Analysis Overview
SHA256
f5e21b4d3c884b16273ab4572a8f270b2717ab8a0d6ca01d9e04caad83a312f7
Threat Level: Known bad
The file file_v06(解压密码1234).rar was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
SmokeLoader
Amadey
RisePro
Stealc
Djvu Ransomware
RedLine payload
Detected Djvu ransomware
RedLine
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Blocklisted process makes network request
Modifies Windows Firewall
Contacts a large (632) amount of remote hosts
Downloads MZ/PE file
Stops running service(s)
Creates new service(s)
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Themida packer
Drops startup file
Modifies file permissions
Checks BIOS information in registry
.NET Reactor proctector
Checks computer location settings
Unexpected DNS network traffic destination
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops Chrome extension
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks whether UAC is enabled
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Launches sc.exe
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies system certificate store
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Checks processor information in registry
Checks SCSI registry key(s)
Modifies registry class
Kills process with taskkill
Suspicious behavior: MapViewOfSection
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 14:07
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 14:04
Reported
2024-01-25 14:14
Platform
win7-20231215-en
Max time kernel
42s
Max time network
318s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Contacts a large (632) amount of remote hosts
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe
"C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe"
C:\Users\Admin\Documents\GuardFox\6e3wkNi96ZC51gzRyvUXvSEa.exe
"C:\Users\Admin\Documents\GuardFox\6e3wkNi96ZC51gzRyvUXvSEa.exe"
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
"C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe"
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
"C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe"
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
"C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe"
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
"C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe"
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe"
C:\Users\Admin\AppData\Local\Temp\is-NAR7J.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NAR7J.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp" /SL5="$7011E,3267177,54272,C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe"
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
"C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe"
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe"
C:\Users\Admin\Documents\GuardFox\rRrc04Xdcp5_Y9B4gJcAPSTJ.exe
"C:\Users\Admin\Documents\GuardFox\rRrc04Xdcp5_Y9B4gJcAPSTJ.exe"
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
"C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe"
C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe
"C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe"
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
"C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe"
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
"C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe"
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
"C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe"
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
"C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe"
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
"C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe"
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
"C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe"
C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe
"C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe"
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
"C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe" -i
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
"C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe" -s
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 616
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 612
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\13dc342c-6ee1-4257-9774-01a53cfac9d4" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
"C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe"
C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe
"C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN SKUiWMDUnhq3Hjkc1i2Qm7ac.exe /TR "C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe" /F
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Windows\system32\taskeng.exe
taskeng.exe {488DF6B7-DAFF-4F40-8E8B-AAD3301CB854} S-1-5-21-1603059206-2004189698-4139800220-1000:AILVMYUM\Admin:Interactive:[1]
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\nsu7DBA.tmp
C:\Users\Admin\AppData\Local\Temp\nsu7DBA.tmp
C:\Users\Admin\AppData\Local\Temp\B75D.exe
C:\Users\Admin\AppData\Local\Temp\B75D.exe
C:\Users\Admin\AppData\Local\Temp\B75D.exe
C:\Users\Admin\AppData\Local\Temp\B75D.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef3e39758,0x7fef3e39768,0x7fef3e39778
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\FA76.exe
C:\Users\Admin\AppData\Local\Temp\FA76.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsu7DBA.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 92
C:\Users\Admin\AppData\Local\Temp\A630.exe
C:\Users\Admin\AppData\Local\Temp\A630.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\AppData\Local\Temp\7B1.exe
C:\Users\Admin\AppData\Local\Temp\7B1.exe
C:\Users\Admin\AppData\Local\Temp\is-1U2DF.tmp\7B1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1U2DF.tmp\7B1.tmp" /SL5="$30232,3419525,54272,C:\Users\Admin\AppData\Local\Temp\7B1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 96
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240125141324.log C:\Windows\Logs\CBS\CbsPersist_20240125141324.cab
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
Network
| Country | Destination | Domain | Proto |
| NL | 195.20.16.45:80 | tcp | |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | ok.spartabig.com | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.15.216:80 | ok.spartabig.com | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| KR | 14.33.209.147:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| KR | 14.33.209.147:80 | cczhk.com | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 188.114.96.2:443 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.0:443 | tcp | |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| FR | 199.232.168.193:443 | i.imgur.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 188.114.97.2:443 | 294self-limited.sbs | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| FR | 194.33.191.60:44675 | tcp | |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 8.8.8.8:53 | www.sisdese.com.ar | udp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| CA | 54.39.19.153:80 | www.sisdese.com.ar | tcp |
| CA | 54.39.19.153:80 | www.sisdese.com.ar | tcp |
| CA | 54.39.19.153:80 | www.sisdese.com.ar | tcp |
| CA | 54.39.19.153:80 | www.sisdese.com.ar | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| CA | 54.39.19.153:443 | www.sisdese.com.ar | tcp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| NL | 91.92.245.15:80 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | shitshitshitshit.net | udp |
| US | 188.114.96.2:443 | shitshitshitshit.net | tcp |
| US | 8.8.8.8:53 | blackvlastelin.com | udp |
| US | 104.21.16.228:443 | blackvlastelin.com | tcp |
| RU | 87.240.132.67:443 | tcp | |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 158.160.118.17:80 | galandskiyher5.com | tcp |
| RU | 87.240.132.67:80 | tcp | |
| US | 8.8.8.8:53 | ji.alie3ksgff.com | udp |
| HK | 154.92.15.189:80 | ji.alie3ksgff.com | tcp |
| US | 8.8.8.8:53 | udp | |
| RU | 5.42.65.31:48396 | tcp | |
| US | 188.114.97.2:443 | shitshitshitshit.net | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | habrafa.com | udp |
| MX | 189.232.10.46:80 | habrafa.com | tcp |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| NL | 195.20.16.45:80 | tcp | |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 104.149.139.42:8080 | tcp | |
| DE | 88.198.112.25:9001 | tcp | |
| FR | 145.239.158.234:9001 | tcp | |
| DE | 47.254.134.152:9001 | tcp | |
| CA | 199.58.81.140:443 | tcp | |
| CY | 213.169.148.151:443 | tcp | |
| US | 51.81.72.213:9001 | tcp | |
| US | 51.81.72.213:9001 | tcp | |
| CY | 213.169.148.151:443 | tcp | |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | strollersforkids.com | udp |
| US | 8.8.8.8:53 | studiomoggicoppi.com | udp |
| US | 8.8.8.8:53 | www.sunvethealthcare.com | udp |
| US | 8.8.8.8:53 | supercitizenship.com | udp |
| US | 8.8.8.8:53 | tanusreeboutique.com | udp |
| US | 8.8.8.8:53 | technologyrefers.com | udp |
| US | 8.8.8.8:53 | tennisinheart-au.com | udp |
| US | 8.8.8.8:53 | tennisresearcher.com | udp |
| US | 8.8.8.8:53 | tesdawomencenter.com | udp |
| US | 8.8.8.8:53 | testlavinatauro1.com | udp |
| US | 8.8.8.8:53 | theartofsettings.com | udp |
| US | 8.8.8.8:53 | theclaritysummit.com | udp |
| US | 8.8.8.8:53 | thecuisinecrafts.com | udp |
| US | 8.8.8.8:53 | thegiftedhorizon.com | udp |
| US | 8.8.8.8:53 | thegioichankhong.com | udp |
| US | 8.8.8.8:53 | thejoyfulmindset.com | udp |
| IN | 193.203.185.230:443 | thegiftedhorizon.com | tcp |
| US | 8.8.8.8:53 | thelasercutfiles.com | udp |
| HR | 185.244.92.70:443 | thejoyfulmindset.com | tcp |
| US | 104.21.49.252:443 | thelasercutfiles.com | tcp |
| VN | 103.110.87.15:443 | thegioichankhong.com | tcp |
| US | 8.8.8.8:53 | thelovelystories.com | udp |
| US | 8.8.8.8:53 | thepitchtaverndc.com | udp |
| NL | 89.116.53.193:443 | thelovelystories.com | tcp |
| US | 208.109.69.233:443 | thepitchtaverndc.com | tcp |
| US | 8.8.8.8:53 | theseattle-times.com | udp |
| US | 8.8.8.8:53 | thesevvelacademy.com | udp |
| US | 8.8.8.8:53 | jennyericsson.se | udp |
| US | 8.8.8.8:53 | www.thetechnicalbyte.com | udp |
| US | 172.67.170.3:443 | theseattle-times.com | tcp |
| US | 160.153.0.43:443 | thesevvelacademy.com | tcp |
| SE | 46.16.236.11:443 | jennyericsson.se | tcp |
| US | 162.215.254.201:443 | www.thetechnicalbyte.com | tcp |
| DE | 162.55.89.72:443 | studiomoggicoppi.com | tcp |
| US | 8.8.8.8:53 | thetouringtexans.com | udp |
| US | 154.56.47.236:443 | strollersforkids.com | tcp |
| US | 8.8.8.8:53 | thinkthanksworld.com | udp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| US | 188.114.97.2:443 | thetouringtexans.com | tcp |
| US | 8.8.8.8:53 | theundeadreports.com | udp |
| US | 8.8.8.8:53 | thingstodoadvice.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 104.21.4.57:443 | tennisinheart-au.com | tcp |
| IN | 89.117.157.90:443 | supercitizenship.com | tcp |
| IN | 119.18.49.53:443 | www.sunvethealthcare.com | tcp |
| US | 199.188.200.216:443 | technologyrefers.com | tcp |
| GB | 93.114.184.245:443 | thinkthanksworld.com | tcp |
| IN | 89.117.188.126:443 | tanusreeboutique.com | tcp |
| JP | 160.251.148.83:443 | tennisresearcher.com | tcp |
| SG | 184.168.106.209:80 | tesdawomencenter.com | tcp |
| US | 154.56.37.206:443 | theundeadreports.com | tcp |
| SG | 217.21.74.199:443 | theartofsettings.com | tcp |
| US | 8.8.8.8:53 | thoothukuditimes.com | udp |
| US | 8.8.8.8:53 | thungcartonnhanh.com | udp |
| US | 8.8.8.8:53 | tinnitusunmasked.com | udp |
| US | 50.87.253.26:443 | testlavinatauro1.com | tcp |
| DE | 144.76.190.39:443 | thingstodoadvice.com | tcp |
| US | 8.8.8.8:53 | tibiadecorations.com | udp |
| US | 8.8.8.8:53 | timelesshormones.com | udp |
| US | 8.8.8.8:53 | tikikos-creation.com | udp |
| US | 8.8.8.8:53 | sashimi-sp.com | udp |
| US | 8.8.8.8:53 | tougiunyu-kantou.com | udp |
| US | 161.35.100.27:443 | theclaritysummit.com | tcp |
| US | 8.8.8.8:53 | towntrembleblind.com | udp |
| US | 8.8.8.8:53 | tomboproductions.com | udp |
| US | 192.185.225.78:80 | tinnitusunmasked.com | tcp |
| US | 188.114.96.2:443 | sashimi-sp.com | tcp |
| SG | 159.223.41.216:443 | thecuisinecrafts.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| PL | 185.110.51.213:443 | tibiadecorations.com | tcp |
| US | 188.114.96.2:443 | sashimi-sp.com | tcp |
| US | 8.8.8.8:53 | tododuringtravel.com | udp |
| IN | 103.174.10.44:443 | thoothukuditimes.com | tcp |
| FR | 154.41.236.3:443 | tikikos-creation.com | tcp |
| US | 8.8.8.8:53 | trabajoremotonow.com | udp |
| US | 74.208.236.149:443 | tomboproductions.com | tcp |
| VN | 103.28.36.168:443 | thungcartonnhanh.com | tcp |
| US | 45.145.72.69:443 | towntrembleblind.com | tcp |
| US | 8.8.8.8:53 | transferdiplomat.com | udp |
| DE | 162.19.142.161:443 | tododuringtravel.com | tcp |
| GB | 77.75.122.198:443 | trabajoremotonow.com | tcp |
| US | 8.8.8.8:53 | trimurtipharmacy.com | udp |
| US | 8.8.8.8:53 | tulumgroceryshop.com | udp |
| US | 8.8.8.8:53 | unaizadigitalart.com | udp |
| US | 8.8.8.8:53 | trustmcinsurance.com | udp |
| US | 8.8.8.8:53 | universododesign.com | udp |
| US | 8.8.8.8:53 | typicalthamizhan.com | udp |
| US | 8.8.8.8:53 | vegfestpilipinas.com | udp |
| US | 8.8.8.8:53 | usgloballogistic.com | udp |
| US | 8.8.8.8:53 | vafurniturestore.com | udp |
| US | 8.8.8.8:53 | ultime-seduction.com | udp |
| US | 8.8.8.8:53 | www.vanessaespineira.com | udp |
| US | 8.8.8.8:53 | www.velidasposasales.com | udp |
| US | 89.117.139.66:443 | unaizadigitalart.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 188.114.97.2:443 | universododesign.com | tcp |
| US | 162.241.85.38:443 | trimurtipharmacy.com | tcp |
| US | 162.241.253.90:443 | usgloballogistic.com | tcp |
| US | 172.67.207.37:443 | vegfestpilipinas.com | tcp |
| NL | 107.6.184.102:443 | www.vanessaespineira.com | tcp |
| US | 162.241.24.98:443 | trustmcinsurance.com | tcp |
| IN | 154.41.233.39:443 | typicalthamizhan.com | tcp |
| US | 50.87.249.243:443 | transferdiplomat.com | tcp |
| US | 195.179.237.52:443 | tulumgroceryshop.com | tcp |
| DE | 217.160.0.177:443 | ultime-seduction.com | tcp |
| US | 162.144.176.141:443 | vafurniturestore.com | tcp |
| US | 172.67.184.5:443 | www.velidasposasales.com | tcp |
| US | 8.8.8.8:53 | vidovitasmiljana.com | udp |
| US | 8.8.8.8:53 | vietnamesekoffie.com | udp |
| US | 8.8.8.8:53 | vendedoraanimale.com | udp |
| US | 8.8.8.8:53 | vets4afghanistan.com | udp |
| US | 8.8.8.8:53 | villapearlofkali.com | udp |
| US | 8.8.8.8:53 | villa-lapeyriere.com | udp |
| US | 8.8.8.8:53 | partir-en-grece.ch | udp |
| US | 8.8.8.8:53 | watbansubsomboon.com | udp |
| US | 8.8.8.8:53 | vitaledgeventure.com | udp |
| US | 8.8.8.8:53 | www.tomboproductions.com | udp |
| US | 8.8.8.8:53 | xetaimiennam-hcm.com | udp |
| US | 8.8.8.8:53 | winprofitacademy.com | udp |
| US | 8.8.8.8:53 | yabancielemanlar.com | udp |
| NL | 185.104.29.98:443 | vets4afghanistan.com | tcp |
| HR | 185.62.73.88:443 | villapearlofkali.com | tcp |
| FR | 213.186.33.5:443 | villa-lapeyriere.com | tcp |
| US | 162.241.2.152:443 | vendedoraanimale.com | tcp |
| US | 74.208.236.149:443 | www.tomboproductions.com | tcp |
| US | 8.8.8.8:53 | yessloveyourself.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 86.38.202.5:443 | vietnamesekoffie.com | tcp |
| DE | 162.55.0.170:443 | vidovitasmiljana.com | tcp |
| BR | 185.213.81.124:443 | yellowdogburguer.com | tcp |
| TH | 119.59.97.28:80 | watbansubsomboon.com | tcp |
| VN | 103.74.119.140:80 | xetaimiennam-hcm.com | tcp |
| US | 162.241.225.129:443 | vitaledgeventure.com | tcp |
| BR | 149.62.37.42:443 | winprofitacademy.com | tcp |
| TR | 188.132.193.54:443 | yabancielemanlar.com | tcp |
| US | 8.8.8.8:53 | zaptechnologyltd.com | udp |
| US | 104.21.6.32:443 | yessloveyourself.com | tcp |
| US | 8.8.8.8:53 | zenhouse-estates.com | udp |
| US | 8.8.8.8:53 | youthtruthtravel.com | udp |
| US | 8.8.8.8:53 | yorumachi-rabbit.com | udp |
| US | 8.8.8.8:53 | unmatridepelicula.com | udp |
| US | 8.8.8.8:53 | urolaelectricidad.com | udp |
| US | 8.8.8.8:53 | universalsaleshub.com | udp |
| US | 8.8.8.8:53 | utmostimmigration.com | udp |
| US | 8.8.8.8:53 | vaeronaerothermal.com | udp |
| GB | 185.61.153.111:443 | zaptechnologyltd.com | tcp |
| US | 8.8.8.8:53 | valfireindustries.com | udp |
| US | 162.241.216.176:443 | youthtruthtravel.com | tcp |
| US | 172.67.200.146:443 | utmostimmigration.com | tcp |
| US | 8.8.8.8:53 | vaciadosrodriguez.com | udp |
| US | 8.8.8.8:53 | variedadesempauta.com | udp |
| US | 8.8.8.8:53 | valverdelandscape.com | udp |
| US | 8.8.8.8:53 | vodafonecampuslab.com | udp |
| US | 192.250.227.18:443 | unmatridepelicula.com | tcp |
| US | 8.8.8.8:53 | canabistravelguide.com | udp |
| US | 74.208.100.61:443 | zenhouse-estates.com | tcp |
| US | 8.8.8.8:53 | videogamesandjunk.com | udp |
| US | 8.8.8.8:53 | www.naessund.com | udp |
| ES | 185.50.44.158:443 | vaeronaerothermal.com | tcp |
| JP | 162.43.107.115:443 | yorumachi-rabbit.com | tcp |
| US | 8.8.8.8:53 | wabisystemsdesign.com | udp |
| US | 8.8.8.8:53 | valledelsolhuaral.com | udp |
| US | 108.167.169.224:443 | universalsaleshub.com | tcp |
| US | 8.8.8.8:53 | bestsmokerforturkey.com | udp |
| US | 65.181.111.142:443 | valfireindustries.com | tcp |
| DE | 217.160.0.115:443 | vaciadosrodriguez.com | tcp |
| US | 50.87.140.146:443 | valverdelandscape.com | tcp |
| ES | 82.165.2.92:443 | viajandoenautobus.com | tcp |
| US | 8.8.8.8:53 | neighborhoodcanvass.com | udp |
| US | 8.8.8.8:53 | newsallbangladesh24.com | udp |
| BR | 185.213.81.16:443 | variedadesempauta.com | tcp |
| US | 172.67.145.75:443 | vodafonecampuslab.com | tcp |
| US | 66.29.137.45:443 | canabistravelguide.com | tcp |
| US | 162.241.225.234:443 | videogamesandjunk.com | tcp |
| US | 8.8.8.8:53 | newscentralondemand.com | udp |
| US | 160.153.0.15:443 | wabisystemsdesign.com | tcp |
| US | 192.185.108.86:443 | valledelsolhuaral.com | tcp |
| DE | 81.169.145.168:443 | www.naessund.com | tcp |
| US | 8.8.8.8:53 | nightvisioninsights.com | udp |
| US | 8.8.8.8:53 | ngcornaille-nicolas.com | udp |
| US | 106.0.62.83:443 | bestsmokerforturkey.com | tcp |
| US | 8.8.8.8:53 | nongamstopcommunity.com | udp |
| US | 8.8.8.8:53 | onlinecomputerstudy.com | udp |
| US | 8.8.8.8:53 | nongamstopsolutions.com | udp |
| FR | 109.234.165.175:443 | ngcornaille-nicolas.com | tcp |
| US | 8.8.8.8:53 | opoderdesersaudavel.com | udp |
| US | 82.180.175.114:443 | neighborhoodcanvass.com | tcp |
| IN | 89.117.27.208:443 | newscentralondemand.com | tcp |
| US | 8.8.8.8:53 | www.greyaduana.com | udp |
| US | 8.8.8.8:53 | www.yabancielemanlar.com | udp |
| US | 104.21.56.233:443 | nongamstopcommunity.com | tcp |
| SG | 167.172.64.88:80 | newsallbangladesh24.com | tcp |
| NL | 192.236.161.65:443 | nightvisioninsights.com | tcp |
| US | 8.8.8.8:53 | www.orologiofalsoitalia.com | udp |
| US | 8.8.8.8:53 | www.orologireplicaguida.com | udp |
| US | 104.21.71.165:443 | nongamstopsolutions.com | tcp |
| IN | 178.16.136.122:443 | onlinecomputerstudy.com | tcp |
| US | 162.241.253.90:443 | www.greyaduana.com | tcp |
| TR | 188.132.193.54:443 | www.yabancielemanlar.com | tcp |
| US | 148.135.70.25:443 | www.orologireplicaguida.com | tcp |
| US | 148.135.70.23:443 | www.orologiofalsoitalia.com | tcp |
| US | 8.8.8.8:53 | perfect-climatehvac.com | udp |
| US | 8.8.8.8:53 | parroquiasanfelipea.com | udp |
| US | 8.8.8.8:53 | pediatric-radiology.com | udp |
| US | 8.8.8.8:53 | drjuliocesargine.com | udp |
| US | 8.8.8.8:53 | draftstarstudios.com | udp |
| US | 188.114.96.2:443 | perfect-climatehvac.com | tcp |
| US | 8.8.8.8:53 | durenbichonfrise.com | udp |
| US | 8.8.8.8:53 | easyaccessdesign.com | udp |
| US | 63.250.43.15:80 | parroquiasanfelipea.com | tcp |
| US | 8.8.8.8:53 | ecombridgeglobal.com | udp |
| US | 8.8.8.8:53 | espartapokerteam.com | udp |
| US | 82.180.172.110:443 | durenbichonfrise.com | tcp |
| US | 172.67.187.19:443 | pediatric-radiology.com | tcp |
| US | 8.8.8.8:53 | egemenaslankalip.com | udp |
| US | 8.8.8.8:53 | elxa-suspensions.com | udp |
| US | 8.8.8.8:53 | empirenightclubs.com | udp |
| US | 8.8.8.8:53 | educationoverall.com | udp |
| US | 8.8.8.8:53 | ecran-plein-jour.com | udp |
| US | 8.8.8.8:53 | enjoytodaysoffer.com | udp |
| US | 8.8.8.8:53 | emergencypawcare.com | udp |
| US | 162.144.12.29:443 | easyaccessdesign.com | tcp |
| US | 8.8.8.8:53 | espacocorpoevida.com | udp |
| US | 8.8.8.8:53 | evocompanybrasil.com | udp |
| US | 8.8.8.8:53 | eternal-scent-bd.com | udp |
| US | 154.49.142.128:443 | draftstarstudios.com | tcp |
| US | 8.8.8.8:53 | evacastillogomez.com | udp |
| US | 8.8.8.8:53 | kratomextractors.com | udp |
| US | 8.8.8.8:53 | kleosrecruitment.com | udp |
| NL | 194.5.156.172:443 | espartapokerteam.com | tcp |
| US | 154.22.56.226:443 | emergencypawcare.com | tcp |
| US | 8.8.8.8:53 | kvlentertainment.com | udp |
| US | 172.67.152.172:443 | evocompanybrasil.com | tcp |
| US | 199.188.206.65:443 | www.komodokayaking.com | tcp |
| FR | 54.36.91.62:443 | ecran-plein-jour.com | tcp |
| RO | 93.113.55.85:443 | elxa-suspensions.com | tcp |
| US | 172.67.146.229:443 | kleosrecruitment.com | tcp |
| FR | 109.234.160.119:443 | ecombridgeglobal.com | tcp |
| US | 8.8.8.8:53 | kunstwerke-lesch.com | udp |
| US | 8.8.8.8:53 | lacaressedutemps.com | udp |
| US | 8.8.8.8:53 | www.ngcornaille-nicolas.com | udp |
| US | 8.8.8.8:53 | lacasitadejassos.com | udp |
| US | 162.214.81.25:443 | educationoverall.com | tcp |
| US | 162.241.63.72:443 | enjoytodaysoffer.com | tcp |
| US | 8.8.8.8:53 | latesttechsphere.com | udp |
| PL | 146.59.70.220:443 | empirenightclubs.com | tcp |
| US | 104.21.48.52:443 | eternal-scent-bd.com | tcp |
| FR | 109.234.165.175:443 | www.ngcornaille-nicolas.com | tcp |
| US | 172.67.177.234:443 | kvlentertainment.com | tcp |
| US | 188.114.97.2:443 | kratomextractors.com | tcp |
| ES | 217.76.150.64:80 | evacastillogomez.com | tcp |
| TR | 78.135.106.170:443 | egemenaslankalip.com | tcp |
| US | 104.21.39.56:443 | kunstwerke-lesch.com | tcp |
| US | 8.8.8.8:53 | leadership-paths.com | udp |
| US | 8.8.8.8:53 | levelupprohealth.com | udp |
| US | 8.8.8.8:53 | lynkcm.com | udp |
| US | 159.89.54.199:80 | lacasitadejassos.com | tcp |
| US | 8.8.8.8:53 | manetesinquietes.com | udp |
| US | 8.8.8.8:53 | limousineahlmasr.com | udp |
| US | 8.8.8.8:53 | love-lifebalance.com | udp |
| US | 172.67.185.242:443 | latesttechsphere.com | tcp |
| FR | 193.203.239.64:443 | lacaressedutemps.com | tcp |
| US | 63.250.43.15:443 | parroquiasanfelipea.com | tcp |
| US | 8.8.8.8:53 | makeyourcityblog.com | udp |
| US | 8.8.8.8:53 | martinezsandoval.com | udp |
| US | 8.8.8.8:53 | melonenterprices.com | udp |
| US | 8.8.8.8:53 | lstioccupational.com | udp |
| US | 8.8.8.8:53 | madridestademoda.com | udp |
| US | 8.8.8.8:53 | mellontechafrica.com | udp |
| US | 8.8.8.8:53 | learningnjourney.com | udp |
| US | 8.8.8.8:53 | memphiscriminals.com | udp |
| NL | 145.14.156.152:443 | manetesinquietes.com | tcp |
| US | 8.8.8.8:53 | librosalinstante.com | udp |
| US | 8.8.8.8:53 | me-virtualschool.com | udp |
| US | 8.8.8.8:53 | megafibratelecom.com | udp |
| US | 160.153.0.50:443 | leadership-paths.com | tcp |
| US | 8.8.8.8:53 | milhogaresmexico.com | udp |
| US | 8.8.8.8:53 | methasherilgroup.com | udp |
| DE | 89.238.65.181:443 | love-lifebalance.com | tcp |
| US | 74.208.236.196:443 | martinezsandoval.com | tcp |
| US | 172.67.169.159:443 | melonenterprices.com | tcp |
| US | 8.8.8.8:53 | www.mikimluxurystore.com | udp |
| FR | 146.59.147.161:443 | logopediatrivium.com | tcp |
| HK | 141.98.234.31:53 | ejdisdg.ua | udp |
| US | 74.208.236.172:443 | lynkcm.com | tcp |
| US | 89.117.139.175:443 | lstioccupational.com | tcp |
| US | 212.1.211.232:443 | mellontechafrica.com | tcp |
| US | 8.8.8.8:53 | millionairesrise.com | udp |
| BR | 149.100.155.110:80 | megafibratelecom.com | tcp |
| ES | 217.76.130.125:443 | madridestademoda.com | tcp |
| DE | 176.9.18.182:443 | me-virtualschool.com | tcp |
| US | 86.38.202.80:443 | limousineahlmasr.com | tcp |
| SG | 157.230.250.230:443 | makeyourcityblog.com | tcp |
| US | 8.8.8.8:53 | minimalismototal.com | udp |
| ES | 185.101.227.56:443 | levelupprohealth.com | tcp |
| US | 50.31.188.182:443 | librosalinstante.com | tcp |
| SG | 167.172.91.65:443 | learningnjourney.com | tcp |
| US | 162.212.153.141:443 | memphiscriminals.com | tcp |
| US | 104.21.19.199:443 | methasherilgroup.com | tcp |
| IT | 89.46.109.53:443 | www.mikimluxurystore.com | tcp |
| US | 104.21.45.75:443 | millionairesrise.com | tcp |
| FR | 89.116.147.25:443 | minimalismototal.com | tcp |
| US | 147.182.128.74:80 | milhogaresmexico.com | tcp |
| US | 8.8.8.8:53 | miuniversogatuno.com | udp |
| FR | 89.116.147.144:443 | miuniversogatuno.com | tcp |
| US | 8.8.8.8:53 | moneychargerblog.com | udp |
| US | 8.8.8.8:53 | morningdripvapes.com | udp |
| US | 8.8.8.8:53 | my-healthy-guide.com | udp |
| US | 8.8.8.8:53 | multismilestudio.com | udp |
| US | 8.8.8.8:53 | multisolar-group.com | udp |
| US | 8.8.8.8:53 | mybuckethatstore.com | udp |
| US | 8.8.8.8:53 | myclientbookings.com | udp |
| US | 8.8.8.8:53 | mychiefaiofficer.com | udp |
| US | 8.8.8.8:53 | www.lacasitadejassos.com | udp |
| US | 8.8.8.8:53 | naturwerk-studio.com | udp |
| US | 8.8.8.8:53 | newsfromyoutoday.com | udp |
| US | 8.8.8.8:53 | www.kunstwerke-lesch.com | udp |
| US | 8.8.8.8:53 | nissan0982821056.com | udp |
| US | 8.8.8.8:53 | nailmusebuckhead.com | udp |
| US | 8.8.8.8:53 | nhattam-solution.com | udp |
| US | 8.8.8.8:53 | netmindsolutions.com | udp |
| US | 8.8.8.8:53 | onemoreanatolian.com | udp |
| US | 8.8.8.8:53 | nissanseminuevos.com | udp |
| US | 74.208.236.28:80 | morningdripvapes.com | tcp |
| FR | 154.49.245.79:443 | multisolar-group.com | tcp |
| US | 8.8.8.8:53 | komodokayaking.com | udp |
| US | 8.8.8.8:53 | www.nextlevdetailing.com | udp |
| US | 8.8.8.8:53 | o2mains-massages.fr | udp |
| US | 8.8.8.8:53 | nomadicallynifty.com | udp |
| DE | 85.214.224.108:443 | naturwerk-studio.com | tcp |
| US | 8.8.8.8:53 | ourcreamyrecipes.com | udp |
| DE | 158.220.106.144:443 | mybuckethatstore.com | tcp |
| JP | 45.76.197.96:443 | moneychargerblog.com | tcp |
| US | 154.49.142.179:443 | myclientbookings.com | tcp |
| DE | 3.72.75.63:443 | my-healthy-guide.com | tcp |
| US | 159.89.54.199:80 | www.lacasitadejassos.com | tcp |
| US | 66.33.222.133:443 | mychiefaiofficer.com | tcp |
| US | 104.21.82.61:443 | newsfromyoutoday.com | tcp |
| US | 172.67.143.142:443 | www.kunstwerke-lesch.com | tcp |
| US | 198.23.57.168:443 | nailmusebuckhead.com | tcp |
| FR | 89.116.147.244:443 | onemoreanatolian.com | tcp |
| IN | 217.21.85.150:443 | netmindsolutions.com | tcp |
