1536741256714 udp
192.168.56.13 8.8.4.4 51546 53 261.0981960296631 udp
192.168.56.13 8.8.4.4 51697 53 414.14638805389404 udp
192.168.56.13 8.8.4.4 52284 53 152.5166790485382 udp
192.168.56.13 8.8.4.4 52424 53 334.17548513412476 udp
192.168.56.13 8.8.4.4 52451 53 373.15060901641846 udp
192.168.56.13 8.8.4.4 52499 53 269.1072311401367 udp
192.168.56.13 8.8.4.4 52955 53 166.95322608947754 udp
192.168.56.13 8.8.4.4 53056 53 373.1508901119232 udp
192.168.56.13 8.8.4.4 53136 53 199.08487010002136 udp
192.168.56.13 8.8.4.4 53203 53 379.1926519870758 udp
192.168.56.13 8.8.4.4 53303 53 469.17785692214966 udp
192.168.56.13 8.8.4.4 53518 53 80.6098051071167 udp
192.168.56.13 8.8.4.4 53616 53 153.9596221446991 udp
192.168.56.13 8.8.4.4 53657 53 219.09213614463806 udp
192.168.56.13 8.8.4.4 53815 53 330.15583515167236 udp
192.168.56.13 8.8.4.4 53825 53 131.18960905075073 udp
192.168.56.13 8.8.4.4 53960 53 494.17204213142395 udp
192.168.56.13 8.8.4.4 53976 53 400.1064929962158 udp
192.168.56.13 8.8.4.4 53985 53 106.02906799316406 udp
192.168.56.13 8.8.4.4 54161 53 454.1405029296875 udp
192.168.56.13 8.8.4.4 54661 53 482.17172503471375 udp
192.168.56.13 8.8.4.4 54879 53 10.581517934799194 udp
192.168.56.13 8.8.4.4 54881 53 9.814244031906128 udp
192.168.56.13 8.8.4.4 54886 53 362.78140211105347 udp
192.168.56.13 8.8.4.4 55356 53 261.09817910194397 udp
192.168.56.13 8.8.4.4 55458 53 330.1558871269226 udp
192.168.56.13 8.8.4.4 55460 53 173.09400701522827 udp
192.168.56.13 8.8.4.4 55551 53 64.60950994491577 udp
192.168.56.13 8.8.4.4 55555 53 242.17174911499023 udp
192.168.56.13 8.8.4.4 55743 53 102.26551914215088 udp
192.168.56.13 8.8.4.4 56086 53 94.9061529636383 udp
192.168.56.13 8.8.4.4 56174 53 204.10100293159485 udp
192.168.56.13 8.8.4.4 56197 53 49.78107213973999 udp
192.168.56.13 8.8.4.4 56202 53 122.5467939376831 udp
192.168.56.13 8.8.4.4 56464 53 290.09227204322815 udp
192.168.56.13 8.8.4.4 56615 53 242.3758180141449 udp
192.168.56.13 8.8.4.4 56632 53 510.0904960632324 udp
192.168.56.13 8.8.4.4 56770 53 142.54681396484375 udp
192.168.56.13 8.8.4.4 56908 53 107.03253698348999 udp
192.168.56.13 8.8.4.4 57065 53 82.87554001808167 udp
192.168.56.13 8.8.4.4 57263 53 294.1508700847626 udp
192.168.56.13 8.8.4.4 57264 53 510.0904800891876 udp
192.168.56.13 8.8.4.4 57310 53 25.017470121383667 udp
192.168.56.13 8.8.4.4 57415 53 32.828408002853394 udp
192.168.56.13 8.8.4.4 57538 53 534.1412680149078 udp
192.168.56.13 8.8.4.4 57574 53 302.1427581310272 udp
192.168.56.13 8.8.4.4 57585 53 310.090469121933 udp
192.168.56.13 8.8.4.4 57599 53 442.1508979797363 udp
192.168.56.13 8.8.4.4 57637 53 254.20324110984802 udp
192.168.56.13 8.8.4.4 57843 53 322.1116020679474 udp
192.168.56.13 8.8.4.4 57885 53 168.24980306625366 udp
192.168.56.13 8.8.4.4 58070 53 118.37543296813965 udp
192.168.56.13 8.8.4.4 58383 53 204.1012179851532 udp
192.168.56.13 8.8.4.4 58554 53 154.74787402153015 udp
192.168.56.13 8.8.4.4 58697 53 11.758588075637817 udp
192.168.56.13 8.8.4.4 58906 53 279.1542909145355 udp
192.168.56.13 8.8.4.4 58908 53 330.0955390930176 udp
192.168.56.13 8.8.4.4 58920 53 34.812463998794556 udp
