743f0fa0c0d6aabafea0a045d455af4ea64ca58e - threatlabsnews.xcitium.com

Executive Overview — What We’re Dealing With

This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.

File

o5oru.exe

Type

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

SHA‑1

743f0fa0c0d6aabafea0a045d455af4ea64ca58e

MD5

eac5ea88133aeb3c350ddb3eecfe7767

First Seen

2025-08-26 15:50:30.358238

Last Analysis

2025-08-27 15:34:43.384197

Dwell Time

0 days, 23 hours, 44 minutes

Extended Dwell Time Impact

For 23+ hours, this malware remained undetected — a half-day window that permitted the adversary to complete initial execution, establish basic persistence, and perform initial system enumeration.

Comparative Context

Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.

Timeline

Time (UTC)	Event	Elapsed
2025-08-19 18:46:28 UTC	First VirusTotal submission	—
2025-08-29 09:08:13 UTC	Latest analysis snapshot	9 days, 14 hours, 21 minutes
2025-09-05 11:04:21 UTC	Report generation time	16 days, 16 hours, 17 minutes

Why It Matters

Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.

Global Detection Posture — Who Caught It, Who Missed It

VirusTotal engines: 73. Detected as malicious: 66. Missed: 7. Coverage: 90.4%.

Detected Vendors

Xcitium
+65 additional vendors (names not provided)

List includes Xcitium plus an additional 65 vendors per the provided summary.

Missed Vendors

Baidu
CMC
SUPERAntiSpyware
tehtris
ViRobot
Webroot
Zoner

Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.

Behavioral Storyline — How the Malware Operates

Intensive file system activity (44.95% of behavior) indicates data harvesting, file encryption, or dropper behavior. The threat is actively searching for and manipulating files across the system.

Behavior Categories (weighted)

Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.

Category	Weight	Percentage
File System	9543	44.95%
System	9466	44.58%
Registry	756	3.56%
Network	747	3.52%
Threading	401	1.89%
Process	181	0.85%
Hooking	58	0.27%
Synchronization	35	0.16%
Device	17	0.08%
Misc	15	0.07%
Com	9	0.04%
Services	4	0.02%

MITRE ATT&CK Mapping

T1027.002 – packed with generic packer

Following the Trail — Network & DNS Activity

Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.

Contacted Domains

Domain	IP	Country	ASN/Org
ant.com	185.120.68.168	Czech Republic	Route object ‘Cloudinfrastack’
adobee.com	103.224.212.201	Australia	Trellian Pty. Limited 8 East Concourse, Beaumaris Victoria 3193
abc.com	3.166.192.84	United States	Amazon Technologies Inc.
facebook.com	31.13.80.36	Ireland	Not known
gmail.com	142.250.72.101	United States	Google LLC
users.sourceforge.net	104.18.12.149	United States	Cloudflare, Inc.
discoverypro.com	216.65.13.40	Canada	Aptum Technologies
yahoo.com	74.6.231.21	United States	Oath Holdings Inc.
invincea.com	13.224.214.33	United States	Amazon Technologies Inc.
linksicle.com	162.255.119.146	United States	Namecheap, Inc.
xunlei.com	112.124.227.84	China	Aliyun Computing Co., LTD 5F, Builing D, the West Lake International Plaza of S&T No.391 Wen’er Road, Hangzhou, Zhejiang, China, 310099
eaqenrmeas.ws	64.70.19.203	United States	CenturyLink Communications, LLC
mozilla.org	35.190.14.201	United States	Google LLC
mybrowserbar.com	158.85.239.244	United States	IBM Cloud
yahoo-inc.com	76.223.84.192	United States	Amazon.com, Inc.
ibm.com	23.1.60.77	United States	Akamai Technologies, Inc.
alumni.caltech.edu	52.26.125.194	United States	Amazon Technologies Inc.
bigelowandholmes.com	208.91.197.27	United States	Confluence Networks Inc
xU.net	104.21.64.1	United States	Cloudflare, Inc.
programmer.net	3.33.243.145	United States	Amazon Technologies Inc.
gzip.org	85.187.148.2	United States	Not known
youtuber.com	119.18.54.105	India	This is the second Websitedns.in IP pool.
freedownloadmanager.org	74.117.181.203	United States	Webzilla Inc.
www.aieov.com	13.248.169.48	United States	Amazon Technologies Inc.
2youtube.com	208.91.196.152	Virgin Islands, British	Confluence Networks Inc
adobe.com	23.204.152.223	United States	Akamai Technologies, Inc.
claro.com	23.204.152.151	United States	Akamai Technologies, Inc.
prz.com	162.241.216.62	United States	Unified Layer
internetdownloadmanager.com	169.61.27.133	United States	Not known
youtube2.com	103.224.212.201	Australia	Trellian Pty. Limited 8 East Concourse, Beaumaris Victoria 3193
www.msftncsi.com	23.200.3.27	United States	Akamai Technologies, Inc.
courtesan.com	65.102.237.118	United States	CenturyLink Communications, LLC
youtubeplayer.com	76.76.21.21	United States	Vercel, Inc
ya456.com	13.248.169.48	United States	Amazon Technologies Inc.
youtube7.com	74.208.236.98	United States	IONOS Inc.
flash.com	192.147.130.204	United States	Adobe Systems Incorporated
outlook.com	52.96.172.98	United States	Microsoft Corporation
unblocker.yt	199.59.243.228	United States	Bodis, LLC
example.com	23.215.0.136	United States	Akamai Technologies, Inc.
yopmail.com	87.98.250.141	United Kingdom	OVH Ltd
addons.mozilla.org	151.101.1.91	United States	Fastly, Inc.
pie2k.com	74.208.236.55	United States	IONOS Inc.
getwebcake.com	162.210.196.167	United States	Leaseweb USA, Inc.
epssrmrawh.ws	64.70.19.203	United States	CenturyLink Communications, LLC
mozilla.kewis.ch	178.17.170.10	Moldova, Republic of	Trabia
yahoo.in	13.248.158.7	United States	Amazon Technologies Inc.
iobit.com	3.95.188.85	United States	Amazon Technologies Inc.
pr.com	44.215.47.228	United States	Amazon.com, Inc.
youtube3.com	199.59.243.228	United States	Bodis, LLC
megginson.com	185.199.108.153	Netherlands	GitHub – 185.199.108.0/24
ShopperReports.com	13.248.169.48	United States	Amazon Technologies Inc.
anchorfree.com	13.231.128.9	Japan	Amazon Technologies Inc.
a1.com	193.81.82.81	Austria	====================================================================== www.a1.net Abuse issues abuse@A1.at Operational issues noc@aon.at Peering requests peering@aon.at Looking glass https://ppp.a1.net/tools/lookingglass.sp Other info https://as8447.peeringdb.com
126.com	111.124.203.38	China	CHINANET GUIZHOU PROVINCE NETWORK China Telecom No.31,jingrong street Beijing 100032
ask.com	146.75.38.114	Sweden	FASTLY
incredibar.com	82.80.204.57	Israel	IL-BEZEQ-INTERNATIONAL-DC
W9.net	185.107.56.203	Netherlands	Serverhosting
faceobooks.ws	64.70.19.203	United States	CenturyLink Communications, LLC
attbi.com	199.115.115.116	United States	Leaseweb USA, Inc.
iminent.com	52.45.106.116	United States	Amazon Technologies Inc.
trtv.com	76.223.54.146	United States	Amazon.com, Inc.
luckyleap.net	8.37.113.184	United States	Level 3 Parent, LLC
defaulttab.com	13.248.169.48	United States	Amazon Technologies Inc.
browsefox.com	8.37.113.149	United States	Level 3 Parent, LLC