| TW | 125.227.54.53:443 | nissan0982821056.com | tcp |
| US | 8.8.8.8:53 | padmavatiplastic.com | udp |
| US | 8.8.8.8:53 | parkerharristree.com | udp |
| US | 8.8.8.8:53 | petaccessories77.com | udp |
| US | 8.8.8.8:53 | pedroperezeslava.com | udp |
| US | 8.8.8.8:53 | pierrickgrasland.com | udp |
| US | 8.8.8.8:53 | pnhclinicalstudy.com | udp |
| US | 8.8.8.8:53 | www.plumbernorwalkct.com | udp |
| US | 8.8.8.8:53 | www.piezowaveleasing.com | udp |
| DE | 217.160.0.159:443 | o2mains-massages.fr | tcp |
| IT | 185.196.8.22:80 | ejdisdg.ua | tcp |
| US | 149.100.151.39:443 | nomadicallynifty.com | tcp |
| US | 199.188.206.65:443 | komodokayaking.com | tcp |
| US | 162.240.35.227:443 | www.nextlevdetailing.com | tcp |
| US | 8.8.8.8:53 | narwalarchitects.com | udp |
| US | 157.245.129.27:443 | ourcreamyrecipes.com | tcp |
| JP | 34.146.73.94:80 | nhattam-solution.com | tcp |
| FR | 87.98.230.47:443 | pedroperezeslava.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | silco.ayazprak.com | udp |
| US | 172.67.173.86:80 | silco.ayazprak.com | tcp |
| US | 104.248.108.53:443 | www.piezowaveleasing.com | tcp |
| US | 141.193.213.10:443 | parkerharristree.com | tcp |
| IN | 82.180.143.162:443 | narwalarchitects.com | tcp |
| SG | 45.130.228.209:443 | padmavatiplastic.com | tcp |
| US | 35.161.145.89:443 | pnhclinicalstudy.com | tcp |
| BR | 154.41.224.205:443 | petaccessories77.com | tcp |
| US | 8.8.8.8:53 | www.polkadotnoticias.com | udp |
| US | 8.8.8.8:53 | poesieinbewegung.com | udp |
| FR | 83.229.19.66:80 | pierrickgrasland.com | tcp |
| US | 104.21.84.219:443 | poesieinbewegung.com | tcp |
| ES | 31.214.178.58:80 | www.polkadotnoticias.com | tcp |
| US | 8.8.8.8:53 | premierroofworks.com | udp |
| US | 8.8.8.8:53 | productifygenius.com | udp |
| US | 206.189.233.179:443 | premierroofworks.com | tcp |
| US | 8.8.8.8:53 | ramsheenaanass12.com | udp |
| US | 8.8.8.8:53 | www.readrebelliously.com | udp |
| US | 8.8.8.8:53 | realdatingcenter.com | udp |
| US | 8.8.8.8:53 | rockefellerpizza.com | udp |
| US | 8.8.8.8:53 | prestigejunction.com | udp |
| US | 8.8.8.8:53 | www.premiumambulance.com | udp |
| IN | 89.117.27.195:443 | productifygenius.com | tcp |
| US | 8.8.8.8:53 | queerjoycaptured.com | udp |
| US | 8.8.8.8:53 | raryconstruction.com | udp |
| US | 8.8.8.8:53 | radiolabrillante.com | udp |
| US | 8.8.8.8:53 | www.ramongomezgarcia.com | udp |
| US | 8.8.8.8:53 | www.rachelstewartntp.com | udp |
| US | 8.8.8.8:53 | reviewchronicles.com | udp |
| US | 8.8.8.8:53 | psiqueconsulting.com | udp |
| US | 8.8.8.8:53 | revistaproposito.com | udp |
| US | 8.8.8.8:53 | rolexsaatalanyer.com | udp |
| US | 8.8.8.8:53 | probablynothing2.com | udp |
| US | 8.8.8.8:53 | sunnanature.com | udp |
| US | 8.8.8.8:53 | prodecisionmaker.com | udp |
| US | 8.8.8.8:53 | stylesnexus.com | udp |
| US | 8.8.8.8:53 | stunningten.com | udp |
| US | 8.8.8.8:53 | stylereruns.com | udp |
| GB | 213.246.109.6:443 | rockefellerpizza.com | tcp |
| FR | 163.172.34.181:80 | radiolabrillante.com | tcp |
| GB | 206.189.116.23:443 | queerjoycaptured.com | tcp |
| ES | 134.0.9.202:443 | www.ramongomezgarcia.com | tcp |
| TR | 213.238.168.59:443 | rolexsaatalanyer.com | tcp |
| NL | 162.0.217.87:443 | psiqueconsulting.com | tcp |
| RO | 146.70.56.164:443 | realdatingcenter.com | tcp |
| US | 66.235.200.112:443 | ramsheenaanass12.com | tcp |
| US | 173.236.180.219:443 | www.readrebelliously.com | tcp |
| US | 66.29.132.126:443 | stylesnexus.com | tcp |
| US | 86.38.202.4:443 | reviewchronicles.com | tcp |
| US | 185.212.71.171:443 | prestigejunction.com | tcp |
| BR | 149.62.37.97:443 | revistaproposito.com | tcp |
| US | 82.180.172.253:443 | probablynothing2.com | tcp |
| US | 208.113.188.124:443 | www.rachelstewartntp.com | tcp |
| TH | 27.254.86.11:443 | www.premiumambulance.com | tcp |
| FR | 109.234.165.177:443 | sunnanature.com | tcp |
| JP | 34.146.73.94:443 | nhattam-solution.com | tcp |
| US | 172.67.128.93:443 | stunningten.com | tcp |
| US | 208.113.161.161:443 | stylereruns.com | tcp |
| US | 149.100.151.199:443 | prodecisionmaker.com | tcp |
| US | 8.8.8.8:53 | sumbermasss.com | udp |
| FR | 94.23.253.103:443 | raryconstruction.com | tcp |
| US | 8.8.8.8:53 | superquanti.com | udp |
| US | 104.21.36.250:80 | superquanti.com | tcp |
| US | 8.8.8.8:53 | www.susanporras.com | udp |
| US | 8.8.8.8:53 | suzymallett.com | udp |
| TH | 27.254.86.11:443 | www.premiumambulance.com | tcp |
| CA | 15.235.65.10:443 | www.susanporras.com | tcp |
| FR | 89.116.147.220:443 | suzymallett.com | tcp |
| SG | 194.233.72.191:443 | sumbermasss.com | tcp |
| US | 8.8.8.8:53 | www.t65benefits.com | udp |
| US | 8.8.8.8:53 | swangoosewu.com | udp |
| US | 8.8.8.8:53 | sushikingvb.com | udp |
| US | 8.8.8.8:53 | tansweelain.com | udp |
| US | 8.8.8.8:53 | tampabaazar.com | udp |
| US | 8.8.8.8:53 | tarot-agile.com | udp |
| US | 8.8.8.8:53 | tasteofvida.com | udp |
| US | 8.8.8.8:53 | www.radiolabrillante.com | udp |
| US | 8.8.8.8:53 | techtalksai.com | udp |
| US | 8.8.8.8:53 | www.poesieinbewegung.com | udp |
| US | 8.8.8.8:53 | www.premierroofworks.com | udp |
| US | 8.8.8.8:53 | teasofearth.com | udp |
| US | 8.8.8.8:53 | tecelimport.com | udp |
| US | 8.8.8.8:53 | techyrouter.com | udp |
| US | 8.8.8.8:53 | teknometers.com | udp |
| US | 8.8.8.8:53 | thcgrashaus.com | udp |
| US | 8.8.8.8:53 | theautovibe.com | udp |
| US | 8.8.8.8:53 | the69design.com | udp |
| US | 8.8.8.8:53 | theblinkish.com | udp |
| US | 8.8.8.8:53 | thefastinfo.com | udp |
| US | 8.8.8.8:53 | thedexigner.com | udp |
| US | 8.8.8.8:53 | thebyteclub.com | udp |
| US | 8.8.8.8:53 | themrrmomma.com | udp |
| US | 8.8.8.8:53 | thermodetox.com | udp |
| US | 8.8.8.8:53 | theoldtrail.com | udp |
| US | 8.8.8.8:53 | thestorewiz.com | udp |
| US | 8.8.8.8:53 | thefoxcover.com | udp |
| US | 104.21.84.219:443 | www.poesieinbewegung.com | tcp |
| FR | 163.172.34.181:80 | www.radiolabrillante.com | tcp |
| US | 151.101.66.159:443 | tasteofvida.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| DE | 38.242.255.91:443 | www.t65benefits.com | tcp |
| US | 160.153.0.85:443 | tampabaazar.com | tcp |
| US | 8.8.8.8:53 | theswanmode.com | udp |
| GB | 185.77.97.52:443 | sushikingvb.com | tcp |
| US | 206.189.233.179:443 | www.premierroofworks.com | tcp |
| US | 162.220.166.109:443 | tecelimport.com | tcp |
| US | 154.49.142.120:443 | techyrouter.com | tcp |
| US | 104.21.36.250:443 | superquanti.com | tcp |
| CH | 91.90.193.158:443 | theautovibe.com | tcp |
| US | 192.254.235.143:443 | teknometers.com | tcp |
| US | 162.241.217.60:80 | theoldtrail.com | tcp |
| US | 172.67.205.238:443 | swangoosewu.com | tcp |
| FR | 54.36.91.62:80 | tarot-agile.com | tcp |
| US | 162.241.218.55:443 | themrrmomma.com | tcp |
| FR | 149.100.153.212:443 | thermodetox.com | tcp |
| US | 192.185.223.124:443 | teutrabalho.com | tcp |
| US | 8.8.8.8:53 | www.stylereruns.com | udp |
| US | 172.67.145.159:443 | thcgrashaus.com | tcp |
| US | 72.167.59.179:443 | thedexigner.com | tcp |
| US | 172.93.108.34:443 | tansweelain.com | tcp |
| GB | 109.70.148.171:443 | thebyteclub.com | tcp |
| TH | 147.50.227.13:443 | the69design.com | tcp |
| RS | 217.24.17.51:443 | teasofearth.com | tcp |
| GB | 185.229.21.109:443 | thefoxcover.com | tcp |
| LT | 84.32.84.32:443 | theblinkish.com | tcp |
| US | 208.113.161.161:443 | www.stylereruns.com | tcp |
| US | 149.100.151.184:443 | thefastinfo.com | tcp |
| US | 149.100.151.198:443 | thestorewiz.com | tcp |
| US | 162.241.218.136:80 | theswanmode.com | tcp |
| US | 8.8.8.8:53 | thetimes365.com | udp |
| US | 82.180.175.250:443 | thetimes365.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | theusotwins.com | udp |
| US | 8.8.8.8:53 | irwinwedding.com | udp |
| US | 8.8.8.8:53 | investtantra.com | udp |
| US | 8.8.8.8:53 | isqsolutions.com | udp |
| US | 8.8.8.8:53 | it-tokku-999.com | udp |
| US | 8.8.8.8:53 | www.iqsoluciones.com | udp |
| US | 8.8.8.8:53 | ismarafroyal.com | udp |
| US | 8.8.8.8:53 | www.thevivaband.com | udp |
| US | 8.8.8.8:53 | ivrlogistics.com | udp |
| US | 8.8.8.8:53 | issocatching.com | udp |
| US | 8.8.8.8:53 | izabellasoto.com | udp |
| US | 8.8.8.8:53 | itanurpiasah.com | udp |
| US | 8.8.8.8:53 | jacquideevoy.com | udp |
| US | 8.8.8.8:53 | januboutique.com | udp |
| US | 8.8.8.8:53 | jaylenfarley.com | udp |
| US | 8.8.8.8:53 | japanprotein.com | udp |
| US | 8.8.8.8:53 | jefftennyson.com | udp |
| US | 8.8.8.8:53 | joandeguzman.com | udp |
| US | 8.8.8.8:53 | www.swangoosewu.com | udp |
| US | 154.41.230.28:443 | ivrlogistics.com | tcp |
| GB | 77.72.2.71:443 | jacquideevoy.com | tcp |
| GB | 158.176.192.52:443 | ismarafroyal.com | tcp |
| US | 162.214.81.11:443 | investtantra.com | tcp |
| PL | 46.29.19.53:80 | theusotwins.com | tcp |
| US | 74.220.219.246:443 | izabellasoto.com | tcp |
| US | 8.8.8.8:53 | jobspaceasia.com | udp |
| CA | 142.44.234.168:443 | isqsolutions.com | tcp |
| US | 8.8.8.8:53 | johannesenns.com | udp |
| US | 172.67.206.120:443 | japanprotein.com | tcp |
| US | 104.21.22.167:443 | www.swangoosewu.com | tcp |
| US | 8.8.8.8:53 | josephstar48.com | udp |
| US | 192.185.39.35:443 | irwinwedding.com | tcp |
| IN | 82.180.143.99:443 | joandeguzman.com | tcp |
| JP | 160.251.148.83:443 | it-tokku-999.com | tcp |
| US | 208.113.172.101:443 | www.thevivaband.com | tcp |
| US | 154.41.230.120:443 | jaylenfarley.com | tcp |
| US | 50.63.177.14:80 | issocatching.com | tcp |
| IN | 89.117.27.78:443 | januboutique.com | tcp |
| US | 208.113.188.13:443 | www.iqsoluciones.com | tcp |
| US | 8.8.8.8:53 | jotarou-work.com | udp |
| US | 8.8.8.8:53 | journeyfoody.com | udp |
| ID | 153.92.11.38:80 | itanurpiasah.com | tcp |
| US | 8.8.8.8:53 | jplinkfinder.com | udp |
| US | 8.8.8.8:53 | jrmwebdesigns.com | udp |
| US | 8.8.8.8:53 | juliana-lane.com | udp |
| US | 8.8.8.8:53 | juniorrubber.com | udp |
| US | 8.8.8.8:53 | k9activenose.it | udp |
| US | 8.8.8.8:53 | kampoengsaya.com | udp |
| US | 8.8.8.8:53 | juraganepoxy.com | udp |
| US | 8.8.8.8:53 | juanpablojpf.com | udp |
| US | 8.8.8.8:53 | jungedesigns.com | udp |
| US | 8.8.8.8:53 | katrinakruse.com | udp |
| MY | 111.90.134.101:443 | jobspaceasia.com | tcp |
| US | 8.8.8.8:53 | kanemkassidi.com | udp |
| DE | 81.169.156.117:443 | johannesenns.com | tcp |
| US | 172.67.131.183:443 | jrmwebdesigns.com | tcp |
| US | 208.109.22.157:80 | juliana-lane.com | tcp |
| US | 8.8.8.8:53 | kantinamelon.com | udp |
| US | 162.241.217.66:443 | josephstar48.com | tcp |
| US | 68.183.30.12:443 | journeyfoody.com | tcp |
| US | 8.8.8.8:53 | kbservicellc.com | udp |
| US | 8.8.8.8:53 | karengajardo.com | udp |
| IN | 52.66.164.147:80 | juniorrubber.com | tcp |
| SG | 85.187.128.52:443 | jplinkfinder.com | tcp |
| US | 162.144.14.104:80 | juraganepoxy.com | tcp |
| FR | 54.36.91.62:443 | kanemkassidi.com | tcp |
| US | 104.21.59.34:443 | juanpablojpf.com | tcp |
| FR | 178.32.138.212:443 | k9activenose.it | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 217.21.76.157:443 | katrinakruse.com | tcp |
| US | 173.236.156.136:443 | kbservicellc.com | tcp |
| US | 8.8.8.8:53 | kedaipakmail.com | udp |
| VN | 45.252.251.72:443 | jungedesigns.com | tcp |
| US | 8.8.8.8:53 | ketamaxsales.com | udp |
| US | 162.159.137.9:443 | karengajardo.com | tcp |
| US | 66.235.200.145:443 | kantinamelon.com | tcp |
| US | 8.8.8.8:53 | keynewspaper.com | udp |
| US | 8.8.8.8:53 | khatijaahmed.com | udp |
| US | 199.26.84.165:443 | khatijaahmed.com | tcp |
| RO | 91.244.247.200:443 | ketamaxsales.com | tcp |
| US | 8.8.8.8:53 | www.kraseikuwait.com | udp |
| IN | 52.66.164.147:443 | juniorrubber.com | tcp |
| US | 188.114.96.2:443 | kedaipakmail.com | tcp |
| SG | 217.21.73.47:80 | kampoengsaya.com | tcp |
| CA | 149.56.26.23:443 | www.kraseikuwait.com | tcp |
| US | 8.8.8.8:53 | kingsroyalmy.com | udp |
| IN | 89.117.188.223:443 | keynewspaper.com | tcp |
| US | 149.100.151.112:443 | kingsroyalmy.com | tcp |
| US | 8.8.8.8:53 | webdesignicandy.com | udp |
| US | 8.8.8.8:53 | klinikbahasa.com | udp |
| US | 8.8.8.8:53 | korsariorock.com | udp |
| US | 8.8.8.8:53 | kibristaksim.com | udp |
| US | 162.241.218.55:443 | webdesignicandy.com | tcp |
| SG | 172.96.191.127:443 | klinikbahasa.com | tcp |
| US | 8.8.8.8:53 | www.kmt-solution.com | udp |
| US | 8.8.8.8:53 | johannesenns.de | udp |
| US | 8.8.8.8:53 | www.korsett-shop.com | udp |
| US | 172.67.139.236:80 | kibristaksim.com | tcp |
| US | 8.8.8.8:53 | kickoffalert.com | udp |
| DE | 81.169.156.117:443 | johannesenns.de | tcp |
| FR | 54.36.31.145:443 | www.kmt-solution.com | tcp |
| US | 8.8.8.8:53 | kipasguysapk.com | udp |
| US | 8.8.8.8:53 | www.karengajardo.com | udp |
| US | 8.8.8.8:53 | kyshairworld.com | udp |
| US | 8.8.8.8:53 | www.korsett-topp.com | udp |
| US | 8.8.8.8:53 | kubikandosas.com | udp |
| US | 8.8.8.8:53 | www.la-mere-gaud.com | udp |
| US | 8.8.8.8:53 | www.kuddar-butik.com | udp |
| US | 8.8.8.8:53 | lacabexgroup.com | udp |
| US | 8.8.8.8:53 | kreweconnect.com | udp |
| US | 8.8.8.8:53 | lannaspaoman.com | udp |
| US | 8.8.8.8:53 | www.juniorrubber.com | udp |
| US | 8.8.8.8:53 | larteinpasta.com | udp |
| US | 8.8.8.8:53 | lavoro-prova.com | udp |
| US | 8.8.8.8:53 | eleanorlsoto.com | udp |
| US | 8.8.8.8:53 | expresdeliveryservices.com | udp |
| US | 8.8.8.8:53 | lenteratrans.com | udp |
| US | 8.8.8.8:53 | earthlifetoursandtravel.com | udp |
| FR | 185.154.136.56:443 | www.korsett-shop.com | tcp |
| ES | 46.16.62.222:443 | korsariorock.com | tcp |
| US | 8.8.8.8:53 | www.superquanti.com | udp |
| IN | 103.174.10.64:443 | kprbuildware.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 162.241.24.104:443 | kyshairworld.com | tcp |
| FR | 185.154.136.115:443 | www.kuddar-butik.com | tcp |
| BR | 185.211.7.234:443 | kubikandosas.com | tcp |
| DE | 217.160.0.150:80 | lacabexgroup.com | tcp |
| IN | 52.66.164.147:443 | www.juniorrubber.com | tcp |
| US | 8.8.8.8:53 | itacatemazcal.com | udp |
| US | 151.106.97.231:443 | lasrodriguez.com | tcp |
| US | 74.220.219.246:443 | eleanorlsoto.com | tcp |
| BR | 187.49.37.5:80 | larteinpasta.com | tcp |
| US | 188.114.96.2:443 | kipasguysapk.com | tcp |
| US | 162.159.138.9:443 | www.karengajardo.com | tcp |
| FR | 185.246.44.131:443 | www.la-mere-gaud.com | tcp |
| FR | 185.154.136.24:443 | www.korsett-topp.com | tcp |
| US | 173.231.204.198:443 | kreweconnect.com | tcp |
| FR | 89.117.169.167:443 | lavoro-prova.com | tcp |
| IN | 217.21.94.120:443 | lannaspaoman.com | tcp |
| NL | 185.142.236.173:443 | expresdeliveryservices.com | tcp |
| US | 198.54.116.98:443 | earthlifetoursandtravel.com | tcp |
| US | 104.21.36.250:443 | www.superquanti.com | tcp |
| US | 149.100.151.250:443 | itacatemazcal.com | tcp |
| ID | 153.92.9.203:443 | lenteratrans.com | tcp |
| US | 8.8.8.8:53 | iskconukraine.com | udp |
| US | 8.8.8.8:53 | jagadambapuja.com | udp |
| US | 8.8.8.8:53 | janmat360news.com | udp |
| US | 8.8.8.8:53 | prestigecustomdecks.com | udp |
| US | 8.8.8.8:53 | jairamschools.com | udp |
| US | 8.8.8.8:53 | itiswelldecor.com | udp |
| US | 8.8.8.8:53 | jerseykaosbos.com | udp |
| US | 8.8.8.8:53 | www.rentalcrane-trailer.com | udp |
| US | 8.8.8.8:53 | rightchoiceliterary.com | udp |
| US | 8.8.8.8:53 | sanctuaryecuador.com | udp |
| US | 8.8.8.8:53 | silvamarinsepereira.com | udp |
| US | 8.8.8.8:53 | revitalizelifestore.com | udp |
| US | 195.179.236.2:443 | iskconukraine.com | tcp |
| US | 8.8.8.8:53 | soycristinafernanda.com | udp |
| US | 74.208.236.205:80 | itiswelldecor.com | tcp |
| US | 8.8.8.8:53 | smarthouse4brothers.com | udp |
| US | 8.8.8.8:53 | www.textileartsolutions.com | udp |
| IN | 103.174.10.64:443 | kprbuildware.com | tcp |
| GB | 185.77.97.4:443 | jairamschools.com | tcp |
| US | 8.8.8.8:53 | thewholeworldishere.com | udp |
| US | 8.8.8.8:53 | trailtailsandbeyond.com | udp |
| US | 8.8.8.8:53 | twinningwithtiffany.com | udp |
| FI | 65.109.99.96:443 | www.rentalcrane-trailer.com | tcp |
| US | 8.8.8.8:53 | vrajvyomhospitality.com | udp |
| US | 8.8.8.8:53 | warbixinadasportska.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | transportesriverman.com | udp |
| IN | 89.117.27.182:443 | janmat360news.com | tcp |
| US | 162.241.217.57:443 | sanctuaryecuador.com | tcp |
| US | 50.87.150.32:443 | rightchoiceliterary.com | tcp |
| ID | 103.247.11.97:443 | jerseykaosbos.com | tcp |
| US | 8.8.8.8:53 | toppayingjobsonline.com | udp |
| US | 162.241.216.110:443 | rusticrootsbackyard.com | tcp |
| US | 162.241.63.0:443 | revitalizelifestore.com | tcp |
| US | 162.0.234.80:443 | prestigecustomdecks.com | tcp |
| US | 170.39.76.102:443 | radiofuenteenlaroca.com | tcp |
| US | 70.40.201.113:443 | www.textileartsolutions.com | tcp |
| US | 50.6.138.175:443 | thewholeworldishere.com | tcp |
| US | 34.202.63.170:443 | soycristinafernanda.com | tcp |
| US | 8.8.8.8:53 | whyownagoldendoodle.com | udp |
| US | 108.179.193.198:443 | silvamarinsepereira.com | tcp |
| US | 162.214.80.158:443 | vrajvyomhospitality.com | tcp |
| US | 50.6.138.175:443 | thewholeworldishere.com | tcp |
| US | 162.241.224.107:443 | twinningwithtiffany.com | tcp |
| US | 8.8.8.8:53 | watsanapaperfactory.com | udp |
| US | 162.241.253.231:443 | trailtailsandbeyond.com | tcp |
| US | 66.225.241.7:80 | transportesriverman.com | tcp |
| US | 44.208.201.167:443 | whyownagoldendoodle.com | tcp |
| US | 8.8.8.8:53 | writingrightonpaper.com | udp |
| NL | 75.102.58.70:443 | toppayingjobsonline.com | tcp |
| FI | 65.108.107.90:443 | jagadambapuja.com | tcp |
| US | 50.87.141.159:443 | warbixinadasportska.com | tcp |
| NL | 75.102.58.70:443 | toppayingjobsonline.com | tcp |
| US | 170.39.76.102:443 | radiofuenteenlaroca.com | tcp |
| MD | 176.123.0.55:443 | watsanapaperfactory.com | tcp |
| US | 8.8.8.8:53 | www.zanikainternational.com | udp |
| US | 8.8.8.8:53 | winecountryandwomen.com | udp |
| US | 8.8.8.8:53 | yermoyparrescarichi.com | udp |
| US | 8.8.8.8:53 | portaldasinformacoes.com | udp |
| US | 8.8.8.8:53 | royaleanimalcourrier.com | udp |
| US | 8.8.8.8:53 | receitasgourmetfacil.com | udp |
| US | 8.8.8.8:53 | zelkingruppoempresa.com | udp |
| US | 8.8.8.8:53 | sentineo-electronics.com | udp |
| US | 8.8.8.8:53 | www.zorvoxdatasolutions.com | udp |
| US | 8.8.8.8:53 | pottytraineddoberman.com | udp |
| US | 8.8.8.8:53 | retazos-decoraciones.com | udp |
| US | 8.8.8.8:53 | shaneonlinemarketing.com | udp |
| US | 8.8.8.8:53 | simple-solutions-llc.com | udp |
| US | 8.8.8.8:53 | nifate.com | udp |
| US | 8.8.8.8:53 | www.shribalajiautomotive.com | udp |
| US | 8.8.8.8:53 | nanaoi.com | udp |
| US | 162.241.252.137:443 | winecountryandwomen.com | tcp |
| US | 162.241.60.131:443 | yermoyparrescarichi.com | tcp |
| US | 192.254.185.56:443 | pottytraineddoberman.com | tcp |
| US | 50.87.143.77:443 | sentineo-electronics.com | tcp |
| DE | 157.90.36.220:443 | www.zanikainternational.com | tcp |
| US | 162.251.85.8:443 | www.zorvoxdatasolutions.com | tcp |
| US | 104.218.54.34:443 | royaleanimalcourrier.com | tcp |
| US | 162.241.225.243:443 | shaneonlinemarketing.com | tcp |
| US | 162.241.2.207:443 | receitasgourmetfacil.com | tcp |
| US | 162.241.2.121:443 | portaldasinformacoes.com | tcp |
| US | 106.0.62.81:443 | simple-solutions-llc.com | tcp |
| US | 106.0.62.71:80 | revitalize-n-restore.com | tcp |
| US | 74.208.106.209:443 | nifate.com | tcp |
| US | 50.87.233.200:80 | seaglasshigheredjobs.com | tcp |
| DE | 81.169.145.79:443 | retazos-decoraciones.com | tcp |
| IN | 103.50.162.186:443 | www.shribalajiautomotive.com | tcp |
| DE | 116.203.125.97:443 | nanaoi.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | olyazm.com | udp |
| US | 8.8.8.8:53 | www.opnpos.com | udp |
| US | 8.8.8.8:53 | oww182.com | udp |
| US | 8.8.8.8:53 | qh88vi.com | udp |
| US | 8.8.8.8:53 | qalam0.com | udp |
| US | 8.8.8.8:53 | qcyxgw.com | udp |
| US | 8.8.8.8:53 | pksjjn.com | udp |
| US | 8.8.8.8:53 | qlgntx.com | udp |
| US | 8.8.8.8:53 | rhovix.com | udp |
| US | 8.8.8.8:53 | rarmec.com | udp |
| US | 160.153.0.18:443 | qlgntx.com | tcp |
| VN | 103.77.162.26:443 | rarmec.com | tcp |
| CA | 199.16.129.224:443 | www.opnpos.com | tcp |
| US | 108.167.182.244:443 | qalam0.com | tcp |
| US | 8.8.8.8:53 | ru1004.com | udp |
| US | 8.8.8.8:53 | rxpils.com | udp |
| GB | 185.151.30.177:443 | olyazm.com | tcp |
| US | 31.170.161.148:443 | rhovix.com | tcp |
| US | 8.8.8.8:53 | roctre.com | udp |
| US | 8.8.8.8:53 | rrrsmr.com | udp |
| US | 172.67.208.7:443 | qh88vi.com | tcp |
| US | 8.8.8.8:53 | rulnan.com | udp |
| US | 192.185.157.15:443 | oww182.com | tcp |
| US | 8.8.8.8:53 | sh055.temp.domains | udp |
| FR | 149.100.144.34:443 | pksjjn.com | tcp |
| CN | 120.26.15.85:80 | qcyxgw.com | tcp |
| US | 8.8.8.8:53 | rynash.com | udp |
| US | 8.8.8.8:53 | sajadb.com | udp |
| US | 63.250.43.135:443 | roctre.com | tcp |
| US | 89.117.139.80:443 | rxpils.com | tcp |
| SG | 151.106.117.144:443 | rulnan.com | tcp |
| US | 8.8.8.8:53 | sofirz.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| KR | 158.247.254.72:443 | ru1004.com | tcp |
| US | 162.241.217.108:443 | rrrsmr.com | tcp |
| US | 8.8.8.8:53 | svm-co.com | udp |
| US | 8.8.8.8:53 | sheylo.com | udp |
| US | 8.8.8.8:53 | tehcup.com | udp |
| ID | 203.175.9.114:443 | rynash.com | tcp |
| US | 8.8.8.8:53 | www.ssmcaa.com | udp |
| US | 8.8.8.8:53 | shim24.com | udp |
| US | 8.8.8.8:53 | www.tbgear.com | udp |
| US | 8.8.8.8:53 | tesnam.com | udp |
| US | 8.8.8.8:53 | tqneen.com | udp |
| US | 8.8.8.8:53 | tkardd.com | udp |
| US | 8.8.8.8:53 | www.u-beep.com | udp |
| SG | 143.198.219.109:443 | sajadb.com | tcp |
| FR | 185.246.47.94:443 | sheylo.com | tcp |
| US | 8.8.8.8:53 | ubt-eu.com | udp |
| US | 8.8.8.8:53 | uidoor.com | udp |
| US | 8.8.8.8:53 | ubertw.com | udp |
| SG | 82.180.152.42:443 | tkardd.com | tcp |
| US | 69.163.152.186:443 | www.u-beep.com | tcp |
| US | 68.178.195.210:443 | www.tbgear.com | tcp |
| SG | 185.237.145.129:443 | tehcup.com | tcp |
| US | 208.109.61.111:80 | svm-co.com | tcp |
| US | 45.41.235.161:443 | tesnam.com | tcp |
| US | 8.8.8.8:53 | upscir.com | udp |
| BD | 103.163.246.106:443 | www.ssmcaa.com | tcp |
| US | 104.21.80.113:443 | tqneen.com | tcp |
| KR | 158.247.255.160:443 | shim24.com | tcp |
| US | 8.8.8.8:53 | uscies.com | udp |
| LT | 45.84.207.66:443 | ubt-eu.com | tcp |
| US | 8.8.8.8:53 | vegasg.com | udp |
| SG | 82.180.152.224:443 | ubertw.com | tcp |
| US | 172.67.169.25:80 | uidoor.com | tcp |
| US | 8.8.8.8:53 | wecsph.com | udp |
| US | 162.241.226.40:443 | uscies.com | tcp |
| IN | 154.41.233.71:443 | upscir.com | tcp |
| US | 66.81.203.198:443 | vegasg.com | tcp |
| US | 8.8.8.8:53 | waafaa.com | udp |
| SG | 156.67.222.108:443 | wecsph.com | tcp |
| US | 8.8.8.8:53 | wmonou.com | udp |
| US | 8.8.8.8:53 | wpstag.com | udp |
| GB | 77.95.113.180:443 | waafaa.com | tcp |
| US | 8.8.8.8:53 | yasads.com | udp |
| US | 172.67.169.25:443 | uidoor.com | tcp |
| SG | 31.187.75.155:443 | wmonou.com | tcp |
| US | 8.8.8.8:53 | xtra2u.com | udp |
| US | 104.21.13.50:443 | wpstag.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | ysodot.com | udp |
| US | 89.117.139.100:443 | yasads.com | tcp |
| CN | 203.82.1.180:80 | xxboos.com | tcp |
| US | 162.241.63.91:443 | xtra2u.com | tcp |
| US | 8.8.8.8:53 | zarou9.com | udp |
| LT | 45.84.205.146:443 | ysodot.com | tcp |
| US | 8.8.8.8:53 | zacupy.com | udp |
| US | 8.8.8.8:53 | zuuvee.com | udp |
| US | 8.8.8.8:53 | 27pixel.com | udp |
| DE | 23.88.66.234:443 | zarou9.com | tcp |
| US | 166.62.108.178:443 | zacupy.com | tcp |
| US | 74.208.236.208:80 | 27pixel.com | tcp |
| GB | 154.49.138.111:443 | zuuvee.com | tcp |
| US | 8.8.8.8:53 | 21hffla.com | udp |
| US | 8.8.8.8:53 | www.rarmec.com | udp |
| US | 8.8.8.8:53 | 2smarkt.com | udp |
| US | 8.8.8.8:53 | 77l0tto.com | udp |
| US | 8.8.8.8:53 | www.a-linah.com | udp |
| US | 8.8.8.8:53 | aililis.com | udp |
| US | 8.8.8.8:53 | russellschoolhadley.com | udp |
| US | 8.8.8.8:53 | www.sealwise.co.uk | udp |
| US | 8.8.8.8:53 | zorvoxdatasolutions.com | udp |
| US | 8.8.8.8:53 | seikatsuwotanoshiku.com | udp |
| US | 188.114.96.2:443 | kipasguysapk.com | tcp |
| US | 64.90.48.240:443 | 21hffla.com | tcp |
| VN | 103.77.162.26:443 | www.rarmec.com | tcp |
| US | 172.67.160.123:443 | 77l0tto.com | tcp |
| US | 8.8.8.8:53 | cybecho.net | udp |
| US | 8.8.8.8:53 | dobuzz.net | udp |
| US | 8.8.8.8:53 | raidersixgameapk.com | udp |
| US | 8.8.8.8:53 | savinodesignstudios.com | udp |
| US | 8.8.8.8:53 | ar1zona.com | udp |
| US | 8.8.8.8:53 | bizbbee.com | udp |
| US | 8.8.8.8:53 | bexcont.com | udp |
| US | 8.8.8.8:53 | pluraline.com | udp |
| US | 8.8.8.8:53 | biznect.com | udp |
| US | 8.8.8.8:53 | soubdrive.com | udp |
| US | 8.8.8.8:53 | omnihomestay.com | udp |
| US | 8.8.8.8:53 | oldsoftwares.com | udp |
| FR | 92.204.212.181:443 | www.a-linah.com | tcp |
| IR | 45.139.11.227:80 | aililis.com | tcp |
| IN | 103.152.79.182:80 | 2smarkt.com | tcp |
| US | 162.251.85.8:443 | zorvoxdatasolutions.com | tcp |
| US | 162.241.216.62:443 | bexcont.com | tcp |
| US | 104.21.80.113:443 | tqneen.com | tcp |
| GB | 77.72.2.72:443 | www.sealwise.co.uk | tcp |
| JP | 150.95.59.36:443 | seikatsuwotanoshiku.com | tcp |
| US | 162.241.226.112:443 | cybecho.net | tcp |
| US | 162.241.225.183:443 | biznect.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 162.0.229.126:443 | dobuzz.net | tcp |
| US | 172.67.188.51:443 | raidersixgameapk.com | tcp |
| US | 66.29.146.52:443 | soubdrive.com | tcp |
| US | 192.185.88.75:443 | savinodesignstudios.com | tcp |
| IN | 217.21.91.253:443 | omnihomestay.com | tcp |
| US | 212.1.211.81:443 | oldsoftwares.com | tcp |
| DE | 88.198.22.18:443 | pluraline.com | tcp |
| US | 162.241.217.81:443 | bizbbee.com | tcp |
| US | 192.185.137.181:443 | ar1zona.com | tcp |
| US | 162.241.217.66:443 | russellschoolhadley.com | tcp |
| US | 8.8.8.8:53 | omorfia-shop.com | udp |
| US | 8.8.8.8:53 | oneinfomaker.com | udp |
| DE | 217.160.0.137:443 | omorfia-shop.com | tcp |
| US | 8.8.8.8:53 | optionmitra.com | udp |
| US | 8.8.8.8:53 | optimyzedata.com | udp |
| IN | 165.232.176.68:443 | optionmitra.com | tcp |
| KR | 183.111.183.107:443 | oneinfomaker.com | tcp |
| SG | 159.223.90.196:443 | optimyzedata.com | tcp |
| US | 8.8.8.8:53 | orangemendix.com | udp |
| GB | 141.136.43.172:443 | orangemendix.com | tcp |
| US | 8.8.8.8:53 | orderkatsini.com | udp |
| US | 8.8.8.8:53 | www.outletblades.com | udp |
| US | 8.8.8.8:53 | osbornmalang.com | udp |
| MY | 113.23.169.119:443 | orderkatsini.com | tcp |
| US | 8.8.8.8:53 | painpillshop.com | udp |
| US | 8.8.8.8:53 | paiadventure.com | udp |
| US | 8.8.8.8:53 | www.paraedilsrls.com | udp |
| US | 8.8.8.8:53 | pakselection.com | udp |