192.168.56.13 8.8.4.4 59221 53 402.1095530986786 udp
192.168.56.13 8.8.4.4 59533 53 500.08989000320435 udp
192.168.56.13 8.8.4.4 59578 53 484.53166913986206 udp
192.168.56.13 8.8.4.4 59610 53 86.85961508750916 udp
192.168.56.13 8.8.4.4 59650 53 390.09052896499634 udp
192.168.56.13 8.8.4.4 60126 53 402.1095681190491 udp
192.168.56.13 8.8.4.4 60389 53 138.48413515090942 udp
192.168.56.13 8.8.4.4 60543 53 71.45351004600525 udp
192.168.56.13 8.8.4.4 60605 53 231.2030029296875 udp
192.168.56.13 8.8.4.4 60780 53 92.87572407722473 udp
192.168.56.13 8.8.4.4 60910 53 41.90672707557678 udp
192.168.56.13 8.8.4.4 61004 53 70.609689950943 udp
192.168.56.13 8.8.4.4 61279 53 185.12550711631775 udp
192.168.56.13 8.8.4.4 61322 53 314.1401970386505 udp
192.168.56.13 8.8.4.4 61536 53 294.46948409080505 udp
192.168.56.13 8.8.4.4 61632 53 344.5316209793091 udp
192.168.56.13 8.8.4.4 61800 53 101.7656500339508 udp
192.168.56.13 8.8.4.4 61897 53 121.9529960155487 udp
192.168.56.13 8.8.4.4 62182 53 243.2029709815979 udp
192.168.56.13 8.8.4.4 62324 53 242.37577414512634 udp
192.168.56.13 8.8.4.4 62422 53 119.03118395805359 udp
192.168.56.13 8.8.4.4 62491 53 143.26597905158997 udp
192.168.56.13 8.8.4.4 62493 53 21.81266212463379 udp
192.168.56.13 8.8.4.4 62639 53 214.08565402030945 udp
192.168.56.13 8.8.4.4 62729 53 173.90612411499023 udp
192.168.56.13 8.8.4.4 62849 53 19.843508005142212 udp
192.168.56.13 8.8.4.4 62980 53 130.546777009964 udp
192.168.56.13 8.8.4.4 63004 53 522.1116111278534 udp
192.168.56.13 8.8.4.4 63240 53 178.95348811149597 udp
192.168.56.13 8.8.4.4 63251 53 390.09051394462585 udp
192.168.56.13 8.8.4.4 63478 53 224.1113440990448 udp
192.168.56.13 8.8.4.4 63527 53 7.72079610824585 udp
192.168.56.13 8.8.4.4 63574 53 469.17982506752014 udp
192.168.56.13 8.8.4.4 63599 53 362.1349630355835 udp
192.168.56.13 8.8.4.4 63617 53 190.95281410217285 udp
192.168.56.13 8.8.4.4 63813 53 482.1717119216919 udp
192.168.56.13 8.8.4.4 63979 53 362.1348841190338 udp
192.168.56.13 8.8.4.4 64082 53 430.1404941082001 udp
192.168.56.13 8.8.4.4 64296 53 350.0958709716797 udp
192.168.56.13 8.8.4.4 64412 53 454.14048194885254 udp
192.168.56.13 8.8.4.4 64533 53 70.99993896484375 udp
192.168.56.13 8.8.4.4 64642 53 153.21746611595154 udp
192.168.56.13 8.8.4.4 64700 53 136.51603412628174 udp
192.168.56.13 8.8.4.4 64886 53 86.85971593856812 udp
192.168.56.13 8.8.4.4 64944 53 261.0983200073242 udp
192.168.56.13 8.8.4.4 65371 53 230.15606713294983 udp
192.168.56.13 8.8.4.4 65433 53 494.172061920166 udp
192.168.56.13 8.8.8.8 49655 53 521.11767411232 udp
192.168.56.13 8.8.8.8 49789 53 349.0957100391388 udp
192.168.56.13 8.8.8.8 49995 53 273.1031470298767 udp
192.168.56.13 8.8.8.8 50091 53 223.10901308059692 udp
192.168.56.13 8.8.8.8 50184 53 533.1406779289246 udp
192.168.56.13 8.8.8.8 50297 53 312.16165113449097 udp
192.168.56.13 8.8.8.8 50335 53 203.09261107444763 udp
192.168.56.13 8.8.8.8 50433 53 281.1040041446686 udp
192.168.56.13 8.8.8.8 50479 53 429.09463691711426 udp
192.168.56.13 8.8.8.8 50554 53 43.8465781211853 udp
192.168.56.13 8.8.8.8 50600 53 312.1621630191803 udp
192.168.56.13 8.8.8.8 50628 53 470.1743540763855 udp