Observed IPs

IP	Country	ASN/Org
224.0.0.252	—	—
239.255.255.250	—	—
8.8.4.4	United States	Google LLC
8.8.8.8	United States	Google LLC

DNS Queries

Request	Type
5isohu.com	A
www.msftncsi.com	A
qepswmenen.info	A
126.com	MX
yahoo.com	MX
www.aieov.com	A
users.sourceforge.net	MX
gmail.com	MX
waqnqmnqnh.in	A
rwrepwprhs.org	A
hwrnsnewhs.net	A
qshwwqanwa.info	A
invincea.com	MX
hnhqrewean.net	A
gzip.org	MX
qnhrmeanhs.info	A
alumni.caltech.edu	MX
megginson.com	MX
jk.uni-linz.ac.at	MX
cdata.tvnet.hu	MX
attbi.com	MX
courtesan.com	MX
bigelowandholmes.com	MX
mqphqnwshh.in	A
2youtube.com	MX
mozilla.kewis.ch	MX
aaamhseqph.com	A
facebook.com	MX
iminent.com	MX
discoverypro.com	MX
example.com	MX
mozilla.org	MX
analytic-s.com	MX
linksicle.com	MX
youtuber.com	MX
grhjgewfewf.com	MX
youtuberie.com	MX
faceobooks.ws	MX
mmwmhqqsas.in	A
etech.com	MX
vpyekkifgv.org	MX
unblocker.yt	MX
VideoDownloadConverter_4z.com	MX
abc.com	MX
f1cc0a13-4df1-4d66-938f-088db8838882.com	MX
adsremoval.net	MX
hansanddeta.com	MX
adobee.com	MX
freedownloadmanager.org	MX
narhrweqms.us	A
firefox.mozilla.org	MX
nQm9l.org	MX
OKitSpace.es	MX
getpricepeep.com	MX
PackageTracer_69.com	MX
8706aaed9b904554b5cb7984e9.com	MX
epssrmrawh.ws	A
mozilla.doslash.org	MX
iobit.com	MX
mybrowserbar.com	MX
test.org	MX
programmer.net	MX
W9.net	MX
2iABkVe.com	MX
flash.com	MX
adobe.com	MX
rpammshmwa.org	A
ylgga.com	MX
xeeR.net	MX
yopmail.com	MX
ShopperReports.com	MX
hpyproductions.net	MX
claro.com	MX
9eAkaLq.net	MX
39d6f481-b198-4349-9ebe-9a93a86f9267.com	MX
wrseaqnaan.in	A
luckyleap.net	MX
bulletmedia.com	MX
outlook.com	MX
1ad61d53-2bdc-4484-a26b-b888ecae1906.com	MX
Fast_Free_Converter.com	MX
defaulttab.com	MX
safebrowse.co	MX
reqqrnpmah.org	A
youtube3.com	MX
crossrider.com	MX
youtube7.com	MX
browsefox.com	MX
topvest.id	MX
a1.com	MX
eaqenrmeas.ws	A
getwebcake.com	MX
anchorfree.com	MX
torntv.com	MX
FastFreeConverter.com	MX
xunlei.com	MX
apnhwwsqpa.com	A
trtv.com	MX
youtubeplayer.com	MX
a8876730-fb0c-4057-a2fc-f9c09d438e81.com	MX
ask.com	MX
47z8gRpK8sULXXLivB.com	MX
youasdr3.com	MX
offeringmedia.com	MX
pie2k.com	MX
internetdownloadmanager.com	MX
addlyrics.net	MX
seehrhesrn.biz	A
adobe.flash	MX
youtube2.com	MX
XDDWJXW57740856.com	MX
search-snacks.com	MX
T.edu	MX
a.com	MX
vovcacik.addons.mozilla.org	MX
incredibar.com	MX
ibm.com	MX
qpsshrsssn.info	A
facefollow.net	MX
youtb3.com	MX
player.com	MX
prz.com	MX
hgergerherg.com	MX
youtuber3.com	MX
a298838b-7f50-4c7c-9277-df6abbd42a0c.com	MX
yahoo.in	MX
pr.com	MX
ant.com	MX
njMaHh.org	MX
hhawhsannn.net	A
ya456.com	MX
addons.mozilla.org	MX
xU.net	MX
jfdnkwelfwkm.com	MX
7314bc82-969e-4d2a-921b-e5edd0b02cf1.com	MX
yahoo-inc.com	MX

Contacted IPs

IP	Country	ASN/Org
224.0.0.252	—	—
239.255.255.250	—	—
8.8.4.4	United States	Google LLC
8.8.8.8	United States	Google LLC