| US | 8.8.8.8:53 | partialcloud.com | udp |
| US | 8.8.8.8:53 | www.parentsemois.com | udp |
| US | 8.8.8.8:53 | patioandshed.com | udp |
| US | 8.8.8.8:53 | paylogixsoft.com | udp |
| US | 8.8.8.8:53 | partypalacee.com | udp |
| US | 8.8.8.8:53 | peaknetworth.com | udp |
| US | 8.8.8.8:53 | www.pegasomobili.com | udp |
| US | 8.8.8.8:53 | persasdemama.com | udp |
| US | 8.8.8.8:53 | pgslotpro888.com | udp |
| US | 8.8.8.8:53 | www.21hffla.com | udp |
| US | 8.8.8.8:53 | pestfreeasap.com | udp |
| US | 8.8.8.8:53 | pharmasavant.com | udp |
| US | 8.8.8.8:53 | swingdogteam.com | udp |
| US | 8.8.8.8:53 | spineuphoria.com | udp |
| US | 8.8.8.8:53 | techuntangle.com | udp |
| US | 8.8.8.8:53 | sudinaevents.com | udp |
| US | 8.8.8.8:53 | tagexpertint.com | udp |
| VN | 103.173.227.63:443 | paiadventure.com | tcp |
| US | 188.114.96.2:443 | www.outletblades.com | tcp |
| US | 63.250.43.134:443 | pestfreeasap.com | tcp |
| IT | 89.46.108.71:443 | www.paraedilsrls.com | tcp |
| SG | 185.229.118.149:443 | osbornmalang.com | tcp |
| FR | 109.234.165.181:443 | www.parentsemois.com | tcp |
| US | 154.49.142.72:443 | paylogixsoft.com | tcp |
| US | 162.215.230.10:80 | partialcloud.com | tcp |
| IT | 31.11.36.59:443 | www.pegasomobili.com | tcp |
| FR | 15.188.219.54:443 | patioandshed.com | tcp |
| US | 162.240.211.30:443 | painpillshop.com | tcp |
| IN | 43.225.55.137:443 | sudinaevents.com | tcp |
| US | 184.154.119.210:443 | techuntangle.com | tcp |
| FI | 135.181.6.251:443 | partypalacee.com | tcp |
| FI | 65.21.126.174:443 | pakselection.com | tcp |
| CA | 142.44.226.116:443 | pharmasavant.com | tcp |
| GB | 185.77.97.92:443 | phailaavtech.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| TH | 27.254.86.114:443 | spineuphoria.com | tcp |
| BR | 154.49.247.225:443 | persasdemama.com | tcp |
| TH | 27.254.86.114:443 | spineuphoria.com | tcp |
| US | 8.8.8.8:53 | tepuyroofing.com | udp |
| US | 162.241.24.71:80 | swingdogteam.com | tcp |
| GB | 192.250.239.85:80 | peaknetworth.com | tcp |
| RO | 85.120.18.18:443 | tagexpertint.com | tcp |
| US | 8.8.8.8:53 | terryjdamato.com | udp |
| US | 64.90.48.240:443 | www.21hffla.com | tcp |
| US | 8.8.8.8:53 | winecountrywomen.com | udp |
| US | 108.178.43.98:443 | tepuyroofing.com | tcp |
| US | 8.8.8.8:53 | textilediary.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | amleehaulage.com | udp |
| US | 8.8.8.8:53 | the-magickal.com | udp |
| US | 50.87.143.172:443 | terryjdamato.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 162.241.252.137:443 | winecountrywomen.com | tcp |
| US | 162.241.216.47:443 | amleehaulage.com | tcp |
| US | 8.8.8.8:53 | artalandorra.com | udp |
| DE | 188.40.107.86:443 | textilediary.com | tcp |
| US | 8.8.8.8:53 | ananddalwadi.com | udp |
| US | 8.8.8.8:53 | athena-trans.com | udp |
| US | 192.254.237.91:443 | the-magickal.com | tcp |
| US | 8.8.8.8:53 | ativaboxapps.com | udp |
| US | 8.8.8.8:53 | bagamatilive.com | udp |
| US | 162.241.217.201:443 | ananddalwadi.com | tcp |
| US | 8.8.8.8:53 | falecomaisis.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| ES | 185.156.219.10:443 | artalandorra.com | tcp |
| TH | 147.50.231.19:443 | athena-trans.com | tcp |
| US | 8.8.8.8:53 | attachecrate.com | udp |
| US | 8.8.8.8:53 | chinafoam-eg.com | udp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| US | 8.8.8.8:53 | eiginsuranceinfo.com | udp |
| US | 8.8.8.8:53 | fashionnetic.com | udp |
| US | 8.8.8.8:53 | fatorfirmeza.com | udp |
| US | 8.8.8.8:53 | fieldinghilo.com | udp |
| US | 8.8.8.8:53 | www.arizona-logistics.com | udp |
| US | 8.8.8.8:53 | purewateralliance.com | udp |
| US | 8.8.8.8:53 | jinglesycanciones.com | udp |
| US | 8.8.8.8:53 | mastermindoutdoor.com | udp |
| US | 8.8.8.8:53 | laurieartetdesign.com | udp |
| US | 63.250.38.71:80 | chinafoam-eg.com | tcp |
| FR | 149.100.144.71:443 | ativaboxapps.com | tcp |
| IN | 69.57.172.2:443 | bagamatilive.com | tcp |
| GB | 163.70.147.35:443 | m.facebook.com | tcp |
| US | 216.172.160.220:443 | falecomaisis.com | tcp |
| US | 162.241.216.65:443 | attachecrate.com | tcp |
| US | 162.144.14.81:443 | fieldinghilo.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 131.153.147.34:443 | www.arizona-logistics.com | tcp |
| US | 192.185.210.213:443 | fatorfirmeza.com | tcp |
| US | 162.214.80.67:443 | fashionnetic.com | tcp |
| US | 162.0.215.108:443 | eiginsuranceinfo.com | tcp |
| US | 188.114.97.2:443 | laurieartetdesign.com | tcp |
| US | 68.65.122.221:443 | mastermindoutdoor.com | tcp |
| CL | 190.107.177.35:443 | jinglesycanciones.com | tcp |
| US | 66.29.132.160:443 | purewateralliance.com | tcp |
| US | 8.8.8.8:53 | octobrsfinest-art.com | udp |
| US | 8.8.8.8:53 | www.thetimeisrightnow.com | udp |
| US | 8.8.8.8:53 | www.magicfamilygetaways.com | udp |
| US | 8.8.8.8:53 | nongnghiepsongxoai.com | udp |
| US | 8.8.8.8:53 | billsquibbmarketing.com | udp |
| US | 8.8.8.8:53 | brandlambplayground.com | udp |
| US | 8.8.8.8:53 | bluecheckbackground.com | udp |
| US | 8.8.8.8:53 | cadamenteumuniverso.com | udp |
| US | 8.8.8.8:53 | purgimon-assessors.com | udp |
| US | 8.8.8.8:53 | bippityboppityblogs.com | udp |
| US | 8.8.8.8:53 | bozidarka-vidakovic.com | udp |
| US | 8.8.8.8:53 | www.carlosillichnavarro.com | udp |
| US | 8.8.8.8:53 | calcinha-absorvente.com | udp |
| US | 8.8.8.8:53 | candiedcottonquilts.com | udp |
| US | 8.8.8.8:53 | businessmanagererp.net | udp |
| DE | 81.169.145.77:443 | octobrsfinest-art.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| ES | 217.76.150.56:80 | purgimon-assessors.com | tcp |
| US | 8.8.8.8:53 | swingdogdesign.com | udp |
| US | 50.87.143.88:443 | billsquibbmarketing.com | tcp |
| US | 66.235.200.146:80 | bluecheckbackground.com | tcp |
| US | 8.8.8.8:53 | centresayedchouhada.com | udp |
| US | 162.241.225.228:80 | bippityboppityblogs.com | tcp |
| US | 8.8.8.8:53 | ckmarketingsolution.com | udp |
| US | 162.241.24.131:443 | candiedcottonquilts.com | tcp |
| US | 108.178.43.178:443 | brandlambplayground.com | tcp |
| US | 8.8.8.8:53 | charlottestidytouch.com | udp |
| US | 69.163.151.126:443 | www.magicfamilygetaways.com | tcp |
| US | 162.144.3.112:443 | bozidarka-vidakovic.com | tcp |
| NL | 185.104.29.36:443 | www.thetimeisrightnow.com | tcp |
| US | 162.241.2.66:443 | cadamenteumuniverso.com | tcp |
| US | 8.8.8.8:53 | dahomeyconstruction.com | udp |
| US | 162.241.173.164:443 | www.carlosillichnavarro.com | tcp |
| BR | 109.104.155.45:443 | calcinha-absorvente.com | tcp |
| VN | 45.117.80.53:80 | nongnghiepsongxoai.com | tcp |
| GB | 178.159.5.244:80 | centresayedchouhada.com | tcp |
| US | 162.241.24.71:80 | swingdogdesign.com | tcp |
| US | 8.8.8.8:53 | www.purewateralliance.com | udp |
| US | 162.241.216.74:443 | charlottestidytouch.com | tcp |
| US | 162.241.219.206:443 | ckmarketingsolution.com | tcp |
| CA | 198.54.132.29:80 | dahomeyconstruction.com | tcp |
| US | 8.8.8.8:53 | davidflylikeaneagle.com | udp |
| US | 8.8.8.8:53 | departamentosbrelia.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 8.8.8.8:53 | dentaltourismbrazil.com | udp |
| US | 66.29.132.160:443 | www.purewateralliance.com | tcp |
| US | 8.8.8.8:53 | departamentosvianto.com | udp |
| US | 162.241.225.210:443 | davidflylikeaneagle.com | tcp |
| US | 8.8.8.8:53 | www.laurieartetdesign.com | udp |
| US | 66.235.200.146:443 | bluecheckbackground.com | tcp |
| US | 162.241.60.250:443 | departamentosvianto.com | tcp |
| US | 8.8.8.8:53 | www.bagamatilive.com | udp |
| US | 192.185.177.148:443 | dentaltourismbrazil.com | tcp |
| US | 162.241.60.250:443 | departamentosvianto.com | tcp |
| BR | 109.104.155.45:443 | calcinha-absorvente.com | tcp |
| US | 8.8.8.8:53 | desifirangipanipuri.com | udp |
| US | 8.8.8.8:53 | digitaldatacreators.com | udp |
| US | 8.8.8.8:53 | www.digitalnogadamaster.com | udp |
| US | 8.8.8.8:53 | dingwallenterprises.com | udp |
| IN | 69.57.172.2:443 | www.bagamatilive.com | tcp |
| US | 8.8.8.8:53 | discovernattokinase.com | udp |
| US | 188.114.97.2:443 | www.laurieartetdesign.com | tcp |
| US | 66.235.200.112:443 | digitaldatacreators.com | tcp |
| US | 8.8.8.8:53 | donskeynoteconcerts.com | udp |
| US | 162.241.224.200:443 | discovernattokinase.com | tcp |
| US | 162.214.80.31:80 | desifirangipanipuri.com | tcp |
| KR | 183.111.199.225:443 | www.digitalnogadamaster.com | tcp |
| US | 8.8.8.8:53 | economygaragedoortx.com | udp |
| US | 8.8.8.8:53 | drsabirhasanbeyzade.com | udp |
| US | 8.8.8.8:53 | eloraskincaresupply.com | udp |
| US | 162.241.224.200:443 | discovernattokinase.com | tcp |
| US | 8.8.8.8:53 | www.artalandorra.com | udp |
| US | 162.241.226.175:443 | donskeynoteconcerts.com | tcp |
| US | 8.8.8.8:53 | healingrootbodywork.com | udp |
| US | 8.8.8.8:53 | emerginguncertainty.com | udp |
| US | 8.8.8.8:53 | www.healthyskincaretips.com | udp |
| TR | 104.247.162.67:443 | drsabirhasanbeyzade.com | tcp |
| ES | 185.156.219.10:443 | www.artalandorra.com | tcp |
| US | 198.12.12.226:443 | economygaragedoortx.com | tcp |
| CA | 54.39.123.103:443 | eloraskincaresupply.com | tcp |
| US | 198.187.31.59:443 | healingrootbodywork.com | tcp |
| US | 8.8.8.8:53 | primaryhro.com | udp |
| US | 8.8.8.8:53 | toteagency.com | udp |
| US | 172.67.136.111:443 | primaryhro.com | tcp |
| US | 50.87.253.14:80 | emerginguncertainty.com | tcp |
| US | 8.8.8.8:53 | playtimepartytents.com | udp |
| US | 162.254.39.3:443 | www.healthyskincaretips.com | tcp |
| US | 8.8.8.8:53 | trainatptg.com | udp |
| US | 8.8.8.8:53 | tudobetofc.com | udp |
| US | 8.8.8.8:53 | usaexonacc.com | udp |
| US | 162.241.252.164:443 | playtimepartytents.com | tcp |
| US | 162.241.203.145:443 | tudobetofc.com | tcp |
| US | 8.8.8.8:53 | verdeviver.com | udp |
| US | 108.167.140.74:443 | toteagency.com | tcp |
| US | 50.87.253.29:443 | trainatptg.com | tcp |
| US | 8.8.8.8:53 | transpixelstudio.com | udp |
| US | 8.8.8.8:53 | viral-labz.com | udp |
| US | 8.8.8.8:53 | 100qingxiji.com | udp |
| US | 8.8.8.8:53 | vividebold.com | udp |
| US | 8.8.8.8:53 | www.yogaconisa.com | udp |
| US | 173.236.189.9:443 | viral-labz.com | tcp |
| US | 198.54.114.193:443 | w2beginner.com | tcp |
| US | 66.29.146.36:443 | transpixelstudio.com | tcp |
| US | 192.185.129.39:443 | usaexonacc.com | tcp |
| US | 162.241.203.221:443 | verdeviver.com | tcp |
| US | 8.8.8.8:53 | www.actasia2024.com | udp |
| IT | 86.107.32.169:443 | www.yogaconisa.com | tcp |
| US | 162.241.225.30:443 | vividebold.com | tcp |
| US | 8.8.8.8:53 | acvtorremar.com | udp |
| US | 8.8.8.8:53 | afri-ticket.com | udp |
| US | 8.8.8.8:53 | alikosports.com | udp |
| US | 192.185.76.254:443 | www.actasia2024.com | tcp |
| US | 8.8.8.8:53 | dghashimllc.com | udp |
| US | 8.8.8.8:53 | aleezajahan.com | udp |
| ES | 82.194.68.18:443 | acvtorremar.com | tcp |
| US | 8.8.8.8:53 | aliquimedia.com | udp |
| FR | 78.138.45.207:443 | afri-ticket.com | tcp |
| NL | 107.6.173.162:443 | alikosports.com | tcp |
| US | 66.29.146.163:443 | dghashimllc.com | tcp |
| US | 23.21.157.88:443 | aleezajahan.com | tcp |
| US | 50.87.193.51:80 | aliquimedia.com | tcp |
| US | 8.8.8.8:53 | dichvufbvci.com | udp |
| US | 8.8.8.8:53 | 5deducacion.com | udp |
| US | 8.8.8.8:53 | diegofranca.com | udp |
| CN | 211.149.140.179:443 | 100qingxiji.com | tcp |
| NL | 107.6.173.162:443 | alikosports.com | tcp |
| VN | 103.18.6.221:80 | dichvufbvci.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| KR | 183.111.199.225:443 | www.digitalnogadamaster.com | tcp |
| US | 8.8.8.8:53 | digitalbaji.com | udp |
| US | 50.62.221.122:80 | diegofranca.com | tcp |
| US | 8.8.8.8:53 | doujadesign.com | udp |
| US | 192.185.214.109:443 | 5deducacion.com | tcp |
| US | 8.8.8.8:53 | dogsprt4fun.com | udp |
| US | 8.8.8.8:53 | dreammoneyf.com | udp |
| US | 8.8.8.8:53 | dtlaleasing.com | udp |
| US | 8.8.8.8:53 | www.edesign-llc.com | udp |
| US | 8.8.8.8:53 | eddieseddys.com | udp |
| US | 8.8.8.8:53 | www.educ-azione.com | udp |
| US | 8.8.8.8:53 | ekantafarms.com | udp |
| US | 8.8.8.8:53 | empejewelry.com | udp |
| US | 8.8.8.8:53 | educorevisa.com | udp |
| US | 8.8.8.8:53 | emptyset001.com | udp |
| US | 162.241.30.65:443 | dogsprt4fun.com | tcp |
| US | 8.8.8.8:53 | escuelagein.com | udp |
| US | 66.29.146.163:443 | dtlaleasing.com | tcp |
| US | 162.0.215.23:443 | doujadesign.com | tcp |
| IT | 89.46.110.11:443 | www.educ-azione.com | tcp |
| IN | 119.18.49.78:443 | digitalbaji.com | tcp |
| US | 162.241.219.176:443 | eddieseddys.com | tcp |
| US | 162.241.194.32:80 | emptyset001.com | tcp |
| CA | 51.79.19.13:443 | dreammoneyf.com | tcp |
| US | 65.181.111.30:443 | escuelagein.com | tcp |
| US | 50.87.193.51:443 | aliquimedia.com | tcp |
| US | 172.105.128.43:443 | www.edesign-llc.com | tcp |
| IN | 103.21.59.20:443 | educorevisa.com | tcp |
| GB | 213.52.128.70:443 | ekantafarms.com | tcp |
| CA | 23.227.38.65:443 | empejewelry.com | tcp |
| US | 8.8.8.8:53 | ewoldygroup.com | udp |
| US | 8.8.8.8:53 | fabrikyapim.com | udp |
| GB | 185.77.97.72:443 | ewoldygroup.com | tcp |
| US | 8.8.8.8:53 | essenceecho.com | udp |
| US | 8.8.8.8:53 | fresh4rm9ja.com | udp |
| US | 8.8.8.8:53 | fatimaawais.com | udp |
| US | 8.8.8.8:53 | geek-orders.com | udp |
| US | 8.8.8.8:53 | gadgenautas.com | udp |
| US | 8.8.8.8:53 | gehcomarket.com | udp |
| US | 8.8.8.8:53 | filipenutri.com | udp |
| US | 8.8.8.8:53 | sh011.global.temp.domains | udp |
| US | 8.8.8.8:53 | www.viral-labz.com | udp |
| US | 8.8.8.8:53 | genkai-free.com | udp |
| US | 8.8.8.8:53 | giemmemarmi.com | udp |
| NL | 160.153.138.10:443 | geek-orders.com | tcp |
| VN | 103.18.6.221:443 | dichvufbvci.com | tcp |
| US | 8.8.8.8:53 | goodbuying1.com | udp |
| GB | 109.70.148.65:443 | gehcomarket.com | tcp |
| US | 132.148.237.163:443 | fresh4rm9ja.com | tcp |
| US | 74.50.90.234:443 | fatimaawais.com | tcp |
| US | 8.8.8.8:53 | graphixcoco.com | udp |
| US | 50.31.188.73:443 | gadgenautas.com | tcp |
| US | 162.241.2.15:443 | filipenutri.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| JP | 139.162.72.47:443 | essenceecho.com | tcp |
| US | 162.241.224.140:443 | globecorpeg.com | tcp |
| US | 173.236.189.9:443 | www.viral-labz.com | tcp |
| US | 8.8.8.8:53 | gregwebtech.com | udp |
| US | 162.214.80.31:80 | sh011.global.temp.domains | tcp |
| US | 50.6.138.150:443 | goodbuying1.com | tcp |
| US | 8.8.8.8:53 | growthaxiom.com | udp |
| TH | 147.50.231.20:443 | graphixcoco.com | tcp |
| US | 172.105.128.43:443 | www.edesign-llc.com | tcp |
| DE | 178.162.206.251:443 | giemmemarmi.com | tcp |
| US | 162.241.253.57:443 | gregwebtech.com | tcp |
| US | 162.241.253.102:443 | growthaxiom.com | tcp |
| US | 8.8.8.8:53 | grupoavicel.com | udp |
| US | 8.8.8.8:53 | www.hablemosmia.com | udp |
| CA | 15.235.50.116:443 | www.hablemosmia.com | tcp |
| US | 8.8.8.8:53 | icbiguatemi.com | udp |
| US | 162.144.13.161:443 | grupoavicel.com | tcp |
| US | 8.8.8.8:53 | shestrenght.com | udp |
| US | 8.8.8.8:53 | metododorado.com | udp |
| US | 69.49.241.19:443 | icbiguatemi.com | tcp |
| US | 162.241.224.92:443 | shestrenght.com | tcp |
| FR | 154.49.245.83:443 | metododorado.com | tcp |
| US | 8.8.8.8:53 | metadolarusa.com | udp |
| US | 8.8.8.8:53 | migrantbirds.com | udp |
| US | 173.236.164.126:443 | mg0930991601.com | tcp |
| US | 8.8.8.8:53 | milestonesmn.com | udp |
| US | 8.8.8.8:53 | missilespins.com | udp |
| US | 8.8.8.8:53 | mijan-rahman.com | udp |
| US | 8.8.8.8:53 | minimalmiles.com | udp |
| US | 8.8.8.8:53 | mixwelltours.com | udp |
| US | 208.109.226.74:443 | milestonesmn.com | tcp |
| US | 34.198.92.209:80 | metadolarusa.com | tcp |
| TR | 2.56.248.100:443 | migrantbirds.com | tcp |
| US | 74.208.236.66:80 | mixwelltours.com | tcp |
| US | 172.67.140.104:443 | minimalmiles.com | tcp |
| US | 8.8.8.8:53 | mobilbarukia.com | udp |
| US | 8.8.8.8:53 | mobilesstech.com | udp |
| US | 8.8.8.8:53 | www.dtlaleasing.com | udp |
| US | 8.8.8.8:53 | mohsenseyedi.com | udp |
| US | 8.8.8.8:53 | mommyproverb.com | udp |
| US | 8.8.8.8:53 | monsterbrake.com | udp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| ID | 153.92.13.206:443 | mobilbarukia.com | tcp |
| SG | 156.67.222.243:443 | mobilesstech.com | tcp |
| DE | 88.198.100.142:443 | mijan-rahman.com | tcp |
| US | 66.29.146.163:443 | www.dtlaleasing.com | tcp |
| US | 8.8.8.8:53 | montealvoisg.com | udp |
| IR | 45.149.77.239:443 | mohsenseyedi.com | tcp |
| US | 34.198.92.209:443 | metadolarusa.com | tcp |
| DE | 162.55.111.111:443 | monsterbrake.com | tcp |
| US | 173.236.209.143:443 | mommyproverb.com | tcp |
| US | 8.8.8.8:53 | movimientoom.com | udp |
| GB | 185.77.97.169:443 | movimientoom.com | tcp |
| US | 8.8.8.8:53 | musclescopez.com | udp |
| US | 8.8.8.8:53 | moradituning.com | udp |
| US | 8.8.8.8:53 | mybestintern.com | udp |
| US | 8.8.8.8:53 | mpactstudio2.com | udp |
| US | 8.8.8.8:53 | museoptipack.com | udp |
| US | 8.8.8.8:53 | myriamhaidar.com | udp |
| US | 8.8.8.8:53 | mycornerlink.com | udp |
| US | 8.8.8.8:53 | mydnaadvisor.com | udp |
| US | 8.8.8.8:53 | myjabeenshop.com | udp |
| US | 8.8.8.8:53 | mywhitetoner.com | udp |
| US | 8.8.8.8:53 | myequipodusa.com | udp |
| US | 8.8.8.8:53 | nacionalesrd.com | udp |
| FR | 15.236.174.11:443 | musclescopez.com | tcp |
| GB | 23.106.37.87:443 | myjabeenshop.com | tcp |
| US | 74.208.236.123:80 | mywhitetoner.com | tcp |
| US | 104.21.10.77:443 | nacionalesrd.com | tcp |
| US | 92.204.133.229:80 | mpactstudio2.com | tcp |
| US | 154.49.142.173:443 | museoptipack.com | tcp |
| DE | 81.169.174.165:443 | mybestintern.com | tcp |
| DE | 54.37.95.248:443 | mycornerlink.com | tcp |
| US | 162.215.220.68:443 | myriamhaidar.com | tcp |
| US | 67.205.19.142:443 | myequipodusa.com | tcp |
| SG | 167.172.91.202:443 | mydnaadvisor.com | tcp |
| AE | 185.211.57.7:443 | moradituning.com | tcp |
| JP | 139.162.72.47:443 | essenceecho.com | tcp |
| US | 69.60.110.228:80 | montealvoisg.com | tcp |
| US | 8.8.8.8:53 | naufalshabri.com | udp |
| US | 8.8.8.8:53 | nateandelise.com | udp |
| US | 8.8.8.8:53 | naukrisandhi.com | udp |
| US | 8.8.8.8:53 | nclexgateway.com | udp |
| US | 8.8.8.8:53 | netflyagency.com | udp |
| US | 8.8.8.8:53 | neo-bruchsal.com | udp |
| US | 8.8.8.8:53 | newest-korea.com | udp |
| US | 8.8.8.8:53 | nest-s2s-scs.com | udp |
| US | 8.8.8.8:53 | newstamil365.com | udp |
| US | 8.8.8.8:53 | newstalk24x7.com | udp |
| US | 8.8.8.8:53 | www.nessacademie.com | udp |
| US | 8.8.8.8:53 | nimitz.group | udp |
| US | 8.8.8.8:53 | www.ninjaretreat.com | udp |
| US | 8.8.8.8:53 | ningadvanced.com | udp |
| US | 8.8.8.8:53 | niceyunpro88.com | udp |
| US | 8.8.8.8:53 | notaseternas.com | udp |
| US | 69.60.110.228:80 | montealvoisg.com | tcp |
| US | 107.180.3.83:443 | nateandelise.com | tcp |
| US | 188.114.97.2:80 | ningadvanced.com | tcp |
| FR | 109.234.165.178:443 | www.nessacademie.com | tcp |
| SG | 156.67.222.42:443 | naufalshabri.com | tcp |
| US | 172.67.218.66:443 | nclexgateway.com | tcp |
| DE | 3.72.140.173:443 | www.ninjaretreat.com | tcp |
| IN | 89.117.157.159:443 | naukrisandhi.com | tcp |
| DE | 217.160.0.11:443 | neo-bruchsal.com | tcp |
| GB | 154.49.138.143:443 | newstamil365.com | tcp |
| CZ | 46.28.106.189:443 | nimitz.group | tcp |
| FI | 65.108.236.60:443 | netflyagency.com | tcp |
| US | 8.8.8.8:53 | www.mommyproverb.com | udp |
| US | 149.100.151.244:443 | notaseternas.com | tcp |
| SG | 18.139.4.158:443 | newest-korea.com | tcp |
| RO | 185.198.59.26:443 | nest-s2s-scs.com | tcp |
| IN | 154.41.233.177:443 | newstalk24x7.com | tcp |
| KR | 183.111.183.82:80 | niceyunpro88.com | tcp |
| US | 8.8.8.8:53 | megashayari.com | udp |
| US | 8.8.8.8:53 | www.merrynsmoor.com | udp |
| US | 173.236.209.143:443 | www.mommyproverb.com | tcp |
| US | 8.8.8.8:53 | miliongames.com | udp |
| US | 8.8.8.8:53 | mindful-bee.com | udp |
| US | 8.8.8.8:53 | mercaideacr.com | udp |
| US | 8.8.8.8:53 | mevzukripto.com | udp |
| US | 8.8.8.8:53 | mithosnacks.com | udp |
| US | 8.8.8.8:53 | monsitebyme.com | udp |
| US | 8.8.8.8:53 | milvariados.com | udp |
| US | 8.8.8.8:53 | minnuolaser.com | udp |
| US | 8.8.8.8:53 | mommys-girl.com | udp |
| US | 8.8.8.8:53 | motobook-it.com | udp |
| NL | 212.107.17.196:443 | mevzukripto.com | tcp |
| US | 172.67.170.64:443 | miliongames.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| US | 198.12.223.190:443 | mercaideacr.com | tcp |
| BR | 154.49.247.244:443 | milvariados.com | tcp |
| US | 188.114.97.2:443 | motobook-it.com | tcp |
| US | 173.236.194.139:443 | www.merrynsmoor.com | tcp |
| FR | 193.203.239.65:443 | monsitebyme.com | tcp |
| US | 162.241.219.176:443 | eddieseddys.com | tcp |
| IN | 154.41.233.102:443 | mindful-bee.com | tcp |
| IN | 195.35.47.183:443 | mithosnacks.com | tcp |
| US | 188.114.97.2:443 | motobook-it.com | tcp |
| US | 47.253.86.109:443 | minnuolaser.com | tcp |
| US | 188.114.97.2:443 | motobook-it.com | tcp |
| US | 8.8.8.8:53 | moviehd2fin.com | udp |
| US | 8.8.8.8:53 | mynewsdelhi.com | udp |
| US | 8.8.8.8:53 | natecanhelp.com | udp |
| US | 8.8.8.8:53 | www.namoosystem.com | udp |
| US | 8.8.8.8:53 | nativasanus.com | udp |
| US | 188.114.96.2:80 | moviehd2fin.com | tcp |
| IN | 89.117.157.30:443 | mynewsdelhi.com | tcp |
| US | 8.8.8.8:53 | neconglobal.com | udp |
| BR | 185.211.7.75:443 | nativasanus.com | tcp |
| US | 173.236.195.242:443 | natecanhelp.com | tcp |
| US | 8.8.8.8:53 | neum-laguna.com | udp |
Files
memory/2128-0-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-1-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-6-0x000007FEFD7E0000-0x000007FEFD84C000-memory.dmp
memory/2128-7-0x000007FEFD7E0000-0x000007FEFD84C000-memory.dmp
memory/2128-8-0x000007FEFD7E0000-0x000007FEFD84C000-memory.dmp
memory/2128-10-0x000007FE80010000-0x000007FE80011000-memory.dmp
memory/2128-9-0x00000000776A0000-0x0000000077849000-memory.dmp
memory/2128-11-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2128-12-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-13-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-14-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-15-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-16-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-17-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-18-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-19-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-20-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-28-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-29-0x000007FEFD7E0000-0x000007FEFD84C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabBDA6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarBDD8.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
memory/2128-64-0x000000013FA40000-0x000000014048D000-memory.dmp
memory/2128-65-0x000007FEFD7E0000-0x000007FEFD84C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe
| MD5 | 9221094b91557445685029541d99a73a |
| SHA1 | 8468fc25f94f07c94600a9ec3491cae9f8a408e9 |
| SHA256 | 21caafc45d7930b8e05e148d55570e538bf0cd5306f6212d82e2be6cd066cc62 |
| SHA512 | 17280d3c4e13ea22625f6052af9dc34a61d2745c4e1a294db36cf49edd5ab3b09a6544ddb07392d304ef4a1df4384e169be8810f44f3f4b568033a49df159518 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2131c53d12867e2e2bb4624f8f38d229 |
| SHA1 | 3dcd767fb5dac468780eb4acd5648ae55a7e491e |
| SHA256 | aadb3924aa4a0e7b9acef341ed8cbc4a0fc90c6224145c9ce06dbdd4203d40e0 |
| SHA512 | 02695e623e774c86ea8c64de7eba4d621898add90e2ff65dab1127f19054b67864a9f07c9798d1e440d3ad49e04ac2c29932571d4928996e0d94db145a995449 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fba446d0bdd31106197b4633608ea61 |
| SHA1 | 5eb8e18d3d95c79dae472be9b9670d47671b9609 |
| SHA256 | 4cba19022158f2f38b3ece3b734d94d700f1baaaecf7f5914dc5eaaff73d1dcf |
| SHA512 | 28ace32b942a6c5fb229e8a2b7465f6a6ab5c381ab3895b8c1a94e4bafba427b6295969ab0ce2cf7cff3fa2c541156ce309f3e6da49f5443109f849742e0935a |
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
| MD5 | 3e836f64b754bbb4cfc4f20a6102d420 |
| SHA1 | 176a7c99cb714dfc6632726cdcce13d82c34078f |
| SHA256 | 5fcd44530c794ae052516beea1793eb198383876c6ec05e0934bb67dce549e30 |
| SHA512 | 16e60a0fe1134ead90a3896520c2bd2077befbfd5306c3a93d28b1c879c4c2a7df0d04dbd768a7a9bd33c02e99d08219e24984ad716734f7f0300fefb178ac4b |
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
| MD5 | 2e2e147e0e2895da40eeac990d58df25 |
| SHA1 | 1330a46beb61ab2f4440ef60eb0b5dfabb86d6a9 |
| SHA256 | 7f07e268cef0bf618b7f56c72b7e5b536ff7c37f580d6f93670532a7c3df186c |
| SHA512 | 46f3b9c02f8eabc5a2ceae5af278f9964585aa962f6288d8b683b25a60c4bf51b680c918eaf6b75d13b92ecc6e8da787c914f472b8b0dc179ffd01da66281ea5 |
C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe
| MD5 | 1ea0009f74cbfed9763433700c71006b |
| SHA1 | 2a446d6fea7c54a72df3553256dd753081ec3457 |
| SHA256 | 65cb1221dd6b24db8102d8ae218e4b98a1779954a9cf9224586cf73373d389b2 |
| SHA512 | cd6866cc2ec1937415f3e963ef8d3c76cabb77c714c5a0cbac6d75f5320e8f6f82ca4f6a05a1e93b2bacec7f59ce3d681b30c9155c6c5e50524be1b95b03bf30 |
memory/2128-194-0x00000000776A0000-0x0000000077849000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe
| MD5 | d06965e803f3bfc7fd6e91f1925ab266 |
| SHA1 | 8346357e4e20d5718d3c90caa50af1b4617758d2 |
| SHA256 | c377b4a4afa9b0a0dc0c06d1d9fd0ce2be2a87b4a088f7c08d17aa0abf3a947e |
| SHA512 | 9993e612d5a672fc2078362f6bdb55f11530a03749f33d5b6d3d64b6686a21a832e61fcfcc3f0e112e8ce826e472a16ee95df9b5dd02393f4ec3add3ac29e399 |
C:\Users\Admin\Documents\GuardFox\6e3wkNi96ZC51gzRyvUXvSEa.exe
| MD5 | 986ccd4c8b2686a84219b37eb940807c |
| SHA1 | 7782d7ba1f8b7e98fdb625fd9143b9df7b6c0bb9 |
| SHA256 | 3c384c46b050af0d75ac6c85ea0d038075b27900dd5bc8da737286f131224a80 |
| SHA512 | b61330247587443a8a690caeca66d7109a621e09fafcd622ce1f20b41a903b9ea1cf69c9f8dc50206f91b49386d60f77f63ed0c416df7df6b1970fe8dcab028b |
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | 01bc8d15efa106ed7d9561e5a8a2e68f |
| SHA1 | 221a7f359a58ae4f540666edccc3385c4a442465 |
| SHA256 | 35bbf71a177c290d59bd59544c100cfd9af4cfca2101bca2ed587038a781b674 |
| SHA512 | b0cd6ed23bc9e9f09bad739c1647b976c6eec9f7f9bf509e75eafac56f80ea21bc9e1783ebdfdc6ad83a93645e60389d299146c8675e15501c62ccc6b9651716 |
memory/2128-242-0x000000013FA40000-0x000000014048D000-memory.dmp
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | d262f3334317395bc6984e1e69ef0f4c |
| SHA1 | fc0c7d6f64e63517836470460b94690f58740053 |
| SHA256 | d9623ef39550204a10e61b5e46b0537ee8643b5ff9130c8f345e948dc67cce86 |
| SHA512 | ad00278714ac03ca7e5d7be06b2c85af9a52c81ab5d04a5e52ecebba14ec03891f1417417aa94d103acb9f9c02fafbc82fda1b8f2386ecf2f9eae066804f2ddc |
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
| MD5 | caf476f216e52e220c96e5a4ecff7b05 |
| SHA1 | 31352cfe9ae9f01865a7dc54689776b789a23ba2 |
| SHA256 | d834196d35169f27a5a29d77bfa475bb1885e8ce78add3f7f2db563e056d5d2f |