192.168.56.13 8.8.8.8 50880 53 441.14903497695923 udp
192.168.56.13 8.8.8.8 51051 53 413.14807295799255 udp
192.168.56.13 8.8.8.8 51068 53 280.14045810699463 udp
192.168.56.13 8.8.8.8 51546 53 260.0982060432434 udp
192.168.56.13 8.8.8.8 51697 53 413.1477129459381 udp
192.168.56.13 8.8.8.8 52284 53 153.5153260231018 udp
192.168.56.13 8.8.8.8 52424 53 333.1810610294342 udp
192.168.56.13 8.8.8.8 52451 53 374.1467580795288 udp
192.168.56.13 8.8.8.8 52499 53 270.10718607902527 udp
192.168.56.13 8.8.8.8 52955 53 165.95357012748718 udp
192.168.56.13 8.8.8.8 53056 53 374.1466851234436 udp
192.168.56.13 8.8.8.8 53136 53 198.08684992790222 udp
192.168.56.13 8.8.8.8 53203 53 380.18774795532227 udp
192.168.56.13 8.8.8.8 53303 53 470.17423605918884 udp
192.168.56.13 8.8.8.8 53518 53 79.61071801185608 udp
192.168.56.13 8.8.8.8 53616 53 154.95288395881653 udp
192.168.56.13 8.8.8.8 53657 53 218.086669921875 udp
192.168.56.13 8.8.8.8 53815 53 329.1514050960541 udp
192.168.56.13 8.8.8.8 53825 53 130.19716095924377 udp
192.168.56.13 8.8.8.8 53960 53 493.17253708839417 udp
192.168.56.13 8.8.8.8 53976 53 399.10885310173035 udp
192.168.56.13 8.8.8.8 53985 53 104.22271203994751 udp
192.168.56.13 8.8.8.8 54161 53 453.14108991622925 udp
192.168.56.13 8.8.8.8 54661 53 481.17282605171204 udp
192.168.56.13 8.8.8.8 54879 53 11.578972101211548 udp
192.168.56.13 8.8.8.8 54881 53 10.813722133636475 udp
192.168.56.13 8.8.8.8 54886 53 361.7841601371765 udp
192.168.56.13 8.8.8.8 55356 53 260.09940695762634 udp
192.168.56.13 8.8.8.8 55458 53 329.15100598335266 udp
192.168.56.13 8.8.8.8 55460 53 172.1085910797119 udp
192.168.56.13 8.8.8.8 55551 53 63.611093044281006 udp
192.168.56.13 8.8.8.8 55555 53 241.18867707252502 udp
192.168.56.13 8.8.8.8 55743 53 101.27246713638306 udp
192.168.56.13 8.8.8.8 56086 53 93.91439914703369 udp
192.168.56.13 8.8.8.8 56174 53 203.089262008667 udp
192.168.56.13 8.8.8.8 56197 53 48.782702922821045 udp
192.168.56.13 8.8.8.8 56202 53 121.5492479801178 udp
192.168.56.13 8.8.8.8 56464 53 289.0932869911194 udp
192.168.56.13 8.8.8.8 56615 53 241.37597012519836 udp
192.168.56.13 8.8.8.8 56632 53 509.090469121933 udp
192.168.56.13 8.8.8.8 56770 53 141.5483570098877 udp
192.168.56.13 8.8.8.8 56908 53 106.03168892860413 udp
192.168.56.13 8.8.8.8 57065 53 81.88147807121277 udp
192.168.56.13 8.8.8.8 57263 53 293.1538541316986 udp
192.168.56.13 8.8.8.8 57264 53 509.0922601222992 udp
192.168.56.13 8.8.8.8 57310 53 26.01523995399475 udp
192.168.56.13 8.8.8.8 57415 53 31.828410148620605 udp
192.168.56.13 8.8.8.8 57538 53 533.1409780979156 udp
192.168.56.13 8.8.8.8 57574 53 301.1466839313507 udp
192.168.56.13 8.8.8.8 57585 53 309.0938310623169 udp
192.168.56.13 8.8.8.8 57599 53 441.14624309539795 udp
192.168.56.13 8.8.8.8 57637 53 253.21754097938538 udp
192.168.56.13 8.8.8.8 57843 53 321.11569809913635 udp
192.168.56.13 8.8.8.8 57885 53 167.26186895370483 udp
192.168.56.13 8.8.8.8 58070 53 117.38282513618469 udp
192.168.56.13 8.8.8.8 58383 53 203.09297609329224 udp
192.168.56.13 8.8.8.8 58554 53 155.7343249320984 udp
192.168.56.13 8.8.8.8 58697 53 12.749819040298462 udp