Port Distribution

Port	Count	Protocols
137	1	udp
138	1	udp
5355	5	udp
53	486	udp
3702	1	udp

UDP Packets

Source IP	Dest IP	Sport	Dport	Time	Proto
192.168.56.13	192.168.56.255	137	137	7.205799102783203	udp
192.168.56.13	192.168.56.255	138	138	13.19236707687378	udp
192.168.56.13	224.0.0.252	55150	5355	7.105065107345581	udp
192.168.56.13	224.0.0.252	58697	5355	16.19230604171753	udp
192.168.56.13	224.0.0.252	60010	5355	9.661149978637695	udp
192.168.56.13	224.0.0.252	62406	5355	7.107048034667969	udp
192.168.56.13	224.0.0.252	63527	5355	9.11615514755249	udp
192.168.56.13	239.255.255.250	52252	3702	7.112952947616577	udp
192.168.56.13	8.8.4.4	49193	53	304.9111969470978	udp
192.168.56.13	8.8.4.4	49194	53	172.4891459941864	udp
192.168.56.13	8.8.4.4	49311	53	11.020301103591919	udp
192.168.56.13	8.8.4.4	49640	53	182.7079141139984	udp
192.168.56.13	8.8.4.4	49655	53	167.89539313316345	udp
192.168.56.13	8.8.4.4	49661	53	223.0830581188202	udp
192.168.56.13	8.8.4.4	49675	53	186.7237570285797	udp
192.168.56.13	8.8.4.4	49707	53	284.6607871055603	udp
192.168.56.13	8.8.4.4	49789	53	122.34820699691772	udp
192.168.56.13	8.8.4.4	49995	53	87.50815105438232	udp
192.168.56.13	8.8.4.4	50091	53	74.0357871055603	udp
192.168.56.13	8.8.4.4	50184	53	167.92618203163147	udp
192.168.56.13	8.8.4.4	50218	53	251.8323781490326	udp
192.168.56.13	8.8.4.4	50297	53	96.83286595344543	udp
192.168.56.13	8.8.4.4	50335	53	69.81694412231445	udp
192.168.56.13	8.8.4.4	50433	53	89.8326301574707	udp
192.168.56.13	8.8.4.4	50479	53	149.5049180984497	udp
192.168.56.13	8.8.4.4	50489	53	196.47296404838562	udp
192.168.56.13	8.8.4.4	50498	53	196.31736707687378	udp
192.168.56.13	8.8.4.4	50554	53	34.55171298980713	udp
192.168.56.13	8.8.4.4	50600	53	96.84867310523987	udp
192.168.56.13	8.8.4.4	50628	53	153.7389509677887	udp
192.168.56.13	8.8.4.4	50747	53	259.8173580169678	udp
192.168.56.13	8.8.4.4	50776	53	293.3167610168457	udp
192.168.56.13	8.8.4.4	50787	53	249.08236408233643	udp
192.168.56.13	8.8.4.4	50844	53	278.0205910205841	udp
192.168.56.13	8.8.4.4	50880	53	153.7075800895691	udp
192.168.56.13	8.8.4.4	50961	53	191.86423993110657	udp
192.168.56.13	8.8.4.4	51049	53	307.53577995300293	udp
192.168.56.13	8.8.4.4	51051	53	148.66117811203003	udp
192.168.56.13	8.8.4.4	51068	53	87.7244291305542	udp
192.168.56.13	8.8.4.4	51190	53	299.9418830871582	udp
192.168.56.13	8.8.4.4	51239	53	201.4266481399536	udp
192.168.56.13	8.8.4.4	51343	53	186.73895001411438	udp
192.168.56.13	8.8.4.4	51475	53	314.9892511367798	udp
192.168.56.13	8.8.4.4	51546	53	82.97395515441895	udp
192.168.56.13	8.8.4.4	51611	53	289.75491404533386	udp
192.168.56.13	8.8.4.4	51660	53	284.70736598968506	udp
192.168.56.13	8.8.4.4	51697	53	148.64535999298096	udp
192.168.56.13	8.8.4.4	51759	53	216.53605794906616	udp
192.168.56.13	8.8.4.4	51818	53	304.92621207237244	udp
192.168.56.13	8.8.4.4	52002	53	268.8018181324005	udp
192.168.56.13	8.8.4.4	52284	53	59.09842610359192	udp
192.168.56.13	8.8.4.4	52333	53	206.41113114356995	udp
192.168.56.13	8.8.4.4	52389	53	268.8167290687561	udp
192.168.56.13	8.8.4.4	52424	53	122.03593301773071	udp
192.168.56.13	8.8.4.4	52451	53	127.23902606964111	udp
192.168.56.13	8.8.4.4	52499	53	87.28563094139099	udp
192.168.56.13	8.8.4.4	52547	53	309.9890630245209	udp
192.168.56.13	8.8.4.4	52625	53	186.72374606132507	udp
192.168.56.13	8.8.4.4	52630	53	201.37982606887817	udp
192.168.56.13	8.8.4.4	52681	53	310.41051411628723	udp
192.168.56.13	8.8.4.4	52714	53	278.86785411834717	udp
192.168.56.13	8.8.4.4	52762	53	196.89540815353394	udp
192.168.56.13	8.8.4.4	52825	53	191.33246994018555	udp
192.168.56.13	8.8.4.4	52955	53	60.9107780456543	udp
192.168.56.13	8.8.4.4	52989	53	259.4104790687561	udp
192.168.56.13	8.8.4.4	53056	53	131.55179810523987	udp
192.168.56.13	8.8.4.4	53081	53	237.6300129890442	udp
192.168.56.13	8.8.4.4	53136	53	69.64534115791321	udp
192.168.56.13	8.8.4.4	53203	53	131.5676600933075	udp
192.168.56.13	8.8.4.4	53303	53	158.0668239593506	udp
192.168.56.13	8.8.4.4	53518	53	39.28566813468933	udp
192.168.56.13	8.8.4.4	53575	53	205.02021503448486	udp
192.168.56.13	8.8.4.4	53616	53	60.84846806526184	udp
192.168.56.13	8.8.4.4	53657	53	74.02009916305542	udp
192.168.56.13	8.8.4.4	53807	53	172.52000093460083	udp
192.168.56.13	8.8.4.4	53815	53	120.61370992660522	udp
192.168.56.13	8.8.4.4	53825	53	52.22308015823364	udp
192.168.56.13	8.8.4.4	53908	53	172.02051901817322	udp
192.168.56.13	8.8.4.4	53960	53	162.73902702331543	udp
192.168.56.13	8.8.4.4	53976	53	144.4734971523285	udp
192.168.56.13	8.8.4.4	53985	53	47.613861083984375	udp
192.168.56.13	8.8.4.4	54018	53	244.7541720867157	udp
192.168.56.13	8.8.4.4	54161	53	153.72322010993958	udp
192.168.56.13	8.8.4.4	54318	53	278.9166920185089	udp