| SHA512 | e489ae37440eba96242134223c9a69929991232d1386f06988b5fef6ecec004a5fb74c1b59a5703ada8967ecd2de35bcb20469930eb412709ec2fdad9a46eb1c |
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | c7d502eb19e3674a65207a1094fd7a23 |
| SHA1 | 098993a2324ac7533ae081fb0768d936d46eeab7 |
| SHA256 | 561125b093355b6193329219390c3ff546f49dab70ba99c5b487b6f12d0aa72a |
| SHA512 | 783a4a9d6a02ccb838d48491a67b358c1d7d45e1faccf377b3e9fef6cc0784d6a86bf1daf186322ca8edef0ab811702c382a28bc1cb981c326e6982e9d58450d |
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Documents\GuardFox\l2_CGlMH7JwfqPDXn_cA98Rd.exe
| MD5 | f7c9eb992f39d7324b5317123cf67bbd |
| SHA1 | 0e556437c74c557e412ff73c11e20e268dbf7f30 |
| SHA256 | 472d28a6375bb523b7a72aa1dd8d3b20b0f927c1f35bbd4f3bbe77982ebc2bf8 |
| SHA512 | 11bd8e4d5a6b3d431538c1206bf864d9d242078335165fb0a535c2915901a0bf1aeef825c30be5033460fe7acdaafd54931c64817c6cf4c359508ef262e24cca |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | 2aee0a92d8d68860984c0f194980d79b |
| SHA1 | 609250fa7478c262cdaa5b48c737d06f2ced3c60 |
| SHA256 | fd33e218ee3b667b8cd1a57b6a2c40dd45310d6de9b60f12ca5b107f11328a4d |
| SHA512 | 879f4f96555d4aa4d9bf48f43b674c5f264826b7769e7b3438c0885c650242ef175edf1d62a58ca75d5ebaacfae8f6fd3f141d5ec67d4ce16efdb2cbf500e366 |
C:\Users\Admin\Documents\GuardFox\tyYrjDwdOStEpeugLtQYmkUx.exe
| MD5 | 4a11d5bedcbb58045347754370bc0559 |
| SHA1 | b1d8ebeda0f4ee4481ee2ff395d5ed3cf9219519 |
| SHA256 | 2d003d49dc604b0de3e6b19da2b52890ba784b257b786214fbe0064a11571910 |
| SHA512 | 907c5f6ff9c6525a440ea047285522201a4911cc59ab816f8f95c212e0937595f6124c9ddc3ae960c53f687cef9165955c992011bcd737978cfa77306737147a |
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
| MD5 | b4e56e473f8fbd9e07df69d870b502a9 |
| SHA1 | c2c9cbf53a4c810f078d0fbf045d3c17d7e66631 |
| SHA256 | 1da698667d5b1470b20a2b8cef58f38ad982fbfb063d62e0789eec861e009722 |
| SHA512 | f2e62eff67c01dd07db3123f2bf2643ddd52f6cac8e69f7267b852753378d588277ac2a8d1d028f2a1d87a7fc38634927d8e92f7095e75b4ff7c2f3ca840e5ce |
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | 8e19920a12bba85b578cbff490b4febf |
| SHA1 | 7ab6552c80990c5623169790de998f6942654854 |
| SHA256 | 48783f55ddd818a2571348b1de4225bf98f6bac3b1f9cc594763cf580432ef95 |
| SHA512 | 7b80dc25a56623f4d35dbebc4633a3ddb323c8163d07469b3caff8a72bf392818ec318e5412c077c9e6ee977720e6fa901373be86ff9d355543cf79a37fd4243 |
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
| MD5 | 1e08a53974fad84a8d48ff83df815497 |
| SHA1 | 2848ba2b873b38a3eadd71bc7718906ae63e84a8 |
| SHA256 | acb180f3e117197da1a3d6efff32d5399bdb3b23f5131b28b734338f739fc9cc |
| SHA512 | f79d4da043166b3df2d1be52dfb2842381064bf6e8bb63bc653c288d606e648ec85d569a60526c7ac87e959f581cfb7dfe38d6b9495af16299aaf3108c7f89af |
C:\Users\Admin\Documents\GuardFox\rRrc04Xdcp5_Y9B4gJcAPSTJ.exe
| MD5 | a5e0c536a0d2962923c1209d03a9d859 |
| SHA1 | 3834511b5f91c49a8cf25f3c0afa753232199462 |
| SHA256 | 12b7e196093520fc472de9abe7118629de065cffe98f0c5e0befbd4daf64d228 |
| SHA512 | 7b715c5431d06a21622d35f96efeff5b114e2f920d5b14671310ae2202308eb93e0b366aa4bc11b44cea903d0ee0b5f481df7a229da464aeb08fd70edfdad5d6 |
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | 93ab76b1c231c9f53f82c65a0b375346 |
| SHA1 | 7ce15b74689e060250b0fcccfa537b7f17a39cec |
| SHA256 | 036396ce4640aeed704982d78066ba7681921b319dfe6d221ef8ffdca99aea24 |
| SHA512 | 872f4b46e2a661c2a6c36d7ca31e5833255131f9b8a59cc76610a500e5fac312bb70bbe9dd5403f708e47347c911311b3fc63abe49c5082056ade232b5a7ffdf |
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | 6f0e5ad311936054a33eb7287c594521 |
| SHA1 | c973d47705660081bcbce5a99832c5f035168776 |
| SHA256 | 54ee98582d3733d200040666a41685a51467de8ed0f6e06bd076fb94ee7ec1a9 |
| SHA512 | a00a696feee34b30eaa3dc88878d649ea824d82abf67fbcfd058a2942d52a0092f750e3a41abc303b8b04a33b05a34b528be4e9827a272a40067e66ba8fa367d |
C:\Users\Admin\Documents\GuardFox\KvABBpZd9vVU2h04a8TpLjgv.exe
| MD5 | 3c121af8ab6b47d512d5e18cf97e48e1 |
| SHA1 | f5924d7f2438331ff28eb2598363ac04cefc7232 |
| SHA256 | 3b035a046f38337eeebea1245ab28e2a42c53aadbf86fa8f75535dea0cfc3852 |
| SHA512 | 1d9503edff444920d93dcadc301879749103ad713cc1d6fc0824bc2aca4d852d0a01296d12ab42faf51c989bb9c858095c2535d4145011bd4e8b18b194a899bd |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | 0617bdbc9c8bf521908248e515474603 |
| SHA1 | b6e70b43e28b8be458bc0886ec2936d96815ec60 |
| SHA256 | 22bae2bc455a84d9bcae1c9953418b066bd040ac67d859006154233c7816dfe9 |
| SHA512 | b9cc2a460f3447dfd3908977c2ced78813a87c5922ef7a0dff2bfd167636715a0ccad6241ef5154483b0f26be4ed9ae2655d017abf44aa49697568b8731bd33f |
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | aa96be1a4f143a02503022ce904d1a1b |
| SHA1 | 8517eeae9e1a46861fffa46e5a2d932f5e736580 |
| SHA256 | 41bfaa6c8d37233b5f5f1e7df85fcc066a602cfc8302a4307857c20ba7c3b2ba |
| SHA512 | 5641a18803580ead2ac08b0488c055b07b3adad4aa441f462981e1eecdb4dd664623c8baa0b4c22b5a4de328d5ba1a9d7e4c7b60199cf4bb06877dbd6136b880 |
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | a1ca523dba918f1731cc55903bc76250 |
| SHA1 | 71e987c29413b91d07b96d8e25b15940066dc330 |
| SHA256 | 2fa7ec2a7fb4c88ac733ccbba98a5dceb4cdd9cedab0eb16c395766c17206d6e |
| SHA512 | 5018b11b4eba84cacee6902238b17ba30c71c74e07c6d183e434f9cbfba638a983d0d9e8e2179b2d90db0e4dc257e33fc539316ed8e923e7ecc890d9e8647ddb |
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
| MD5 | 09a59b5d01a387ac27bb8bd609480c86 |
| SHA1 | b0eb85e9bafba0db950bca625313784213a197dd |
| SHA256 | cb322b41ab538d52ecde4a673a542fce762e2bfea260d03032ca3c05f164cd5a |
| SHA512 | 94e9a14a64230d8253a7b65b3d9af8cb548d9dd68718cd23dc25bebf5f9fa4902f835755f7af1a05e1b046f1633b95a123f36285d435bbd5410a4b1be89d8cee |
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | 69c4507813afb28c73db78a7934fc7ea |
| SHA1 | 6db1d2b637315f94ddb39c3f2a66547110e04677 |
| SHA256 | 571767c684ac3d68d35c3fc455623377b507bb9c08f49575f47046b59476221b |
| SHA512 | 8c0b1c9eb9789a9fe7d3f5f15e8d1b300188c42c27bd9998c02baefd2517b27db8b1eec79ffba2bd82f023299ec9de02ec3601e93e9cb0556b7082cf55207383 |
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
| MD5 | fd38e198f526da3cb1d5687746d0dc9f |
| SHA1 | 6652eea3f8b4927e3038a21ffed7aae8d7c8ff80 |
| SHA256 | 18160632ff9727197262ead9b197bbd34cde8db709a4c90d047a248570786fdd |
| SHA512 | 2f222a4ab283db280054846ae00c0d37ccfece66cc8e05720fe8d89672334223b4bb900e6908018cf7eff0eaf7c73c9fe0c8498a0e349f2491d2e8b0d5a26329 |
memory/1628-430-0x000000013FF10000-0x00000001401F1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | 46e541bd63b8a6204f74dd47dcb583d5 |
| SHA1 | 019a6f4f7cee65ae498d17aad19f3b7d4f277975 |
| SHA256 | 7d5806e8270601b512679d865c40f5add1cecaa676238af865af73018d6badf0 |
| SHA512 | 95db24705412980bfb0743d13c56f45c7acd5a61c3f38774f34422ea098131024e7babcc124049b9bfb7ac12bd19c1cf0a4fa9ee44b1929e31a3031261cb1ae8 |
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
| MD5 | 595e0c498689df762e7427da54a58291 |
| SHA1 | 5067fe8e3e00c91f28337f4a4ea791fdccd9cdf3 |
| SHA256 | 11269cdbecf4243bfa5ea2e05795d7c229f501804f3484426c2a2941e221b6a9 |
| SHA512 | 95d6e56c4ab1d95f2dadeb66c2afa86a39f48287b377a269b9c7f84a75088fa3e6d45b9e11936ad5686c248408e32edb6a53f8b1a65c3dc0bb66266a478d3db9 |
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
| MD5 | a4895fa71f93869f8b346b4fda9777db |
| SHA1 | da4fbe81bfb301cce156e806a3deca4f3e63f928 |
| SHA256 | 3f0bfe3f4fe2280c84ff32e9f216d98291d794ad08d3590d0b7e11ab33a4f048 |
| SHA512 | 3805dfdc3c00cca20ae02f4a182732f9ddb9b6c5a15367cea1857808f7c0065baf7de6fb4ea47d6a182ffdc78c188a75e487ccae6facbcf8ddffc666b8e2a665 |
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | 3aa6edc8d6d01f84f0469e2cbc714ba8 |
| SHA1 | f2414b138e53b35f1d136f23d9cdb107c297c347 |
| SHA256 | 8be4febedabd1a2919d8b34b991c15290ad2ce0525b33e1b96f4ca5be550d41e |
| SHA512 | 8ba9c4dc53ce7d14b45014fb6610e524eca6e7e83b24660b4e7c60046f0b9476f030e244dec6731e02801b3b11cdcf2c20e81c7d59ce5846eaa0fc18b4d4d451 |
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
| MD5 | ca75dda7fb070cf3ff0cdb2f8cf71633 |
| SHA1 | 1282c6bdaef39f38abc2aa964b9be52842a6a408 |
| SHA256 | f4b2fd66f0a9dec7032a8efc300b2ff9831b3463df506df064b27ebe2723cfcc |
| SHA512 | 5be49c4dc9d4c2304bb7ea9476c7a5d7b84965b9b0588e3a058a10c928d89af9c4c9d9f16f930d5e12ed80403b6b3fd604523ff9fd7158abc4e15e2b58092685 |
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | 2d49d6b946e8ab5b10bf69838960d0d8 |
| SHA1 | c005db501ef94784df710a48d75c1f3f237c9f60 |
| SHA256 | 2e2ba71e3b46e924a67fb14c947e387bbaeb5d5acec62809af871d215674c880 |
| SHA512 | ebec4f27e57ae4aecd13e8797e6f58a54ff37260494d92fd6be269e2acad6bd2da7d7177dd4884ac095f023c0e23c7fb2c1a48ec3aab04f03f36a8b470fae6cc |
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | af1cb28a942e6c6cae33b389fa102814 |
| SHA1 | 32120e721d54b0eb71b08387a91efcda07f316d1 |
| SHA256 | debd246fcef858cfd981de101fcfda058c4f87b904ae31fcfd8d0795f2b52195 |
| SHA512 | 21b398cb305a4397978d74a76ceee7ef3f2605ca4ed5f0e82d7c9348b9baadd43720669df845a0ae05fa1241eae117af347f296c0a045b3d54f014fd9b53092c |
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
| MD5 | b4c66639a735d822357993836b322ba4 |
| SHA1 | 47b20d0194c5b3e1f4ed83e6f9bf14308ccb40a3 |
| SHA256 | 8be7d4e145eeb413b224629ee6f3b59a2d5f8d0838810be9cd33f164c2558e8f |
| SHA512 | 1d6b272bd84719e0afb02b4cd01aa4d0fe38cf0f25f777654a6c90bfa0b63d86190df6f3d3408970d4356a3ad5594c886ec78cf0d06d209794872f4bf350c667 |
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | 14851bc6bcf8a9dbf710d381ef1585bf |
| SHA1 | 63aeade57a98d0f0bf630e629650426e48c570d1 |
| SHA256 | ef211bcbd040d11a46bcb43840a120187ecf30a79d8d19fecdc8979046c7ffb2 |
| SHA512 | f9b3f93e3617d761a9d42be773088f3d85727ea6e37b17336e7401d936fab57b59dd1a5409bfb27f75bc7557a4d0a7314c2785b8e1171fd0886837429a0a135e |
memory/268-454-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-455-0x0000000075F00000-0x0000000075F47000-memory.dmp
memory/268-456-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-457-0x0000000075C90000-0x0000000075DA0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | f83f0a7053d8d2f36b29c8aa3dd12864 |
| SHA1 | 8b99a86b1242ed7ff7131f26d4c48be4080f7b79 |
| SHA256 | db24d83380abaf9279621d79b6ef6a4e04b60c133cc2afcb90b4e5c015d58aa3 |
| SHA512 | abdacf8304724c0eee537d9221366fe482b360d206376da8d4a610a6a994955dada82229fdcdbe286ec6d74e4ff0975c897d7c421941d27e9ef867ba2b81bdbe |
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
| MD5 | 1e1bf474f533b03cefc70a9a26ce8d22 |
| SHA1 | 9ad07b1a6290c114bdc7f23eb6cbf5008704ca37 |
| SHA256 | 10e76f15404276cfb5977268db796e5af1f70bfbae7681f5ffe5291624913222 |
| SHA512 | 1f50f884ff6b4e7c7837641ba96781ff75299397be18ca64915cd8c8493360d5648f64e6afb58df0e6d18d1642fb9e528210bf4680b408c3bb592e6f521ca8a2 |
memory/1340-458-0x0000000000E50000-0x0000000001E03000-memory.dmp
memory/268-459-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-460-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-461-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-462-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-463-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-464-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-465-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-468-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-469-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-470-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-471-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-472-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-473-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-474-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-475-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/268-476-0x0000000077890000-0x0000000077892000-memory.dmp
memory/268-478-0x0000000000CD0000-0x00000000014A6000-memory.dmp
memory/268-479-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/2128-477-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/268-467-0x0000000075C90000-0x0000000075DA0000-memory.dmp
memory/524-481-0x0000000000950000-0x00000000009E2000-memory.dmp
memory/1420-484-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2128-483-0x000000013FA40000-0x000000014048D000-memory.dmp
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
| MD5 | b36f1b251b3bb9bf1c2c9a41fd0e2d80 |
| SHA1 | d255eba16d37def35b7ea96533e30f5100767ab8 |
| SHA256 | 1612ae860e8906234f2b4fc1fd96aedecb95f73e3d3d0c41e084e9585c6fc2f5 |
| SHA512 | 8b873ab8b0c3994ace2833637f6eeecd2ee2b2254d472c9c20def1e23fc4abae6d232ca77b73b4a48e3ed42d595309610cbd587c6e81eab7b928a0cb2a4a5f5c |
memory/1108-488-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/1108-482-0x00000000001B0000-0x00000000001B1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | f774016e27447b181c3208922d08fec3 |
| SHA1 | c5f82ab4564749d772c42779c54fdcaf476c5907 |
| SHA256 | 8be03bb0067904438847bd7eea641af0e6269f23a70c88ed2bbea43bcce7b980 |
| SHA512 | 00a00d3569f4d9bbbd697c8f1fb0a91db81a5cda329eda9ec18abf7a14bc14f88b2537241a500a7f23fe52fd9b3590aa4756c13e8f5f65a00f66944d4ae5f82b |
memory/268-466-0x0000000075C90000-0x0000000075DA0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 670476d91679ca19cd0046492af8423d |
| SHA1 | a925567e322844af34f7b1feb6b5057959fba332 |
| SHA256 | 6325934ccd90fdd3fe637e51bc0239225439a746dafe84969b2b2692fa1a5d2d |
| SHA512 | e941affc50f412bd751a33e4789f0e3a9f684fb1866744b3624ae9612e4206dd85d0dceecf549c1b4860f34b18fea13b9235654146a180f5bf5181d2368b0eee |
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
| MD5 | b6f2813d8654c0c5ef146c58151d74bb |
| SHA1 | d61806d8e255ffcebc725d39f8079f56e267ebd6 |
| SHA256 | 7d20a76e07daa79d6d09daefea54498b976da8c6a120395668656abbca8e8976 |
| SHA512 | 38894204b0618c3abb4ce11bbca871e0d0134b55ce64c77afd3e50c2cd54b942b5873daaffe4e1937bcbf4438ca85b6ec236f2305f33c44fe6af24f09f668a79 |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | 476b671c7776ca29d4da55995c2ba03e |
| SHA1 | d693dc2752d80feac70b96305c447c0002fe6071 |
| SHA256 | 49299715cfcd6782ab35680d10f9c7bf3a3a486f7ad038bb1830fce06d584b9d |
| SHA512 | 0f9ce6d95d2207e7abdb64f939a87e4a60b38615a689906e0b025a45fe625c557d40f317fc50d6ffdbbcca32a36c1d9ae8c6a9e862cc8a1a25ef6212815c0f1a |
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | 8af1c91dc9becbf8ea4a58c36efea460 |
| SHA1 | c9a42e0a9cf6915e12dc10d17ae018c441b76e2a |
| SHA256 | 86bb0238e142c0e87734979efa68db0043b1f424916bda3c83332a6ddf6f8b68 |
| SHA512 | 14aa51fda2716b8683b621342c5af410e738f44fad87b49cf378c5ebf5b3155d1b9eeb41182dd35ca2caf56f5869a5b4dacaf07dfe13aba3535e08b7a5c1a423 |
\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | ce92a37036750d665945a58cabab28dd |
| SHA1 | 2fb2656b97119b3f1dbce9ae98fadab70def64f5 |
| SHA256 | cccb85e7c4eb137a11f98560c56bd91950d256b147bd142187e72d4c63630433 |
| SHA512 | d2c87f9fae4852bdf918c05e0c84163a5e4a94c851d0aa0d86375e57a870b21b33887b2d66ee0c9873fb55a6decc7844bf8b083bd9a6557a96d7eb622fce904d |
\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | 7fe742c5ba2df1b7f2552791eb46332b |
| SHA1 | 5918c22f41eeecebcd140c52b2dd9929d26e9787 |
| SHA256 | 6ad6860c0499a59908fee620c310069143e02c5c0537fa95186b060eebe78cde |
| SHA512 | 202ddd1f66bd405d58a739751d4e6ae69c691742d1edb35728bf7b8e66be421ce2a9739fbdf7e6419c99b7cd7c5d1fc4a3cc73ff6b91289eed5b22d48de2cc8f |
memory/1916-396-0x00000000FF1B0000-0x00000000FF202000-memory.dmp
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 6cdb6ed2695692bf4f037e099f71049e |
| SHA1 | 96bc1be0e1b17ed54f04d3fed9937bb9fd2296d3 |
| SHA256 | 63b0ac3ab9e427d19daa1f2eaac1e106fe65773c81af06045a91d497855905cb |
| SHA512 | 5ecbbaddb5162945213b72d9bada859533de36389233a4c1014f95056323205539774b65165896f888de87ed0cb93a9320f904946434da92996f3103ccb654cf |
\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | 46521f3194afffe59d5d68c5ce1d8c7b |
| SHA1 | 034129d174ac1542b5b65500900b4f5cbc89518c |
| SHA256 | da15ec90e8b49a833ad40236ea2d0e17c2610c534e070b03f4b5b30a45f7aec8 |
| SHA512 | a0b530369d6b100d21ef1194477ac778ee963280d5988e815d337177facbf7644af03b374bd42330e0cf23437e0563afe09acfb60f7d12affac98ecf64ec729c |
memory/1420-492-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | 449e8deb8d1fee0ee62c150a5114fa10 |
| SHA1 | d9c3523cbabcdb3488ac00391be3c711dac28dbb |
| SHA256 | ae180bef8faeeaa2db88ec7623ff921bdd9dcf81b28247f5ecd15a7a0de92869 |
| SHA512 | 7ea36215b8d6e1c04f08a67f9a253627ef01d2a3959fd98f74861786d726944f74c6849277a7fd2945863d7bcc0ff1ba9df435a216d9787138ae72acda8a112a |
\Users\Admin\AppData\Local\Temp\is-NAR7J.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp
| MD5 | 49f900ca938307872620ad0c6681aca8 |
| SHA1 | ac7e9fede6cf5e91e3ec86cdff2d6c98a35da4e4 |
| SHA256 | 93cc4c5d5bf88f5a1d671731af7b26dab052c594df8ca5f4739264f1c1fff0f1 |
| SHA512 | 03d17fa8c5e5a88470121321962da923695ef4b476b6687e8c07bc743b23ba71ade576ba3d7452f830e5dee9544c8e5ee73401a55ed9013205721f07c27a8b4c |
memory/2364-495-0x0000000077850000-0x0000000077852000-memory.dmp
memory/1108-498-0x00000000001B0000-0x00000000001B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NAR7J.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp
| MD5 | 6632b81226f906db4b8a487d7d1695db |
| SHA1 | 7469c537a1298da600103431e0ae494b42e3f1e8 |
| SHA256 | f496c1a7f5ffc2baa689c8e55268b64a6c116537b8d1e5d4348d86d0a71f84fa |
| SHA512 | d707116eba83b06b3080f220023a9af86e5887bdb7efb78e510bad3fc9865e24fff735919e406320ca859af3605b51143f3f10c0d3dc9c56a918875accb84a4d |
memory/2364-499-0x0000000077850000-0x0000000077852000-memory.dmp
memory/2572-377-0x0000000000310000-0x00000000007F3000-memory.dmp
memory/1108-503-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/1340-504-0x0000000000E50000-0x0000000001E03000-memory.dmp
memory/2364-506-0x0000000077850000-0x0000000077852000-memory.dmp
memory/2364-507-0x0000000140000000-0x0000000140876000-memory.dmp
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | 153863c445462e8a581f81bc553a606f |
| SHA1 | 21fbee5f5d39ec70134d40afe7667f944ae5f9a7 |
| SHA256 | afd21904a0d39fbf1c5537c38a3b04b37c3334e5c3cca4a6e454f737f3720d0f |
| SHA512 | 9ec2b35fa2d64720eec38b1861142cd302c9307179d0c941d2e2b49aa271c0d4db8c12561bf98230f25ca23d0f2253433ab81502b3af556d118edb5bc8cf8171 |
memory/624-514-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NAR7J.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp
| MD5 | 8ac801e857369f52aa61b604f9726f53 |
| SHA1 | 79bd3e7a2477a27a0328d4861fc22b3b125df3c5 |
| SHA256 | 3033699d7ddac6f00f6b7faa3ea0f6e7812f1e7bffcc357ae04cede4f39da200 |
| SHA512 | 63722de52463646d584e04df43d7a8f2e6caeb416e6ae3908ad6ad4a2899849b3302b6d0b73084c6156c3419623cd11d406cad61f4178633bd92a0367f1f1a0c |
\Users\Admin\AppData\Local\Temp\is-UBN1Q.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-UBN1Q.tmp\_isetup\_isdecmp.dll
| MD5 | b6f11a0ab7715f570f45900a1fe84732 |
| SHA1 | 77b1201e535445af5ea94c1b03c0a1c34d67a77b |
| SHA256 | e47dd306a9854599f02bc1b07ca6dfbd5220f8a1352faa9616d1a327de0bbf67 |
| SHA512 | 78a757e67d21eb7cc95954df15e3eeff56113d6b40fb73f0c5f53304265cc52c79125d6f1b3655b64f9a411711b5b70f746080d708d7c222f4e65bad64b1b771 |
\Users\Admin\AppData\Local\Temp\is-UBN1Q.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/1196-535-0x0000000000FD0000-0x0000000001052000-memory.dmp
memory/2684-533-0x0000000000400000-0x000000000043D000-memory.dmp
memory/296-556-0x0000000001130000-0x0000000001602000-memory.dmp
memory/1640-555-0x0000000000180000-0x0000000000181000-memory.dmp
memory/624-554-0x0000000000400000-0x0000000000537000-memory.dmp
memory/268-557-0x0000000000CD0000-0x00000000014A6000-memory.dmp
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | 1f0a04216f4289faa589e0e75cdf0efd |
| SHA1 | c36450211115347efbdd5073ad1713297459a8a8 |
| SHA256 | 70f158950f206a247fbe55c490e4673636a09be48357c7c33f0d3f2bca4a37ea |
| SHA512 | b566f5fcffdcf20ce60cc9680c2e33538ec2fb9781b507ee51bb5d5a412c386c364f6776da05060375b429b1198f94656b4a9d33a8c2edabd1bad579780d3787 |
memory/2684-562-0x0000000000293000-0x00000000002A1000-memory.dmp
memory/524-563-0x0000000000950000-0x00000000009E2000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6f49126ac68b1585c2fc21105eb2b38 |
| SHA1 | c1c8024e3e18b2782dfff5e1ce2d44b6c4a460bb |
| SHA256 | a3de3a79bf240e6bfdf1b5f056eb39f02891efb43b2734543cd4358f46536845 |
| SHA512 | 41f36028ce53d886787edc1ea4ab77ea78c4190082cddfe15de3e6912b9986f4f0d2f097415f8a0e74dc064aff41ce9a67685359c000f2d693cbdf84dc9e5558 |
memory/1880-585-0x00000000051C0000-0x0000000005410000-memory.dmp
memory/1108-587-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/524-588-0x0000000002250000-0x000000000236B000-memory.dmp
memory/2684-586-0x00000000001B0000-0x00000000001BB000-memory.dmp
\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | 28fb71b5b8694c5486687df12798db7b |
| SHA1 | bc1f010477f92447a522de84bae6dcdd4cee9d93 |
| SHA256 | d8cc8e054f07204b08ef7d2b0d7e1545c7da58d889e8746cd4df1f7beacb0d60 |
| SHA512 | 9a1a1a0a21fea3224ed50a1f8b04164e97e6b91cee1eabb1e6bc1233961b86b04594eb4c521b9f79aff905896eed65641cbd433fe278a6a2947d96c7001d065a |
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
memory/668-589-0x0000000004890000-0x00000000048FE000-memory.dmp
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | e213550f9a0cb61cbdc449f3bf397f50 |
| SHA1 | e9795f616d4c4a84f7ba86739711809d9e4f04dc |
| SHA256 | e843fea46bf3776e8b54852870c64861bd74dad140636560434c905c9527b503 |
| SHA512 | 8dc97574bfe879796b13e5d00aaba6d2fff7b0a353775a09ab2ff90c81b14ff9102e5264837d1d92bf44c1a008939d8d32d3f003851c40dda8b68745849f64e8 |
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | 65ca7b3eab7d1bbc6f0973c9cea1c501 |
| SHA1 | 86059218828675f7ba1600adba81ab84b853c046 |
| SHA256 | ddba7f5e5f2ea7789d41301b1c46e53787f061e60ca2139edd8199ec2e072f0e |
| SHA512 | eec41dcba1aea23a7189444e00d6acf6a9b46e0f7821b02f909e21b237cdf21680b5abfe80b6b1d0b0f46d40c0af4729d2fecddad3f50475c5751f5bf713aca3 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
| MD5 | 951a80034ba53262690b2c653943cc01 |
| SHA1 | b2c3ecb04b875f16e4adcf0cc5a76f94e90da5c3 |
| SHA256 | 82973cb12f0c853ebc0abaca2e4a9a37e83193877d34e966a031dc12f9361462 |
| SHA512 | e04103ad0f90c916a93658317b79d8f36fe1ebc7b1406806d906733ea8b8b75894c0f1232e84edf20ad5da2e0f178434e020edd2c8c7f53f739a55a250ce5b05 |
memory/624-610-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1380-611-0x00000000025A0000-0x00000000025B6000-memory.dmp
memory/884-613-0x0000000000400000-0x000000000043D000-memory.dmp
memory/1340-612-0x0000000000E50000-0x0000000001E03000-memory.dmp
memory/884-617-0x0000000000573000-0x0000000000581000-memory.dmp
memory/884-620-0x0000000000220000-0x000000000022B000-memory.dmp
memory/1340-618-0x0000000000E50000-0x0000000001E03000-memory.dmp
memory/1340-622-0x0000000000E50000-0x0000000001E03000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09c998aade633f6d16d5308ec4d1c75f |
| SHA1 | e1020121611f11a65bcf1c69eea312d1f804f559 |
| SHA256 | b502a776448e4148d4dd1d991ffba2a24c53972c12bbbed3e4c7f797e9a66e17 |
| SHA512 | bb4461358905e076a3d15284b5f5e307c7775d8902d3d6e91a7a7d96c233b36f231cec951823e74abf32b64e4928204c99bd942eca4377276c1b0d42620342a6 |
\Users\Admin\AppData\Local\Temp\xt~BGG2g.cpl
| MD5 | 602d473e0c98aeee168dcf02aac03a61 |
| SHA1 | 5de0cf5408f7e355c6669b6b01aa9cc97d67c09f |
| SHA256 | 067df4a6199bffd4450c36bac51483be108267b8a3ad18b6a40f7b219c321249 |
| SHA512 | fee2b863af3ebe5fb28f74634dc58b3e66c89f05b11e8fd0f68de03912a480e6e5a485f7fa6d24c5162b54a806a7902f0e1126fa54a5ab1aa42825c75c958408 |
\Users\Admin\AppData\Local\Temp\xt~BGG2g.cpl
| MD5 | 4c3719f59e98d7edc9a9a7357f14993c |
| SHA1 | 5e12606ed7fda4852808f8ffa90b95f68552cc85 |
| SHA256 | db916267850b57c4aba25d311d49f508b2f1db4199c4434d0695ee492e10d824 |
| SHA512 | 5582eefb34590f31c686dc8046f56cd306f8ccc7bea22439187531a996705183033329f0bfb8f6f72da193a85bb32985a8cec51c698a720aa97d5aa032a6bf35 |
memory/2912-655-0x0000000010000000-0x0000000010298000-memory.dmp
memory/1340-654-0x0000000000E50000-0x0000000001E03000-memory.dmp
memory/668-659-0x00000000049A0000-0x0000000004A0C000-memory.dmp
memory/1880-658-0x0000000004F70000-0x00000000051BE000-memory.dmp
\Users\Admin\AppData\Local\Temp\xt~BGG2g.cpl
| MD5 | 05b70f5f57713fbf91535dbf03e2d7d3 |
| SHA1 | 1a115a4259817db75f249956e3095f2c067ef14f |
| SHA256 | c840ad4ecddea889a64e61e9a9344d6422f71432329a3397182567204c587faf |
| SHA512 | fe8c24075e7534c1d769cb734901a79e0ca68b2c6a50359bc255b9f7b392fe93e295f9aea40eed1a6435b31333f99241ce575c3003fd33bdf4483906bfda6a82 |
\Users\Admin\AppData\Local\Temp\xt~BGG2g.cpl
| MD5 | c2840bd1cd0d7581ed42e29e768296b4 |
| SHA1 | 58a9169872b733688b2bacda6191f2c5244cd7fa |
| SHA256 | d24109e871fc4ecf145c442ffe10177d82a5707defa2f40a71d464ff291bfa76 |
| SHA512 | f408256f760c60f84efc9a69fc878bd68358e9755a00b62c553e324710020249d82d07e02752b8e2ff3fb08db33ad7ba842458df8ae098d190841596003d4c96 |
C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl
| MD5 | 8245425805849eb0aabeb46ea4f98042 |
| SHA1 | 68b9dea24ea3f794475b31b472d42e43ac4ca024 |
| SHA256 | dbb8cd06bd7aa0213eb215cd47dd2ec629370b69a95f28cbec433f1073ded837 |
| SHA512 | 5c576d121f4f3a5ca6458c96f89ab4e6c15dae0c9de6f66bebe4545335578790cbb046cd0eba5707382ad271117d5edbc3fcc0711f95a928b48132c5677f109f |
memory/1340-640-0x0000000000E50000-0x0000000001E03000-memory.dmp
memory/296-660-0x0000000074690000-0x0000000074D7E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 9a5132afc9cfef8bd86b7055202267a0 |
| SHA1 | dcc0d69fa86148369be351bfbf66e521de28b85a |
| SHA256 | ca860f36be628aaff5fd54c12f9ce2854258384a1746b5de2f7fbea2e1566f33 |
| SHA512 | cd6ce47cdccce64885d0a21966b2eadee3f8f0b305a0a8dcecd0aed66f05768cf90330cc8a6d8377545fe095fef467d67ddd79c7c11bb6026c9bcf5b89cd2c4e |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | 1120da120b1646b2c0ee0eecc221c492 |
| SHA1 | b681aa47647415b7294bb20f6d1a9abf7858fdae |
| SHA256 | 42a4a9f97ad85e0932db1fe5b9d8896a8c50f4eed97f0f0bf19f6fc3896e3ca7 |
| SHA512 | 95d7b2667f456a7c93a0848432867e32dce80c50e415d604aa297093b78e2561ce1cb63c155ca938d33935eed6de56447036e2c5acd8d0743a5e1f93b5881826 |
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
| MD5 | 36c7d932dcfeee01e2edb359c875c0a1 |
| SHA1 | 1906cb9bca65876b70f9a4036b0676134bae2d00 |
| SHA256 | 2d72f10fa0a8b61a43909f9a5157a59ec465c9e8aab48c51406246d0aa02d6cf |
| SHA512 | 51ba5e9f8372c898bb83963d16d1bda7f94a0fb9c82ca8f4872cc676b24849209a56033eacec1d4293b6d9d9f759ffa05a50cdd89529ca3d383460e446c3f24e |
C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe
| MD5 | ccffe292933b2006ae50904869dd11ef |
| SHA1 | fc984e597091dcf73274677da84d1b9c3717cd79 |
| SHA256 | 7cf4f78f5be46c3468ef60d4b9137aad8bcce825bc1b424cbb799e908ac0b072 |
| SHA512 | 450a240a5998ebad680c277e80b105074a039c1e544489f6367b8bf7e56c6f9d467e63b71907c16ac2fe1e304cd073e1a45d41bfcdfe13027c5236b39516eca6 |