192.168.56.13 8.8.8.8 58906 53 280.1404390335083 udp
192.168.56.13 8.8.8.8 58908 53 329.09005403518677 udp
192.168.56.13 8.8.8.8 58920 53 33.81478714942932 udp
192.168.56.13 8.8.8.8 59221 53 401.11105513572693 udp
192.168.56.13 8.8.8.8 59533 53 499.0917661190033 udp
192.168.56.13 8.8.8.8 59578 53 483.5313060283661 udp
192.168.56.13 8.8.8.8 59610 53 85.86507892608643 udp
192.168.56.13 8.8.8.8 59650 53 389.0878219604492 udp
192.168.56.13 8.8.8.8 60126 53 401.1107511520386 udp
192.168.56.13 8.8.8.8 60389 53 137.49272894859314 udp
192.168.56.13 8.8.8.8 60543 53 70.46386098861694 udp
192.168.56.13 8.8.8.8 60605 53 230.2034559249878 udp
192.168.56.13 8.8.8.8 60780 53 91.87505292892456 udp
192.168.56.13 8.8.8.8 60910 53 40.92024111747742 udp
192.168.56.13 8.8.8.8 61004 53 69.61082291603088 udp
192.168.56.13 8.8.8.8 61279 53 184.0872700214386 udp
192.168.56.13 8.8.8.8 61322 53 313.1412069797516 udp
192.168.56.13 8.8.8.8 61536 53 293.48049902915955 udp
192.168.56.13 8.8.8.8 61632 53 343.5315959453583 udp
192.168.56.13 8.8.8.8 61800 53 100.7762451171875 udp
192.168.56.13 8.8.8.8 61897 53 120.96777701377869 udp
192.168.56.13 8.8.8.8 62182 53 242.20468497276306 udp
192.168.56.13 8.8.8.8 62324 53 241.37651014328003 udp
192.168.56.13 8.8.8.8 62422 53 118.03316402435303 udp
192.168.56.13 8.8.8.8 62491 53 142.27144598960876 udp
192.168.56.13 8.8.8.8 62493 53 22.812335968017578 udp
192.168.56.13 8.8.8.8 62639 53 213.08902311325073 udp
192.168.56.13 8.8.8.8 62729 53 172.90993309020996 udp
192.168.56.13 8.8.8.8 62849 53 20.82944393157959 udp
192.168.56.13 8.8.8.8 62980 53 129.55473399162292 udp
192.168.56.13 8.8.8.8 63004 53 521.117378950119 udp
192.168.56.13 8.8.8.8 63240 53 177.9540729522705 udp
192.168.56.13 8.8.8.8 63251 53 389.0915780067444 udp
192.168.56.13 8.8.8.8 63478 53 223.10969710350037 udp
192.168.56.13 8.8.8.8 63527 53 8.720884084701538 udp
192.168.56.13 8.8.8.8 63574 53 470.1742100715637 udp
192.168.56.13 8.8.8.8 63599 53 361.1095840930939 udp
192.168.56.13 8.8.8.8 63617 53 189.95313215255737 udp
192.168.56.13 8.8.8.8 63813 53 481.17310905456543 udp
192.168.56.13 8.8.8.8 63979 53 361.10989904403687 udp
192.168.56.13 8.8.8.8 64082 53 429.0914490222931 udp
192.168.56.13 8.8.8.8 64296 53 349.0921950340271 udp
192.168.56.13 8.8.8.8 64412 53 453.14142203330994 udp
192.168.56.13 8.8.8.8 64533 53 70.01224994659424 udp
192.168.56.13 8.8.8.8 64642 53 154.20336198806763 udp
192.168.56.13 8.8.8.8 64700 53 135.51813411712646 udp
192.168.56.13 8.8.8.8 64886 53 85.8648009300232 udp
192.168.56.13 8.8.8.8 64944 53 260.09528398513794 udp
192.168.56.13 8.8.8.8 65371 53 229.09040212631226 udp
192.168.56.13 8.8.8.8 65433 53 493.1722221374512 udp

Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.

What To Do Now — Practical Defense Playbook

  • Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
  • EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
  • Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
  • Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
  • Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.

Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.

Scroll to Top