192.168.56.13	8.8.4.4	54466	53	263.45820713043213	udp
192.168.56.13	8.8.4.4	54474	53	215.9110131263733	udp
192.168.56.13	8.8.4.4	54478	53	298.31692600250244	udp
192.168.56.13	8.8.4.4	54556	53	211.55182909965515	udp
192.168.56.13	8.8.4.4	54608	53	293.11429715156555	udp
192.168.56.13	8.8.4.4	54611	53	273.004595041275	udp
192.168.56.13	8.8.4.4	54661	53	158.5051040649414	udp
192.168.56.13	8.8.4.4	54689	53	284.5828490257263	udp
192.168.56.13	8.8.4.4	54757	53	219.395033121109	udp
192.168.56.13	8.8.4.4	54879	53	14.863940954208374	udp
192.168.56.13	8.8.4.4	54881	53	11.740085124969482	udp
192.168.56.13	8.8.4.4	54886	53	126.89536809921265	udp
192.168.56.13	8.8.4.4	55107	53	273.5517089366913	udp
192.168.56.13	8.8.4.4	55132	53	263.84788393974304	udp
192.168.56.13	8.8.4.4	55232	53	191.30163311958313	udp
192.168.56.13	8.8.4.4	55284	53	201.6607689857483	udp
192.168.56.13	8.8.4.4	55356	53	87.06687211990356	udp
192.168.56.13	8.8.4.4	55458	53	118.34835910797119	udp
192.168.56.13	8.8.4.4	55460	53	65.25491905212402	udp
192.168.56.13	8.8.4.4	55551	53	34.989001989364624	udp
192.168.56.13	8.8.4.4	55555	53	78.34906196594238	udp
192.168.56.13	8.8.4.4	55657	53	196.86382913589478	udp
192.168.56.13	8.8.4.4	55693	53	186.78596210479736	udp
192.168.56.13	8.8.4.4	55716	53	288.754940032959	udp
192.168.56.13	8.8.4.4	55743	53	46.95803999900818	udp
192.168.56.13	8.8.4.4	55750	53	309.9732720851898	udp
192.168.56.13	8.8.4.4	56085	53	238.31735801696777	udp
192.168.56.13	8.8.4.4	56086	53	43.50428009033203	udp
192.168.56.13	8.8.4.4	56174	53	69.69191813468933	udp
192.168.56.13	8.8.4.4	56197	53	34.80110502243042	udp
192.168.56.13	8.8.4.4	56202	53	52.02029514312744	udp
192.168.56.13	8.8.4.4	56226	53	231.4109809398651	udp
192.168.56.13	8.8.4.4	56259	53	201.44214296340942	udp
192.168.56.13	8.8.4.4	56464	53	91.81740093231201	udp
192.168.56.13	8.8.4.4	56615	53	78.4268729686737	udp
192.168.56.13	8.8.4.4	56632	53	163.12972211837769	udp
192.168.56.13	8.8.4.4	56770	53	56.427091121673584	udp
192.168.56.13	8.8.4.4	56863	53	224.44233202934265	udp
192.168.56.13	8.8.4.4	56908	53	47.676193952560425	udp
192.168.56.13	8.8.4.4	57065	53	39.34814214706421	udp
192.168.56.13	8.8.4.4	57238	53	298.3327429294586	udp
192.168.56.13	8.8.4.4	57263	53	92.06670093536377	udp
192.168.56.13	8.8.4.4	57264	53	167.39548110961914	udp
192.168.56.13	8.8.4.4	57290	53	206.39532208442688	udp
192.168.56.13	8.8.4.4	57310	53	19.242156982421875	udp
192.168.56.13	8.8.4.4	57415	53	26.473255157470703	udp
192.168.56.13	8.8.4.4	57517	53	205.84894514083862	udp
192.168.56.13	8.8.4.4	57538	53	168.34871912002563	udp
192.168.56.13	8.8.4.4	57574	53	92.28558802604675	udp
192.168.56.13	8.8.4.4	57585	53	96.785560131073	udp
192.168.56.13	8.8.4.4	57599	53	153.33314299583435	udp
192.168.56.13	8.8.4.4	57637	53	82.78535008430481	udp
192.168.56.13	8.8.4.4	57827	53	210.9105989933014	udp
192.168.56.13	8.8.4.4	57843	53	106.25525403022766	udp
192.168.56.13	8.8.4.4	57860	53	276.1922061443329	udp
192.168.56.13	8.8.4.4	57870	53	177.12979698181152	udp
192.168.56.13	8.8.4.4	57885	53	61.26997900009155	udp
192.168.56.13	8.8.4.4	58004	53	177.59847807884216	udp
192.168.56.13	8.8.4.4	58037	53	172.47319102287292	udp
192.168.56.13	8.8.4.4	58070	53	47.770573139190674	udp
192.168.56.13	8.8.4.4	58356	53	216.5983440876007	udp
192.168.56.13	8.8.4.4	58383	53	73.45811104774475	udp
192.168.56.13	8.8.4.4	58554	53	60.9107871055603	udp
192.168.56.13	8.8.4.4	58615	53	229.98924803733826	udp
192.168.56.13	8.8.4.4	58634	53	246.87989401817322	udp
192.168.56.13	8.8.4.4	58891	53	309.9732620716095	udp
192.168.56.13	8.8.4.4	58906	53	87.95791912078857	udp
192.168.56.13	8.8.4.4	58908	53	117.75420093536377	udp
192.168.56.13	8.8.4.4	58920	53	30.160845041275024	udp
192.168.56.13	8.8.4.4	59020	53	210.94221806526184	udp
192.168.56.13	8.8.4.4	59140	53	175.98880696296692	udp
192.168.56.13	8.8.4.4	59181	53	182.17616415023804	udp
192.168.56.13	8.8.4.4	59221	53	147.33321905136108	udp
192.168.56.13	8.8.4.4	59400	53	272.9888219833374	udp
192.168.56.13	8.8.4.4	59401	53	250.44201111793518	udp
192.168.56.13	8.8.4.4	59533	53	162.75484609603882	udp
192.168.56.13	8.8.4.4	59535	53	293.3018090724945	udp
192.168.56.13	8.8.4.4	59578	53	161.58299899101257	udp
192.168.56.13	8.8.4.4	59610	53	43.39639496803284	udp
192.168.56.13	8.8.4.4	59639	53	251.83239197731018	udp
192.168.56.13	8.8.4.4	59650	53	132.8795680999756	udp
192.168.56.13	8.8.4.4	59916	53	284.6451189517975	udp
192.168.56.13	8.8.4.4	59976	53	243.53550505638123	udp
192.168.56.13	8.8.4.4	59985	53	190.7076461315155	udp
192.168.56.13	8.8.4.4	60126	53	144.48941802978516	udp
192.168.56.13	8.8.4.4	60216	53	303.4573850631714	udp
192.168.56.13	8.8.4.4	60229	53	223.6919801235199	udp
192.168.56.13	8.8.4.4	60389	53	56.42709994316101	udp
192.168.56.13	8.8.4.4	60442	53	298.3793160915375	udp
192.168.56.13	8.8.4.4	60543	53	39.22370409965515	udp
192.168.56.13	8.8.4.4	60593	53	191.86424803733826	udp
192.168.56.13	8.8.4.4	60605	53	78.31689310073853	udp
192.168.56.13	8.8.4.4	60695	53	278.8378019332886	udp
192.168.56.13	8.8.4.4	60739	53	234.20775508880615	udp
192.168.56.13	8.8.4.4	60780	53	43.48932695388794	udp
192.168.56.13	8.8.4.4	60910	53	32.70725703239441	udp
192.168.56.13	8.8.4.4	60959	53	182.19193696975708	udp
192.168.56.13	8.8.4.4	61004	53	35.05126714706421	udp
192.168.56.13	8.8.4.4	61071	53	181.69219493865967	udp
192.168.56.13	8.8.4.4	61279	53	65.41049194335938	udp
192.168.56.13	8.8.4.4	61322	53	104.09862995147705	udp
192.168.56.13	8.8.4.4	61327	53	303.5045690536499	udp
192.168.56.13	8.8.4.4	61360	53	236.20810914039612	udp
192.168.56.13	8.8.4.4	61536	53	92.06669211387634	udp
192.168.56.13	8.8.4.4	61617	53	272.97301602363586	udp
192.168.56.13	8.8.4.4	61632	53	122.03591799736023	udp
192.168.56.13	8.8.4.4	61800	53	43.55164408683777	udp
192.168.56.13	8.8.4.4	61840	53	211.53611993789673	udp
192.168.56.13	8.8.4.4	61897	53	51.92654609680176	udp
192.168.56.13	8.8.4.4	62182	53	82.58273196220398	udp
192.168.56.13	8.8.4.4	62226	53	293.34838008880615	udp
192.168.56.13	8.8.4.4	62249	53	215.89533805847168	udp
192.168.56.13	8.8.4.4	62266	53	243.5512580871582	udp
192.168.56.13	8.8.4.4	62324	53	78.47333097457886	udp
192.168.56.13	8.8.4.4	62422	53	47.86394500732422	udp
192.168.56.13	8.8.4.4	62431	53	182.17617797851562	udp
192.168.56.13	8.8.4.4	62491	53	56.613861083984375	udp
192.168.56.13	8.8.4.4	62492	53	177.62972903251648	udp
192.168.56.13	8.8.4.4	62493	53	17.770342111587524	udp
192.168.56.13	8.8.4.4	62534	53	314.9892599582672	udp
192.168.56.13	8.8.4.4	62639	53	73.95764303207397	udp
192.168.56.13	8.8.4.4	62729	53	65.26993703842163	udp
192.168.56.13	8.8.4.4	62736	53	250.44202303886414	udp
192.168.56.13	8.8.4.4	62849	53	17.723089933395386	udp
192.168.56.13	8.8.4.4	62980	53	52.114339113235474	udp
192.168.56.13	8.8.4.4	63004	53	167.89540600776672	udp
192.168.56.13	8.8.4.4	63023	53	268.082967042923	udp
192.168.56.13	8.8.4.4	63037	53	278.06735396385193	udp
192.168.56.13	8.8.4.4	63074	53	243.33257412910461	udp
192.168.56.13	8.8.4.4	63138	53	293.3953950405121	udp
192.168.56.13	8.8.4.4	63240	53	65.26992797851562	udp
192.168.56.13	8.8.4.4	63251	53	135.2387080192566	udp
192.168.56.13	8.8.4.4	63373	53	231.4109661579132	udp
192.168.56.13	8.8.4.4	63416	53	288.8792190551758	udp
192.168.56.13	8.8.4.4	63478	53	74.23945093154907	udp
192.168.56.13	8.8.4.4	63554	53	201.42665696144104	udp
192.168.56.13	8.8.4.4	63574	53	158.06683897972107	udp
192.168.56.13	8.8.4.4	63599	53	126.52028512954712	udp
192.168.56.13	8.8.4.4	63617	53	69.53622102737427	udp
192.168.56.13	8.8.4.4	63813	53	158.520005941391	udp
192.168.56.13	8.8.4.4	63825	53	263.8804190158844	udp
192.168.56.13	8.8.4.4	63895	53	177.09842610359192	udp
192.168.56.13	8.8.4.4	63979	53	126.89537811279297	udp
192.168.56.13	8.8.4.4	64082	53	149.1611180305481	udp
192.168.56.13	8.8.4.4	64148	53	263.8331620693207	udp
192.168.56.13	8.8.4.4	64256	53	259.8012411594391	udp
192.168.56.13	8.8.4.4	64276	53	261.3010470867157	udp
192.168.56.13	8.8.4.4	64278	53	230.69166803359985	udp
192.168.56.13	8.8.4.4	64296	53	122.33303999900818	udp
192.168.56.13	8.8.4.4	64412	53	153.72321200370789	udp
192.168.56.13	8.8.4.4	64478	53	257.12923312187195	udp
192.168.56.13	8.8.4.4	64533	53	39.11395001411438	udp
192.168.56.13	8.8.4.4	64642	53	60.7231011390686	udp
192.168.56.13	8.8.4.4	64679	53	205.8170850276947	udp
192.168.56.13	8.8.4.4	64700	53	56.41067099571228	udp
192.168.56.13	8.8.4.4	64801	53	34.4735050201416	udp
192.168.56.13	8.8.4.4	64866	53	223.083074092865	udp
192.168.56.13	8.8.4.4	64886	53	40.832656145095825	udp
192.168.56.13	8.8.4.4	64890	53	268.78605794906616	udp
192.168.56.13	8.8.4.4	64908	53	215.95739197731018	udp
192.168.56.13	8.8.4.4	64935	53	263.83317399024963	udp
192.168.56.13	8.8.4.4	64944	53	82.80115103721619	udp
192.168.56.13	8.8.4.4	64973	53	230.7230260372162	udp
192.168.56.13	8.8.4.4	65004	53	288.801922082901	udp
192.168.56.13	8.8.4.4	65156	53	238.31734800338745	udp
192.168.56.13	8.8.4.4	65371	53	75.55136108398438	udp
192.168.56.13	8.8.4.4	65433	53	162.72288608551025	udp
192.168.56.13	8.8.8.8	49193	53	303.9132900238037	udp
192.168.56.13	8.8.8.8	49194	53	171.49703311920166	udp
192.168.56.13	8.8.8.8	49311	53	12.020271062850952	udp
192.168.56.13	8.8.8.8	49640	53	181.70982098579407	udp
192.168.56.13	8.8.8.8	49655	53	166.89771604537964	udp
192.168.56.13	8.8.8.8	49661	53	222.07430911064148	udp
192.168.56.13	8.8.8.8	49675	53	185.73046898841858	udp
192.168.56.13	8.8.8.8	49707	53	283.6646900177002	udp
192.168.56.13	8.8.8.8	49789	53	121.36053013801575	udp
192.168.56.13	8.8.8.8	49995	53	86.50590395927429	udp
192.168.56.13	8.8.8.8	50091	53	73.04936003684998	udp
192.168.56.13	8.8.8.8	50184	53	166.92663192749023	udp
192.168.56.13	8.8.8.8	50218	53	250.84723114967346	udp
192.168.56.13	8.8.8.8	50297	53	95.84200716018677	udp
192.168.56.13	8.8.8.8	50335	53	68.82226395606995	udp
192.168.56.13	8.8.8.8	50433	53	88.83993697166443	udp
192.168.56.13	8.8.8.8	50479	53	148.50866603851318	udp
192.168.56.13	8.8.8.8	50489	53	195.47703409194946	udp
192.168.56.13	8.8.8.8	50498	53	195.32706713676453	udp
192.168.56.13	8.8.8.8	50554	53	33.55632305145264	udp
192.168.56.13	8.8.8.8	50600	53	95.84871697425842	udp
192.168.56.13	8.8.8.8	50628	53	152.75082802772522	udp
192.168.56.13	8.8.8.8	50747	53	258.82283210754395	udp
192.168.56.13	8.8.8.8	50776	53	292.3212831020355	udp
192.168.56.13	8.8.8.8	50787	53	248.09326696395874	udp
192.168.56.13	8.8.8.8	50844	53	277.03578305244446	udp
192.168.56.13	8.8.8.8	50880	53	152.71292304992676	udp
192.168.56.13	8.8.8.8	50961	53	190.87846493721008	udp
192.168.56.13	8.8.8.8	51049	53	306.5501780509949	udp
192.168.56.13	8.8.8.8	51051	53	147.66443800926208	udp
192.168.56.13	8.8.8.8	51068	53	86.7316300868988	udp
192.168.56.13	8.8.8.8	51190	53	298.95075392723083	udp
192.168.56.13	8.8.8.8	51239	53	200.43474507331848	udp
192.168.56.13	8.8.8.8	51343	53	185.7469940185547	udp
192.168.56.13	8.8.8.8	51475	53	314.003781080246	udp
192.168.56.13	8.8.8.8	51546	53	81.98739695549011	udp
192.168.56.13	8.8.8.8	51611	53	288.7569200992584	udp
192.168.56.13	8.8.8.8	51660	53	283.7146100997925	udp
192.168.56.13	8.8.8.8	51697	53	147.64744997024536	udp
192.168.56.13	8.8.8.8	51759	53	215.54492592811584	udp
192.168.56.13	8.8.8.8	51818	53	303.93726205825806	udp
192.168.56.13	8.8.8.8	52002	53	267.816801071167	udp
192.168.56.13	8.8.8.8	52284	53	58.09900403022766	udp
192.168.56.13	8.8.8.8	52333	53	205.41223907470703	udp
192.168.56.13	8.8.8.8	52389	53	267.8233850002289	udp
192.168.56.13	8.8.8.8	52424	53	121.04173398017883	udp
192.168.56.13	8.8.8.8	52451	53	126.25362300872803	udp
192.168.56.13	8.8.8.8	52499	53	86.29570603370667	udp
192.168.56.13	8.8.8.8	52547	53	308.98956298828125	udp
192.168.56.13	8.8.8.8	52625	53	185.73124599456787	udp
192.168.56.13	8.8.8.8	52630	53	200.38662195205688	udp
192.168.56.13	8.8.8.8	52681	53	309.41174507141113	udp
192.168.56.13	8.8.8.8	52714	53	277.87823605537415	udp
192.168.56.13	8.8.8.8	52762	53	195.90918397903442	udp
192.168.56.13	8.8.8.8	52825	53	190.33370304107666	udp
192.168.56.13	8.8.8.8	52955	53	59.91664409637451	udp
192.168.56.13	8.8.8.8	52989	53	258.41326904296875	udp
192.168.56.13	8.8.8.8	53056	53	130.56181597709656	udp
192.168.56.13	8.8.8.8	53081	53	236.6417360305786	udp
192.168.56.13	8.8.8.8	53136	53	68.65988492965698	udp
192.168.56.13	8.8.8.8	53203	53	130.57512497901917	udp
192.168.56.13	8.8.8.8	53303	53	157.0610179901123	udp
192.168.56.13	8.8.8.8	53518	53	38.295504093170166	udp
192.168.56.13	8.8.8.8	53575	53	204.02609610557556	udp
192.168.56.13	8.8.8.8	53616	53	59.85974907875061	udp
192.168.56.13	8.8.8.8	53657	53	73.02754998207092	udp
192.168.56.13	8.8.8.8	53807	53	171.52194094657898	udp
192.168.56.13	8.8.8.8	53815	53	119.62702798843384	udp
192.168.56.13	8.8.8.8	53825	53	51.2254741191864	udp
192.168.56.13	8.8.8.8	53908	53	171.02431797981262	udp
192.168.56.13	8.8.8.8	53960	53	161.74760699272156	udp
192.168.56.13	8.8.8.8	53976	53	143.47857093811035	udp
192.168.56.13	8.8.8.8	53985	53	46.61616802215576	udp
192.168.56.13	8.8.8.8	54018	53	243.75853395462036	udp
192.168.56.13	8.8.8.8	54161	53	152.7347071170807	udp
192.168.56.13	8.8.8.8	54318	53	277.8989911079407	udp
192.168.56.13	8.8.8.8	54466	53	262.4731421470642	udp
192.168.56.13	8.8.8.8	54474	53	214.9230239391327	udp
192.168.56.13	8.8.8.8	54478	53	297.32375407218933	udp
192.168.56.13	8.8.8.8	54556	53	210.5518820285797	udp
192.168.56.13	8.8.8.8	54608	53	292.11481499671936	udp
192.168.56.13	8.8.8.8	54611	53	272.0047550201416	udp
192.168.56.13	8.8.8.8	54661	53	157.51906204223633	udp
192.168.56.13	8.8.8.8	54689	53	283.59244894981384	udp
192.168.56.13	8.8.8.8	54757	53	218.40437602996826	udp
192.168.56.13	8.8.8.8	54879	53	15.863976955413818	udp
192.168.56.13	8.8.8.8	54881	53	12.73927903175354	udp
192.168.56.13	8.8.8.8	54886	53	125.90048694610596	udp
192.168.56.13	8.8.8.8	55107	53	272.56457710266113	udp
192.168.56.13	8.8.8.8	55132	53	262.84939193725586	udp
192.168.56.13	8.8.8.8	55232	53	190.30954003334045	udp
192.168.56.13	8.8.8.8	55284	53	200.6671061515808	udp
192.168.56.13	8.8.8.8	55356	53	86.0699291229248	udp
192.168.56.13	8.8.8.8	55458	53	117.35148501396179	udp
192.168.56.13	8.8.8.8	55460	53	64.2562210559845	udp
192.168.56.13	8.8.8.8	55551	53	34.002891063690186	udp
192.168.56.13	8.8.8.8	55555	53	77.34892416000366	udp
192.168.56.13	8.8.8.8	55657	53	195.87494111061096	udp
192.168.56.13	8.8.8.8	55693	53	185.7884919643402	udp
192.168.56.13	8.8.8.8	55716	53	287.7670409679413	udp
192.168.56.13	8.8.8.8	55743	53	45.958303928375244	udp
192.168.56.13	8.8.8.8	55750	53	308.97440099716187	udp
192.168.56.13	8.8.8.8	56085	53	237.33177304267883	udp
192.168.56.13	8.8.8.8	56086	53	42.51051306724548	udp
192.168.56.13	8.8.8.8	56174	53	68.69417810440063	udp
192.168.56.13	8.8.8.8	56197	53	33.816713094711304	udp
192.168.56.13	8.8.8.8	56202	53	51.03095602989197	udp
192.168.56.13	8.8.8.8	56226	53	230.4196960926056	udp
192.168.56.13	8.8.8.8	56259	53	200.4559669494629	udp
192.168.56.13	8.8.8.8	56464	53	90.82240605354309	udp
192.168.56.13	8.8.8.8	56615	53	77.42733001708984	udp
192.168.56.13	8.8.8.8	56632	53	162.13833498954773	udp
192.168.56.13	8.8.8.8	56770	53	55.433069944381714	udp
192.168.56.13	8.8.8.8	56863	53	223.4503059387207	udp
192.168.56.13	8.8.8.8	56908	53	46.67841196060181	udp
192.168.56.13	8.8.8.8	57065	53	38.34898495674133	udp
192.168.56.13	8.8.8.8	57238	53	297.34214901924133	udp
192.168.56.13	8.8.8.8	57263	53	91.07001209259033	udp
192.168.56.13	8.8.8.8	57264	53	166.39966201782227	udp
192.168.56.13	8.8.8.8	57290	53	205.40652203559875	udp
192.168.56.13	8.8.8.8	57310	53	20.23917007446289	udp
192.168.56.13	8.8.8.8	57415	53	25.474406957626343	udp
192.168.56.13	8.8.8.8	57517	53	204.8503589630127	udp
192.168.56.13	8.8.8.8	57538	53	167.35137701034546	udp
192.168.56.13	8.8.8.8	57574	53	91.29388213157654	udp
192.168.56.13	8.8.8.8	57585	53	95.79298305511475	udp
192.168.56.13	8.8.8.8	57599	53	152.34409499168396	udp
192.168.56.13	8.8.8.8	57637	53	81.79205393791199	udp
192.168.56.13	8.8.8.8	57827	53	209.91941499710083	udp
192.168.56.13	8.8.8.8	57843	53	105.26861715316772	udp
192.168.56.13	8.8.8.8	57860	53	275.2044589519501	udp
192.168.56.13	8.8.8.8	57870	53	176.13734698295593	udp
192.168.56.13	8.8.8.8	57885	53	60.282686948776245	udp
192.168.56.13	8.8.8.8	58004	53	176.60747694969177	udp
192.168.56.13	8.8.8.8	58037	53	171.48246812820435	udp
192.168.56.13	8.8.8.8	58070	53	46.77407908439636	udp
192.168.56.13	8.8.8.8	58356	53	215.60437512397766	udp
192.168.56.13	8.8.8.8	58383	53	72.45893096923828	udp
192.168.56.13	8.8.8.8	58554	53	59.91651511192322	udp
192.168.56.13	8.8.8.8	58615	53	229.0042450428009	udp
192.168.56.13	8.8.8.8	58634	53	245.88665509223938	udp
192.168.56.13	8.8.8.8	58891	53	308.97659397125244	udp
192.168.56.13	8.8.8.8	58906	53	86.96832513809204	udp
192.168.56.13	8.8.8.8	58908	53	116.76195693016052	udp
192.168.56.13	8.8.8.8	58920	53	29.160892009735107	udp
192.168.56.13	8.8.8.8	59020	53	209.94540095329285	udp
192.168.56.13	8.8.8.8	59140	53	174.9952039718628	udp
192.168.56.13	8.8.8.8	59181	53	181.1841471195221	udp
192.168.56.13	8.8.8.8	59221	53	146.33871698379517	udp
192.168.56.13	8.8.8.8	59400	53	271.993271112442	udp
192.168.56.13	8.8.8.8	59401	53	249.45083594322205	udp
192.168.56.13	8.8.8.8	59533	53	161.7553789615631	udp
192.168.56.13	8.8.8.8	59535	53	292.3106360435486	udp
192.168.56.13	8.8.8.8	59578	53	160.58324193954468	udp
192.168.56.13	8.8.8.8	59610	53	42.409871101379395	udp
192.168.56.13	8.8.8.8	59639	53	250.84701895713806	udp
192.168.56.13	8.8.8.8	59650	53	131.8877830505371	udp
192.168.56.13	8.8.8.8	59916	53	283.6568911075592	udp
192.168.56.13	8.8.8.8	59976	53	242.5449390411377	udp
192.168.56.13	8.8.8.8	59985	53	189.72199892997742	udp
192.168.56.13	8.8.8.8	60126	53	143.48954010009766	udp
192.168.56.13	8.8.8.8	60216	53	302.46224093437195	udp
192.168.56.13	8.8.8.8	60229	53	222.6996340751648	udp
192.168.56.13	8.8.8.8	60389	53	55.43294095993042	udp
192.168.56.13	8.8.8.8	60442	53	297.3797609806061	udp
192.168.56.13	8.8.8.8	60543	53	38.231778144836426	udp
192.168.56.13	8.8.8.8	60593	53	190.8783781528473	udp
192.168.56.13	8.8.8.8	60605	53	77.3179440498352	udp
192.168.56.13	8.8.8.8	60695	53	277.8449649810791	udp
192.168.56.13	8.8.8.8	60739	53	233.22318196296692	udp
192.168.56.13	8.8.8.8	60780	53	42.50442910194397	udp
192.168.56.13	8.8.8.8	60910	53	31.721199989318848	udp
192.168.56.13	8.8.8.8	60959	53	181.1973569393158	udp
192.168.56.13	8.8.8.8	61004	53	34.067214012145996	udp
192.168.56.13	8.8.8.8	61071	53	180.69759702682495	udp
192.168.56.13	8.8.8.8	61279	53	64.41216015815735	udp
192.168.56.13	8.8.8.8	61322	53	103.10783410072327	udp
192.168.56.13	8.8.8.8	61327	53	302.5062429904938	udp
192.168.56.13	8.8.8.8	61360	53	235.20842814445496	udp
192.168.56.13	8.8.8.8	61536	53	91.07014012336731	udp
192.168.56.13	8.8.8.8	61617	53	271.98746514320374	udp
192.168.56.13	8.8.8.8	61632	53	121.04188704490662	udp
192.168.56.13	8.8.8.8	61800	53	42.56171202659607	udp
192.168.56.13	8.8.8.8	61840	53	210.53850293159485	udp
192.168.56.13	8.8.8.8	61897	53	50.933643102645874	udp
192.168.56.13	8.8.8.8	62182	53	81.58812212944031	udp
192.168.56.13	8.8.8.8	62226	53	292.35078716278076	udp
192.168.56.13	8.8.8.8	62249	53	214.90626406669617	udp
192.168.56.13	8.8.8.8	62266	53	242.5656759738922	udp
192.168.56.13	8.8.8.8	62324	53	77.48747205734253	udp
192.168.56.13	8.8.8.8	62422	53	46.8719961643219	udp
192.168.56.13	8.8.8.8	62431	53	181.18383407592773	udp
192.168.56.13	8.8.8.8	62491	53	55.61630606651306	udp
192.168.56.13	8.8.8.8	62492	53	176.63427114486694	udp
192.168.56.13	8.8.8.8	62493	53	18.77028799057007	udp
192.168.56.13	8.8.8.8	62534	53	313.9998359680176	udp
192.168.56.13	8.8.8.8	62639	53	72.96050310134888	udp
192.168.56.13	8.8.8.8	62729	53	64.28377103805542	udp
192.168.56.13	8.8.8.8	62736	53	249.4499101638794	udp
192.168.56.13	8.8.8.8	62849	53	18.723212957382202	udp
192.168.56.13	8.8.8.8	62980	53	51.127740144729614	udp
192.168.56.13	8.8.8.8	63004	53	166.8974859714508	udp
192.168.56.13	8.8.8.8	63023	53	267.03659105300903	udp
192.168.56.13	8.8.8.8	63037	53	277.03774309158325	udp
192.168.56.13	8.8.8.8	63074	53	242.34556102752686	udp
192.168.56.13	8.8.8.8	63138	53	292.39808201789856	udp
192.168.56.13	8.8.8.8	63240	53	64.2838830947876	udp
192.168.56.13	8.8.8.8	63251	53	134.24362802505493	udp
192.168.56.13	8.8.8.8	63373	53	230.4198181629181	udp
192.168.56.13	8.8.8.8	63416	53	287.8924160003662	udp
192.168.56.13	8.8.8.8	63478	53	73.24374008178711	udp
192.168.56.13	8.8.8.8	63554	53	200.43462800979614	udp
192.168.56.13	8.8.8.8	63574	53	157.06907105445862	udp
192.168.56.13	8.8.8.8	63599	53	125.52844500541687	udp
192.168.56.13	8.8.8.8	63617	53	68.54832005500793	udp
192.168.56.13	8.8.8.8	63813	53	157.52482414245605	udp
192.168.56.13	8.8.8.8	63825	53	262.88528513908386	udp
192.168.56.13	8.8.8.8	63895	53	176.10103702545166	udp
192.168.56.13	8.8.8.8	63979	53	125.90039706230164	udp
192.168.56.13	8.8.8.8	64082	53	148.16432809829712	udp
192.168.56.13	8.8.8.8	64148	53	262.8462641239166	udp
192.168.56.13	8.8.8.8	64256	53	258.80682611465454	udp
192.168.56.13	8.8.8.8	64276	53	260.31103897094727	udp
192.168.56.13	8.8.8.8	64278	53	229.7021279335022	udp
192.168.56.13	8.8.8.8	64296	53	121.34218502044678	udp
192.168.56.13	8.8.8.8	64412	53	152.73487496376038	udp
192.168.56.13	8.8.8.8	64478	53	256.13817405700684	udp
192.168.56.13	8.8.8.8	64533	53	38.12165093421936	udp
192.168.56.13	8.8.8.8	64642	53	59.73268413543701	udp
192.168.56.13	8.8.8.8	64679	53	204.8237099647522	udp
192.168.56.13	8.8.8.8	64700	53	55.42248892784119	udp
192.168.56.13	8.8.8.8	64801	53	33.48872995376587	udp
192.168.56.13	8.8.8.8	64866	53	222.07336711883545	udp
192.168.56.13	8.8.8.8	64886	53	39.842390060424805	udp
192.168.56.13	8.8.8.8	64890	53	267.80021500587463	udp
192.168.56.13	8.8.8.8	64908	53	214.96223306655884	udp
192.168.56.13	8.8.8.8	64935	53	262.84603095054626	udp
192.168.56.13	8.8.8.8	64944	53	81.80786204338074	udp
192.168.56.13	8.8.8.8	64973	53	229.7374119758606	udp
192.168.56.13	8.8.8.8	65004	53	287.80293893814087	udp
192.168.56.13	8.8.8.8	65156	53	237.331876039505	udp
192.168.56.13	8.8.8.8	65371	53	74.5609540939331	udp
192.168.56.13	8.8.8.8	65433	53	161.72369194030762	udp

Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.

Persistence & Policy — Registry and Services

Registry and service telemetry points to policy awareness and environment reconnaissance rather than noisy persistence. Below is a compact view of the most relevant keys and handles; expand to see the full lists where available.

Registry Opened

Registry Set

Services Started

Services Opened

Registry Opened (Top 25)

Registry Set (Top 25)

Key	Value
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\vulnvol32\Version\usbactiv	0
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\vulnvol32\Version\pafw	kcnfj
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\vulnvol32\Version\statem	0
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\vulnvol32\Version\usw	kgbee
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\vulnvol32\Version\namecp	w775nwjj.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\vulnvol32\Version\iduser	3cc5cpcm
\\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\(Default)	—
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\(Default)	—
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen	%windir%\system32\ctfmen.exe

What To Do Now — Practical Defense Playbook

Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.

Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.

Zero‑Dwell Threat Intelligence Report