C:\Users\Admin\Documents\GuardFox\6e3wkNi96ZC51gzRyvUXvSEa.exe
| MD5 | aee1d17800dcba200ef93ecb453eb453 |
| SHA1 | 537ba9f2d5386087ce1bc63f50e1707a7c1c85a5 |
| SHA256 | 255e84d97d0885887c41c6e7ac09528bd5d02055f1f64bbfe31202d85ec90164 |
| SHA512 | 3eb3e730018c2996632fc15352cc32022e7b36b886ac79a88c8aff905c5031b91d0590888fb3989ad3e3f7c925cc6ad0e2783213e52b0d9a8afa1c2170bb34c0 |
C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe
| MD5 | bc3da73fc775be20c5c6a5650138e332 |
| SHA1 | 7b9571c2393f5fc807b314e524d8e7d76a534ec8 |
| SHA256 | e91d24ebbbbb3c932d37155c082879ab1676364e044a842e92bf6e9675895974 |
| SHA512 | f460043113db70300cca2ede741f3282aebc22ddc4ebe56bd96042afd2ae7f48f9c802a1a44a4c9b26157b5a70b0bef62470cac98ff27be1c89437db0d43640a |
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | bcf3e1cb26fd4a24d04a76c902f476ee |
| SHA1 | 0750215c495210bbe42145e7979ca2770bc1e8a6 |
| SHA256 | 663054dffdc031705e48c5e3f29b124f14f2dac9a0e3ed4442573f10ef20a2e9 |
| SHA512 | e287fcbc462f8969cabcd650d0aff38b59b30ce23ec022af29e9e7cfc873eb8539aaa9b0d78be46c4add6b3df787c45431e1ac268e7e7e2da84d90d879146010 |
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
| MD5 | 03d095029039532a60375d151500d519 |
| SHA1 | 3958a4374f193429d6fa03b78d605e76f325abe1 |
| SHA256 | 0448d3392a9aaee5be56e2a5ca1191e5adff1e49ee41d6a2bbaea9df615743ff |
| SHA512 | 0ee0fcfca6491faaae7ec8f79f77e435491d0642ae5606b04abb8353a347a470e9d3483bfc2536624d800ec2aac2509fb660dc4e181bed9d3f32ca93701aece0 |
memory/1196-694-0x0000000074690000-0x0000000074D7E000-memory.dmp
memory/584-709-0x0000000000400000-0x00000000008B0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa5893ba42b5193785a26686519747df |
| SHA1 | c1f32a098bfbd1956d18eb48ce254eb852dbb6e0 |
| SHA256 | ce5306bfa91b0f64e04cf88c1ec1870efab3862868f627157919a9e57caa9c0a |
| SHA512 | 67ceee43e393b21a4af9ee83a3810341a2a1abfed8847027423ee54b64e2b2455f65bbf33aa963fc138ef2e51ff93d89b7fa13f9dba777084f068ad1ae29f1c9 |
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | 52b6c7b4a5976ad4baeba8be8b5fac54 |
| SHA1 | ad761eb43c49fe5ba81b1d5045e57974605cdb91 |
| SHA256 | 4b801bc26f2df70b65b0dbfe10d81cf83636d9b2bcbffd675e52c23e3186e480 |
| SHA512 | 0130599670956cc1a602bd9339bce6776529186be143373a24142800264e6c2e324b8ad4390c1932230a15570492b2c3c12e889b2604572141977f669980b22f |
memory/268-728-0x0000000074690000-0x0000000074D7E000-memory.dmp
\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 624bf50f27c9093bf1ff369bc116bd17 |
| SHA1 | 519e661f1f69c754418f969932bbfda716cf02f6 |
| SHA256 | 3bfe3c7b55c6ecad8ea716eca15e48ac48f39c05c547b4cc24dbeed3323051f6 |
| SHA512 | ba81678f6c53711606e908a424af283389570f2a200b39187f5150634583807181a7865012836d4e1585f4b2ee828d8987c27a61eaf024b21af722b48752bf69 |
\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 60ec04a7eec2c190c7f446ef1e9a7a78 |
| SHA1 | fbc91d2f1602568de356eff65684ce5b594d7d2c |
| SHA256 | 43900433c039b40f3617daa4f43a0dea47816635340f0b5197a99e16f4130f11 |
| SHA512 | 0f5dfad6a8c5d7c82352fface366e6276b4682a4e5a8a3fab32ad70da639999ddef0ca9e9a0d91f24a22a9048e7d109b4e32c5479507cb54a1b5265ddc538615 |
\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 96ea05511cc4d61f1b54593278189832 |
| SHA1 | 897f08cd6feebc77a12ab49ebb4b6843ac05a876 |
| SHA256 | a1a337c7d2430c017f60a9ba38c46b184de4ef772df33595f905ab57f609d83a |
| SHA512 | 6ebc28e454c7e16a8f9b818e387d1ad02656f2d76a6b4beb207b0376989953a98a19eb2f27c084eb96498be4aa85dd1b9dbbb605aafdf65237462a2c13e37f53 |
memory/2028-758-0x00000000002F0000-0x00000000003F0000-memory.dmp
\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 1191af3b68c27abf1ba55144ff00ebe8 |
| SHA1 | 971e7c8a53f90d657d2ee5cc06b9ba644c839456 |
| SHA256 | 1051e6f4ee5eb6366371cbf8bba960435699b23bf4d4f298a0f9e10b2ef556e3 |
| SHA512 | e406abc2f19ee37acf0c4079cfc0728a40bb8d075e6bc742f65c470d6aebf96f18f25aca00e917161fa93e4781db857e185a921381832cc79256e06be515a0e9 |
memory/1880-746-0x0000000074690000-0x0000000074D7E000-memory.dmp
memory/2028-763-0x00000000001C0000-0x00000000001DC000-memory.dmp
memory/2364-745-0x0000000140000000-0x0000000140876000-memory.dmp
memory/668-766-0x0000000074690000-0x0000000074D7E000-memory.dmp
memory/2364-768-0x00000000776A0000-0x0000000077849000-memory.dmp
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
| MD5 | 0099a99f5ffb3c3ae78af0084136fab3 |
| SHA1 | 0205a065728a9ec1133e8a372b1e3864df776e8c |
| SHA256 | 919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226 |
| SHA512 | 5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6 |
C:\Users\Admin\Documents\GuardFox\6obBRn223UssXyvwqDdhsFtP.exe
| MD5 | b68c59c1e109bc1e2fa305368341d3ce |
| SHA1 | 85372f2787820d9fc53e22aba394a1cc0dbdb1d9 |
| SHA256 | 26ea1c016471e824fa9bea6eb3fe6d1c92ce9dcfcae999eb8c4e5d4286715c69 |
| SHA512 | 3df801ff5a62f6026564ce99bbe8a04aa0954f2f8ed7579e92f9417d6cc5c4b61f8f72238c692fc6a463209af08110ad6c8379f8d064bb898047658b0f6a1874 |
C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe
| MD5 | 384501f715a566a0349c44c72d50a351 |
| SHA1 | f93d6a34d29eb0761e7aa5cad1caa595d1e282ff |
| SHA256 | 20ffff70303297dfde381c0abfd4f1b9425a09286857c10b1e3982f5558d26ce |
| SHA512 | 38d2aac396ba59fea4db87fa17c76842de4c683b3f1be61026a72d9fabdcdb31b4294826777b4130fe8455674e7e8091c064f09f20dbd7e5a76e56564d6a8f57 |
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
| MD5 | 93e0d6dc69dd4867fc16a88e885aa5c6 |
| SHA1 | b0922fffcf43a50812a9aec8c50ebab716b231b6 |
| SHA256 | ea3d4e3d38a1d1b7d840ead24cf3f895db45630211970b986f74bffd8d0ef918 |
| SHA512 | 501f0ef3ad863623d1d306a1af74d3dff66bfb3cc7b119d455a3e843a9d812a9ca2624a4a00bb89cc0f5b7e4e994aa57de9e2d6eb9dd7ce90fadac4a0f33d737 |
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
| MD5 | 0ef744ccc6c4b0f6ebc03696ecd566a9 |
| SHA1 | b516c2693ac33148a7f898749b52c43b03dd58af |
| SHA256 | 3636f9161578f1e4ca5e07140d23419176b41f300490593e50afb71f353cb7e4 |
| SHA512 | 67fa9d7685f1a89af95d7b10c4c1af28be7bfab7968567993ede507fd0bcf8313c6c1f63df9b88c9b4dbd2d6e4275b03c626be314cbcabb9bde3eba14a9efd60 |
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
| MD5 | 1c385c7097049c7c53d4f62846c3cf9c |
| SHA1 | f857e48e3baf952855834bae0f8f49f10dfe1e82 |
| SHA256 | 522cf6dec2ceed6775061dc070eff39663bb0cd792b8399bbf4b19e390c6f114 |
| SHA512 | a191301cdb47c5c0bee899eb5f4655c34683cf55e9cedae5777f9465ac221af0c79665947fd7592854efde4e676d261dd73a301828512ae6a70757f11229c6d8 |
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
| MD5 | 3dd1b229fbba75c2123281b58404aa93 |
| SHA1 | 7ce14fb03f1f38ecdd2ccd48e2b69cfa44c0f512 |
| SHA256 | 05a1c842604c39793bbbf2812adc061b27d5a68e9171bbc553117215d7039bcf |
| SHA512 | 289793a6e20043f59511816a6259b6e2c8a6e2af32474119b276f3d103681b9d2bd875fd1e4096e6cd66cae639dccdebbeb78ef28bd64073e0096eb54158067b |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | ea86010ea611ccede74a217f853ba5d7 |
| SHA1 | ba853a3f5d81d69d1ea255100eb547a6edef6871 |
| SHA256 | b8c72dbe923efcc3c2a78221873d8bc8d667bbb922f0efb5ac6f4a2495aba04b |
| SHA512 | 0af78f28bc6e0c3e070852d7745bf63e4485ea41c766d15afcad1a43657b373e70a3d2a76498a1ff421fd226a8f3831f9be7942f8478262f45c5fb83bfb85fa7 |
C:\Users\Admin\AppData\Local\Temp\nsoAD.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
C:\Users\Admin\AppData\Local\Temp\nsu7DBA.tmp
| MD5 | dfe7e935366f2e0a7e2927e2b26473d1 |
| SHA1 | b0128b2ed2155f010f0719abb08c34e325d0e58a |
| SHA256 | e9470e10a9bc65e1fba7f7a87fd056cf9dbd152175bd51c4270b671bef770272 |
| SHA512 | c2faac31c37b5d63894cc39729d8e2e5e9fa13425ec6eb14f587038bca007e91034e06b57489885ba171be529682a8f96868fce904161e228e69a7b959a41ee0 |
C:\Users\Admin\AppData\Local\Temp\B75D.exe
| MD5 | 8b0efbbb3c6d742d85af4b78b81c1a0e |
| SHA1 | 1be4072cacef1f76ee341701ad15ab68bf22b375 |
| SHA256 | 758f6c88dc827b30daef253a38d55967fa7ddc7548b12201d58213a732ee4b74 |
| SHA512 | cf31e73f5f987bbe0e12d0fbf6b981623a5444f1cb9c2bc445f4335c24d6ff7fdf207eba2b0dbc175c567543a1d0180a8c1dda045c683cb1134e3e09225bd8dc |
C:\ProgramData\CBFIIEHJDBKJKECBFHDGHJKEHI
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\ProgramData\GCBGIIEC
| MD5 | 38a918d4a69a50fed0c73514cf46360c |
| SHA1 | 4eb300432ac32153a8653f6ecf1a4f49f1704609 |
| SHA256 | 553a0a40f1c41da21597416a6bc540f5054b3c90a1b7ba7a3c79952338c24a6a |
| SHA512 | c19fd6815bda5c0f315bd0ff3f43a4951173e2d9d04f719f0c8fc93743e007903bf66c9a59c5af6804cf83f94b6e9a6d8859eb4bb06c23154613454d43db3e7f |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\nss3[1].dll
| MD5 | 900a9cb2cc6cda7b0f3f1a0523e8d00f |
| SHA1 | bdc9864471dd5652d662108b0feb435d527f0f7a |
| SHA256 | 81dca456eb526b57a43cf6c75bcac3e9fe3807ec59462a5e18db883585a7fd5c |
| SHA512 | d1bb25e415a08ffac7f6815b53588995cb3e3709abb49a90a71996c00263d57b3ff7908a961c9e75acf49b8e4303faa2d67157281975bdcfc09b978c3d4524c5 |
C:\ProgramData\ExpandSearch.docx
| MD5 | dc1a6e56743ee3a53183fc0c7b0bb541 |
| SHA1 | 3f9857f8c87c3d2f157df6c053f5086245cc4668 |
| SHA256 | f8267985e3a303df34c58bf35ec769b024295ee5831f52bff2dc8efc36e553a2 |
| SHA512 | e0d4161fc61c4ae9b5c562fb09e2f8bc95ae676943bfc9c38a74a2ff6562831b6c5c6ca1b024da0ff7c4ce77484a150d8b5ad324b77f621e7232aea1a98a6fee |
C:\ProgramData\RegisterRedo.xlsx
| MD5 | e216ef2b083d852ae725600e8e945f62 |
| SHA1 | a9533a37cfe53da9ea288e1eacf91ae420d37e00 |
| SHA256 | 3e1b01d253dec28b29db6445117f2c14547434eb4dc8bcd25f3c02015c7f7ae0 |
| SHA512 | e819a6d752071a61e1f241635c4b8ac8d6e5b0c3225601dab329b0fc36c1a631b8f0bd3f087820d6b0844693b98e4296b6f70633633b16ee594161b630d7c01d |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\ProgramData\BlockResolve.xlsx
| MD5 | acfce893add7c938bf4d9c299fe00004 |
| SHA1 | 4ee82a0dc686c8a4bd424304d6ae936753a21c97 |
| SHA256 | 19363b68934cfd9a8d6a0574c0fa90c2e5fd9a1fc46db6676464d79c45fb27df |
| SHA512 | 84cae0b34ef05a645e5839afe3e26368d0a68cabd021dae7ba0b04160699241088643310dcfd03416a4cd57e5fea1c6c165a9415b6298d3a5853ade3f4479b57 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | ca00c592bf605e26ac3fffa4a1d6d9a9 |
| SHA1 | 105ca9ce9785991d417720b8f0313d9e658b5e99 |
| SHA256 | a7cb447a97114511c54a165cdee377b998559d4f37b3274e766db767485a57b7 |
| SHA512 | 38964fa47fc48b100491d4058b05bd2ca4579e9ef36cf0bcf6d4639ef319f105a7b4de316cdcaefeef2fa87b61d31d3507d0376804baf16fab39393b9b2b8506 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 576925cc15daafab55a9a0d46d1a55a7 |
| SHA1 | c5e919b7f42ae52c32cf48d610783224e7f64fc7 |
| SHA256 | 8518d0f3d49eef3ee1b13fb90c27683d2f42530b3600873e8eef73dd3936230a |
| SHA512 | 31b29f5e05eb7168fdeab755ca1aadf198706b6a3b7f722053747cc78178f63acea1c6c0de7413886cadbfe76d46d7a9d4dd15dfdfac31efb2184f7575a12e7a |
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 8ea6e6fc9130fb342c27c70a4830344a |
| SHA1 | 710b716b9730495d31326399d5b7b25ed908e51a |
| SHA256 | 1302cb2fe6a2e4eb287e9623fdefb64c4f1fe3ac8112a6baa85b38e9d314105d |
| SHA512 | d73eb25f97a57f8f4c29303b54632cdc358c540d762422b6af49d496eb1c46da1ec5f2471cf9c6c01b8041d6be0885d1021e2a6bc46258420d36890b80ca9fbb |
C:\Users\Admin\AppData\Local\Temp\is-1U2DF.tmp\7B1.tmp
| MD5 | 30bb4d9a28c346356dd7f14df10bacec |
| SHA1 | 6e0834108e2774cddae9ee05cec92c25438040a0 |
| SHA256 | 7011b4bb6d09d13ac1a951d304f7ca9938392b3d3fe0d7216c2a902eb4fded06 |
| SHA512 | 6d5311a05c30e7132df12fbd4f482a20bc57122c6a65f977ddfbddc2383e0427e6a8499f3fae812eb7a9f34beb90f31869b5edaacd4050f19db146dde3a226fd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 14:04
Reported
2024-01-25 14:14
Platform
win10v2004-20231215-en
Max time kernel
81s
Max time network
317s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk | C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KFM59.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KFM59.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KFM59.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExtreamFanV5 = "C:\\Users\\Admin\\AppData\\Local\\ExtreamFanV5\\ExtreamFanV5.exe" | C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\cfcd2567-fe2e-493d-82a4-cacecaa05f88\\D7WyBw1sWJmDWQQUB73CxN50.exe\" --AutoStart" | C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjeanfmhdnjioajojcnpieeoinocmbdg\1.0.0.1_0\manifest.json | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6924 set thread context of 504 | N/A | C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe | C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe |
| PID 5136 set thread context of 4988 | N/A | C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 224 set thread context of 6488 | N/A | C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4160 set thread context of 2496 | N/A | C:\Windows\system32\sc.exe | C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe |
| PID 4984 set thread context of 6468 | N/A | C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| PID 4596 set thread context of 3448 | N/A | C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe | C:\Windows\SysWOW64\cmd.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings | C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\rRrc04Xdcp5_Y9B4gJcAPSTJ.exe
"C:\Users\Admin\Documents\GuardFox\rRrc04Xdcp5_Y9B4gJcAPSTJ.exe"
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
"C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe"
C:\Users\Admin\Documents\GuardFox\6e3wkNi96ZC51gzRyvUXvSEa.exe
"C:\Users\Admin\Documents\GuardFox\6e3wkNi96ZC51gzRyvUXvSEa.exe"
C:\Users\Admin\AppData\Local\Temp\is-KFM59.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KFM59.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp" /SL5="$601A4,3267177,54272,C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe"
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
"C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe"
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe"
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
"C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe"
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
"C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe" -s
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 340
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
"C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe" -i
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
"C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe"
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
"C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe"
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
"C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe"
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
"C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe"
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
"C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe"
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
"C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe"
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
"C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe"
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
"C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3248 -ip 3248
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
"C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe"
C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe
"C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe"
C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe
"C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe"
C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe
"C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\cfcd2567-fe2e-493d-82a4-cacecaa05f88" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe
"C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe"
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
"C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN SKUiWMDUnhq3Hjkc1i2Qm7ac.exe /TR "C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe" /F
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
"C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2496 -ip 2496
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 568
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl",
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7112 -ip 7112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 340
C:\Users\Admin\AppData\Local\Temp\nsw9586.tmp
C:\Users\Admin\AppData\Local\Temp\nsw9586.tmp
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92d499758,0x7ff92d499768,0x7ff92d499778
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2012 -ip 2012
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 2380
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1892,i,6118062510679433736,1350851422260882079,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5928 -ip 5928
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Users\Admin\AppData\Local\Temp\70B.exe
C:\Users\Admin\AppData\Local\Temp\70B.exe
C:\Users\Admin\AppData\Local\Temp\70B.exe
C:\Users\Admin\AppData\Local\Temp\70B.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 2340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6088 -ip 6088
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsw9586.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Users\Admin\AppData\Local\Temp\1516.exe
C:\Users\Admin\AppData\Local\Temp\1516.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\25C0.exe
C:\Users\Admin\AppData\Local\Temp\25C0.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Users\Admin\AppData\Local\Temp\2E5C.exe
C:\Users\Admin\AppData\Local\Temp\2E5C.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\is-QRTK7.tmp\2E5C.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QRTK7.tmp\2E5C.tmp" /SL5="$3F02EE,3419525,54272,C:\Users\Admin\AppData\Local\Temp\2E5C.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /im chrome.exe /f
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Users\Admin\AppData\Local\Temp\3B5D.exe
C:\Users\Admin\AppData\Local\Temp\3B5D.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 348
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 904 -ip 904
C:\Users\Admin\AppData\Local\Temp\465B.exe
C:\Users\Admin\AppData\Local\Temp\465B.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Users\Admin\AppData\Local\Temp\490B.exe
C:\Users\Admin\AppData\Local\Temp\490B.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Users\Admin\AppData\Local\Temp\4C97.exe
C:\Users\Admin\AppData\Local\Temp\4C97.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\56F8.dll
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\56F8.dll
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 195.20.16.45:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 59.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | ok.spartabig.com | udp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 172.67.164.129:80 | ok.spartabig.com | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.10.36:443 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| MX | 201.119.129.19:80 | cczhk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| MX | 201.119.129.19:80 | cczhk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.1:443 | tcp | |
| NL | 95.142.206.0:443 | tcp | |
| US | 8.8.8.8:53 | 1.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.206.142.95.in-addr.arpa | udp |
| NL | 95.142.206.1:443 | tcp | |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | 208.4.21.104.in-addr.arpa | udp |
| GB | 146.75.72.193:443 | tcp | |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 8.8.8.8:53 | 193.72.75.146.in-addr.arpa | udp |
| GB | 96.17.179.193:80 | tcp | |
| US | 8.8.8.8:53 | 15.245.92.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| US | 8.8.8.8:53 | qualifiedbehaviorrykej.site | udp |
| US | 104.21.35.143:443 | qualifiedbehaviorrykej.site | tcp |
| US | 8.8.8.8:53 | shitshitshitshit.net | udp |
| US | 188.114.96.2:443 | shitshitshitshit.net | tcp |
| NL | 91.92.245.15:80 | tcp | |
| FR | 194.33.191.60:44675 | tcp | |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| NL | 45.15.156.60:12050 | tcp | |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 158.160.118.17:80 | galandskiyher5.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| DE | 146.70.169.164:2227 | tcp | |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.79:80 | tcp | |
| GB | 142.250.180.10:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | fd98121c-a1f0-4fb1-aaa0-cbb4fda1e86f.uuid.dumppage.org | udp |
| UA | 176.107.176.31:443 | tcp | |
| FR | 51.210.105.70:9001 | tcp | |
| DE | 185.172.128.19:80 | tcp | |
| FR | 51.210.105.70:9001 | tcp | |
| US | 172.67.222.78:443 | tcp | |
| UA | 176.107.176.31:443 | tcp | |
| MX | 189.232.10.46:80 | cczhk.com | tcp |
| US | 8.8.8.8:53 | 46.10.232.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.222.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carvewomanflavourwop.site | udp |
| US | 172.67.129.86:443 | carvewomanflavourwop.site | tcp |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | server2.dumppage.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | stun1.l.google.com | udp |
| US | 172.67.216.203:443 | tcp | |
| US | 8.8.8.8:53 | 86.129.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.216.67.172.in-addr.arpa | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 127.128.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 188.114.96.2:443 | shitshitshitshit.net | tcp |
| BG | 185.82.216.111:443 | server2.dumppage.org | tcp |
| US | 172.67.212.188:443 | tcp | |
| US | 188.114.97.2:443 | shitshitshitshit.net | tcp |
| US | 104.20.67.143:443 | tcp | |
| PL | 51.68.137.186:10943 | tcp | |
| FR | 163.172.171.111:10943 | tcp | |
| US | 8.8.8.8:53 | 186.137.68.51.in-addr.arpa | udp |
| US | 188.114.96.2:443 | shitshitshitshit.net | tcp |
| US | 8.8.8.8:53 | paperambiguonusphoterew.site | udp |
| US | 172.67.177.31:443 | paperambiguonusphoterew.site | tcp |
| US | 8.8.8.8:53 | 143.67.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.171.172.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.177.67.172.in-addr.arpa | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| BG | 185.82.216.111:443 | server2.dumppage.org | tcp |
| GB | 173.222.13.40:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:443 | tcp | |
| RU | 87.240.132.72:443 | tcp | |
| RU | 87.240.132.72:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.72:443 | tcp | |
| RU | 87.240.132.72:443 | tcp | |
| RU | 87.240.132.72:443 | tcp | |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pavementpreferencewjiao.site | udp |
| US | 188.114.96.2:443 | pavementpreferencewjiao.site | tcp |
| US | 188.114.97.2:443 | pavementpreferencewjiao.site | tcp |
| US | 188.114.97.2:443 | pavementpreferencewjiao.site | tcp |
| US | 188.114.97.2:443 | pavementpreferencewjiao.site | tcp |
| US | 172.67.222.78:443 | tcp | |
| US | 172.67.129.86:443 | carvewomanflavourwop.site | tcp |
| US | 172.67.216.203:443 | tcp | |
| US | 188.114.96.2:443 | pavementpreferencewjiao.site | tcp |
| US | 188.114.97.2:443 | pavementpreferencewjiao.site | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.21.4.208:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 138.201.125.92:15647 | tcp | |
| US | 188.114.96.2:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | adobeid-na1.services.adobe.com | udp |
| RU | 193.233.132.67:50505 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 104.21.38.174:443 | tcp | |
| US | 104.26.8.59:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 216.58.204.67:80 | tcp | |
| US | 34.117.186.192:443 | tcp | |
| BG | 185.82.216.111:443 | server2.dumppage.org | tcp |
| US | 8.8.8.8:53 | udp | |
| DE | 185.172.128.19:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.72:80 | tcp | |
| N/A | 54.39.19.153:80 | tcp | |
| RU | 87.240.132.72:443 | tcp | |
| N/A | 54.39.19.153:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 54.39.19.153:80 | tcp | |
| US | 172.67.174.43:443 | tcp | |
| N/A | 54.39.19.153:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 96.17.179.193:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 45.15.156.229:80 | tcp | |
| NL | 195.20.16.45:80 | tcp | |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 104.21.55.202:443 | copyrightspareddcitwew.site | tcp |
| US | 8.8.8.8:53 | udp | |
| N/A | 172.67.75.172:443 | tcp | |
| US | 8.8.8.8:53 | 202.55.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.67.216.130:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 185.172.128.109:80 | tcp | |
| US | 34.117.186.192:443 | tcp | |
| N/A | 185.172.128.90:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| AT | 5.42.64.33:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 195.20.16.46:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 52.111.243.29:443 | tcp | |
| DE | 85.209.49.222:443 | tcp | |
| US | 8.8.8.8:53 | 222.49.209.85.in-addr.arpa | udp |
| HK | 141.98.234.31:53 | cclbbll.net | udp |
| US | 8.8.8.8:53 | 31.234.98.141.in-addr.arpa | udp |
| IT | 185.196.8.22:80 | cclbbll.net | tcp |
| DE | 176.9.47.240:2023 | tcp | |
| US | 8.8.8.8:53 | 22.8.196.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.47.9.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mercadona.avature.net | udp |
| US | 8.8.8.8:53 | mercadona.avature.net | udp |
| US | 8.8.8.8:53 | na.account.amazon.com | udp |
| US | 8.8.8.8:53 | na.account.amazon.com | udp |
| US | 8.8.8.8:53 | cortapelosyplanchas.com | udp |
| DE | 95.172.66.151:22 | mercadona.avature.net | tcp |
| US | 8.8.8.8:53 | cortapelosyplanchas.com | udp |
| US | 8.8.8.8:53 | electrocosto.com | udp |
| DE | 95.172.66.151:21 | mercadona.avature.net | tcp |
| US | 8.8.8.8:53 | electrocosto.com | udp |
| US | 8.8.8.8:53 | webmail.e.movistar.es | udp |
| DE | 95.172.66.151:443 | mercadona.avature.net | tcp |
| US | 44.215.134.14:22 | na.account.amazon.com | tcp |
| US | 44.215.134.14:21 | na.account.amazon.com | tcp |
| US | 8.8.8.8:53 | iatsapp-gu19.avature.net | udp |
| US | 8.8.8.8:53 | webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | pccomponentes.com | udp |
| DE | 88.99.183.243:22 | cortapelosyplanchas.com | tcp |
| DE | 88.99.183.243:21 | cortapelosyplanchas.com | tcp |
| US | 8.8.8.8:53 | pccomponentes.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 44.215.134.14:443 | na.account.amazon.com | tcp |
| US | 104.22.77.85:21 | electrocosto.com | tcp |
| US | 104.22.77.85:22 | electrocosto.com | tcp |
| US | 8.8.8.8:53 | instant-gaming.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| DE | 88.99.183.243:443 | cortapelosyplanchas.com | tcp |
| US | 44.215.134.14:143 | na.account.amazon.com | tcp |
| DE | 95.172.66.151:143 | iatsapp-gu19.avature.net | tcp |
| DE | 95.172.66.151:465 | iatsapp-gu19.avature.net | tcp |
| DE | 95.172.66.151:995 | iatsapp-gu19.avature.net | tcp |
| DE | 95.172.66.151:80 | iatsapp-gu19.avature.net | tcp |
| US | 104.22.77.85:443 | electrocosto.com | tcp |
| ES | 213.4.140.7:22 | webmail.e.movistar.es | tcp |
| ES | 213.4.140.7:21 | webmail.e.movistar.es | tcp |
| US | 104.16.238.7:22 | pccomponentes.com | tcp |
| US | 104.16.238.7:21 | pccomponentes.com | tcp |
| US | 8.8.8.8:53 | 151.66.172.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.183.99.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mx1.mail.ovh.net | udp |
| US | 44.215.134.14:465 | na.account.amazon.com | tcp |
| US | 44.215.134.14:80 | na.account.amazon.com | tcp |
| US | 8.8.8.8:53 | instant-gaming.com | udp |
| KG | 91.213.233.138:443 | tcp | |
| US | 8.8.8.8:53 | fullmetal.es | udp |
| DE | 88.99.183.243:143 | cortapelosyplanchas.com | tcp |
| ES | 213.4.140.7:443 | webmail.e.movistar.es | tcp |
| DE | 95.172.66.151:80 | iatsapp-gu19.avature.net | tcp |
| US | 8.8.8.8:53 | 14.134.215.44.in-addr.arpa | udp |
| LU | 31.216.145.5:22 | mega.nz | tcp |
| US | 44.215.134.14:995 | na.account.amazon.com | tcp |
| US | 8.8.8.8:53 | fullmetal.es | udp |
| DE | 88.99.183.243:465 | cortapelosyplanchas.com | tcp |
| DE | 88.99.183.243:80 | cortapelosyplanchas.com | tcp |
| FR | 188.165.36.237:465 | mx1.mail.ovh.net | tcp |
| FR | 188.165.36.237:143 | mx1.mail.ovh.net | tcp |
| US | 8.8.8.8:53 | www.cortapelosyplanchas.com | udp |
| US | 8.8.8.8:53 | www.electrocosto.com | udp |
| US | 8.8.8.8:53 | filtro.sendguardian.com | udp |
| US | 104.16.238.7:443 | pccomponentes.com | tcp |
| US | 44.215.119.102:22 | na.account.amazon.com | tcp |
| US | 44.215.119.102:21 | na.account.amazon.com | tcp |
| LU | 31.216.145.5:21 | mega.nz | tcp |
| DE | 88.99.183.243:995 | www.cortapelosyplanchas.com | tcp |
| US | 8.8.8.8:53 | taiwangun.com | udp |
| US | 8.8.8.8:53 | 85.77.22.104.in-addr.arpa | udp |
| ES | 213.4.140.7:143 | webmail.e.movistar.es | tcp |
| US | 104.22.77.85:80 | www.electrocosto.com | tcp |
| US | 44.215.134.14:80 | na.account.amazon.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 104.18.5.124:22 | instant-gaming.com | tcp |
| US | 104.18.5.124:21 | instant-gaming.com | tcp |
| ES | 185.47.247.169:22 | fullmetal.es | tcp |
| FR | 188.165.36.237:995 | mx1.mail.ovh.net | tcp |
| DE | 95.172.66.151:443 | iatsapp-gu19.avature.net | tcp |
| US | 8.8.8.8:53 | taiwangun.com | udp |
| US | 8.8.8.8:53 | disneyplus.com | udp |
| US | 8.8.8.8:53 | mail.mega.co.nz | udp |
| US | 172.67.42.178:22 | www.electrocosto.com | tcp |
| ES | 213.4.140.7:465 | webmail.e.movistar.es | tcp |
| ES | 213.4.140.7:995 | webmail.e.movistar.es | tcp |
| DE | 88.99.183.243:443 | www.cortapelosyplanchas.com | tcp |
| US | 104.18.5.124:443 | instant-gaming.com | tcp |
| US | 172.67.42.178:21 | www.electrocosto.com | tcp |
| ES | 213.4.140.7:80 | webmail.e.movistar.es | tcp |
| US | 44.215.143.82:22 | na.account.amazon.com | tcp |
| US | 8.8.8.8:53 | disneyplus.com | udp |
| US | 44.215.119.102:143 | na.account.amazon.com | tcp |
| ES | 185.47.247.169:21 | fullmetal.es | tcp |
| US | 104.16.238.7:22 | pccomponentes.com | tcp |
| ES | 185.14.56.254:143 | filtro.sendguardian.com | tcp |
| US | 8.8.8.8:53 | www.pccomponentes.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | 237.36.165.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.238.16.104.in-addr.arpa | udp |
| US | 104.16.239.7:22 | www.pccomponentes.com | tcp |
| DE | 95.172.66.151:443 | iatsapp-gu19.avature.net | tcp |
| ES | 185.14.56.254:465 | filtro.sendguardian.com | tcp |
| US | 104.16.239.7:21 | www.pccomponentes.com | tcp |
| US | 104.22.76.85:443 | www.electrocosto.com | tcp |
| DE | 88.99.183.243:22 | www.cortapelosyplanchas.com | tcp |
| US | 44.215.143.82:21 | na.account.amazon.com | tcp |
| US | 44.215.119.102:465 | na.account.amazon.com | tcp |
| ES | 185.47.247.169:443 | fullmetal.es | tcp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| US | 8.8.8.8:53 | survivetheark.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| LU | 31.216.144.5:22 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mx2.loading.es | udp |
| US | 104.16.238.7:21 | www.pccomponentes.com | tcp |
| US | 104.22.76.85:22 | www.electrocosto.com | tcp |
| NZ | 122.56.56.210:143 | mail.mega.co.nz | tcp |
| US | 44.215.134.14:443 | na.account.amazon.com | tcp |
| US | 104.22.76.85:21 | www.electrocosto.com | tcp |
| DE | 88.99.183.243:443 | www.cortapelosyplanchas.com | tcp |
| US | 44.215.119.102:995 | na.account.amazon.com | tcp |
| ES | 185.14.56.254:995 | filtro.sendguardian.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| DE | 88.99.183.243:21 | www.cortapelosyplanchas.com | tcp |
| US | 8.8.8.8:53 | survivetheark.com | udp |
| US | 44.215.143.82:143 | na.account.amazon.com | tcp |
| LU | 31.216.144.5:21 | mega.nz | tcp |
| US | 104.18.4.124:22 | instant-gaming.com | tcp |
| US | 104.18.4.124:21 | instant-gaming.com | tcp |
| NZ | 122.56.56.210:465 | mail.mega.co.nz | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 8.8.8.8:53 | my.wizardingworld.com | udp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| IE | 209.85.202.26:143 | aspmx.l.google.com | tcp |
| PL | 46.248.166.81:22 | taiwangun.com | tcp |
| PL | 46.248.166.81:21 | taiwangun.com | tcp |
| DE | 88.99.183.243:143 | www.cortapelosyplanchas.com | tcp |
| US | 54.71.61.241:22 | disneyplus.com | tcp |
| US | 104.22.76.85:443 | www.electrocosto.com | tcp |
| US | 54.71.61.241:21 | disneyplus.com | tcp |
| US | 8.8.8.8:53 | www.instant-gaming.com | udp |
| US | 8.8.8.8:53 | my.wizardingworld.com | udp |
| US | 104.16.239.7:22 | www.pccomponentes.com | tcp |
| IE | 209.85.202.26:465 | aspmx.l.google.com | tcp |
| US | 104.18.5.124:80 | www.instant-gaming.com | tcp |
| NZ | 122.56.56.210:995 | mail.mega.co.nz | tcp |
| US | 162.159.138.232:22 | discord.com | tcp |
| ES | 91.146.101.12:143 | mx2.loading.es | tcp |
| US | 8.8.8.8:53 | my.vidaa.com | udp |
| US | 8.8.8.8:53 | 169.247.47.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.76.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.56.14.185.in-addr.arpa | udp |
| US | 44.215.134.14:443 | na.account.amazon.com | tcp |
| PL | 46.248.166.81:443 | taiwangun.com | tcp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 54.71.61.241:443 | disneyplus.com | tcp |
| DE | 128.65.211.168:21 | survivetheark.com | tcp |
| ES | 185.14.56.254:143 | filtro.sendguardian.com | tcp |
| US | 104.16.239.7:21 | www.pccomponentes.com | tcp |
| US | 162.159.138.232:21 | discord.com | tcp |
| DE | 95.172.66.151:80 | iatsapp-gu19.avature.net | tcp |
| IE | 209.85.202.26:995 | aspmx.l.google.com | tcp |
| ES | 185.14.56.254:465 | filtro.sendguardian.com | tcp |
| ES | 91.146.101.12:465 | mx2.loading.es | tcp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| ES | 185.47.247.169:80 | fullmetal.es | tcp |
| US | 8.8.8.8:53 | 81.166.248.46.in-addr.arpa | udp |
| ES | 185.47.247.169:21 | fullmetal.es | tcp |
| DE | 88.99.183.243:443 | www.cortapelosyplanchas.com | tcp |
| US | 104.22.77.85:80 | www.electrocosto.com | tcp |
| DE | 95.172.66.151:80 | iatsapp-gu19.avature.net | tcp |
| DE | 128.65.211.168:22 | survivetheark.com | tcp |
| US | 8.8.8.8:53 | my.vidaa.com | udp |
| US | 54.218.188.255:22 | disneyplus.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 18.245.218.80:22 | my.wizardingworld.com | tcp |
| ES | 185.14.56.254:995 | filtro.sendguardian.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| US | 54.218.188.255:21 | disneyplus.com | tcp |
| ES | 91.146.101.12:995 | mx2.loading.es | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| US | 8.8.8.8:53 | synergym.provis.es | udp |
| US | 162.159.128.233:22 | discord.com | tcp |
| US | 44.215.134.14:22 | na.account.amazon.com | tcp |
| IE | 209.85.202.26:143 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | groannysoapblockedstiw.site | udp |
| ES | 185.47.247.169:80 | fullmetal.es | tcp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| GB | 18.245.218.80:21 | my.wizardingworld.com | tcp |
| DE | 128.65.211.168:443 | survivetheark.com | tcp |
| US | 8.8.8.8:53 | 12.101.146.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.61.71.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | synergym.provis.es | udp |
| US | 162.159.128.233:21 | discord.com | tcp |
| US | 44.215.134.14:21 | na.account.amazon.com | tcp |
| DE | 95.172.66.151:22 | iatsapp-gu19.avature.net | tcp |
| US | 104.16.238.7:22 | www.pccomponentes.com | tcp |
| DE | 95.172.66.151:21 | iatsapp-gu19.avature.net | tcp |
| GB | 18.245.218.63:22 | my.wizardingworld.com | tcp |
| DE | 95.172.66.151:143 | iatsapp-gu19.avature.net | tcp |
| ES | 213.4.140.7:22 | webmail.e.movistar.es | tcp |
| US | 104.16.238.7:21 | www.pccomponentes.com | tcp |
| IE | 209.85.202.26:465 | aspmx.l.google.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| ES | 217.61.210.12:995 | mx2.loading.es | tcp |
| DE | 88.99.183.243:80 | www.cortapelosyplanchas.com | tcp |
| DE | 88.99.183.243:443 | www.cortapelosyplanchas.com | tcp |
| PL | 46.248.166.81:80 | taiwangun.com | tcp |
| US | 54.71.61.241:80 | disneyplus.com | tcp |
| US | 8.8.8.8:53 | app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | www.disneyplus.com | udp |
| US | 104.47.59.138:143 | disneyplus-com.mail.protection.outlook.com | tcp |
| US | 104.47.59.138:465 | disneyplus-com.mail.protection.outlook.com | tcp |
| US | 104.22.77.85:22 | www.electrocosto.com | tcp |
| IE | 209.85.202.26:143 | aspmx.l.google.com | tcp |
| US | 44.215.119.102:22 | na.account.amazon.com | tcp |
| US | 44.215.134.14:465 | na.account.amazon.com | tcp |
| US | 172.67.156.169:443 | groannysoapblockedstiw.site | tcp |
| DE | 88.99.183.243:80 | www.cortapelosyplanchas.com | tcp |
| US | 104.22.77.85:21 | www.electrocosto.com | tcp |
| US | 8.8.8.8:53 | www.taiwangun.com | udp |
| US | 44.215.134.14:80 | na.account.amazon.com | tcp |
| GB | 18.245.218.80:443 | my.wizardingworld.com | tcp |
| GB | 18.245.218.63:21 | my.wizardingworld.com | tcp |
| US | 52.27.211.242:443 | my.vidaa.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 52.27.211.242:21 | my.vidaa.com | tcp |
| LU | 31.216.145.5:22 | mega.nz | tcp |
| US | 44.215.119.102:21 | na.account.amazon.com | tcp |
| US | 44.215.134.14:143 | na.account.amazon.com | tcp |
| US | 104.16.239.7:22 | www.pccomponentes.com | tcp |
| US | 104.18.5.124:443 | www.instant-gaming.com | tcp |
| IE | 209.85.202.26:143 | aspmx.l.google.com | tcp |
| US | 104.16.239.7:21 | www.pccomponentes.com | tcp |
| US | 44.215.134.14:995 | na.account.amazon.com | tcp |
| US | 104.22.77.85:80 | www.electrocosto.com | tcp |
| ES | 213.4.140.7:21 | webmail.e.movistar.es | tcp |
| DE | 95.172.66.151:465 | iatsapp-gu19.avature.net | tcp |
| IE | 209.85.202.26:995 | aspmx.l.google.com | tcp |
| PL | 46.248.166.81:21 | www.taiwangun.com | tcp |
| DE | 95.172.66.151:995 | iatsapp-gu19.avature.net | tcp |
| US | 104.47.59.138:995 | disneyplus-com.mail.protection.outlook.com | tcp |
| IE | 209.85.202.26:465 | aspmx.l.google.com | tcp |
| US | 104.47.66.10:465 | disneyplus-com.mail.protection.outlook.com | tcp |
| LU | 31.216.145.5:21 | mega.nz | tcp |
| US | 104.18.5.124:22 | www.instant-gaming.com | tcp |
| US | 104.18.5.124:21 | www.instant-gaming.com | tcp |
| US | 172.67.42.178:22 | www.electrocosto.com | tcp |
| US | 8.8.8.8:53 | app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | pruebadelasemanabepro.club.hotmart.com | udp |
| US | 44.215.119.102:465 | na.account.amazon.com | tcp |
| DE | 88.99.183.243:465 | www.cortapelosyplanchas.com | tcp |
| FR | 188.165.36.237:143 | mx1.mail.ovh.net | tcp |
| FR | 188.165.36.237:465 | mx1.mail.ovh.net | tcp |
| US | 172.67.42.178:21 | www.electrocosto.com | tcp |
| US | 44.230.204.75:21 | my.vidaa.com | tcp |
| ES | 213.4.140.7:80 | webmail.e.movistar.es | tcp |
| IE | 209.85.202.26:465 | aspmx.l.google.com | tcp |
| DE | 128.65.211.168:80 | survivetheark.com | tcp |
| GB | 18.245.218.80:143 | my.wizardingworld.com | tcp |
| DE | 88.99.183.243:222 | www.cortapelosyplanchas.com | tcp |
| LU | 31.216.144.5:22 | mega.nz | tcp |
| US | 44.215.119.102:143 | na.account.amazon.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| DE | 95.172.66.151:443 | iatsapp-gu19.avature.net | tcp |
| US | 44.215.119.102:995 | na.account.amazon.com | tcp |
| DE | 88.99.183.243:995 | www.cortapelosyplanchas.com | tcp |
| US | 8.8.8.8:53 | pruebadelasemanabepro.club.hotmart.com | udp |
| US | 8.8.8.8:53 | 168.211.65.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.infinityfree.net | udp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| IE | 209.85.202.26:995 | aspmx.l.google.com | tcp |
| US | 162.159.138.232:80 | discord.com | tcp |
| US | 104.47.66.10:995 | disneyplus-com.mail.protection.outlook.com | tcp |
| ES | 185.14.56.254:143 | filtro.sendguardian.com | tcp |
| US | 104.16.238.7:22 | www.pccomponentes.com | tcp |
| ES | 213.4.140.7:143 | webmail.e.movistar.es | tcp |
| LU | 31.216.144.5:21 | mega.nz | tcp |
| US | 104.18.4.124:22 | www.instant-gaming.com | tcp |
| US | 104.18.4.124:21 | www.instant-gaming.com | tcp |
| US | 44.215.134.14:80 | na.account.amazon.com | tcp |
| ES | 185.47.247.169:22 | fullmetal.es | tcp |
| FR | 141.94.194.153:21 | synergym.provis.es | tcp |
| US | 8.8.8.8:53 | 169.156.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.211.27.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.infinityfree.net | udp |
| US | 8.8.8.8:53 | sklum.com | udp |
| ES | 185.47.247.169:21 | fullmetal.es | tcp |
| IE | 209.85.202.26:995 | aspmx.l.google.com | tcp |
| FR | 188.165.36.237:995 | mx1.mail.ovh.net | tcp |
| ES | 213.4.140.7:465 | webmail.e.movistar.es | tcp |
| GB | 18.245.218.80:465 | my.wizardingworld.com | tcp |
| PL | 46.248.166.81:22 | www.taiwangun.com | tcp |
| US | 54.208.70.86:22 | app-vlc.hotmart.com | tcp |
| US | 52.27.211.242:143 | my.vidaa.com | tcp |
| ES | 185.47.247.169:443 | fullmetal.es | tcp |
| US | 162.159.138.232:80 | discord.com | tcp |
| US | 104.16.238.7:21 | www.pccomponentes.com | tcp |
| ES | 213.4.140.7:995 | webmail.e.movistar.es | tcp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| NZ | 122.56.56.210:143 | mail.mega.co.nz | tcp |
| ES | 185.14.56.254:465 | filtro.sendguardian.com | tcp |
| DE | 88.99.183.243:21 | www.cortapelosyplanchas.com | tcp |
| ES | 185.14.56.254:995 | filtro.sendguardian.com | tcp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| ES | 91.146.101.12:143 | mx2.loading.es | tcp |
| US | 104.18.5.124:80 | www.instant-gaming.com | tcp |
| FR | 141.94.194.153:443 | synergym.provis.es | tcp |
| US | 54.208.70.86:21 | app-vlc.hotmart.com | tcp |
| US | 54.71.61.241:22 | disneyplus.com | tcp |
| DE | 128.65.211.168:80 | survivetheark.com | tcp |
| GB | 18.245.218.80:995 | my.wizardingworld.com | tcp |
| US | 8.8.8.8:53 | sklum.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 52.27.211.242:80 | my.vidaa.com | tcp |
| GB | 18.245.218.80:80 | my.wizardingworld.com | tcp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| PL | 46.248.166.81:443 | www.taiwangun.com | tcp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 162.159.138.232:22 | discord.com | tcp |
| ES | 185.14.56.254:143 | filtro.sendguardian.com | tcp |
| IE | 209.85.202.26:995 | aspmx.l.google.com | tcp |
| GB | 184.85.50.109:443 | www.disneyplus.com | tcp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 8.8.8.8:53 | 153.194.94.141.in-addr.arpa | udp |
| US | 54.71.61.241:80 | disneyplus.com | tcp |
| NZ | 122.56.56.210:995 | mail.mega.co.nz | tcp |
| US | 54.208.70.86:443 | app-vlc.hotmart.com | tcp |
| PL | 46.248.166.81:80 | www.taiwangun.com | tcp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 104.22.76.85:443 | www.electrocosto.com | tcp |
| US | 104.18.4.124:443 | www.instant-gaming.com | tcp |
| US | 44.215.134.14:443 | na.account.amazon.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| ES | 213.4.140.7:80 | webmail.e.movistar.es | tcp |
| FR | 141.94.194.153:80 | synergym.provis.es | tcp |
| DE | 128.65.211.168:443 | survivetheark.com | tcp |
| DE | 128.65.211.168:80 | survivetheark.com | tcp |
| US | 8.8.8.8:53 | energiaxxi.com | udp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| DE | 95.172.66.151:80 | iatsapp-gu19.avature.net | tcp |
| US | 8.8.8.8:53 | 109.50.85.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.70.208.54.in-addr.arpa | udp |
| ES | 185.47.247.169:80 | fullmetal.es | tcp |
| DE | 88.99.183.243:80 | www.cortapelosyplanchas.com | tcp |
| US | 54.208.70.86:80 | app-vlc.hotmart.com | tcp |
| US | 8.8.8.8:53 | energiaxxi.com | udp |
| US | 8.8.8.8:53 | perfumerias.com | udp |
| US | 172.67.173.86:80 | tcp | |
| US | 8.8.8.8:53 | 124.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.one.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| GB | 18.245.218.111:995 | pruebadelasemanabepro.club.hotmart.com | tcp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | login.one.com | udp |
| US | 45.60.101.133:21 | energiaxxi.com | tcp |
| DE | 128.65.211.168:222 | survivetheark.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| PL | 46.248.166.81:80 | www.taiwangun.com | tcp |
| US | 8.8.8.8:53 | alt2.gmr-smtp-in.l.google.com | udp |
| US | 104.26.9.174:80 | app.infinityfree.net | tcp |
| US | 104.18.5.124:80 | www.instant-gaming.com | tcp |
| US | 104.22.77.85:80 | www.electrocosto.com | tcp |
| US | 45.60.101.133:443 | energiaxxi.com | tcp |
| US | 44.215.134.14:80 | na.account.amazon.com | tcp |
| GB | 18.245.218.80:443 | my.wizardingworld.com | tcp |
| GB | 18.245.218.111:80 | pruebadelasemanabepro.club.hotmart.com | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| FR | 141.94.194.153:443 | synergym.provis.es | tcp |
| US | 104.19.248.131:80 | sklum.com | tcp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | auth.discoveryplus.com | udp |
| US | 8.8.8.8:53 | mxb-0023ba01.gslb.pphosted.com | udp |
| DE | 128.65.211.168:80 | survivetheark.com | tcp |
| DE | 95.172.66.151:443 | iatsapp-gu19.avature.net | tcp |
| US | 162.159.138.232:80 | discord.com | tcp |
| DE | 88.99.183.243:443 | www.cortapelosyplanchas.com | tcp |
| US | 8.8.8.8:53 | login.elgiganten.dk | udp |
| US | 8.8.8.8:53 | auth.discoveryplus.com | udp |
| US | 8.8.8.8:53 | 133.101.60.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.9.26.104.in-addr.arpa | udp |
| US | 54.71.61.241:80 | disneyplus.com | tcp |
| IE | 54.247.69.169:80 | forms.qt.io | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| US | 8.8.8.8:53 | login.elgiganten.dk | udp |
| US | 8.8.8.8:53 | correo.perfumerias.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx1.mail.ovh.net | udp |
| US | 8.8.8.8:53 | pordede.com | udp |
| ES | 185.47.247.169:443 | fullmetal.es | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| US | 54.208.70.86:443 | app-vlc.hotmart.com | tcp |
| US | 8.8.8.8:53 | 111.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.248.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tonerpartner.de | udp |
| US | 8.8.8.8:53 | ftp.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | ftp.mercadona.avature.net | udp |
| US | 8.8.8.8:53 | ftp.pccomponentes.com | udp |
| US | 8.8.8.8:53 | ftp.electrocosto.com | udp |
| US | 8.8.8.8:53 | pordede.com | udp |
| US | 8.8.8.8:53 | na.account.amazon.com | udp |
| US | 8.8.8.8:53 | tonerpartner.de | udp |
| US | 8.8.8.8:53 | www.disneyplus.com | udp |
| US | 8.8.8.8:53 | www.sklum.com | udp |
| US | 8.8.8.8:53 | 169.69.247.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ftp.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | mx3.mail.ovh.net | udp |
| US | 8.8.8.8:53 | ftp.mega.nz | udp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| PL | 46.248.166.81:443 | www.taiwangun.com | tcp |
| US | 45.60.101.133:80 | energiaxxi.com | tcp |
| PL | 46.248.166.81:80 | www.taiwangun.com | tcp |
| US | 104.26.9.174:443 | app.infinityfree.net | tcp |
| US | 104.18.5.124:443 | www.instant-gaming.com | tcp |
| US | 104.22.76.85:443 | www.electrocosto.com | tcp |
| GB | 18.245.218.111:443 | pruebadelasemanabepro.club.hotmart.com | tcp |
| GB | 18.245.218.80:80 | my.wizardingworld.com | tcp |
| US | 52.27.211.242:80 | my.vidaa.com | tcp |
| US | 8.8.8.8:53 | abctoner.de | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | mail.cortapelosyplanchas.com | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 104.22.77.108:80 | perfumerias.com | tcp |
| DE | 128.65.211.168:443 | survivetheark.com | tcp |
| DE | 128.65.211.168:80 | survivetheark.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| DE | 95.172.66.151:80 | iatsapp-gu19.avature.net | tcp |
| US | 8.8.8.8:53 | ftp.instant-gaming.com | udp |
| US | 8.8.8.8:53 | pordede.com | udp |
| US | 8.8.8.8:53 | worrystitchsounddywuwp.site | udp |
| US | 188.114.97.2:443 | worrystitchsounddywuwp.site | tcp |
| US | 8.8.8.8:53 | abctoner.de | udp |
| DE | 88.99.183.243:80 | mail.cortapelosyplanchas.com | tcp |
| DE | 88.99.183.243:443 | mail.cortapelosyplanchas.com | tcp |
| US | 44.215.119.102:443 | na.account.amazon.com | tcp |
| GB | 184.85.50.109:443 | www.disneyplus.com | tcp |
| US | 104.16.10.76:443 | www.sklum.com | tcp |
| IE | 54.247.69.169:443 | forms.qt.io | tcp |
| US | 54.71.61.241:80 | disneyplus.com | tcp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| FR | 141.94.194.153:80 | synergym.provis.es | tcp |
| US | 8.8.8.8:53 | ftp.discord.com | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | mx1.loading.es | udp |
| US | 8.8.8.8:53 | ftp.survivetheark.com | udp |
| US | 8.8.8.8:53 | dash.infinityfree.com | udp |
| US | 8.8.8.8:53 | na.account.amazon.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | adobeid-na1.services.adobe.com | udp |
| DE | 88.99.183.243:443 | mail.cortapelosyplanchas.com | tcp |
| IT | 185.196.8.22:80 | cclbbll.net | tcp |
| DK | 46.30.212.97:80 | login.one.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| ES | 185.47.247.169:80 | fullmetal.es | tcp |
| US | 8.8.8.8:53 | app.plus500.com | udp |
| US | 8.8.8.8:53 | ftp.pccomponentes.com | udp |
| US | 8.8.8.8:53 | ftp.disneyplus.com | udp |
| US | 8.8.8.8:53 | mail.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | ftp.my.wizardingworld.com | udp |
| US | 8.8.8.8:53 | my.wizardingworld.com | udp |
| US | 8.8.8.8:53 | 108.77.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.10.16.104.in-addr.arpa | udp |
| GB | 18.244.114.85:80 | auth.discoveryplus.com | tcp |
| US | 54.208.70.86:80 | app-vlc.hotmart.com | tcp |
| US | 44.215.134.14:443 | na.account.amazon.com | tcp |
| US | 8.8.8.8:53 | ftp.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | ftp.mercadona.avature.net | udp |
| US | 8.8.8.8:53 | www.energiaxxi.com | udp |
| US | 8.8.8.8:53 | pordede.com | udp |
| US | 8.8.8.8:53 | app.plus500.com | udp |
| US | 8.8.8.8:53 | my.account.sony.com | udp |
| US | 8.8.8.8:53 | ftp.my.vidaa.com | udp |
| US | 8.8.8.8:53 | mail.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ssh.cortapelosyplanchas.com | udp |
| US | 8.8.8.8:53 | tonerpartner-de.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | ftp.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | ftp.mega.nz | udp |
| US | 8.8.8.8:53 | 97.212.30.46.in-addr.arpa | udp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| PL | 46.248.166.81:80 | www.taiwangun.com | tcp |
| US | 104.22.77.85:80 | www.electrocosto.com | tcp |
| US | 104.18.4.124:443 | www.instant-gaming.com | tcp |
| DE | 176.9.47.240:2023 | tcp | |
| ES | 213.4.140.7:80 | webmail.e.movistar.es | tcp |
| GB | 18.245.218.80:443 | my.wizardingworld.com | tcp |
| US | 8.8.8.8:53 | pordede.com | udp |
| US | 8.8.8.8:53 | my.account.sony.com | udp |
| US | 8.8.8.8:53 | stormtrading.dk | udp |
| US | 8.8.8.8:53 | abctoner-de.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | my.vidaa.com | udp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 8.8.8.8:53 | 85.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | synergym.provis.es | udp |
| US | 8.8.8.8:53 | stormtrading.dk | udp |
| US | 8.8.8.8:53 | ipsosisay.com | udp |
| US | 8.8.8.8:53 | mxb-0023ba01.gslb.pphosted.com | udp |
| DE | 95.172.66.151:443 | iatsapp-gu19.avature.net | tcp |
| DE | 128.65.211.168:80 | survivetheark.com | tcp |
| US | 162.159.138.232:80 | discord.com | tcp |
| IE | 20.190.159.64:80 | login.elgiganten.dk | tcp |
| US | 45.60.101.133:80 | energiaxxi.com | tcp |
| US | 8.8.8.8:53 | ftp.instant-gaming.com | udp |
| GB | 18.245.218.111:80 | pruebadelasemanabepro.club.hotmart.com | tcp |
| IE | 54.247.69.169:80 | forms.qt.io | tcp |
| US | 104.19.248.131:80 | sklum.com | tcp |
| US | 54.71.61.241:80 | disneyplus.com | tcp |
| DE | 18.66.2.54:80 | tonerpartner.de | tcp |
| US | 104.22.77.108:443 | perfumerias.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| FR | 141.94.194.153:443 | synergym.provis.es | tcp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | ftp.pruebadelasemanabepro.club.hotmart.com | udp |
| US | 8.8.8.8:53 | mail.my.vidaa.com | udp |
| US | 8.8.8.8:53 | ftp.app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | mail.my.wizardingworld.com | udp |
| US | 8.8.8.8:53 | ftp.discord.com | udp |
| US | 8.8.8.8:53 | pruebadelasemanabepro.club.hotmart.com | udp |
| US | 104.22.77.108:443 | perfumerias.com | tcp |
| US | 8.8.8.8:53 | mx1.mail.ovh.net | udp |
| US | 8.8.8.8:53 | app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | ftp.survivetheark.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | ssh.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ipsosisay.com | udp |
| US | 8.8.8.8:53 | home.ocp.de | udp |
| US | 8.8.8.8:53 | adobeid-na1.services.adobe.com | udp |
| US | 44.215.143.82:80 | na.account.amazon.com | tcp |
| US | 45.60.13.133:443 | www.energiaxxi.com | tcp |
| DK | 46.30.212.97:443 | login.one.com | tcp |
| US | 52.27.211.242:443 | my.vidaa.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ftp.pccomponentes.com | udp |
| US | 8.8.8.8:53 | ftp.disneyplus.com | udp |
| US | 8.8.8.8:53 | mail.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| PL | 46.248.166.81:443 | www.taiwangun.com | tcp |
| US | 8.8.8.8:53 | ssh.pccomponentes.com | udp |
| DE | 91.216.90.49:80 | abctoner.de | tcp |
| GB | 18.244.114.85:443 | auth.discoveryplus.com | tcp |
| US | 8.8.8.8:53 | stormtrading.dk | udp |
| US | 8.8.8.8:53 | home.ocp.de | udp |
| US | 8.8.8.8:53 | cursodefoto.club.hotmart.com | udp |
| ES | 185.47.247.169:80 | fullmetal.es | tcp |
| DE | 88.99.183.243:80 | mail.cortapelosyplanchas.com | tcp |
| US | 8.8.8.8:53 | ssh.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | ftp.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ssh.electrocosto.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | ftp.sklum.com | udp |
| US | 8.8.8.8:53 | ftp.mercadona.avature.net | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | ftp.fullmetal.es | udp |
| US | 8.8.8.8:53 | ssh.survivetheark.com | udp |
| US | 8.8.8.8:53 | pordede.com | udp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| US | 172.67.75.199:443 | dash.infinityfree.com | tcp |
| US | 104.22.77.85:80 | www.electrocosto.com | tcp |
| US | 104.18.5.124:80 | www.instant-gaming.com | tcp |
| US | 8.8.8.8:53 | ftp.app.infinityfree.net | udp |
| US | 8.8.8.8:53 | ssh.mega.nz | udp |
| US | 8.8.8.8:53 | mail.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ftp.my.vidaa.com | udp |
| US | 8.8.8.8:53 | mail.synergym.provis.es | udp |
| US | 8.8.8.8:53 | ssh.mercadona.avature.net | udp |
| US | 8.8.8.8:53 | tonerpartner-de.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 54.2.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.143.215.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.13.60.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | mx3.mail.ovh.net | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| IE | 18.200.206.88:80 | adobeid-na1.services.adobe.com | tcp |
| US | 8.8.8.8:53 | ftp.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | www.disneyplus.com | udp |
| US | 8.8.8.8:53 | pordede.com | udp |
| US | 8.8.8.8:53 | cursodefoto.club.hotmart.com | udp |
| DE | 95.172.66.151:80 | iatsapp-gu19.avature.net | tcp |
| US | 52.0.109.242:443 | app-vlc.hotmart.com | tcp |
| US | 8.8.8.8:53 | ftp.cortapelosyplanchas.com | udp |
| US | 8.8.8.8:53 | mail.app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | abctoner-de.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | my.account.sony.com | udp |
| US | 8.8.8.8:53 | stormtrading.dk | udp |
| US | 8.8.8.8:53 | ftp.mega.nz | udp |
| US | 8.8.8.8:53 | 49.90.216.91.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 152.195.53.173:80 | app.plus500.com | tcp |
| GB | 18.245.218.80:80 | my.wizardingworld.com | tcp |
| DE | 128.65.211.168:443 | survivetheark.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | ssh.disneyplus.com | udp |
| US | 8.8.8.8:53 | mxa.eu.mailgun.org | udp |
| US | 8.8.8.8:53 | accounts.binance.com | udp |
| US | 8.8.8.8:53 | herlev.bigbio.dk | udp |
| US | 8.8.8.8:53 | www.abctoner.de | udp |
| US | 8.8.8.8:53 | ssh.fullmetal.es | udp |
| US | 8.8.8.8:53 | na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ftp.instant-gaming.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | ftp.app-vlc.hotmart.com | udp |
| ES | 213.4.140.7:80 | webmail.e.movistar.es | tcp |
| US | 8.8.8.8:53 | ftp.forms.qt.io | udp |
| US | 8.8.8.8:53 | 199.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.206.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.109.0.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.discord.com | udp |
| US | 8.8.8.8:53 | ssh.my.vidaa.com | udp |
| US | 8.8.8.8:53 | mail.pruebadelasemanabepro.club.hotmart.com | udp |
| GB | 18.245.218.18:443 | mail.pruebadelasemanabepro.club.hotmart.com | tcp |
| IE | 63.32.161.232:443 | forms.qt.io | tcp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| DE | 18.66.2.54:443 | tonerpartner.de | tcp |
| US | 104.22.77.108:80 | perfumerias.com | tcp |
| US | 104.16.238.7:80 | www.pccomponentes.com | tcp |
| FR | 141.94.194.153:80 | synergym.provis.es | tcp |
| GB | 104.91.71.211:80 | my.account.sony.com | tcp |
| US | 8.8.8.8:53 | ssh.discord.com | udp |
| US | 8.8.8.8:53 | mx3.mail.ovh.net | udp |
| US | 8.8.8.8:53 | ftp.survivetheark.com | udp |
| US | 8.8.8.8:53 | ftp.energiaxxi.com | udp |
| US | 8.8.8.8:53 | ssh.instant-gaming.com | udp |
| US | 8.8.8.8:53 | ssh.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | herlev.bigbio.dk | udp |
| US | 8.8.8.8:53 | accounts.binance.com | udp |
| US | 8.8.8.8:53 | identity.protolabs.com | udp |
| US | 8.8.8.8:53 | stormtrading.dk | udp |
| US | 45.60.101.133:80 | energiaxxi.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssh.taiwangun.com | udp |
| US | 104.16.10.76:443 | www.sklum.com | tcp |
| US | 8.8.8.8:53 | ftp.pccomponentes.com | udp |
| US | 8.8.8.8:53 | ftp.disneyplus.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | mail.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | ftp.taiwangun.com | udp |
| DE | 88.99.183.243:443 | ftp.cortapelosyplanchas.com | tcp |
| GB | 18.244.114.85:80 | auth.discoveryplus.com | tcp |
| US | 44.215.134.14:443 | na.account.amazon.com | tcp |
| DK | 46.30.212.97:80 | login.one.com | tcp |
| US | 104.16.238.7:443 | www.pccomponentes.com | tcp |
| US | 8.8.8.8:53 | 173.53.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | correo.movistar.es | udp |
| US | 8.8.8.8:53 | identity.protolabs.com | udp |
| US | 8.8.8.8:53 | abctoner-de.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | auth.discoveryplus.com | udp |
| US | 8.8.8.8:53 | ssh.my.wizardingworld.com | udp |
| US | 8.8.8.8:53 | adobeid-na1.services.adobe.com | udp |
| US | 8.8.8.8:53 | mail.app.infinityfree.net | udp |
| US | 8.8.8.8:53 | ssh.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | ftp.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ftp.pccomponentes.com | udp |
| US | 8.8.8.8:53 | ssh.electrocosto.com | udp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | ftp.sklum.com | udp |
| US | 8.8.8.8:53 | ftp.mercadona.avature.net | udp |
| US | 8.8.8.8:53 | ssh.survivetheark.com | udp |
| US | 8.8.8.8:53 | pordede.com | udp |
| US | 8.8.8.8:53 | ssh.pccomponentes.com | udp |
| PL | 46.248.166.81:80 | www.taiwangun.com | tcp |
| US | 104.26.9.174:80 | app.infinityfree.net | tcp |
| DE | 52.29.107.195:80 | ipsosisay.com | tcp |
| IE | 18.200.206.88:443 | adobeid-na1.services.adobe.com | tcp |
| US | 8.8.8.8:53 | forms.qt.io | udp |
| US | 8.8.8.8:53 | ftp.app.infinityfree.net | udp |
| US | 8.8.8.8:53 | ssh.mega.nz | udp |
| US | 8.8.8.8:53 | ftp.my.vidaa.com | udp |
| US | 8.8.8.8:53 | mail.na.account.amazon.com | udp |
| US | 8.8.8.8:53 | ssh.cortapelosyplanchas.com | udp |
| US | 8.8.8.8:53 | ssh.mercadona.avature.net | udp |
| US | 8.8.8.8:53 | 18.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.161.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | disneyplus-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | tonerpartner-de.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | correo.movistar.es | udp |
| US | 8.8.8.8:53 | free.ntrglobal.com | udp |
| US | 8.8.8.8:53 | ftp.perfumerias.com | udp |
| US | 8.8.8.8:53 | ftp.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | mx3.mail.ovh.net | udp |
| US | 8.8.8.8:53 | www.tonerpartner.de | udp |
| US | 8.8.8.8:53 | mail.webmail.e.movistar.es | udp |
| US | 8.8.8.8:53 | ssh.synergym.provis.es | udp |
| US | 52.27.211.242:80 | my.vidaa.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | my.account.sony.com | udp |
| US | 8.8.8.8:53 | mail.app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | stormtrading.dk | udp |
| US | 8.8.8.8:53 | mail.forms.qt.io | udp |
| US | 8.8.8.8:53 | ssh.app.infinityfree.net | udp |
| US | 8.8.8.8:53 | free.ntrglobal.com | udp |
| US | 8.8.8.8:53 | autodoc.dk | udp |
| LU | 31.216.145.5:80 | mega.nz | tcp |
| US | 104.22.77.85:80 | www.electrocosto.com | tcp |
| US | 8.8.8.8:53 | ssh.disneyplus.com | udp |
| US | 8.8.8.8:53 | mxb-0023ba01.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | alt4.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | ssh.fullmetal.es | udp |
| US | 8.8.8.8:53 | ftp.auth.discoveryplus.com | udp |
| US | 8.8.8.8:53 | ftp.login.one.com | udp |
| US | 8.8.8.8:53 | ftp.instant-gaming.com | udp |
| GB | 35.214.73.136:80 | home.ocp.de | tcp |
| US | 152.195.53.173:443 | app.plus500.com | tcp |
| DE | 128.65.211.168:80 | survivetheark.com | tcp |
| US | 162.159.138.232:80 | discord.com | tcp |
| US | 52.0.109.242:80 | app-vlc.hotmart.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.energiaxxi.com | udp |
| US | 8.8.8.8:53 | ftp.app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | ftp.forms.qt.io | udp |
| US | 8.8.8.8:53 | mail.synergym.provis.es | udp |
| US | 8.8.8.8:53 | autodoc.dk | udp |
| US | 8.8.8.8:53 | free.ntrglobal.com | udp |
| US | 8.8.8.8:53 | fontawesome.com | udp |
| US | 8.8.8.8:53 | 195.107.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.discord.com | udp |
| US | 8.8.8.8:53 | ssh.my.vidaa.com | udp |
| US | 8.8.8.8:53 | ssh.discord.com | udp |
| IE | 63.32.161.232:80 | forms.qt.io | tcp |
| GB | 18.245.218.18:80 | mail.pruebadelasemanabepro.club.hotmart.com | tcp |
| GB | 18.245.218.111:80 | mail.pruebadelasemanabepro.club.hotmart.com | tcp |
| IE | 20.190.159.64:80 | login.microsoftonline.com | tcp |
| US | 54.71.61.241:80 | disneyplus.com | tcp |
| GB | 108.156.39.102:443 | www.tonerpartner.de | tcp |
| US | 104.19.248.131:80 | sklum.com | tcp |
Files
memory/4508-0-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-1-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-7-0x00007FF939730000-0x00007FF9399F9000-memory.dmp
memory/4508-6-0x00007FF939730000-0x00007FF9399F9000-memory.dmp
memory/4508-8-0x00007FF939730000-0x00007FF9399F9000-memory.dmp
memory/4508-10-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-11-0x00007FF900030000-0x00007FF900031000-memory.dmp
memory/4508-13-0x00007FF900000000-0x00007FF900002000-memory.dmp
memory/4508-12-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-9-0x00007FF93B800000-0x00007FF93B8BE000-memory.dmp
memory/4508-14-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-15-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-16-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-17-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-18-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-19-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-21-0x00007FF93BC90000-0x00007FF93BE85000-memory.dmp
memory/4508-20-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 8ef9853d1881c5fe4d681bfb31282a01 |
| SHA1 | a05609065520e4b4e553784c566430ad9736f19f |
| SHA256 | 9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2 |
| SHA512 | 5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005 |
memory/4508-29-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-31-0x00007FF939730000-0x00007FF9399F9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe
| MD5 | 229f190fde461a8fbd29a2a8939e274b |
| SHA1 | 7d23b9c01dc7f9cd351239a2cf6d32511da94422 |
| SHA256 | 0abb6cef77dc57604b01e0c7a33d50b35b192fd38526971c1c6fa0c5b3fe41d0 |
| SHA512 | 248bd965ac2d335622a7da925aff0b04ebe9b83bc7c070ccf9a34f8940de038b6a1457430fa84f59f677ac5434d8ae7c94ffdc93351ae90eb15c44d48007f4fc |
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
| MD5 | 792dc834c0fa425991d7b10fec9ea335 |
| SHA1 | 955dcee55ab19d2e4001e0eac7e38353e8015336 |
| SHA256 | 9426954c9dacec68c272ebb89d259ad83931681dc091e3b96ee36febffe940fa |
| SHA512 | 0814368d675745e797052c29fc3bf97625f40d7841da144800002307475e623f2a1767d7ea345897c15e9bdc2e3babe449747fa90cd0db0e53ed1d25e6bf33a7 |
memory/4508-47-0x00007FF939730000-0x00007FF9399F9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\TRxvP6k2DLxbkOQltmy86mTO.exe
| MD5 | 1ea0009f74cbfed9763433700c71006b |
| SHA1 | 2a446d6fea7c54a72df3553256dd753081ec3457 |
| SHA256 | 65cb1221dd6b24db8102d8ae218e4b98a1779954a9cf9224586cf73373d389b2 |
| SHA512 | cd6866cc2ec1937415f3e963ef8d3c76cabb77c714c5a0cbac6d75f5320e8f6f82ca4f6a05a1e93b2bacec7f59ce3d681b30c9155c6c5e50524be1b95b03bf30 |
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
| MD5 | 8f54086d44d1e3936f02adee1609e4a5 |
| SHA1 | f69e48ea28b7a72f2f22af781261dc9ce61280cc |
| SHA256 | 42c04c0cd5a9aab7c8264199ca90f90953ac6d129b7361dcc98394074a99ea85 |
| SHA512 | 2f21562d88757c24d4ee10ac06ba792a7eb53902c618c8354b40cc655259e09098feb76240bf8f32eac3bc43f1f686149b39c63f1080f258d6ef8019ff93f261 |
C:\Users\Admin\Documents\GuardFox\rRrc04Xdcp5_Y9B4gJcAPSTJ.exe
| MD5 | a5e0c536a0d2962923c1209d03a9d859 |
| SHA1 | 3834511b5f91c49a8cf25f3c0afa753232199462 |
| SHA256 | 12b7e196093520fc472de9abe7118629de065cffe98f0c5e0befbd4daf64d228 |
| SHA512 | 7b715c5431d06a21622d35f96efeff5b114e2f920d5b14671310ae2202308eb93e0b366aa4bc11b44cea903d0ee0b5f481df7a229da464aeb08fd70edfdad5d6 |
memory/4508-69-0x00007FF939730000-0x00007FF9399F9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\6e3wkNi96ZC51gzRyvUXvSEa.exe
| MD5 | 986ccd4c8b2686a84219b37eb940807c |
| SHA1 | 7782d7ba1f8b7e98fdb625fd9143b9df7b6c0bb9 |
| SHA256 | 3c384c46b050af0d75ac6c85ea0d038075b27900dd5bc8da737286f131224a80 |
| SHA512 | b61330247587443a8a690caeca66d7109a621e09fafcd622ce1f20b41a903b9ea1cf69c9f8dc50206f91b49386d60f77f63ed0c416df7df6b1970fe8dcab028b |
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
| MD5 | 327cef2c00e8b273b309d8071842c241 |
| SHA1 | 4bee3773667340b423b2e444757bda2e3e8057c2 |
| SHA256 | 01e2089c8b869e7793a14ea084af9bf4fc45bed580ebeca928517bb9d2694e0b |
| SHA512 | 89901e812f2b54b8bf6ed0b3437cdbc2c3fadc0a6176eb0afc7a9860c26dd673e59f1d5d76febe72e627754f8b105eb181eee0e0d7281bb9edafffe71750c687 |
C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe
| MD5 | 3b6eb258714065046f04cb6cc0b744c8 |
| SHA1 | 96d54cb68cba4ca6da5dab0efa172612cc174dee |
| SHA256 | bdbd70a2350ea453ce6248a5f33ea797c2df56b0f6af913ebcc36fd3c5fe0f75 |
| SHA512 | 0aed859f0f6260dcd5e14a496f90f54f1286543795fb85f2dc5e9155aac8c66e11451e16b59f73bbf1965e0209880721072997fabf1db43dc2dbdfdbcb05d917 |
C:\Users\Admin\Documents\GuardFox\KvABBpZd9vVU2h04a8TpLjgv.exe
| MD5 | 70141b83a83fc248fb846e90c7ca189c |
| SHA1 | c5d248abbcd3d945fba7c3ef8ae3fc5c808dd087 |
| SHA256 | f910be64ce86a5fe1c6b929ad53b81d4849ba7247129c3400525bfe72f9c4e01 |
| SHA512 | b44ec7533786eafd0ee85130b2d61f3ecb2fe147995b488fd572e26c4ca427c93f0417d7df96eec862aa3ee6009f96dff811021aa2b03613dfb726a8dfd662c5 |
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | 976a792b1bb6a59d12ab3cc9d7e0c37b |
| SHA1 | 994f7f1f7f01cfca2cddd82d1ff2f911bb507124 |
| SHA256 | c96b077096b93d2bd2b8a8e4968fcbd0f7db155b54b29b04c42267902ccd5c21 |
| SHA512 | 3262522af55f5ca23c51d2bb0c1bd7f622dbaa9801057eb11c7884297ef41f8c07cf9203df9844998cc81751306544b156cc522158fffbf268019959ed4c6166 |
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
| MD5 | 033e690e56263410db83a66d6b753eb8 |
| SHA1 | 4d12f60c7b28fbaea67fad6422acbb04aac382f0 |
| SHA256 | e261071078f02c0d5a28858577d0360996eb465230757cf7e5946fcb34076118 |
| SHA512 | a56510176ad10a9d4bbd14c86b7603391a55356f82273db6a988d60ab52ec4844fa2197bc6e75ae031f1b55b75c86e10ded1b8a62163cecf375cc959f840d1c1 |
memory/4508-117-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/4508-118-0x00007FF93BC90000-0x00007FF93BE85000-memory.dmp
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | c68bb0ae0a1e3ee99aa87095b7f2d42c |
| SHA1 | ebd0a07b369716174bb73e1f79c16c9a2a56e2e6 |
| SHA256 | c16ca345203284bfaace1ee56b4317e9a6f351d485aac4a4309f1ca76dce5c44 |
| SHA512 | 95a627f3284dcc0a0f30191e0b489273c7f8d769fe61c4f3022fe787ceb8355179256582598194eda4e99b2ca9f6503d4cd571bc4af0294fdc8fee30078c6d51 |
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
| MD5 | de3c3e7d34f9e57aed640d2053333f92 |
| SHA1 | 9191d82413e9c2f26b12907ffd4bc49f3a0e9428 |
| SHA256 | 463e685f28cb66967db5f26c76af931e4af1606e3749caf9b93160fca0835f88 |
| SHA512 | a74eafee8a78dc1c513dfe97e705c35149440513a436d2937a20706854bdacdc6858162e0facf8504d43d950cddc29644f3802e26a89b9760f5328b1f68c66d1 |
C:\Users\Admin\Documents\GuardFox\tyYrjDwdOStEpeugLtQYmkUx.exe
| MD5 | 67d04244808406b6ebb1da62114904a6 |
| SHA1 | 058cbaf8e6aeca6a5470b690f53608d4531538a0 |
| SHA256 | 3ec82d5c052c9f9258d8e99383391f2bb880b93862812566a63d3d7652d09dd8 |
| SHA512 | 66b8f940fb8481d0bf5af3aa1607e2ca5b4f4138b117b77de3fbf3bc80d4927058a335a9da9cecef70c1a3ae98b1b1c5829aa8c5919f36cf628cb343ce101e50 |
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | 455e07bb079d39adca63a76a54b1d777 |
| SHA1 | 9883ace37602178342a76619b3466b8baba8a563 |
| SHA256 | 206b6d6ed23805fbcdca5a2433cd7444328ae17764f772a4a97518d26372c33e |
| SHA512 | 662f83347f2252cc484be666bc42160594dab1b43ffba9e7f491b9dab059a979d0fb4552d696e7a4dcc8366f8d0a17ba842751af7ed52c3f05bbefd61197039c |
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | b04bf16a1793c58362b06224d938184d |
| SHA1 | 9b0a559a92bb2726b410f5cbc3d6505c585588c7 |
| SHA256 | 318f54899169da408e9ef9f4ab31167077bd06fe9a4f1af3c0f76092834c8b80 |
| SHA512 | 08678d17d67c4c523fe118bd14d424f650f4c3ce8fbb5035ff2a622d1aa705aed8ddeaf3ee6169d067b86dc0e5e2b4cbb025f1395aa8d779f3f5967225229dad |
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | ddb4f107c2fab86dd059390c75e48d33 |
| SHA1 | 194882796993fb7d4b4b07286bd6f544cc15e1fc |
| SHA256 | cf3980dd2c98353418c7f3663132ef09cb668ec5b761094dec970f3ce725d0ab |
| SHA512 | bcc4c6770f94b39a56eb4fc64cb3d1571e247fc9b6191c2cc4dddde09e57c39fbbd4d3f0b1069bf6e979d2e74a55c28a6abc33a9f34751ac76954d075b2a323d |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | 443dbbd679b13b11bc15d524edb50c03 |
| SHA1 | 571c1c4c6b9a2d5dce386017e5196008578d312c |
| SHA256 | 64b7d6c9278225a6d2b25ed7fa5125aa6bc1e45e08ec02b72fcc4dea2457ad07 |
| SHA512 | 8729369e229596f5083111d746668a8bab606b476ae6cdde1fb38f39686f3d36f48da56657fec890368ad08d51e3d24566ac328dc2c2c29c1d3e75be648d8be7 |
C:\Users\Admin\Documents\GuardFox\l2_CGlMH7JwfqPDXn_cA98Rd.exe
| MD5 | f562640e9e9dbb7cb9ca35f4f9e61e6a |
| SHA1 | 25a01c9d6ae062d13fa7c92259329fc822715c13 |
| SHA256 | c9bef92ec30a128133bfc4f052048d3c0c6357da015fef6f2ddfd9e0ec9304a7 |
| SHA512 | b6321f5fc4a023a7ff32f7ea3f14fd99801e563cdd26dc8d66f743425561e8da3af34af72d12752c57923bbb47135eb5e4480e0915e1dc7fc8039ddc828d8ab2 |
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | fab8e6575ac79faa76504ad1b2dd21b5 |
| SHA1 | 9d6cea310faf821dbcb80567f15c298d76e13909 |
| SHA256 | c668ffbe99a405d7e37a9920a187014975582fb1c4a95c0703c10948eb9edee0 |
| SHA512 | 04a3f5efb6727e3d0a148a17bbfc4b6c910cbabf603b864841253b5be405d3ce64ec472b968c9c649d31a3d2fe0079510bd3b797143b58837fe8cb0ba80100f3 |
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
| MD5 | 1c88a29907d4f007e1f3c33719cb8039 |
| SHA1 | aebd1fd91734ca71c710db3ff08abb8f08f74395 |
| SHA256 | 27d452bfbd2cfc38438a4105ef949ff75ad2d91317276deac241cc26d22247ad |
| SHA512 | 7edc5878b6d2ce71efcbf7bc47873f3029a2181dc03da91d0fc6b9336f72d5dd614654c85cf1d9780e7b9f544bd116a508e8a54508f3f8dc2c644f0c0744d56b |
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
| MD5 | 28fea8a1925f6d4fff3645dd58670210 |
| SHA1 | f063788a76c69deedd00d01f94cb1ca044c0fefe |
| SHA256 | c010df836f8a1b92d6d500e0af2f163ebca5e0f4446da6e9396130529a02a19d |
| SHA512 | bf76b75d019fd8d3f9bc9d30f7f10e2a9e6b042eef4c37a1df5a8018c850c1ba0669921f2957b6aff77873ddb7bd92f98a7bce2dd4273d9369c1d5106a298b45 |
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
| MD5 | 3206e8c443476e43d5aa9b7af98eca6c |
| SHA1 | 138aceb96f4bfbb9ca2762533b2fcddc85702e60 |
| SHA256 | c7bca650338539edb847d15afc2f6c82b1678ff3210c94020080e2d9b4d3743d |
| SHA512 | b97018a8c49fc3f7689dbb78f29e8cdbf794be044a645277d61a4c69df7e41b196073ee1a43c25b38abae218e36d03ed568d14fec64a33e540016cf9b09b9dff |
C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe
| MD5 | f2a87798cb2bd151713dd47512d486fb |
| SHA1 | 211f5106d7802723a0ea50de69a82c278d3be2b0 |
| SHA256 | 674fcd192e3ec10254ef0aca8a20fa7c89a90835a7861b69c4e846d7e360d1ba |
| SHA512 | 8454833cbea36b783b82b8c16faf5a06e3f2c86e03f07deff6b662ce956a8f2fda135a909543c9dc3459d566df651a86f2c96d8726053f2ceeea3e7c66fce839 |
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | ebbf563876fe1598940279f7c4ea68a5 |
| SHA1 | 9b6eff6d821e521b718d08619269cbc5e1318156 |
| SHA256 | 0d8e67adb31b8b37a918a4db40ed2e3d3feac65bbeb7d8d0a6505579d560a950 |
| SHA512 | f8f1e77d721b01d0d8e1e65f0102d9ccf3201b2a0cd887faa42c2a2a39e075629fadeb3a7e7970b223439b55c840def3af83d55a2079ea1f188ec31873b76c84 |
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | 73dcaeab26e039b53aee23015fbf3878 |
| SHA1 | a1b7ab501a288f690e29761dccfc240c54728128 |
| SHA256 | bfb2404e6d1bc57db7877d69e3ff4f0462c86d905d3350960e882aebe9da9b08 |
| SHA512 | c1e16d689036e1b8532d6f6e11a44b4e3a69495f747642db93906963f10875b8bb5bb52537cc9a6ee1d58c65e3760ef1d702d3c42ffc107606220c9a39de41d4 |
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | dec97543abcb647c4880ee7daf677f6f |
| SHA1 | b99c318e0c2d3cb1549d6fe930f06402baa4ec5c |
| SHA256 | da24b0901aa08512c39ca8f8b3ec568cd6b61704ea137ccfe8d7d74bc48e29e8 |
| SHA512 | 560cfbd306096290de318d996b1149419c958169cbfd45e7acc0452a9492f9de48d3af384b2bb058e802da3a09a263bca04a0005d88e4b0fe72df9bb691a8cdf |
C:\Users\Admin\Documents\GuardFox\VRToUOPy6tJYXA0XmB0UrwBT.exe
| MD5 | 9221094b91557445685029541d99a73a |
| SHA1 | 8468fc25f94f07c94600a9ec3491cae9f8a408e9 |
| SHA256 | 21caafc45d7930b8e05e148d55570e538bf0cd5306f6212d82e2be6cd066cc62 |
| SHA512 | 17280d3c4e13ea22625f6052af9dc34a61d2745c4e1a294db36cf49edd5ab3b09a6544ddb07392d304ef4a1df4384e169be8810f44f3f4b568033a49df159518 |
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | 4906d05833e6cdbca4df9beb1a3e282a |
| SHA1 | 81d8ee20dc7687d501818cb99c5183b330082db4 |
| SHA256 | 7810accd56c913eec56b75022b582d4b49ec22d37ebbea2ac0aafae7149a6fa7 |
| SHA512 | 9cb39889b53379c54f75e063f518cff36efe5ab08f11c432f953141e32938960d0a60ef613185ca4050746082766d51f125df6412c156683c9c2bd3eb7a50678 |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | c87159eceb9f191fe4dd12865a06c4ad |
| SHA1 | a7463e9cc2506f850102fac71e4a5b474e3febf8 |
| SHA256 | 6a6efd1f14a94dbfa90356e91b7d3c4849faf40cc5cd575eeac2d4538c12194d |
| SHA512 | 6f80790ab03949a4c29be21b28eb07c2650a598e65410ca00d52c9aa002b75afb39d0b46ba19fc36d4804a3d075330efb42d054c67f35fbe7d438e70d2957bde |
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
| MD5 | 69088aa66458aaf986ff014ad08dabfb |
| SHA1 | 366a6442290dc490e6f67c2ef7f9f1feb943a544 |
| SHA256 | 60f5a0811ba062f1c616c0e1b51acffa4609ad9d2389ac135ec3241a199c39a4 |
| SHA512 | 95a0ca3d760a9019403565da5f26d5bc8f9c30a1a12558f315a3f1499c9a85123af484a99e3269129a699d6311f6103c6b013af0af67d0bad3bacf47e1963afb |
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
| MD5 | a60a8597b04527769db56fb3bffffe70 |
| SHA1 | a457d77f5c459c6abd364c3fbbbc356c741f92d7 |
| SHA256 | 017c50bc96ed301428780a1dade5b052ada85c3edc09f43003f5d83278a16b16 |
| SHA512 | d49cf8111f71a3d4080f1a5619360aa874741c583c1cc6458398bf755865bb79211a4891a766783e5f1f1614cb965b0ced2a414302c047bbeff169b9b8112421 |
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
| MD5 | bf8718c388ce659d3cafb7f561910a1c |
| SHA1 | f20ec604ac0d001197fd7a1924c6fdaef5ea967f |
| SHA256 | 6e4691e2b1574343e6b6b868eb12e4a5ffec816ea22c4225da9c3b93bcf16f76 |
| SHA512 | 033f1dc3a58f66612137f68f6689bb4d1ef5f56e527343b361590e5e437a8e6c96b79a01cde5425585d9cbdfa36b073a7f079756e99af9220334026d9d7c7fca |
C:\Users\Admin\Documents\GuardFox\k8Oc9MWfMwLmrksVeis3BIeC.exe
| MD5 | 6565ece7f192353c8786788e2785486b |
| SHA1 | 145e38367c43499544b90c88e8cf6b0f3f0c55be |
| SHA256 | 2f1ae30d3c4c027b2a15c1d9978790bf4329f817aaac11739392783f6280268d |
| SHA512 | 188494c69e870a84b6285bf81955905f2a094b384659f219faaa879d31a51b2313cff1c390d23963c40dbf7d1512a03be05cda4c72b624320965458b88baf6cd |
memory/6196-716-0x0000000000DE0000-0x00000000012C3000-memory.dmp
memory/6212-720-0x0000000000400000-0x0000000000414000-memory.dmp
memory/6184-723-0x00000000004A0000-0x00000000004AB000-memory.dmp
memory/6184-726-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2012-728-0x0000000002140000-0x000000000215C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Y2gB6WVgAD7Zs_WKooOuvKGc.exe
| MD5 | 58700d236cc8a2a3b5ae030d1815fe37 |
| SHA1 | 8fa79900abe4ed24e4f27658e171f700d15905c2 |
| SHA256 | b48174d4aefc426e9a37dd4b4715d66748924a84cb3ac8951fb4ac6795319f30 |
| SHA512 | f101685ee0beebe65876e53962583636f5eabfd4046df0d76da6b8beb654bfe07826ba14fdc95cee51f1728a6b4d51be00c0bc1acc8ab00ca9b4c8fe1874a60a |
C:\Users\Admin\Documents\GuardFox\Wt3pRmD5mqNpEXXJTPS8UPiq.exe
| MD5 | 13b8fcc589e7f770ed031799b6ed056e |
| SHA1 | cc7c013b72cae5cb2e2cba9a9785da87875e1d69 |
| SHA256 | 31b60a0b8b9670a75f08b506d92ef37cd983a7312cdea2cdf1d1a0959409aed6 |
| SHA512 | f3e64e42e2eca6914847af9be883d8702801cf2c4fd73968b4212a836bb87ac328fc1da561fc24f7ef40d97fd0bf4ed847ad0bdba10a5b3ed2abf6da4f9c8ba2 |
memory/4508-281-0x00007FF900010000-0x00007FF900011000-memory.dmp
memory/3248-733-0x0000000002040000-0x000000000204B000-memory.dmp
memory/2012-732-0x0000000000400000-0x000000000062E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-5JFHM.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/6184-769-0x00000000004B0000-0x00000000005B0000-memory.dmp
memory/2012-789-0x00000000006B0000-0x00000000007B0000-memory.dmp
memory/3248-809-0x0000000000470000-0x0000000000570000-memory.dmp
memory/7020-832-0x00007FF7D6B90000-0x00007FF7D6E71000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | 6b1ae3f6f881dd2d92b71003f5cb7e59 |
| SHA1 | 7c80ee170c7d810828b348d3ac1048048632cef6 |
| SHA256 | 669d6b5116480ee2a41d671ef00501f99f7821c5daef1366f45c4f2c5f9aa373 |
| SHA512 | 5c72963532fe230006ed3a6645b3c1144facc712da7cc202d4bbbe4fb0e530fefb6d6d1e500f69d77cce01adee26757f700f24faf025bacb34bc66a3a5a03734 |
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
| MD5 | 72aa65ccede7769f41a4746b97e160b9 |
| SHA1 | 406b6c46c03ffc65e92bc636e1a5eaf65fd70978 |
| SHA256 | 149b70921daba6f00f1e81175c8c200156844919c475fa3b3faea2346bc91fa3 |
| SHA512 | bfedf95d0c5d790de09f671fe2b4ff043112f005ac799b9429324bb30e2fe63ef6f26b1b3062b68e178eda9e2a21d6c6e9094f3e389c84c74e70711962818fea |
memory/5000-894-0x0000000000CD0000-0x0000000000D52000-memory.dmp
memory/4508-898-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/6924-908-0x0000000002630000-0x000000000274B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
memory/4984-927-0x00000000055D0000-0x000000000566C000-memory.dmp
memory/5136-926-0x00000000050F0000-0x000000000533E000-memory.dmp
memory/5000-935-0x0000000005790000-0x000000000589A000-memory.dmp
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | e21a2dab85cb0618a7a43003cd04773d |
| SHA1 | 5de23b92452356259cfbf7cc78b9d7c43660cd14 |
| SHA256 | ac97dc133ba42aad16a7cae179d384651cf5ff3f3c90aa5f8e197b1be14445ea |
| SHA512 | f5e9e1633cfb31fe0a30d26f6d7647bf0c3542afbf9afe252e59dcf5414bfde07540fb36f17dd04f3d5b4476e46439fc528a9ca78954f2cdc11823bf9eb59783 |
memory/5000-930-0x00000000055E0000-0x00000000055F2000-memory.dmp
memory/648-929-0x0000000000100000-0x00000000010B3000-memory.dmp
memory/224-925-0x0000000004C30000-0x0000000004C9C000-memory.dmp
memory/5000-928-0x0000000005CA0000-0x00000000062B8000-memory.dmp
memory/492-924-0x0000000000400000-0x00000000008B0000-memory.dmp
memory/5136-923-0x00000000055A0000-0x0000000005B44000-memory.dmp
memory/504-922-0x0000000000400000-0x0000000000537000-memory.dmp
memory/6924-921-0x0000000000AFC000-0x0000000000B8E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 2da053826c773b89c973cb3dc6d98e62 |
| SHA1 | dc4ab3dec8d72acb78af7159c1b58826592adc6e |
| SHA256 | 4f3b013412bdfbc67a34a25bf97b656accb22cf0b93ac0778ab634d85781077a |
| SHA512 | e5f766de7135784c537fd532f0cd9f14b48cd8e9962b2c893591603a8152731a8879d90ef952054f162679cfa75253ba604b5131712eed5cb1615e6db5c10e82 |
C:\Users\Admin\AppData\Local\Temp\xt~BGG2g.cpl
| MD5 | 4faa24266a984f56cab47e395d9bf45a |
| SHA1 | 06d04ef62f0f20dc92553ee3a2a5b9898d7c0709 |
| SHA256 | 419bb0acfe89c4e674322035f8d3f5638a44f8b2b13fc53f5e7cfc7531e93e46 |
| SHA512 | c219ca11e5c22d847b0d06fda13feb84350ec5561f8f5384dfa20abd691607610a7b143ead54e5e3450cf652c5997778f0aa4444704b0668b8a9a805ce930be5 |
C:\ProgramData\IPTV Channel Browser 6.6\IPTV Channel Browser 6.6.exe
| MD5 | ac944150afd799d5978ca49f2840de7f |
| SHA1 | 9788046f125c9647b1530e76888ab1284c3bae0b |
| SHA256 | 45e3fa19c816b04ae1dd9e7c1dc8bb08f9c00bd7a7dc4979f7fd15f2c74177fd |
| SHA512 | 7435b6bdafbc3d93541c1ef41a29f012a7b46752bceeb4bbebf16e9956c4a75dd56c204231389673c33f62f9630d68fa5ec1bcb0641fded5a1ef75bdb85cc7a1 |
memory/492-907-0x0000000000400000-0x00000000008B0000-memory.dmp
memory/504-919-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | 66f6704b1b0620108d6953f16a7920a0 |
| SHA1 | c30e0e4f7ff2986748d53c60bd6af68cd0cfc783 |
| SHA256 | 17373e32c6f4c01b784c7a26a890c4c35697d42601f3dfd479c53b36ef899ea6 |
| SHA512 | 007c840a395e221ed3a1dd4fa3eec9317c6bfe6c1bc89e835dffbf72a380b8e56a8c4bd4a17579f2f4bae875a6fb6ca08802de138241cfd3cdce318814c23ccd |
memory/3768-939-0x00007FF93BE90000-0x00007FF93BE92000-memory.dmp
memory/6936-938-0x0000000002800000-0x0000000002801000-memory.dmp
memory/3452-934-0x0000000002AD0000-0x0000000002AE6000-memory.dmp
memory/224-936-0x0000000004C30000-0x0000000004C97000-memory.dmp
memory/5136-906-0x0000000005350000-0x00000000055A0000-memory.dmp
memory/504-905-0x0000000000400000-0x0000000000537000-memory.dmp
memory/224-903-0x0000000002220000-0x000000000228E000-memory.dmp
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | c097da6c152f5dfb6a095f847d4aaefb |
| SHA1 | 59958a341f7b76749e23a49fb79d1b744fd9cbf6 |
| SHA256 | 017c9f43606c7839018a8f8ea9cfc06893e40df6f9cea3a8eb860322f9e9e8ed |
| SHA512 | 856620acbe9611b0972dfe3c9bab365e8e3db73c0b218624f10194aa8b5e2a37a92bbfbbd28ead916ca7d0f6a53ea28bf913c4b13f6d5cfa87cf0125f306febe |
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | dbcf483166c654c59df31f57eec0cd75 |
| SHA1 | aa889e9ca2711a3913138f806e142cf250beace8 |
| SHA256 | 73364418e267e091987e6ec2812450f5c3186bb8397d9dbfdefd69198b1f3597 |
| SHA512 | 62f6c3aefc42c5e233413ea542ff2f8b17d1772f5a81d03dfe80c8a84760ace460e33fdbfc1af5f7152fe2f52d783b7417236cf351da870c5108752e1c6ce385 |
memory/4984-904-0x0000000000810000-0x0000000000CE2000-memory.dmp
C:\Users\Admin\Documents\GuardFox\aga0ZBPPiyBfj8yxuvpKeqM1.exe
| MD5 | 80bd725ff6813c69a0cbe99d8c9c602a |
| SHA1 | 78e11fdb3ba1f9cae0a408d20b7abc6480861da1 |
| SHA256 | 2c75abc5bf97b3da6c56c3c5ee7f895f67141ba3350c68a5bb64aaf66b0ade6b |
| SHA512 | a87664500f7192568580e59bbee896b705610678d28ddf91479b30db5474b72704d51bb99d46a99c9f6dce56f56890ac7d28de8fcb28f8c0f541352b24bb3ff7 |
memory/2004-890-0x0000000000680000-0x0000000000E56000-memory.dmp
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
| MD5 | fbd195598f46d1e51cf7a90e096a32ea |
| SHA1 | e46cdc0a27b9d54d4a962625c8ca87e55d5958bd |
| SHA256 | 7412a8586ed077ba0b3f66fa26e48e78406f945403a8af2b4f8da6305516ecd0 |
| SHA512 | e64e8820ad61f375a1f6c1ccd3643b30ce35a92db316e8c9ffc2b7ed9a74606d274f6487e13b852fc51dbef43554d5ce173eeb7b5dc11395f53f59ff228d0e26 |
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | 05c7a26431f50e41c8ade331e2f33b6a |
| SHA1 | 9d8337dce11da9df2114af1a8c0b9a9ca05dfa82 |
| SHA256 | 9ff4b1e09a890faecd5b2d788fa4c552a75608847265e445d2ef3010b89eb57b |
| SHA512 | 77b94c1b668dec08851f0ffb24efef340b8a45b4fb77043b905e57be521e6ed70c55d83dd4cfefbe90e2ec4212f837608cc395c5978c70d3ccb2cfa4187c3d24 |
C:\Users\Admin\Documents\GuardFox\ia_tzbAhqZfRSgiwG8aoaPva.exe
| MD5 | 70473c89c8516f2753ffa96e06f9ba84 |
| SHA1 | 1d5088de583e20f1f1c2b438ce7214e0384ac94e |
| SHA256 | 676fccb471690ad3c9cf349e9d5ced7acc69ac58e99ca27f689b51a04f732f50 |
| SHA512 | 272cf6f99e41dccf9ac0727b38ee96e83e78ad6e02823035b8ceabac10a95e5d3d88a68607761104220632fc10806b967ebf966a23a497e49f43c3c2425a055a |
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
| MD5 | 49d3774206893535034cae37fdcdd61c |
| SHA1 | baaf43ad231f1f2dde01b5d7c2ba38861bbea38f |
| SHA256 | 15b7561520a891cc3a4859007b05fb4107bb350955693e253a6aeee9156a6101 |
| SHA512 | e98430c6936ec3a6fa0b9b643007f9294a39df304e211bfbbb58c5f16e51519383b3ea13ff64546f3782c87b28a13fbf6610021f58dfaa0796770e024410c9bb |
C:\Users\Admin\Documents\GuardFox\9uGsrV2DGZqoBaxruu4xV8pu.exe
| MD5 | d2089ed2a175dfac72ac195bc2bdcbe0 |
| SHA1 | fef7c374122315bb2d6161d565530f8c482970ac |
| SHA256 | ab0016fcbdebf4a1d080cda9be9242164232f5a362cf8dffd62ea2d2fdfccef2 |
| SHA512 | 8291b3efd289a89081100be5d00728ff46b3fc2bec09267141c26205da52fb4d9bb81801a9ab18d4de166d4e67fbb27c4d0e534a99146d1264395c3fb7762bbc |
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 7c42e792d5012cee4782a062d4d59b29 |
| SHA1 | 816169834548b7ec863c0deddabddd83aa8cea63 |
| SHA256 | cbe208669d27bd32849f4c4ad66cefbf878509d57bd47310904f92826bc75b6b |
| SHA512 | 95650cef26d152f4f7a219c50466e6e3aedff675bf4609cc3e072b4151565280c1573b50bfb6aa04db86c07fa3a232482a4c35036c2de096f92a93561e084b1c |
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | fd9a8cdbaa4c8f8097dc1f44de6f40a8 |
| SHA1 | e3cf03f407f5d64d2f482158cf29eb1cba842ed3 |
| SHA256 | cd717863eb364e36763c7f4fd408d9e22ca2e9668cc283464e8753d8dd10a631 |
| SHA512 | 2785017ce3c160d393e357f467abb7ba010034523470f941ded66e0cedde93b08c2035012d5f8ac60e120b75c644dcbd93d77f48ce1180accbc9ba5575aa59ff |
C:\Users\Admin\Documents\GuardFox\tiqExpGOvQq6lbrCkhlAXL86.exe
| MD5 | 03d40fcfac25888d446ecbe5fbadad68 |
| SHA1 | b6027b4574c9407ba9d8f278bed694a5fc67cc4d |
| SHA256 | 7f0ce489379767c400b3be29451dd2db16ae12f2759d3494fe543a83839f42c2 |
| SHA512 | 3311a23b59a197e42184e34f94fcae16fc70bda4a0bd019807c8444ac6941caf15aacd1022b0423aa8dbcd16526bbe98ef127d0031d4c7953b468a68bbf33bc5 |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | 40afc252d2f2bde273f3fcf63566d373 |
| SHA1 | 0666ae9c0181ca93fe06e6e89f1a94e79fae69bf |
| SHA256 | 9718879ba8841f527a9a80f58ee80ca0c880a0f4148b069e49428f271c9f76a6 |
| SHA512 | 2f1242ea532648ef6725acc2404d6a96a912b720cd08bbbc67d30ef5174dc188ab3b9c343c3ebf88d7a66e2f07e8e8fb80bba256c3a6ae703bc6fb078ef47c40 |
C:\Users\Admin\Documents\GuardFox\Hf9bWyvvn7TAUhTbtdrKFwvm.exe
| MD5 | fdd4bb64816f7727d5589efb5ac82a59 |
| SHA1 | 42e5c1c663069c1a8f0f20f8810a316d5715607f |
| SHA256 | f7c041be54ffd3b95be6194d4187aa41202a273f6a808310f7455946b29031eb |
| SHA512 | 421ab267d74274288f7fe0d6bebb630a06c32e2737a540b3e8f3da08dd6be501324c009037025f4364a41a2a0e1a0b8eaa90b86f1f8e9ca1c5ce58cefb9e742d |
C:\Users\Admin\Documents\GuardFox\AGxxEa5wm07_lTfOmdPvQGZl.exe
| MD5 | 84312a6a3a83718ddb53fa1ed43e0971 |
| SHA1 | 3dae29b46819700a2c6ba0a533fe6c3d6199584c |
| SHA256 | bd12a3361d64d78aaa1f2af7a34410d34cec6113eaf9c1d110067f4d959bc050 |
| SHA512 | d18d8a75bc1a2924c2a7de744dbbfd89f15f87e9444a0ef163afe4896d7b2fb7d16573398a6b407715740c28649d5740795f7e0832a8e1517ad1ddeb2db09565 |
C:\Users\Admin\Documents\GuardFox\NtHviBmnemhC38r76hpEX5vn.exe
| MD5 | 898bdbc0f82ee988e3637fb24d3ee366 |
| SHA1 | e1295a99a9c348995ef229a4c50faf41c7abb47d |
| SHA256 | fd2ab855b939f6a3eec1ceffc65a40a6212711d6076402c7d89daa9e3ea33f19 |
| SHA512 | 635f42c94d19871d60729011d6eeafb61ca6575a55f00fe71074ea543c9b817a86b046cff6a8fbb1c7d734673b897e638766c04def1fd93315007c1604be58f4 |
memory/6616-841-0x0000000000620000-0x0000000000621000-memory.dmp
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | fd1967039b10011e590bc2f1fbcc3e29 |
| SHA1 | 863f2112d039ceb9dc97a7e0a4e407e18fe5d0a3 |
| SHA256 | 1a6253cd31586d41cf4ceed77606730e14a5e39e11631f4794a1a63fe674ee5f |
| SHA512 | 656830054245985cd64dd5005fdfda71edc530ea7e81a0ecf2953b75350a26dbd2fd50ffa47a05de0d790c53debfc2509341ad0ca1007109ba5fa3c352590006 |
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
| MD5 | b0c2c56cd9be58d896d59208ab38eb60 |
| SHA1 | 12da21513b9829246f6417ad71b69c1117289312 |
| SHA256 | 5292e696e5416ffa425605168391b78d863bc59c2f958261c76575270db52fcc |
| SHA512 | 1c7f006043ac22f77216f2311e2a034925c734d7ffe428944048f858c46b2c36cc263327a80972698f0225950793f4ba85ae56daa1166c04eb7da36516250c02 |
C:\Users\Admin\Documents\GuardFox\739WJwA1mbV8iD_nIXxofVhF.exe
| MD5 | 01996a803cfab02b4992e78bd38bd874 |
| SHA1 | f1b38b865a73bee3444a5090d64cefb64f701dbf |
| SHA256 | 77b7f3aaa7054ac3a547152c0dab4da8053abb1d3fb9ec67328e708853b59a23 |
| SHA512 | 9c5f48cacdd730c2df27da564a6622c9e5dec2c579703cf2006187f85d18590b3d08d90cc75a1d15fd13a08f1dc3bc8d0721b75e38386572581dfdffe9fbc452 |
C:\Users\Admin\Documents\GuardFox\3C5gSkdx_SyN1GSq9CyJ4xOS.exe
| MD5 | 047569891144007e4653e8f8b76fdbb2 |
| SHA1 | a7014041ee632df9cb840be9b19d6badc0d4da27 |
| SHA256 | a989fbd1b031a79ef5768bc999823de81030de9d77ca0877d38a976a7b0bfe36 |
| SHA512 | ce548274e02b3670ff95aefe4f276c73e083c86c652ea0e19818cea3701c6021c4ce718302e7780dd9308e552640526e903a5894147e5630e7351bb281fc95f8 |
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | 0c32137e3b58d2d0d8becca9654532ed |
| SHA1 | 81db1649fa27020931bb3eb3e8bbe6e99013c12b |
| SHA256 | ddf9d01e732184c048b31492f5442746b7305bb0b9830894f73e72dab04ac0c4 |
| SHA512 | d09a25a1c369e0266fb68d0b60adcd138c736aaad3bf16d2d60a0b0323c2c12a981d866cd827f03d665fe2fb09ce3de1304546b38fc11941cec1c52c0e370af6 |
C:\Users\Admin\Documents\GuardFox\D7WyBw1sWJmDWQQUB73CxN50.exe
| MD5 | bbbc68daafa7c3655b75f12aaaf190ad |
| SHA1 | c49478ee6f4395f14c3ec0575581207f9fb7de3b |
| SHA256 | 3cb7ee524843bb47956ec64a9fc66ada6fc08868e9bfbc32614d177ff9c0b9fd |
| SHA512 | ccee766af6816854e538c3061d8aa1d02c4877d7c0d7cb28505428f9e70c09065c7cccb8aab86bee156db488f3c0fdf6c4a6a51fe46fd9d8d9866d048dd0103f |
C:\Users\Admin\AppData\Local\Temp\is-5JFHM.tmp\_isetup\_isdecmp.dll
| MD5 | b6f11a0ab7715f570f45900a1fe84732 |
| SHA1 | 77b1201e535445af5ea94c1b03c0a1c34d67a77b |
| SHA256 | e47dd306a9854599f02bc1b07ca6dfbd5220f8a1352faa9616d1a327de0bbf67 |
| SHA512 | 78a757e67d21eb7cc95954df15e3eeff56113d6b40fb73f0c5f53304265cc52c79125d6f1b3655b64f9a411711b5b70f746080d708d7c222f4e65bad64b1b771 |
memory/6232-757-0x00007FF68A3B0000-0x00007FF68A402000-memory.dmp
memory/6184-943-0x0000000000400000-0x000000000043D000-memory.dmp
memory/224-940-0x0000000004C30000-0x0000000004C97000-memory.dmp
memory/3248-735-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-KFM59.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp
| MD5 | 5ee3c499731d88ad257ca35f5886fbcb |
| SHA1 | 38963ae01ec003e9ee942f6fbf2de86bd37677b3 |
| SHA256 | e40cf77b2bb677449aaf38d6d9da3a4fed63af6865d68f3e426450544bcbff19 |
| SHA512 | 3f8fdc3e9d5048230afb772106edbd9d55ffaa7cfb56041dc40684197b9da34f26505c5723a36055763e0a39bb004fb40b938c330e71b034a384bbc6960d768b |
C:\Users\Admin\AppData\Local\Temp\is-KFM59.tmp\k8Oc9MWfMwLmrksVeis3BIeC.tmp
| MD5 | 30bb4d9a28c346356dd7f14df10bacec |
| SHA1 | 6e0834108e2774cddae9ee05cec92c25438040a0 |
| SHA256 | 7011b4bb6d09d13ac1a951d304f7ca9938392b3d3fe0d7216c2a902eb4fded06 |
| SHA512 | 6d5311a05c30e7132df12fbd4f482a20bc57122c6a65f977ddfbddc2383e0427e6a8499f3fae812eb7a9f34beb90f31869b5edaacd4050f19db146dde3a226fd |
memory/3768-945-0x0000000140000000-0x0000000140876000-memory.dmp
memory/6936-944-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/5000-949-0x00000000721E0000-0x0000000072990000-memory.dmp
memory/5000-948-0x0000000005680000-0x00000000056BC000-memory.dmp
memory/2004-954-0x0000000075DA0000-0x0000000075E90000-memory.dmp
memory/224-953-0x0000000004C30000-0x0000000004C97000-memory.dmp
memory/4508-959-0x00007FF939730000-0x00007FF9399F9000-memory.dmp
memory/4508-950-0x00007FF7BAA50000-0x00007FF7BB49D000-memory.dmp
memory/2004-958-0x0000000075DA0000-0x0000000075E90000-memory.dmp
memory/5000-957-0x00000000056C0000-0x000000000570C000-memory.dmp
memory/4508-963-0x00007FF93B800000-0x00007FF93B8BE000-memory.dmp
memory/2004-962-0x0000000075DA0000-0x0000000075E90000-memory.dmp
memory/2004-961-0x0000000000680000-0x0000000000E56000-memory.dmp
memory/224-960-0x0000000004C30000-0x0000000004C97000-memory.dmp
memory/4988-967-0x0000000000400000-0x0000000000830000-memory.dmp
memory/4508-966-0x00007FF93BC90000-0x00007FF93BE85000-memory.dmp
memory/2012-965-0x0000000000400000-0x000000000062E000-memory.dmp
memory/224-968-0x0000000004C30000-0x0000000004C97000-memory.dmp
memory/648-971-0x0000000000100000-0x00000000010B3000-memory.dmp
memory/4180-976-0x0000000003A90000-0x0000000003A91000-memory.dmp
memory/4988-977-0x0000000000400000-0x0000000000830000-memory.dmp
memory/6212-980-0x0000000000400000-0x0000000000414000-memory.dmp
memory/6196-975-0x0000000000DE0000-0x00000000012C3000-memory.dmp
memory/2004-979-0x0000000005480000-0x0000000005512000-memory.dmp
memory/224-978-0x0000000004C30000-0x0000000004C97000-memory.dmp
memory/2004-987-0x0000000005400000-0x000000000540A000-memory.dmp
memory/6616-986-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4180-982-0x0000000000DF0000-0x0000000001737000-memory.dmp
memory/5000-1008-0x0000000005A20000-0x0000000005A86000-memory.dmp
memory/4576-1006-0x0000000000400000-0x00000000008B0000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/5136-1002-0x00000000721E0000-0x0000000072990000-memory.dmp
memory/2004-1001-0x0000000075DA0000-0x0000000075E90000-memory.dmp
memory/224-1020-0x00000000721E0000-0x0000000072990000-memory.dmp
memory/5000-1029-0x0000000005670000-0x0000000005680000-memory.dmp
memory/224-1032-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
memory/224-1036-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
memory/6936-1043-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/2004-1048-0x0000000075DA0000-0x0000000075E90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xt~BGG2g.cpl
| MD5 | a03dcb726495c91ead700e79b676f283 |
| SHA1 | 964ab81e467766051eaa529fe2e186c10cd14b38 |
| SHA256 | e04f467be6aff5a6617827bd5bdcdfc96a887441ae74cd3d1a4e0998a91ae2a4 |
| SHA512 | c817a5c51f3bc950e479e2212a2fddcbeb64750463559d9a7e07677a86a0fbc744c41080ca952375422d0e3f7e9d16d1c8408286b6b5b8d8fb7d881e8d198714 |
memory/2004-1051-0x0000000075DA0000-0x0000000075E90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xt~BGG2G.cpl
| MD5 | 483e679e539e7a078f2f4dc878625a01 |
| SHA1 | 36c0c7e76668cd6df8f675d9884a60f054ec352d |
| SHA256 | 815b8dd0041cb16460cb108867fb47ce49414f7077f98ad5aef6f527013cb615 |
| SHA512 | 7436813861f8e1bc8f0ddef10b2229e81407ea0c940cb5c7c4f2dc0934d231264a73f887b09f0ce101d4b8f1106175f0afd40658f32d4376ac8a4b045b452813 |
C:\Users\Admin\Documents\GuardFox\tNfy9CW94LglEEcNK47erB8F.exe
| MD5 | cb37c26ce8872fe84935f52484324620 |
| SHA1 | c5828a6db390a83e0f6cf9e4cdd6da584205b6bb |
| SHA256 | bdd4b7c77cc3279739ba05b5d62ba2b5b60cecba29e221bd595c812b29ffd11c |
| SHA512 | 31486dd52d09d78aca9793251388fdbbb7dfde86ffa307637d59d39868729706fa4693430da5a8fb32290c33d572aaab637f75948e1f48dae290d81198f2b687 |
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
| MD5 | 78d10bb40981e560f3cb530fb542f5a7 |
| SHA1 | 0f4c01e2042c20c6878039ace51af42c88a422ad |
| SHA256 | 52fb4e151ea55b4f54fb72392fe626f89b0583c520f60357a62db5bb08688bdb |
| SHA512 | 4b20b876dc356cb1a72a1eca9317691c7ab8e2afb0583857ec68ffbe6dec5d028b37bf047e57f67ff012dd3ac52d8908abfb731e35026edae44e07f619662482 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 63eec2df952410223d791ea40fdee427 |
| SHA1 | 195d131ddce3c89f9fc7d866db7cb54c3ada2ee7 |
| SHA256 | 765bc3f2774e5c691d2348923acefcdcffb94afeface331cccb1d8d6256c718e |
| SHA512 | 865b8b5264e64cb574fb28eecadf7547786a70841ef0c23ba42008b1b53018517c5daa128a2b5e42d253d0639514d5a84ad43ebc5a5554612ebd837d4eaf2262 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | f9211157c650009984f7ac633a0c5904 |
| SHA1 | e5ef5373501697d72d297d8c112dfb6062a27bff |
| SHA256 | b505ea08ed8b63d27ba831cf83570aa46da2d37795f09234465ac629bc20ecd0 |
| SHA512 | 622c1300dba5a6313e3367e0755efd5f349e1ad9f5c42b60606bad76e89737a426b28e1e9d4ce22b04ccbf1b1d30d3d170139d325acbf033338c92ac827e1f2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 5559a4c4b6e05f987e3e35f5f59b40ce |
| SHA1 | 3fb4b67a483973f9f1d9910d2982c0b550f38331 |
| SHA256 | cbf14d89c52447ca7f94d2014f3ba9c085e1115ae428f5abbc4fe8b830c0be6d |
| SHA512 | 20751c8347bc01527137fcd50985cef6bbc34d03816fc7c3b2eafc4ce5d81ca590e83953fc835ad0386b89c0e2d1082719286c1164680584449b4bcf8fb439ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | e3ee9f75cdbd88035d8e4b04407607dd |
| SHA1 | f4383d6b32b6caa0f673ee4dac28296f7c70d3bd |
| SHA256 | 6b210cbb074300f27a556aaea033cca931226e823c4d83a36a59b715d90ec5bb |
| SHA512 | e570f59901d8d45d393cd1bd906984d47e5c31f5647579ac8aa1fbc74bee07b067a1ba3e5eff1c98b705de80ba088ec63f7da7e779c6f0eb1f3ea880e67ddf06 |
C:\Users\Admin\Documents\GuardFox\6obBRn223UssXyvwqDdhsFtP.exe
| MD5 | d57a43425f87b6e6e1f9f98ebffc728a |
| SHA1 | 2f52c4aac28fdf21ae00e7ad0b90c2b325f9c3bc |
| SHA256 | ee0281e52129b7f60c808180664b68caf3bf0bcce976d9474bab175cde611ef5 |
| SHA512 | 45c08552cf1528f08a03cc3999223753288c1d6ecd026adf881f0554f82c69b114c53a001ab3ff4d77231f587bf841a082622d8baa6af2350ea9be22098c2f70 |
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe
| MD5 | 8c46b4d36b4a442e5ac5c4881c655340 |
| SHA1 | 22dbcc0f58fe95dd5726f3fdabcc1805029fdb61 |
| SHA256 | f70852961d34c930600c81813422a01cc4ce7d5c8e1f55672dbc14303873d6fc |
| SHA512 | 9c09f5049718a9c04b0b08f768b8cf2319e9a156d6b1539dea3220c6eab060f3b40507236e355b709651f341d9818fae5d0b43ab60e13d857e56ca13c890beec |
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
| MD5 | 92d3bc42d32f649ed1d2b87a91404252 |
| SHA1 | e91ccf375299896b67bb7300275bc85f6ec1753d |
| SHA256 | 4e7606d5a22149b11e79bb1231a811c7703d9e690f2de8c662a58463fbf7fdc4 |
| SHA512 | f4b9c95d3144f86a36cadcc99d0144188400e4d5bc057df089ffb44b2c4a27b442526777f6b52ee61539cd2471b83e7c646ec61cec7b557aedccc83e990aaa36 |
C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe
| MD5 | 6338cae6ca5f5a05adfee1db70c5b10c |
| SHA1 | 5db887aef883419db4765c0bd94e7c98a03f6600 |
| SHA256 | 167dd0af630ddad5ef9e51c15056b77f56cc88b77bbfdde76fb39d2adb4313fc |
| SHA512 | 7c5a8df7eb807d8173e38355db454b85f6b65ba693045f557543fe0896f7299e87ffa6be0e6d284176bcb028e465c1e5056a25f62b65e41c677b8d13776223a9 |
C:\Users\Admin\Documents\GuardFox\SKUiWMDUnhq3Hjkc1i2Qm7ac.exe
| MD5 | b9889394b98c073d805f7910a6746bdc |
| SHA1 | 323cf00e23aacdab1eda9860281df4b726030a17 |
| SHA256 | 758f66e4f02e8054ee839344f58b5d3f29ded07ad77a4df102e9c725bac066e2 |
| SHA512 | 813a3ac4d1e22f4304163c20a1202bd4b35a72b41c4dfd523841a1367cae3de86763d9973f5636c447716b2ea066b471572e36eb52f73e1f4fd5ad0f8f904e99 |
C:\Users\Admin\Documents\GuardFox\zSUTADYiJ044oXzMhz7cp8mm.exe
| MD5 | 25afdc849de90096faf591c57cbbc028 |
| SHA1 | f3b2324945ce5f1a0f56c122ecff11f1659d751b |
| SHA256 | 1371d526ef48a75bc8039d6e401e9fe2d8b3d393201778db2df2f958b6d62d61 |
| SHA512 | 4c5cf860a4e2bf5b38562ae7972d7a8dfde0412b211ca06bd463684bd8fa982c44934e9d7a0fcbf3b625411ec00255896e4b896c41c195c16502a90e9efc711d |
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 653f9a0e7453a87659950b1e65f95a14 |
| SHA1 | 4ee9f3386cd742f0f8dc439fb0dac4b4ccf3798f |
| SHA256 | a299505dee1f4ef0045efc8a59451ab6adaf6ac6080f661a798485aeb1513c1a |
| SHA512 | 2c8f8140fd1964585f180be41648fd7fb60bba427318ee6ddc2d2e51a72d52245606264e78f97678af75dffd5024ccfee80741a72785e5d658a4b458193bdf41 |
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
| MD5 | 9dba336c38daf9938450b84019a1b29a |
| SHA1 | b82a69527f1b1a7dd55528cc2ac236a05fd575b0 |
| SHA256 | 8fb75f1a31c8879daac6960b2155e27e693339fc7676d4c8a494fe73842f26a7 |
| SHA512 | 85fa04f10c6a44518ad09a44579c31cd93055c97f060b76ef4b3d4d3f5a9611400fe050164e0e47e88a569f0cccd276574cdefb5bbfdf074b137009d995b73ac |
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
| MD5 | eab26d56d72e5828a08a6d6c11ceff75 |
| SHA1 | 69b9db48e0b9b7fe69c82643e05fbada05d66d47 |
| SHA256 | 12792d7d9200267c210225a1be27cadc8056954ffa4dbccf18a42e93aee20697 |
| SHA512 | 0044ba3cc56e948352c003134126de688af2c9c6fed96430a429da723f120034df26eb40b11f414e8426de67a1212e4e4fd879b4e3563057c57b4e7480d00b79 |
C:\ProgramData\mozglue.dll
| MD5 | ed00fb30efe5596f88a104820bebad03 |
| SHA1 | c2988cb3c47b93a3270ba2a22c8d56f70915aa40 |
| SHA256 | 4608aaa15991558895aaf9589051eb43060acc816e41ad46d77a39ac81a01f42 |
| SHA512 | a39393856430bee71cf8336855f1a319267ac41cf51ff04a0a738df728b3a1dfa563a26cff2a40b7619814b690a99d30d1d8742db8432a176b3d8f6a5e2f9042 |
C:\Users\Admin\AppData\Local\Temp\nsi8D09.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | accd7e88e2fb9a6103c88ad651fd4a65 |
| SHA1 | a91b72b44af20d2ae7496b54ab23a78e683781d8 |
| SHA256 | d8e06cfcea74c45906ad0124f438ab049ca7c79960f3ead1fabd23cdd6918d12 |
| SHA512 | 2eaab8ac98fff13fc6f5317a5eeab89dbe8443c8ef4facfcf4071f9967d8a5b755ccb089db4b5529a5a27f9ef9f34762999d8c9147ad258a112cd9b56f6bc4a3 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xhioixpr.wxh.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 542357ab18199d348b6f602a8a3bf52c |
| SHA1 | 6f1b9b622a009444d027ce545f1a382ae7943a5a |
| SHA256 | 2ff0e2c8be416f80026be5cbc36a88d8cf46f4bb1660a24d9015fe442fd0d8f6 |
| SHA512 | 2c37661456fe2bb31f000708c7c9173c9e8f2b1f5c9a88c1d19e33d7d1613f96ccd886eafd1e0ca15f7908a704f868142bae7a7578c734e8dd1d0f1dfb59d53d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6efa1812e7819f6ff2bcf474824acf46 |
| SHA1 | bf58228e6816665705884a198172d65466cd47c6 |
| SHA256 | 165b4de6c9034dca351b349bfb6ded28b8db67d197a62f6f8a3a7976ede4a422 |
| SHA512 | 83870a2814facc892b8cffe9d10bd6a541f84e054b8a7f2062cb16f93d974f0ae04d0e2fd2456849c391cc9dbc8775b3825536e59599ad5bde46409ed2b7c401 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 6e21aea50883b2a1d25b6d3f8fa0cde2 |
| SHA1 | 3bd46ebe01247c10b3c2906482452ac94efa4cde |
| SHA256 | 52016136f82dda1b19801334ecb5f01d9d9e8f10dc8d5ca79677a4188f605f17 |
| SHA512 | 0f2f7307abbe99153bd24b80dfb05c524d92cd6559811a07284f7e5e304f7d58e714bba0967ecd87b7462ccd577a28c4c7accdb84b839c8ebbd6ec6670d89a49 |
C:\ProgramData\GIEHIDHJDBFIIECAKECBKJJKKE
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\ProgramData\BKKJKFBK
| MD5 | 9fee8c6cda7eb814654041fa591f6b79 |
| SHA1 | 10fe32a980a52fbc85b05c5bf762087fad09a560 |
| SHA256 | f61539118d4f62a6d89c0f8db022ee078a2f01606c8fff84605b53d76d887355 |
| SHA512 | 939047294ebfb118bc622084af8008299496076b6a40919b44c9c90c723ddda2d17f9b03d17b607b79f6a69ba4331153c6df2caf62260bf23e46c6cfe32613a8 |
C:\ProgramData\HDAKJDHI
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd0827971a6f3efbdb456c41dc1ef234 |
| SHA1 | 8fd52ad9b329ccc3f1037b87508ccd5aad6057aa |
| SHA256 | c3e8637d08bc8c3b31e62dc8517d72a08bda1e54c5f4c94eb5ba4c994baf40fd |
| SHA512 | b74e92be67e32a52296771bc86544e8b60667c64165c3e9ea20e9ad99f1b56d56e77f20b5f057735d07b6fc4f08abffe5bf5e4df9ea31baa2421f3663a3e3edf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | be452b357ee6d3f1a5c2bd2820531be3 |
| SHA1 | dc6aa88ee5d28968e26b1912c783809aab9f1e43 |
| SHA256 | 03d075bfaffa611dcf9cc28d3040a3ab6e288ce5b37b6c0de99983cf4eac8bd7 |
| SHA512 | b152f937ddd8c55aa1377c036e171ebfd021f2817f500f00a9faa619967f8f28d4d8c943fcaee8e9be67e24a43b08e743cce45178441bf867f2f4649cb91d652 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a4bf7ba92826eca093f4cb18f2537f79 |
| SHA1 | a8fc115a7c96a8bfcf512404e199ee9816acf095 |
| SHA256 | aa62768725757c13c6cfa5d1e6eacc45d648cc603fa156d693860bb1826f85cd |
| SHA512 | eeb7d1f8b979e22f4603118f3668a97ce2e86b28cb99735cf12216f33348ea592c273f09b4722faeb9e8a3927dde683b200390eef69abb361e6f0743ae828fc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ea0d.TMP
| MD5 | b48e06b49be8250bcf513dd2c29ba9b5 |
| SHA1 | 0874b39e95602d8c7bc1be5471fa31a95442ff7a |
| SHA256 | 31ecc583d63e2455bfc70fa90c6bcf1d265e94ddc8eaa10b10cc0033ab7921ef |
| SHA512 | d11697ed961f370c1409a4be774995e463cf436a6216d79618d733511b7b3cd39614462183e8b4c28f48cf45efbb21b326439b106785f228d07d1a480a08dd22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 37fee1843608b70b551b90f7411ef236 |
| SHA1 | 63246beb74beb50b21a9179c4919f233eb405a61 |
| SHA256 | 20a30136d6d7f250d6a409068c30f98c9dcc5e9c364930eb0a3aa58b00aebe0d |
| SHA512 | 0e81688cb80de635c234a4cf2c80236c51db5e42776cc57d9e5bf5ed2856d19b0165bbed4c659fb5de27b2d16687775060f93f7887bf552ac2e14b9cf3f8fb77 |
C:\ProgramData\nss3.dll
| MD5 | 33a9a29b8d63e20b8ac16b6f325c7dd8 |
| SHA1 | 5e5e4150c80b12a16487df356a8b11710419279a |
| SHA256 | f3d31f7f56bf056cac32b904f3ca88d0444567f6e9be2fb55030c7b53eae2d66 |
| SHA512 | b32d4eae8d474297d40816d92cd39e0b43e89fc002a548cc04594255663a44158bf111564111317bc5324b82591fd9ee74d9f09e1dc4b7a80360e6e37238c9bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 46a77b45e39dd9a6ffd0c8d3c76c4e78 |
| SHA1 | 53e8dc78166dda4de0d478f63fe131056ebb2ac2 |
| SHA256 | 7ad31f24e493a9b5e8267e1417da5c3ab4b9d64fea5044cbfc8ca504b86d08a5 |
| SHA512 | fe09fe7710212ef3c455fa73d77ef2658c2ad98fc2c80acd2599ddaa9a914d8d5ad391d1011be3f442d970342ec8088e2f136f9840ba41633ab7eff994021226 |
C:\ProgramData\PingWrite.txt
| MD5 | 116d676bfd93cb8e419fbc2bc5849593 |
| SHA1 | 98d0e9b0f83d8d190262640c1df0e4a3948133e8 |
| SHA256 | d2f705c58359c5b55eee05454944ded1a36cc307ac824b7ae829a09c9f982516 |
| SHA512 | 85675b901ed4842a6cebcd370bf6c7e2618d9e9c573de4839e3a42f00f0a4a1f7f55cb439b3f90200587d680319e67213fd2b2b4067e2003b09e11903d70f3ca |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | b94cc605031ec6a7eb04065182707eaf |
| SHA1 | 348b17a95de578a8c27f83e618730017a212caea |
| SHA256 | 7baed82fc2fb80b7fc6a1d6143eebb4a849c5ba2079ed6ad13de19fc58677b84 |
| SHA512 | 22b94bb0420ba492b3cd2b1189ed65f8d2b0bed87c158caa35b6a3c8fe6f4817478772eb9bf5eaf4693e868100220c74c5a118c33a65742300fb139494ec77a0 |
C:\Users\Admin\AppData\Local\Temp\tmp2786.tmp
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | f64ffa45f309223aa39f59164170f9f9 |
| SHA1 | b306bb85103cb4334c42582397757e9d9fa894fb |
| SHA256 | c5aa3b8f8e3771fcbcd0ca7f3beda4deec389d52a744635027eba10f43b30890 |
| SHA512 | 2da922f12cd6ce5020505c27eef5fc4adeacd019291a1875fea7f4b080ed652dd9ec351ee3fd3e97918671655b6b1799523efa726c54f32721149d1ca999fe57 |
C:\Users\Admin\AppData\Local\Temp\is-LT631.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | c7ad0bff3e8ba292eacf9eefe4e9bd96 |
| SHA1 | 4ae2f91f19f5ba40da2a69a09342e235dcc71c51 |
| SHA256 | e61c9607afdf47d5fe9a991e959233fd5817ab5e7d8de7342c92d17c11880cc3 |
| SHA512 | 8c1aec7ef50aeb243f3aeccaa68547c5de2ed6e2908bf47def162f08a3e58a99302f9962bd1d326db469f8ae13df07e03e1e9b6c9eb29936ffc4b1033c7ce85e |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | 6165d9702d3d6e2ca8380d56a715972c |
| SHA1 | dc1fa78e5c7b8e42875bdddd5dcf543f31cfdbe3 |
| SHA256 | a5bcedd4f799d603f2ea25c1a1a66ce6f82707c3730e1b8782096ee6ef3684c7 |
| SHA512 | 1ef42502d90ee8aab2a12073a4b54c65e4ce045823ba1f77f3b51d85ff46a63a80a8d0723ae0b2157624d5d1be35d67934d8c5c226513049e609cbfc86f89694 |
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |