Malware Analysis Report

2024-12-08 00:43

Sample ID 240125-t773csbgak
Target https://ivd580.com/CS2_(External_ESP_Cheat).zip?c=ANOJsmWQQwUAV10CAENaFwAGAAAAAACs
Tags
djvu redline risepro smokeloader stealc zgrat 24k logsdiller cloud (telegram: @logsdillabot) pub3 backdoor evasion infostealer persistence ransomware rat spyware stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://ivd580.com/CS2_(External_ESP_Cheat).zip?c=ANOJsmWQQwUAV10CAENaFwAGAAAAAACs was found to be: Known bad.

Malicious Activity Summary

djvu redline risepro smokeloader stealc zgrat 24k logsdiller cloud (telegram: @logsdillabot) pub3 backdoor evasion infostealer persistence ransomware rat spyware stealer themida trojan

ZGRat

RedLine payload

RisePro

Detected Djvu ransomware

Stealc

SmokeLoader

Detect ZGRat V1

RedLine

Djvu Ransomware

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Modifies Windows Firewall

Stops running service(s)

Creates new service(s)

Reads user/profile data of web browsers

Unexpected DNS network traffic destination

Checks BIOS information in registry

Executes dropped EXE

Themida packer

.NET Reactor proctector

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Launches sc.exe

Program crash

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-25 16:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-25 16:43

Reported

2024-01-25 17:03

Platform

win11-20231215-en

Max time kernel

75s

Max time network

859s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ivd580.com/CS2_(External_ESP_Cheat).zip?c=ANOJsmWQQwUAV10CAENaFwAGAAAAAACs

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A

Creates new service(s)

persistence

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 45.155.250.90 N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\ylbNv2I6pJRyyq2Z6jo0C555.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\670F.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\A592.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\nsz59C1.tmp
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\ajcrvse

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4052 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 3740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 4240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ivd580.com/CS2_(External_ESP_Cheat).zip?c=ANOJsmWQQwUAV10CAENaFwAGAAAAAACs

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9900b3cb8,0x7ff9900b3cc8,0x7ff9900b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\file_v1_3.rar"

C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Users\Admin\Documents\GuardFox\ssF8cX0XI8ScmLsPeAglNqQQ.exe

"C:\Users\Admin\Documents\GuardFox\ssF8cX0XI8ScmLsPeAglNqQQ.exe"

C:\Users\Admin\Documents\GuardFox\ylbNv2I6pJRyyq2Z6jo0C555.exe

"C:\Users\Admin\Documents\GuardFox\ylbNv2I6pJRyyq2Z6jo0C555.exe"

C:\Users\Admin\Documents\GuardFox\QvtP_jsUgsHtpp7F1y7gfce7.exe

"C:\Users\Admin\Documents\GuardFox\QvtP_jsUgsHtpp7F1y7gfce7.exe"

C:\Users\Admin\AppData\Local\Temp\is-LNM8H.tmp\H42iXnPOtFfxqvPtyRDtOu6I.tmp

"C:\Users\Admin\AppData\Local\Temp\is-LNM8H.tmp\H42iXnPOtFfxqvPtyRDtOu6I.tmp" /SL5="$80204,6359960,54272,C:\Users\Admin\Documents\GuardFox\H42iXnPOtFfxqvPtyRDtOu6I.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2836 -ip 2836

C:\Users\Admin\Documents\GuardFox\UFGeewl8pMJT1e_JpfAftPNt.exe

"C:\Users\Admin\Documents\GuardFox\UFGeewl8pMJT1e_JpfAftPNt.exe"

C:\Users\Admin\Documents\GuardFox\fCZZsmLsAh_Dkc9KhY1C66iK.exe

"C:\Users\Admin\Documents\GuardFox\fCZZsmLsAh_Dkc9KhY1C66iK.exe"

C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe

"C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe"

C:\Users\Admin\Documents\GuardFox\laq4ihVEVr3AvKvHmskKG7_C.exe

"C:\Users\Admin\Documents\GuardFox\laq4ihVEVr3AvKvHmskKG7_C.exe"

C:\Users\Admin\Documents\GuardFox\8xYeBNKZAHFl38iDOmFsxuAM.exe

"C:\Users\Admin\Documents\GuardFox\8xYeBNKZAHFl38iDOmFsxuAM.exe"

C:\Users\Admin\Documents\GuardFox\FgVemMkM_gYC9B2T5mKid_K2.exe

"C:\Users\Admin\Documents\GuardFox\FgVemMkM_gYC9B2T5mKid_K2.exe"

C:\Users\Admin\Documents\GuardFox\Et7zBTck9Arc0Y2KbphAmWVJ.exe

"C:\Users\Admin\Documents\GuardFox\Et7zBTck9Arc0Y2KbphAmWVJ.exe"

C:\Users\Admin\Documents\GuardFox\49wyDbmXdmLBnze98IVVbQvu.exe

"C:\Users\Admin\Documents\GuardFox\49wyDbmXdmLBnze98IVVbQvu.exe"

C:\Users\Admin\Documents\GuardFox\xbMD5qh1qln8RrgFzm3t8Q_u.exe

"C:\Users\Admin\Documents\GuardFox\xbMD5qh1qln8RrgFzm3t8Q_u.exe"

C:\Users\Admin\Documents\GuardFox\ZhaDcBby6zPadOq8C3wVe6CV.exe

"C:\Users\Admin\Documents\GuardFox\ZhaDcBby6zPadOq8C3wVe6CV.exe"

C:\Users\Admin\Documents\GuardFox\zjpIAqEfqs8ivfHLgVi2KsYc.exe

"C:\Users\Admin\Documents\GuardFox\zjpIAqEfqs8ivfHLgVi2KsYc.exe"

C:\Users\Admin\Documents\GuardFox\BQOSFGVriAy9AKInre_hAXN4.exe

"C:\Users\Admin\Documents\GuardFox\BQOSFGVriAy9AKInre_hAXN4.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 372

C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe

"C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe"

C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe

"C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe" -i

C:\Users\Admin\Documents\GuardFox\zEK0yRxdhqLQY1DTqtlcakBU.exe

"C:\Users\Admin\Documents\GuardFox\zEK0yRxdhqLQY1DTqtlcakBU.exe"

C:\Users\Admin\Documents\GuardFox\VnCu_qJVTVlY8tiAlWCcYJ7I.exe

"C:\Users\Admin\Documents\GuardFox\VnCu_qJVTVlY8tiAlWCcYJ7I.exe"

C:\Users\Admin\Documents\GuardFox\H42iXnPOtFfxqvPtyRDtOu6I.exe

"C:\Users\Admin\Documents\GuardFox\H42iXnPOtFfxqvPtyRDtOu6I.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5820 -ip 5820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe

"C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe" -s

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7450388866708983625,15952621292592545997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\Documents\GuardFox\y4yC_rPdDmdprPwTTD9davK9.exe

"C:\Users\Admin\Documents\GuardFox\y4yC_rPdDmdprPwTTD9davK9.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\RWIOEp.CPL",

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\RWIOEp.CPL",

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

"C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe"

C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe

"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN kSGpykg6DSXeK1IENdHMpVjL.exe /TR "C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe" /F

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\3389.exe

C:\Users\Admin\AppData\Local\Temp\3389.exe

C:\Users\Admin\AppData\Local\Temp\3389.exe

C:\Users\Admin\AppData\Local\Temp\3389.exe

C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\RWIOEp.CPL",

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 392

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\RWIOEp.CPL",

C:\Users\Admin\AppData\Local\Temp\4A2F.exe

C:\Users\Admin\AppData\Local\Temp\4A2F.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 396

C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe

"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3604 -ip 3604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 420

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3604 -ip 3604

C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 676

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5220 -ip 5220

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3604 -ip 3604

C:\Users\Admin\AppData\Local\Temp\nsz59C1.tmp

C:\Users\Admin\AppData\Local\Temp\nsz59C1.tmp

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 372

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5572 -ip 5572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 320

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 748

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff98ff69758,0x7ff98ff69768,0x7ff98ff69778

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 768

C:\Users\Admin\AppData\Local\Temp\670F.exe

C:\Users\Admin\AppData\Local\Temp\670F.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9900b3cb8,0x7ff9900b3cc8,0x7ff9900b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 3604 -ip 3604

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe

"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 776

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\ylbNv2I6pJRyyq2Z6jo0C555.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2000 -ip 2000

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,9021328556792048226,16394554489367339773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,9021328556792048226,16394554489367339773,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,9021328556792048226,16394554489367339773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1940,i,12215155624733907021,2662966028111712042,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9021328556792048226,16394554489367339773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1940,i,12215155624733907021,2662966028111712042,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9021328556792048226,16394554489367339773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1940,i,12215155624733907021,2662966028111712042,131072 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1940,i,12215155624733907021,2662966028111712042,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1940,i,12215155624733907021,2662966028111712042,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9021328556792048226,16394554489367339773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,9021328556792048226,16394554489367339773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 780

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 780

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 932

C:\Users\Admin\AppData\Local\Temp\8E9D.exe

C:\Users\Admin\AppData\Local\Temp\8E9D.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 924

C:\Users\Admin\AppData\Local\Temp\is-D6B7G.tmp\8E9D.tmp

"C:\Users\Admin\AppData\Local\Temp\is-D6B7G.tmp\8E9D.tmp" /SL5="$7032A,6135014,54272,C:\Users\Admin\AppData\Local\Temp\8E9D.exe"

C:\Users\Admin\Documents\GuardFox\qemu-ga.exe

"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 2360 -ip 2360

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 1084

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 652

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 768

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 916

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 884

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3604 -ip 3604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 728

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\99D9.exe

C:\Users\Admin\AppData\Local\Temp\99D9.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\A592.exe

C:\Users\Admin\AppData\Local\Temp\A592.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1788 -ip 1788

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 372

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\A9C9.exe

C:\Users\Admin\AppData\Local\Temp\A9C9.exe

C:\Users\Admin\AppData\Local\Temp\ACC8.exe

C:\Users\Admin\AppData\Local\Temp\ACC8.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\B70A.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\B70A.dll

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4212 -ip 4212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 232

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 384

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 672

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4212 -ip 4212

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 396

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 744

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7012 -ip 7012

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 1052

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 396

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4212 -ip 4212

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /im chrome.exe /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6280 -ip 6280

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 2556

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsz59C1.tmp" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7012 -ip 7012

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 1076

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 848

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4212 -ip 4212

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4212 -ip 4212

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "WSNKISKT"

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Users\Admin\AppData\Roaming\ajcrvse

C:\Users\Admin\AppData\Roaming\ajcrvse

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "WSNKISKT"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5732 -ip 5732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4212 -ip 4212

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4212 -ip 4212

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4212 -ip 4212

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4212 -ip 4212

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4212 -ip 4212

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 4212 -ip 4212

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4212 -ip 4212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4212 -ip 4212

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 4212 -ip 4212

Network

Country Destination Domain Proto
US 8.8.8.8:53 ivd580.com udp
US 188.114.97.2:443 ivd580.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
DE 77.105.147.130:80 77.105.147.130 tcp
US 172.67.75.163:443 api.myip.com tcp
US 34.117.186.192:443 ipinfo.io tcp
DE 77.105.147.130:80 77.105.147.130 tcp
US 8.8.8.8:53 medfioytrkdkcodlskeej.net udp
US 8.8.8.8:53 294self-limited.sbs udp
US 104.21.15.216:80 ok.spartabig.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
FI 109.107.182.40:80 109.107.182.40 tcp
AT 5.42.64.33:80 5.42.64.33 tcp
US 188.114.97.2:80 294self-limited.sbs tcp
US 188.114.97.2:80 294self-limited.sbs tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 188.114.97.2:443 294self-limited.sbs tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:443 medfioytrkdkcodlskeej.net tcp
MX 187.134.62.216:80 cczhk.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
MX 187.134.62.216:80 cczhk.com tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
NL 95.142.206.3:443 tcp
NL 95.142.206.2:443 tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
NL 95.142.206.3:443 tcp
NL 95.142.206.1:443 tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
NL 95.142.206.0:443 tcp
NL 95.142.206.1:443 tcp
HK 154.92.15.189:443 ji.alie3ksggg.com tcp
DE 185.172.128.24:80 185.172.128.24 tcp
GB 146.75.72.193:443 tcp
NL 45.15.156.229:80 45.15.156.229 tcp
RU 193.233.132.67:50505 tcp
DE 77.105.147.130:80 77.105.147.130 tcp
NL 45.15.156.60:12050 tcp
NL 45.15.156.229:80 tcp
RU 91.215.85.120:80 selebration17io.io tcp
NL 91.92.245.15:80 tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
US 172.67.75.163:443 api.myip.com tcp
US 34.117.186.192:443 ipinfo.io tcp
RU 87.240.132.72:443 vk.com tcp
DE 185.172.128.19:80 tcp
FR 91.121.160.6:9001 tcp
DE 185.172.128.109:80 185.172.128.109 tcp
DE 77.105.147.130:80 77.105.147.130 tcp
US 172.67.75.163:443 api.myip.com tcp
US 104.21.17.48:443 tcp
NL 195.20.16.46:80 tcp
DE 88.99.68.228:9001 tcp
RU 5.42.65.31:48396 tcp
DE 185.172.128.19:80 tcp
DE 159.69.27.103:9001 tcp
HK 154.92.15.189:443 ji.alie3ksggg.com tcp
US 172.67.173.86:80 tcp
DE 88.99.68.228:9001 tcp
DE 185.172.128.19:80 tcp
US 8.8.8.8:53 trmpc.com udp
DE 159.69.27.103:9001 tcp
MX 189.232.10.46:80 trmpc.com tcp
DE 185.172.128.79:80 185.172.128.79 tcp
US 188.114.96.2:443 pavementpreferencewjiao.site tcp
DE 138.201.125.92:15647 tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
DE 185.172.128.90:80 tcp
AT 5.42.64.33:80 tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
US 104.21.1.205:443 tcp
US 8.8.8.8:53 mixlr.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 54.72.168.179:22 mixlr.com tcp
IE 209.85.203.84:22 accounts.google.com tcp
IE 54.72.168.179:21 mixlr.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 54.72.168.179:443 mixlr.com tcp
IE 209.85.203.84:21 accounts.google.com tcp
GB 109.228.39.125:22 portal.yabatech.edu.ng tcp
GB 109.228.39.125:21 portal.yabatech.edu.ng tcp
US 188.114.97.2:443 pavementpreferencewjiao.site tcp
GB 3.9.234.235:21 events.crowdsense.ai tcp
GB 3.9.234.235:22 events.crowdsense.ai tcp
GB 109.228.39.125:443 portal.yabatech.edu.ng tcp
US 104.20.249.29:22 nairaland.com tcp
GB 3.9.234.235:443 events.crowdsense.ai tcp
US 104.16.216.241:22 login.arduino.cc tcp
US 104.20.249.29:21 nairaland.com tcp
GB 109.228.39.125:143 portal.yabatech.edu.ng tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
IE 209.85.203.27:465 aspmx.l.google.com tcp
NL 142.250.153.14:465 alt2.gmr-smtp-in.l.google.com tcp
NL 142.250.153.14:143 alt2.gmr-smtp-in.l.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.16.216.241:21 login.arduino.cc tcp
GB 159.65.55.83:22 blynk.cloud tcp
US 104.20.249.29:443 nairaland.com tcp
IE 34.241.144.232:22 mixlr.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 34.241.144.232:21 mixlr.com tcp
IE 209.85.203.27:143 aspmx.l.google.com tcp
GB 3.9.234.235:143 events.crowdsense.ai tcp
IE 54.72.168.179:80 mixlr.com tcp
NL 142.250.153.14:995 alt2.gmr-smtp-in.l.google.com tcp
IE 54.72.168.179:80 mixlr.com tcp
US 104.16.216.241:443 login.arduino.cc tcp
GB 159.65.55.83:21 blynk.cloud tcp
IE 209.85.203.27:995 aspmx.l.google.com tcp
US 104.20.249.29:80 nairaland.com tcp
GB 109.228.39.125:21 portal.yabatech.edu.ng tcp
GB 109.228.39.125:995 portal.yabatech.edu.ng tcp
GB 109.228.39.125:465 portal.yabatech.edu.ng tcp
GB 3.9.234.235:465 events.crowdsense.ai tcp
US 8.8.8.8:53 83.55.65.159.in-addr.arpa udp
US 162.159.205.19:143 route2.mx.cloudflare.net tcp
US 104.16.216.241:143 login.arduino.cc tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
GB 159.65.55.83:443 blynk.cloud tcp
US 104.21.83.138:443 paperambiguonusphoterew.site tcp
GB 18.169.144.79:21 events.crowdsense.ai tcp
US 50.28.59.161:22 dash.studentsearncash.co tcp
US 172.67.18.142:22 nairaland.com tcp
US 162.159.205.19:465 route2.mx.cloudflare.net tcp
IE 52.211.67.174:22 mixlr.com tcp
US 162.159.205.19:995 route2.mx.cloudflare.net tcp
US 172.67.18.142:21 nairaland.com tcp
IE 52.211.67.174:21 mixlr.com tcp
GB 18.169.144.79:22 events.crowdsense.ai tcp
IE 209.85.203.27:143 aspmx.l.google.com tcp
US 104.26.14.213:22 forum.mobilism.org tcp
US 104.26.14.213:21 forum.mobilism.org tcp
US 104.26.14.213:443 forum.mobilism.org tcp
US 45.63.12.217:22 school.wvbs.org tcp
US 104.16.217.241:22 login.arduino.cc tcp
GB 109.228.39.125:443 portal.yabatech.edu.ng tcp
GB 3.9.234.235:995 events.crowdsense.ai tcp
US 104.16.216.241:465 login.arduino.cc tcp
GB 3.9.234.235:80 events.crowdsense.ai tcp
US 104.16.216.241:80 login.arduino.cc tcp
GB 109.228.39.125:143 portal.yabatech.edu.ng tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.20.248.29:22 nairaland.com tcp
GB 18.169.144.79:143 events.crowdsense.ai tcp
US 50.28.59.161:443 dash.studentsearncash.co tcp
US 50.28.59.161:21 dash.studentsearncash.co tcp
US 172.67.18.142:443 nairaland.com tcp
US 199.192.21.225:21 hub360.com.ng tcp
US 199.192.21.225:22 hub360.com.ng tcp
US 104.16.217.241:21 login.arduino.cc tcp
US 104.20.248.29:21 nairaland.com tcp
US 104.26.14.213:143 forum.mobilism.org tcp
GB 3.9.234.235:80 events.crowdsense.ai tcp
GB 109.228.39.125:22 portal.yabatech.edu.ng tcp
GB 18.169.144.79:465 events.crowdsense.ai tcp
GB 109.228.39.125:21 portal.yabatech.edu.ng tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 54.72.168.179:443 mixlr.com tcp
IE 209.85.203.27:465 aspmx.l.google.com tcp
US 199.192.21.225:443 hub360.com.ng tcp
GB 159.65.55.83:80 blynk.cloud tcp
GB 159.65.55.83:22 blynk.cloud tcp
IE 54.72.168.179:443 mixlr.com tcp
US 104.16.217.241:143 login.arduino.cc tcp
GB 13.224.222.27:22 skills.shawacademy.com tcp
US 104.26.14.213:465 forum.mobilism.org tcp
US 104.16.216.241:80 login.arduino.cc tcp
US 104.26.14.213:80 forum.mobilism.org tcp
US 199.192.21.225:143 hub360.com.ng tcp
US 162.159.205.19:143 route2.mx.cloudflare.net tcp
US 104.26.15.213:22 forum.mobilism.org tcp
US 104.26.15.213:21 forum.mobilism.org tcp
IE 209.85.203.27:995 aspmx.l.google.com tcp
GB 13.224.222.27:443 skills.shawacademy.com tcp
GB 159.65.55.83:80 blynk.cloud tcp
US 147.182.180.139:143 mx156.hostedmxserver.com tcp
US 45.63.12.217:21 school.wvbs.org tcp
GB 109.228.39.125:443 portal.yabatech.edu.ng tcp
GB 13.224.222.27:21 skills.shawacademy.com tcp
US 45.63.12.217:443 school.wvbs.org tcp
US 162.159.205.19:465 route2.mx.cloudflare.net tcp
US 104.26.14.213:995 forum.mobilism.org tcp
US 147.182.180.139:465 mx156.hostedmxserver.com tcp
GB 18.169.144.79:995 events.crowdsense.ai tcp
US 104.16.217.241:465 login.arduino.cc tcp
US 173.239.5.6:22 h5.stepworkstime.com tcp
US 104.16.216.241:995 login.arduino.cc tcp
US 104.26.15.213:143 forum.mobilism.org tcp
US 173.239.5.6:21 h5.stepworkstime.com tcp
US 64.225.16.22:22 ny3.blynk.cloud tcp
US 199.192.21.225:465 hub360.com.ng tcp
US 172.67.18.142:443 nairaland.com tcp
US 162.159.205.19:995 route2.mx.cloudflare.net tcp
IE 54.72.168.179:22 mixlr.com tcp
US 50.28.59.161:80 dash.studentsearncash.co tcp
IE 54.72.168.179:21 mixlr.com tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
GB 3.9.234.235:443 events.crowdsense.ai tcp
GB 3.9.234.235:21 events.crowdsense.ai tcp
US 104.16.216.241:443 login.arduino.cc tcp
US 104.16.217.241:995 login.arduino.cc tcp
GB 13.224.222.126:22 skills.shawacademy.com tcp
GB 104.103.202.103:22 help.steampowered.com tcp
US 8.8.8.8:53 lon1.blynk.cloud udp
US 104.26.14.213:80 forum.mobilism.org tcp
GB 109.228.39.125:143 portal.yabatech.edu.ng tcp
US 104.26.15.213:465 forum.mobilism.org tcp
US 104.20.249.29:80 nairaland.com tcp
US 199.192.21.225:995 hub360.com.ng tcp
US 199.192.21.225:80 hub360.com.ng tcp
US 50.28.59.161:80 dash.studentsearncash.co tcp
US 45.63.12.217:143 school.wvbs.org tcp
US 173.239.5.6:143 h5.stepworkstime.com tcp
US 147.182.180.139:995 mx156.hostedmxserver.com tcp
US 104.20.249.29:22 nairaland.com tcp
IE 209.85.203.84:22 accounts.google.com tcp
GB 3.9.234.235:22 events.crowdsense.ai tcp
US 162.159.205.19:993 route2.mx.cloudflare.net tcp
IE 209.85.203.84:21 accounts.google.com tcp
US 104.16.216.241:21 login.arduino.cc tcp
IE 209.85.203.27:465 aspmx.l.google.com tcp
US 64.225.16.22:21 ny3.blynk.cloud tcp
GB 159.65.55.83:21 lon1.blynk.cloud tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 13.224.222.126:21 skills.shawacademy.com tcp
GB 104.103.202.103:21 help.steampowered.com tcp
US 104.20.249.29:21 nairaland.com tcp
GB 142.250.187.243:22 app.blokada.org tcp
IE 54.72.168.179:80 mixlr.com tcp
GB 13.224.222.27:80 skills.shawacademy.com tcp
US 104.26.15.213:995 forum.mobilism.org tcp
IE 34.241.144.232:22 mixlr.com tcp
DE 194.55.13.50:9001 tcp
NL 164.90.197.79:465 mx156.hostedmxserver.com tcp
US 173.239.5.6:443 h5.stepworkstime.com tcp
GB 3.9.234.235:143 events.crowdsense.ai tcp
IE 54.72.168.179:80 mixlr.com tcp
US 104.16.216.241:22 login.arduino.cc tcp
US 45.63.12.217:465 school.wvbs.org tcp
US 45.63.12.217:80 school.wvbs.org tcp
NL 142.250.153.14:143 alt2.gmr-smtp-in.l.google.com tcp
US 104.26.14.213:443 forum.mobilism.org tcp
NL 164.90.197.79:143 mx156.hostedmxserver.com tcp
US 173.239.8.164:21 h5.stepworkstime.com tcp
IE 209.85.203.27:143 aspmx.l.google.com tcp
GB 109.228.39.125:21 portal.yabatech.edu.ng tcp
GB 13.224.222.27:465 skills.shawacademy.com tcp
GB 13.224.222.27:80 skills.shawacademy.com tcp
US 64.225.16.22:443 ny3.blynk.cloud tcp
GB 13.224.222.27:143 skills.shawacademy.com tcp
GB 159.65.55.83:443 lon1.blynk.cloud tcp
IE 52.211.67.174:22 mixlr.com tcp
US 173.239.8.164:22 h5.stepworkstime.com tcp
NL 164.90.197.162:465 mx156.hostedmxserver.com tcp
IE 34.241.144.232:21 mixlr.com tcp
US 173.239.8.164:143 h5.stepworkstime.com tcp
NL 164.90.197.105:465 mx156.hostedmxserver.com tcp
NL 164.90.197.143:465 mx156.hostedmxserver.com tcp
GB 18.169.144.79:21 events.crowdsense.ai tcp
US 147.182.130.78:465 mx156.hostedmxserver.com tcp
US 147.182.160.18:465 mx156.hostedmxserver.com tcp
US 104.16.217.241:21 login.arduino.cc tcp
GB 18.169.144.79:143 events.crowdsense.ai tcp
IE 209.85.203.27:995 aspmx.l.google.com tcp
US 104.16.217.241:22 login.arduino.cc tcp
US 45.63.12.217:22 school.wvbs.org tcp
US 104.16.216.241:143 login.arduino.cc tcp
GB 3.9.234.235:465 events.crowdsense.ai tcp
US 45.63.12.217:995 school.wvbs.org tcp
GB 13.224.222.126:143 skills.shawacademy.com tcp
GB 3.9.234.235:80 events.crowdsense.ai tcp
GB 142.250.187.243:443 app.blokada.org tcp
US 172.67.18.142:22 nairaland.com tcp
GB 142.250.187.243:21 app.blokada.org tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
US 104.26.14.213:22 forum.mobilism.org tcp
GB 18.169.144.79:22 events.crowdsense.ai tcp
US 162.159.136.232:22 discord.com tcp
GB 13.224.222.126:465 skills.shawacademy.com tcp
US 8.8.8.8:53 anilist.co udp
US 172.67.18.142:21 nairaland.com tcp
GB 13.224.222.47:143 skills.shawacademy.com tcp
US 74.206.228.78:143 h5.stepworkstime.com tcp
GB 104.103.202.103:143 help.steampowered.com tcp
US 104.16.216.241:465 login.arduino.cc tcp
GB 13.224.222.123:143 skills.shawacademy.com tcp
US 199.192.21.225:143 hub360.com.ng tcp
GB 109.228.39.125:465 portal.yabatech.edu.ng tcp
US 64.225.16.22:143 ny3.blynk.cloud tcp
NL 142.250.153.14:995 alt2.gmr-smtp-in.l.google.com tcp
US 162.159.205.19:587 route2.mx.cloudflare.net tcp
GB 159.65.55.83:22 lon1.blynk.cloud tcp
NL 142.250.153.14:465 alt2.gmr-smtp-in.l.google.com tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
US 104.26.14.213:21 forum.mobilism.org tcp
US 50.28.59.161:22 dash.studentsearncash.co tcp
US 147.135.64.217:443 tcp
US 104.16.217.241:143 login.arduino.cc tcp
GB 3.9.234.235:80 events.crowdsense.ai tcp
GB 13.224.222.47:465 skills.shawacademy.com tcp
US 104.26.14.213:143 forum.mobilism.org tcp
US 199.192.21.225:80 hub360.com.ng tcp
CA 199.58.81.140:443 tcp
GB 109.228.39.125:995 portal.yabatech.edu.ng tcp
US 104.20.249.29:80 nairaland.com tcp
US 173.239.5.6:465 h5.stepworkstime.com tcp
US 173.239.5.6:80 h5.stepworkstime.com tcp
US 45.63.12.217:80 school.wvbs.org tcp
GB 109.228.39.125:443 portal.yabatech.edu.ng tcp
GB 13.224.222.27:995 skills.shawacademy.com tcp
US 50.28.59.161:21 dash.studentsearncash.co tcp
GB 18.169.144.79:465 events.crowdsense.ai tcp
GB 3.9.234.235:995 events.crowdsense.ai tcp
NL 164.90.197.79:995 mx156.hostedmxserver.com tcp
GB 13.224.222.123:465 skills.shawacademy.com tcp
US 162.159.136.232:21 discord.com tcp
US 104.26.15.71:22 anilist.co tcp
GB 109.228.39.125:222 portal.yabatech.edu.ng tcp
US 8.8.8.8:53 students.kuccps.net udp
GB 109.228.39.125:993 portal.yabatech.edu.ng tcp
US 199.192.21.225:22 hub360.com.ng tcp
US 64.225.16.22:22 ny3.blynk.cloud tcp
US 162.159.128.233:22 discord.com tcp
GB 104.103.202.103:465 help.steampowered.com tcp
US 104.26.15.213:21 forum.mobilism.org tcp
GB 13.224.222.27:22 skills.shawacademy.com tcp
IE 209.85.203.27:465 aspmx.l.google.com tcp
US 162.159.205.19:110 route2.mx.cloudflare.net tcp
US 104.16.217.241:465 login.arduino.cc tcp
US 173.239.5.6:995 h5.stepworkstime.com tcp
US 8.8.8.8:53 243.187.250.142.in-addr.arpa udp
DE 64.190.63.136:80 ww1.studentsearncash.co tcp
US 50.28.59.161:80 dash.studentsearncash.co tcp
US 173.239.8.164:465 h5.stepworkstime.com tcp
GB 13.224.222.126:995 skills.shawacademy.com tcp
GB 18.169.144.79:995 events.crowdsense.ai tcp
IE 209.85.203.27:143 aspmx.l.google.com tcp
US 104.26.15.213:22 forum.mobilism.org tcp
US 104.26.15.213:143 forum.mobilism.org tcp
US 173.239.5.6:22 h5.stepworkstime.com tcp
US 8.8.8.8:53 students.kuccps.net udp
US 8.8.8.8:53 pakrail.gov.pk udp
US 162.159.138.232:22 discord.com tcp
US 172.67.71.232:22 anilist.co tcp
US 162.159.128.233:21 discord.com tcp
US 199.192.21.225:21 hub360.com.ng tcp
US 64.225.16.22:465 ny3.blynk.cloud tcp
US 199.192.21.225:80 hub360.com.ng tcp
GB 142.250.187.243:143 app.blokada.org tcp
US 104.16.216.241:80 login.arduino.cc tcp
IE 209.85.203.27:995 aspmx.l.google.com tcp
US 162.159.135.232:22 discord.com tcp
US 104.16.216.241:995 login.arduino.cc tcp
US 147.182.180.139:465 mx156.hostedmxserver.com tcp
US 104.26.14.213:465 forum.mobilism.org tcp
US 173.239.8.164:995 h5.stepworkstime.com tcp
US 104.16.216.241:80 login.arduino.cc tcp
US 50.28.59.161:80 dash.studentsearncash.co tcp
US 162.159.205.19:993 route2.mx.cloudflare.net tcp
GB 13.224.222.27:443 skills.shawacademy.com tcp
US 162.159.137.232:22 discord.com tcp
US 172.67.71.168:143 forum.mobilism.org tcp
GB 13.224.222.126:22 skills.shawacademy.com tcp
GB 109.228.39.125:21 portal.yabatech.edu.ng tcp
US 104.26.14.71:22 anilist.co tcp
US 162.159.138.232:21 discord.com tcp
US 104.26.14.213:80 forum.mobilism.org tcp
US 104.26.15.71:21 anilist.co tcp
US 162.159.136.232:443 discord.com tcp
IE 54.72.168.179:222 mixlr.com tcp
US 64.225.16.22:80 ny3.blynk.cloud tcp
US 104.16.217.241:995 login.arduino.cc tcp
GB 104.103.202.103:995 help.steampowered.com tcp
KE 197.136.130.6:22 students.kuccps.net tcp
US 173.239.8.164:22 h5.stepworkstime.com tcp
GB 142.250.187.243:995 app.blokada.org tcp
GB 13.224.222.47:22 skills.shawacademy.com tcp
US 162.159.135.232:21 discord.com tcp
GB 104.103.202.103:80 help.steampowered.com tcp
GB 104.103.202.103:80 help.steampowered.com tcp
US 162.159.137.232:21 discord.com tcp
GB 13.224.222.27:21 skills.shawacademy.com tcp
US 64.225.16.22:995 ny3.blynk.cloud tcp
US 64.225.16.22:80 ny3.blynk.cloud tcp
GB 142.250.187.243:465 app.blokada.org tcp
GB 13.224.222.123:22 skills.shawacademy.com tcp
GB 142.250.187.243:80 app.blokada.org tcp
GB 159.65.55.83:990 lon1.blynk.cloud tcp
US 147.182.180.139:143 mx156.hostedmxserver.com tcp
US 173.239.5.6:143 h5.stepworkstime.com tcp
NL 164.90.197.79:465 mx156.hostedmxserver.com tcp
US 45.63.12.217:443 school.wvbs.org tcp
GB 159.65.55.83:80 lon1.blynk.cloud tcp
US 74.206.228.78:22 h5.stepworkstime.com tcp
GB 104.103.202.103:22 help.steampowered.com tcp
US 104.26.15.213:465 forum.mobilism.org tcp
GB 3.9.234.235:443 events.crowdsense.ai tcp
US 172.67.71.232:21 anilist.co tcp
IE 34.241.144.232:222 mixlr.com tcp
KE 41.76.172.119:22 portal.health.go.ke tcp
IE 54.72.168.179:443 mixlr.com tcp
NL 164.90.197.162:465 mx156.hostedmxserver.com tcp
US 45.63.12.217:143 school.wvbs.org tcp
US 199.192.21.225:465 hub360.com.ng tcp
US 104.16.216.241:990 login.arduino.cc tcp
US 172.67.18.142:443 nairaland.com tcp
US 173.239.5.6:80 h5.stepworkstime.com tcp
NL 164.90.197.105:465 mx156.hostedmxserver.com tcp
US 199.192.21.225:995 hub360.com.ng tcp
GB 13.224.222.27:143 skills.shawacademy.com tcp
GB 142.250.187.243:80 app.blokada.org tcp
US 104.16.216.241:993 login.arduino.cc tcp
US 173.239.5.6:80 h5.stepworkstime.com tcp
NL 164.90.197.143:465 mx156.hostedmxserver.com tcp
GB 13.224.222.126:21 skills.shawacademy.com tcp
US 173.239.8.164:143 h5.stepworkstime.com tcp
GB 3.9.234.235:993 events.crowdsense.ai tcp
US 147.182.130.78:465 mx156.hostedmxserver.com tcp
GB 142.250.187.243:22 app.blokada.org tcp
US 162.159.205.19:587 route2.mx.cloudflare.net tcp
US 147.182.160.18:465 mx156.hostedmxserver.com tcp
US 147.182.189.184:465 mx156.hostedmxserver.com tcp
US 104.26.14.213:995 forum.mobilism.org tcp
IE 209.85.203.84:990 accounts.google.com tcp
NL 142.250.153.14:587 alt2.gmr-smtp-in.l.google.com tcp
US 147.182.180.139:995 mx156.hostedmxserver.com tcp
GB 159.65.55.83:80 lon1.blynk.cloud tcp
US 173.239.5.6:21 h5.stepworkstime.com tcp
IE 209.85.203.27:993 aspmx.l.google.com tcp
GB 18.169.144.79:993 events.crowdsense.ai tcp
US 173.239.8.164:21 h5.stepworkstime.com tcp
PK 43.250.84.104:22 pakrail.gov.pk tcp
US 162.159.205.19:110 route2.mx.cloudflare.net tcp
US 74.206.228.78:21 h5.stepworkstime.com tcp
US 74.206.228.78:143 h5.stepworkstime.com tcp
US 104.16.217.241:993 login.arduino.cc tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.26.15.71:443 anilist.co tcp
IE 209.85.203.27:143 aspmx.l.google.com tcp
KE 41.76.172.119:21 portal.health.go.ke tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
IE 209.85.203.27:110 aspmx.l.google.com tcp
US 104.20.249.29:222 nairaland.com tcp
US 172.67.18.142:443 nairaland.com tcp
US 199.192.21.225:80 hub360.com.ng tcp
GB 3.9.234.235:222 events.crowdsense.ai tcp
GB 13.224.222.27:465 skills.shawacademy.com tcp
IE 209.85.203.27:587 aspmx.l.google.com tcp
KE 197.136.130.6:21 students.kuccps.net tcp
US 104.16.216.241:222 login.arduino.cc tcp
US 50.28.59.161:222 dash.studentsearncash.co tcp
US 104.20.249.29:80 nairaland.com tcp
US 104.26.14.213:80 forum.mobilism.org tcp
IE 209.85.203.84:222 accounts.google.com tcp
US 45.63.12.217:465 school.wvbs.org tcp
NL 142.250.153.14:993 alt2.gmr-smtp-in.l.google.com tcp
US 64.225.16.22:21 ny3.blynk.cloud tcp
US 104.20.249.29:990 nairaland.com tcp
US 199.192.21.225:990 hub360.com.ng tcp
US 8.8.8.8:53 parsec.app udp
US 64.225.16.22:143 ny3.blynk.cloud tcp
US 45.63.12.217:22 school.wvbs.org tcp
US 104.26.14.213:222 forum.mobilism.org tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.27:465 aspmx.l.google.com tcp
US 162.159.136.232:80 discord.com tcp
GB 3.9.234.235:587 events.crowdsense.ai tcp
US 45.63.12.217:995 school.wvbs.org tcp
KE 197.136.130.6:443 students.kuccps.net tcp
US 104.16.216.241:587 login.arduino.cc tcp
US 50.28.59.161:990 dash.studentsearncash.co tcp
GB 142.250.187.243:21 app.blokada.org tcp
IE 54.72.168.179:80 mixlr.com tcp
US 104.16.216.241:443 login.arduino.cc tcp
US 162.159.205.19:220 route2.mx.cloudflare.net tcp
US 104.26.15.213:222 forum.mobilism.org tcp
US 8.8.8.8:53 71.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 119.172.76.41.in-addr.arpa udp
US 172.67.71.168:222 forum.mobilism.org tcp
US 162.159.136.232:22 discord.com tcp
KE 41.76.172.119:443 portal.health.go.ke tcp
US 199.192.21.225:80 ftp.hub360.com.ng tcp
IE 209.85.203.27:995 aspmx.l.google.com tcp
US 104.26.14.213:990 forum.mobilism.org tcp
US 34.149.236.64:143 mxa.mailgun.org tcp
US 50.28.59.161:80 dash.studentsearncash.co tcp
GB 109.228.39.125:990 portal.yabatech.edu.ng tcp
GB 13.224.222.27:80 skills.shawacademy.com tcp
GB 109.228.39.125:110 portal.yabatech.edu.ng tcp
US 104.16.216.241:110 login.arduino.cc tcp
GB 13.224.222.27:222 skills.shawacademy.com tcp
GB 13.224.222.27:80 skills.shawacademy.com tcp
US 104.16.217.241:110 login.arduino.cc tcp
GB 109.228.39.125:993 portal.yabatech.edu.ng tcp
US 104.26.15.71:80 anilist.co tcp
US 199.192.21.225:222 ftp.hub360.com.ng tcp
GB 104.103.202.103:143 help.steampowered.com tcp
GB 13.224.222.126:222 skills.shawacademy.com tcp
GB 13.224.222.47:222 skills.shawacademy.com tcp
US 162.159.205.19:25 route2.mx.cloudflare.net tcp
US 147.182.180.139:993 mx156.hostedmxserver.com tcp
US 104.26.14.213:443 forum.mobilism.org tcp
GB 13.224.222.123:222 skills.shawacademy.com tcp
GB 142.250.187.243:443 app.blokada.org tcp
GB 159.65.55.83:443 lon1.blynk.cloud tcp
US 34.149.236.64:995 mxa.mailgun.org tcp
KE 197.136.130.6:22 students.kuccps.net tcp
US 162.159.205.17:25 route2.mx.cloudflare.net tcp
NL 164.90.197.79:993 mx156.hostedmxserver.com tcp
US 162.159.205.18:25 route2.mx.cloudflare.net tcp
NL 164.90.197.162:993 mx156.hostedmxserver.com tcp
NL 164.90.197.105:993 mx156.hostedmxserver.com tcp
NL 164.90.197.143:993 mx156.hostedmxserver.com tcp
IE 54.72.168.179:80 mixlr.com tcp
KE 197.136.130.6:80 students.kuccps.net tcp
US 147.182.130.78:993 mx156.hostedmxserver.com tcp
US 64.225.16.22:443 ny3.blynk.cloud tcp
US 147.182.160.18:993 mx156.hostedmxserver.com tcp
US 147.182.189.184:993 mx156.hostedmxserver.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
GB 3.9.234.235:80 events.crowdsense.ai tcp
US 45.63.12.217:80 school.wvbs.org tcp
US 104.20.249.29:80 nairaland.com tcp
US 104.18.1.181:443 parsec.app tcp
IE 209.85.203.27:993 aspmx.l.google.com tcp
US 199.192.21.225:110 ftp.hub360.com.ng tcp
IE 209.85.203.84:22 accounts.google.com tcp
PK 43.250.84.104:80 pakrail.gov.pk tcp
IE 209.85.203.27:143 aspmx.l.google.com tcp
US 172.67.70.42:21 minecraftcapes.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 109.228.39.125:443 portal.yabatech.edu.ng tcp
US 173.239.5.6:80 h5.stepworkstime.com tcp
US 162.159.136.232:443 discord.com tcp
IE 209.85.203.27:143 aspmx.l.google.com tcp
GB 109.228.39.125:110 portal.yabatech.edu.ng tcp
US 162.159.136.232:222 discord.com tcp
US 162.159.128.233:222 discord.com tcp
US 162.159.138.232:222 discord.com tcp
US 104.16.216.241:80 login.arduino.cc tcp
US 45.63.12.217:990 school.wvbs.org tcp
US 172.67.172.166:443 copyrightspareddcitwew.site tcp
KE 41.76.172.119:80 portal.health.go.ke tcp
US 104.21.35.143:443 tcp
US 188.114.96.2:443 pavementpreferencewjiao.site tcp
US 104.21.40.14:443 tcp
US 52.111.227.11:443 tcp
US 173.239.5.6:80 h5.stepworkstime.com tcp
US 104.26.15.71:443 anilist.co tcp
US 199.192.21.225:80 ftp.hub360.com.ng tcp
US 104.26.14.213:80 forum.mobilism.org tcp
IE 54.72.168.179:443 mixlr.com tcp
KE 197.136.130.6:222 students.kuccps.net tcp
US 104.26.8.68:22 game-debate.com tcp
US 172.67.73.7:22 game-debate.com tcp
GB 13.224.222.27:443 skills.shawacademy.com tcp
US 104.26.9.68:22 game-debate.com tcp
GB 142.250.187.243:80 app.blokada.org tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 173.222.13.119:80 store.steampowered.com tcp
US 104.26.8.68:80 game-debate.com tcp
US 8.8.8.8:53 ftp.dash.studentsearncash.co udp
US 104.18.1.181:80 parsec.app tcp
DE 64.190.63.136:80 ww1.studentsearncash.co tcp
US 50.28.59.161:80 ftp.dash.studentsearncash.co tcp
GB 159.65.55.83:80 lon1.blynk.cloud tcp
GB 3.9.234.235:443 events.crowdsense.ai tcp
US 8.8.8.8:53 ftp.school.wvbs.org udp
US 45.63.12.217:443 school.wvbs.org tcp
US 172.67.18.142:443 nairaland.com tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
US 8.8.8.8:53 sshstores.net udp
SE 45.155.250.90:53 ckrehdr.net udp
GB 104.103.202.103:80 help.steampowered.com tcp
US 64.225.16.22:80 ny3.blynk.cloud tcp
US 8.8.8.8:53 ftp.forum.mobilism.org udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 sshstores.net udp
RU 158.160.118.17:80 tcp
US 188.114.97.2:443 pavementpreferencewjiao.site tcp
US 188.114.97.2:443 pavementpreferencewjiao.site tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 crossout.net udp
KE 197.136.130.6:443 students.kuccps.net tcp
US 104.16.216.241:443 login.arduino.cc tcp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
US 8.8.8.8:53 mixlr.com udp
US 8.8.8.8:53 events.crowdsense.ai udp
US 8.8.8.8:53 ftp.h5.stepworkstime.com udp
US 8.8.8.8:53 90.250.155.45.in-addr.arpa udp
US 8.8.8.8:53 ftp.blynk.cloud udp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 8.8.8.8:53 crossout.net udp
GB 216.58.204.67:80 tcp
US 162.159.136.232:80 discord.com tcp
US 104.26.14.213:443 forum.mobilism.org tcp
US 199.192.21.225:80 ftp.hub360.com.ng tcp
GB 13.224.222.27:80 skills.shawacademy.com tcp
US 173.239.5.6:80 ftp.h5.stepworkstime.com tcp
PK 43.250.84.104:80 pakrail.gov.pk tcp
FR 51.91.227.135:80 portal.reemo.io tcp
US 104.26.15.71:80 anilist.co tcp
US 104.26.8.68:443 www.game-debate.com tcp
US 104.18.1.181:443 parsec.app tcp
GB 159.65.55.83:443 lon1.blynk.cloud tcp
KE 41.76.172.119:443 portal.health.go.ke tcp
US 173.239.5.6:80 ftp.h5.stepworkstime.com tcp
GB 142.250.187.243:443 app.blokada.org tcp
US 172.67.70.42:80 minecraftcapes.net tcp
GB 173.222.13.119:443 store.steampowered.com tcp
US 50.28.59.161:80 ssh.dash.studentsearncash.co tcp
KE 197.136.130.6:80 students.kuccps.net tcp
US 104.20.93.59:80 windscribe.com tcp
GB 18.169.144.79:80 events.crowdsense.ai tcp
IE 34.241.144.232:80 mixlr.com tcp
GB 109.228.39.125:443 portal.yabatech.edu.ng tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.20.249.29:80 nairaland.com tcp
KE 41.76.172.119:443 portal.health.go.ke tcp
US 104.16.216.241:80 login.arduino.cc tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 208.109.57.122:80 mail.gameutha.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
US 45.63.12.217:443 school.wvbs.org tcp
US 104.26.14.213:80 forum.mobilism.org tcp
US 199.192.21.225:80 ftp.hub360.com.ng tcp
US 64.225.16.22:443 ny3.blynk.cloud tcp
US 104.21.64.245:443 groannysoapblockedstiw.site tcp
US 162.159.136.232:443 discord.com tcp
US 104.26.15.71:443 anilist.co tcp
GB 159.65.55.83:80 lon1.blynk.cloud tcp
US 64.225.16.22:443 ny3.blynk.cloud tcp
US 104.20.93.59:443 windscribe.com tcp
GB 173.222.13.119:80 store.steampowered.com tcp
SG 157.230.193.203:80 sshstores.net tcp
GB 13.224.222.47:443 skills.shawacademy.com tcp
GB 142.250.187.243:80 app.blokada.org tcp
US 104.18.1.181:80 parsec.app tcp
US 172.67.70.42:443 minecraftcapes.net tcp
US 104.20.221.62:80 crossout.net tcp
US 8.8.8.8:53 ftp.school.wvbs.org udp
US 8.8.8.8:53 ssh.skills.shawacademy.com udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 ftp.nairaland.com udp
IE 34.241.144.232:443 mixlr.com tcp
GB 18.169.144.79:443 events.crowdsense.ai tcp
US 172.67.18.142:443 nairaland.com tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
IE 209.85.203.84:443 accounts.google.com tcp
DE 64.190.63.136:80 ww1.studentsearncash.co tcp
FR 51.91.227.135:443 portal.reemo.io tcp
KE 197.136.130.6:443 students.kuccps.net tcp
US 8.8.8.8:53 ssh.h5.stepworkstime.com udp
US 8.8.8.8:53 ssh.events.crowdsense.ai udp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 ftp.pakrail.gov.pk udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 ftp.game-debate.com udp
US 173.239.5.6:80 ssh.h5.stepworkstime.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.16.216.241:443 login.arduino.cc tcp
GB 104.103.202.103:80 help.steampowered.com tcp
KE 41.76.172.119:80 portal.health.go.ke tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 208.109.57.122:443 mail.gameutha.com tcp
IT 185.196.8.22:80 ckrehdr.net tcp
US 104.26.14.213:443 forum.mobilism.org tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 8.8.8.8:53 ssh.forum.mobilism.org udp
US 173.239.5.6:80 ssh.h5.stepworkstime.com tcp
US 208.109.57.122:80 mail.gameutha.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 45.63.12.217:443 school.wvbs.org tcp
US 104.26.15.71:80 anilist.co tcp
US 172.67.73.7:443 www.game-debate.com tcp
US 199.192.21.225:80 ssh.hub360.com.ng tcp
US 162.159.136.232:80 discord.com tcp
US 8.8.8.8:53 mail.school.wvbs.org udp
US 8.8.8.8:53 ftp.portal.health.go.ke udp
US 8.8.8.8:53 ftp.skills.shawacademy.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 ftp.app.blokada.org udp
US 8.8.8.8:53 ssh.help.steampowered.com udp
GB 159.65.55.83:443 lon1.blynk.cloud tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 208.109.57.122:443 www.gameutha.com tcp
IE 34.241.144.232:80 mixlr.com tcp
US 104.20.93.59:80 windscribe.com tcp
GB 13.224.222.47:80 skills.shawacademy.com tcp
US 172.67.70.42:80 minecraftcapes.net tcp
US 104.20.221.62:443 crossout.net tcp
US 64.225.16.22:80 ny3.blynk.cloud tcp
SG 157.230.193.203:443 sshstores.net tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 18.169.144.79:80 events.crowdsense.ai tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 50.28.59.161:80 ssh.dash.studentsearncash.co tcp
US 104.18.1.181:443 parsec.app tcp
FR 51.91.227.135:80 portal.reemo.io tcp
GB 173.222.13.119:443 store.steampowered.com tcp
US 104.20.221.62:443 crossout.net tcp
KE 197.136.130.6:80 students.kuccps.net tcp
US 8.8.8.8:53 ftp.login.arduino.cc udp
US 8.8.8.8:53 mail.portal.yabatech.edu.ng udp
US 8.8.8.8:53 mail.school.wvbs.org udp
IE 209.85.203.84:80 accounts.google.com tcp
SG 157.230.193.203:80 sshstores.net tcp
PK 43.250.84.104:80 pakrail.gov.pk tcp
GB 109.228.39.125:443 portal.yabatech.edu.ng tcp
US 104.20.249.29:80 nairaland.com tcp
SG 157.230.193.203:80 sshstores.net tcp
IE 209.85.203.84:443 accounts.google.com tcp
SG 157.230.193.203:443 sshstores.net tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
US 8.8.8.8:53 mail.skills.shawacademy.com udp
US 8.8.8.8:53 ssh.login.arduino.cc udp
US 52.182.143.213:443 tcp
US 104.26.14.213:80 forum.mobilism.org tcp
KE 41.76.172.119:443 portal.health.go.ke tcp
US 104.16.216.241:80 login.arduino.cc tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.26.15.71:443 anilist.co tcp
US 162.159.136.232:443 discord.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 199.192.21.225:80 ssh.hub360.com.ng tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 173.239.5.6:80 ssh.h5.stepworkstime.com tcp
US 8.8.8.8:53 us-smtp-inbound-2.mimecast.com udp
US 8.8.8.8:53 ftp.portal.health.go.ke udp
US 8.8.8.8:53 ssh.anilist.co udp
US 8.8.8.8:53 ssh.forum.mobilism.org udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 ssh.nairaland.com udp
US 8.8.8.8:53 mail.app.blokada.org udp
US 8.8.8.8:53 users.nexusmods.com udp
US 8.8.8.8:53 ssh.portal.health.go.ke udp
US 8.8.8.8:53 143.159.159.185.in-addr.arpa udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 ftp.app.blokada.org udp
US 8.8.8.8:53 worrystitchsounddywuwp.site udp
US 188.114.96.2:443 worrystitchsounddywuwp.site tcp
US 172.67.70.42:443 minecraftcapes.net tcp
GB 13.224.222.47:443 skills.shawacademy.com tcp
US 173.239.5.6:80 ssh.h5.stepworkstime.com tcp
GB 18.169.144.79:443 events.crowdsense.ai tcp
US 64.225.16.22:443 ny3.blynk.cloud tcp
US 104.20.93.59:443 windscribe.com tcp
IE 34.241.144.232:443 mixlr.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 159.65.55.83:80 lon1.blynk.cloud tcp
US 8.8.8.8:53 ftp.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.app.blokada.org udp
US 8.8.8.8:53 pop.portal.yabatech.edu.ng udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 auth.riotgames.com udp
US 8.8.8.8:53 mail.dash.studentsearncash.co udp
US 104.18.1.181:80 parsec.app tcp
FR 51.91.227.135:443 portal.reemo.io tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 45.63.12.217:443 school.wvbs.org tcp
US 104.20.221.62:80 crossout.net tcp
GB 109.228.39.125:80 portal.yabatech.edu.ng tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
SG 157.230.193.203:80 sshstores.net tcp
PK 43.250.84.104:80 pakrail.gov.pk tcp
GB 142.250.187.243:80 app.blokada.org tcp
GB 104.103.202.103:80 help.steampowered.com tcp
US 208.109.57.122:443 www.gameutha.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 173.222.13.119:80 store.steampowered.com tcp
GB 13.224.222.47:80 skills.shawacademy.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.26.15.71:80 anilist.co tcp
US 162.159.136.232:80 discord.com tcp
SG 157.230.193.203:80 sshstores.net tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:80 help.steampowered.com tcp
KE 41.76.172.119:80 portal.health.go.ke tcp
DE 185.159.159.143:443 account.protonvpn.com tcp
US 172.67.70.42:80 minecraftcapes.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.18.1.181:443 parsec.app tcp
US 8.8.8.8:53 ssh.discord.com udp
US 104.20.93.59:80 windscribe.com tcp
US 104.26.8.68:80 www.game-debate.com tcp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
GB 3.9.234.235:80 events.crowdsense.ai tcp
US 8.8.8.8:53 ssh.nairaland.com udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 ssh.help.steampowered.com udp
US 8.8.8.8:53 ssh.portal.health.go.ke udp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 ssh.login.arduino.cc udp
US 8.8.8.8:53 mail.app.blokada.org udp
IE 34.241.144.232:80 mixlr.com tcp
US 64.225.16.22:80 ny3.blynk.cloud tcp
US 8.8.8.8:53 ncsrail.com udp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.20.249.29:80 nairaland.com tcp
FR 51.91.227.135:80 portal.reemo.io tcp
US 8.8.8.8:53 ssh.blynk.cloud udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
US 8.8.8.8:53 ftp.gameutha.com udp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 ssh.game-debate.com udp
US 8.8.8.8:53 ftp.parsec.app udp
US 8.8.8.8:53 pop.events.crowdsense.ai udp
US 8.8.8.8:53 ftp.minecraftcapes.net udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 pop.skills.shawacademy.com udp
US 8.8.8.8:53 pop.help.steampowered.com udp
US 8.8.8.8:53 ssh.pakrail.gov.pk udp
US 8.8.8.8:53 ncsrail.com udp
US 8.8.8.8:53 remotedesktop.google.com udp
US 8.8.8.8:53 ssh.mixlr.com udp
US 8.8.8.8:53 ssh.portal.reemo.io udp
US 8.8.8.8:53 pop.forum.mobilism.org udp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.20.221.62:443 crossout.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 45.63.12.217:443 school.wvbs.org tcp
US 50.28.59.161:80 mail.dash.studentsearncash.co tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.26.14.213:80 forum.mobilism.org tcp
US 8.8.8.8:53 myaccount.vndirect.com.vn udp
US 8.8.8.8:53 mail.store.steampowered.com udp
SG 157.230.193.203:443 sshstores.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.16.217.241:80 login.arduino.cc tcp
SG 157.230.193.203:80 sshstores.net tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
US 172.64.145.202:80 users.nexusmods.com tcp
US 104.16.119.50:80 auth.riotgames.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 15.204.234.61:9100 tcp
US 208.109.57.122:80 www.gameutha.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 159.65.55.83:80 lon1.blynk.cloud tcp
IE 209.85.203.84:80 accounts.google.com tcp
DE 185.172.128.19:80 185.172.128.19 tcp
GB 104.103.202.103:80 help.steampowered.com tcp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 pop.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.events.crowdsense.ai udp
US 8.8.8.8:53 mail.ncsrail.com udp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 104.18.1.181:80 parsec.app tcp
IE 209.85.203.84:80 accounts.google.com tcp
PK 43.250.84.104:80 pakrail.gov.pk tcp
GB 173.222.13.119:80 store.steampowered.com tcp
US 104.26.8.68:443 www.game-debate.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 ssh.game-debate.com udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
US 8.8.8.8:53 ssh.events.crowdsense.ai udp
US 8.8.8.8:53 ftp.gameutha.com udp
US 8.8.8.8:53 ftp.sshstores.net udp
US 8.8.8.8:53 ssh.anilist.co udp
US 8.8.8.8:53 mail.store.steampowered.com udp
KE 197.136.130.6:80 students.kuccps.net tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 45.63.12.217:443 school.wvbs.org tcp
US 172.67.70.42:80 minecraftcapes.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
US 188.114.97.2:80 worrystitchsounddywuwp.site tcp
US 162.159.136.232:80 discord.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 13.224.222.47:80 skills.shawacademy.com tcp
SG 157.230.193.203:80 sshstores.net tcp
US 8.8.8.8:53 pop.skills.shawacademy.com udp
US 8.8.8.8:53 pop.help.steampowered.com udp
US 8.8.8.8:53 ssh.sshstores.net udp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.26.15.71:80 anilist.co tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 104.20.221.62:80 crossout.net tcp
DE 185.159.159.143:443 account.protonvpn.com tcp
US 172.64.145.202:443 users.nexusmods.com tcp
SG 157.230.193.203:443 sshstores.net tcp
DE 173.249.52.237:80 mail.ncsrail.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IT 185.196.8.22:80 ckrehdr.net tcp
GB 104.103.202.103:443 steamcommunity.com tcp
US 208.109.57.122:80 www.gameutha.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 172.67.73.7:443 www.game-debate.com tcp
US 8.8.8.8:53 ssh.students.kuccps.net udp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 mail.portal.reemo.io udp
US 8.8.8.8:53 ssh.skills.shawacademy.com udp
US 8.8.8.8:53 ssh.portal.health.go.ke udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 8.8.8.8:53 imap.events.crowdsense.ai udp
US 8.8.8.8:53 pop.portal.yabatech.edu.ng udp
US 8.8.8.8:53 ftp.gameutha.com udp
US 8.8.8.8:53 ssh.game-debate.com udp
US 8.8.8.8:53 ssh.events.crowdsense.ai udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
US 8.8.8.8:53 mx1.mail.ovh.net udp
US 8.8.8.8:53 accounts.shutterstock.com udp
US 8.8.8.8:53 accounts.binance.com udp
US 8.8.8.8:53 trade.vndirect.com.vn udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 airbox.home udp
US 8.8.8.8:53 ssh.anilist.co udp
VN 202.160.124.82:80 myaccount.vndirect.com.vn tcp
DE 142.132.202.219:2023 tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 64.225.16.22:80 ny3.blynk.cloud tcp
US 104.20.93.59:80 windscribe.com tcp
GB 142.250.187.243:80 app.blokada.org tcp
US 50.28.59.161:80 mail.dash.studentsearncash.co tcp
IE 209.85.203.84:80 accounts.google.com tcp
KE 41.76.172.119:80 portal.health.go.ke tcp
US 8.8.8.8:53 mail.pakrail.gov.pk udp
US 8.8.8.8:53 ssh.gameutha.com udp
SG 157.230.193.203:80 sshstores.net tcp
US 8.8.8.8:53 ftp.windscribe.com udp
US 8.8.8.8:53 pop.students.kuccps.net udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 pop.school.wvbs.org udp
US 8.8.8.8:53 ftp.account.protonvpn.com udp
US 8.8.8.8:53 ssh.portal.yabatech.edu.ng udp
US 8.8.8.8:53 pop.ny3.blynk.cloud udp
US 8.8.8.8:53 ftp.sshstores.net udp
US 8.8.8.8:53 imap.login.arduino.cc udp
US 104.16.119.50:443 auth.riotgames.com tcp
US 8.8.8.8:53 ssh.windscribe.com udp
US 8.8.8.8:53 airbox.home udp
US 8.8.8.8:53 ssh.minecraftcapes.net udp
US 8.8.8.8:53 ssh.parsec.app udp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 pop.skills.shawacademy.com udp
US 8.8.8.8:53 accounts.shutterstock.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 accounts.binance.com udp
US 45.63.12.217:443 school.wvbs.org tcp
GB 216.58.201.110:80 remotedesktop.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 172.64.145.202:80 users.nexusmods.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 ssh.help.steampowered.com udp
US 8.8.8.8:53 pop.store.steampowered.com udp
US 8.8.8.8:53 pop3.login.arduino.cc udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 ftp.crossout.net udp
US 8.8.8.8:53 pop.help.steampowered.com udp
US 8.8.8.8:53 ssh.account.protonvpn.com udp
US 8.8.8.8:53 ssh.sshstores.net udp
US 8.8.8.8:53 ftp.users.nexusmods.com udp
US 8.8.8.8:53 id.vndirect.com.vn udp
US 8.8.8.8:53 shopee.ph udp
US 8.8.8.8:53 ssh.discord.com udp
US 8.8.8.8:53 alt1.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 mail.skills.shawacademy.com udp
US 8.8.8.8:53 ssh.school.wvbs.org udp
US 8.8.8.8:53 mail.portal.reemo.io udp
US 8.8.8.8:53 ssh.crossout.net udp
US 8.8.8.8:53 pop.app.blokada.org udp
US 8.8.8.8:53 ssh.pakrail.gov.pk udp
US 8.8.8.8:53 pop.portal.health.go.ke udp
US 8.8.8.8:53 mail.events.crowdsense.ai udp
US 8.8.8.8:53 imap.h5.stepworkstime.com udp
US 8.8.8.8:53 ssh.portal.reemo.io udp
US 8.8.8.8:53 mail.portal.yabatech.edu.ng udp
US 8.8.8.8:53 pop.forum.mobilism.org udp
US 8.8.8.8:53 shopee.ph udp
US 8.8.8.8:53 is-apps.telusinternational.com udp
US 8.8.8.8:53 is-apps.telusinternational.com udp
US 8.8.8.8:53 mx1.mail.ovh.net udp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 ssh.students.kuccps.net udp
US 8.8.8.8:53 ssh.game-debate.com udp
US 8.8.8.8:53 ssh.anilist.co udp
US 8.8.8.8:53 ssh.store.steampowered.com udp
US 8.8.8.8:53 imap.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 104.18.4.160:80 gamejolt.com tcp
FR 51.91.227.135:80 portal.reemo.io tcp
VN 49.213.95.230:80 id.zalo.me tcp
SG 157.230.193.203:80 sshstores.net tcp
US 208.109.57.122:443 www.gameutha.com tcp
US 104.18.1.181:80 parsec.app tcp
GB 173.222.13.119:80 store.steampowered.com tcp
SG 18.136.136.90:80 azota.vn tcp
GB 104.103.202.103:443 steamcommunity.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
PK 43.250.84.104:80 pakrail.gov.pk tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
SG 18.143.238.134:80 azota.vn tcp
VN 125.212.254.122:80 trade.vndirect.com.vn tcp
US 162.159.136.232:80 discord.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
SG 157.230.193.203:443 sshstores.net tcp
KE 197.136.130.6:80 students.kuccps.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
VN 103.174.216.148:80 vio.edu.vn tcp
SG 18.136.136.90:80 azota.vn tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 188.114.97.2:443 worrystitchsounddywuwp.site tcp
GB 216.58.201.110:80 remotedesktop.google.com tcp
GB 18.245.143.97:80 accounts.binance.com tcp
GB 18.245.253.83:80 accounts.shutterstock.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 172.64.145.202:443 users.nexusmods.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.26.15.71:80 anilist.co tcp
US 8.8.8.8:53 ftp.sshstores.net udp
US 8.8.8.8:53 ftp.account.protonvpn.com udp
US 8.8.8.8:53 pop.ny3.blynk.cloud udp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 ssh.parsec.app udp
US 8.8.8.8:53 ssh.windscribe.com udp
US 8.8.8.8:53 ftp.auth.riotgames.com udp
US 8.8.8.8:53 pop.skills.shawacademy.com udp
DE 173.249.52.237:443 www.ncsrail.com tcp
US 104.20.221.62:80 crossout.net tcp
US 8.8.8.8:53 ftp.accounts.google.com udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 mx0.mail.ovh.net udp
US 104.16.119.50:80 auth.riotgames.com tcp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.26.8.68:80 www.game-debate.com tcp
US 172.67.70.42:80 minecraftcapes.net tcp
US 8.8.8.8:53 ftp.help.steampowered.com udp
US 8.8.8.8:53 ftp.zahcomputers.pk udp
US 8.8.8.8:53 mx3.zoho.com udp
US 8.8.8.8:53 pop3.login.arduino.cc udp
US 8.8.8.8:53 ftp.ncsrail.com udp
US 8.8.8.8:53 pop.help.steampowered.com udp
US 8.8.8.8:53 ssh.account.protonvpn.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 mxa-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 pop.app.blokada.org udp
US 8.8.8.8:53 pop.portal.reemo.io udp
US 8.8.8.8:53 mail.portal.reemo.io udp
US 8.8.8.8:53 ssh.portal.reemo.io udp
US 8.8.8.8:53 pop3.forum.mobilism.org udp
US 8.8.8.8:53 ssh.school.wvbs.org udp
US 8.8.8.8:53 imap.skills.shawacademy.com udp
US 8.8.8.8:53 mail.events.crowdsense.ai udp
US 8.8.8.8:53 ssh.game-debate.com udp
US 8.8.8.8:53 pop3.portal.yabatech.edu.ng udp
US 8.8.8.8:53 auth.riotgames.com udp
US 8.8.8.8:53 122.254.212.125.in-addr.arpa udp
US 8.8.8.8:53 148.216.174.103.in-addr.arpa udp
US 8.8.8.8:53 97.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 83.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 mail.auth.riotgames.com udp
US 8.8.8.8:53 ssh.minecraftcapes.net udp
US 8.8.8.8:53 ssh.portal.health.go.ke udp
US 8.8.8.8:53 imap.login.arduino.cc udp
US 8.8.8.8:53 pop.students.kuccps.net udp
US 8.8.8.8:53 pop.school.wvbs.org udp
US 8.8.8.8:53 mail.store.steampowered.com udp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
US 8.8.8.8:53 pop.portal.health.go.ke udp
US 8.8.8.8:53 imap.school.wvbs.org udp
US 8.8.8.8:53 ssh.anilist.co udp
US 8.8.8.8:53 mail.portal.yabatech.edu.ng udp
US 8.8.8.8:53 imap.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
SG 18.143.238.134:80 azota.vn tcp
GB 18.245.143.97:443 accounts.binance.com tcp
VN 202.160.124.82:443 myaccount.vndirect.com.vn tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.187.243:80 app.blokada.org tcp
US 64.225.16.22:80 ny3.blynk.cloud tcp
US 104.20.93.59:80 windscribe.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 18.245.253.83:443 accounts.shutterstock.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
US 172.64.145.202:80 users.nexusmods.com tcp
SG 143.92.75.92:80 shopee.ph tcp
GB 216.58.201.110:80 remotedesktop.google.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
US 188.114.97.2:80 worrystitchsounddywuwp.site tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
US 8.8.8.8:53 unknowncheats.me udp
US 8.8.8.8:53 unknowncheats.me udp
US 8.8.8.8:53 pop3.hub360.com.ng udp
US 8.8.8.8:53 account.protonvpn.com udp
PK 43.250.84.104:80 pakrail.gov.pk tcp
SG 157.230.193.203:80 sshstores.net tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
VN 202.160.124.58:80 id.vndirect.com.vn tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssh.parsec.app udp
US 8.8.8.8:53 ssh.gameutha.com udp
US 8.8.8.8:53 ftp.accounts.google.com udp
FR 51.91.227.135:80 portal.reemo.io tcp
BG 185.141.63.9:80 tcp
DE 142.132.202.219:2023 tcp
KE 41.76.172.119:80 portal.health.go.ke tcp
DE 173.249.52.237:80 ftp.ncsrail.com tcp
US 104.26.11.45:80 spwarta.mobidziennik.pl tcp
US 104.18.1.181:80 parsec.app tcp
SG 157.230.193.203:80 sshstores.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 8.8.8.8:53 ssh.account.protonvpn.com udp
US 8.8.8.8:53 ftp.myaccount.vndirect.com.vn udp
US 104.18.4.160:443 gamejolt.com tcp
US 104.20.221.62:80 crossout.net tcp
US 8.8.8.8:53 imap.login.arduino.cc udp
US 8.8.8.8:53 pop.portal.health.go.ke udp
US 8.8.8.8:53 mail.auth.riotgames.com udp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 lista-serwerow.emecz.pl udp
US 8.8.8.8:53 mxa-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 pop3.portal.yabatech.edu.ng udp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 8.8.8.8:53 ftp.azota.vn udp
US 8.8.8.8:53 mail.users.nexusmods.com udp
US 8.8.8.8:53 pop.students.kuccps.net udp
US 8.8.8.8:53 lista-serwerow.emecz.pl udp
US 8.8.8.8:53 lista-minecraft.pl udp
US 8.8.8.8:53 shopee.ph udp
US 8.8.8.8:53 ftp.gamejolt.com udp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 pop3.login.arduino.cc udp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
GB 18.245.253.89:80 accounts.shutterstock.com tcp
US 8.8.8.8:53 ssh.portal.reemo.io udp
GB 18.245.143.43:80 accounts.binance.com tcp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 mail.anilist.co udp
US 8.8.8.8:53 ssh.remotedesktop.google.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 ssh.auth.riotgames.com udp
US 8.8.8.8:53 imap.help.steampowered.com udp
US 8.8.8.8:53 ftp.remotedesktop.google.com udp
US 8.8.8.8:53 ssh.help.steampowered.com udp
US 8.8.8.8:53 ftp.users.nexusmods.com udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 mail.help.steampowered.com udp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.16.119.50:443 auth.riotgames.com tcp
US 104.16.119.50:80 auth.riotgames.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 173.222.13.119:80 store.steampowered.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
VN 103.174.216.148:443 vio.edu.vn tcp
GB 216.58.201.110:80 remotedesktop.google.com tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
SG 143.92.75.92:80 shopee.ph tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.18.9.28:80 krunker.io tcp
IE 209.85.203.84:80 accounts.google.com tcp
IT 185.196.8.22:80 ckrehdr.net tcp
DE 142.132.202.219:2023 tcp
VN 125.212.254.122:443 trade.vndirect.com.vn tcp
SG 18.136.136.90:80 ftp.azota.vn tcp
VN 202.160.124.82:80 myaccount.vndirect.com.vn tcp
US 104.26.12.251:80 unknowncheats.me tcp
US 172.67.70.42:80 minecraftcapes.net tcp
US 104.26.8.68:80 game-debate.com tcp
SG 18.136.136.90:80 ftp.azota.vn tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 8.8.8.8:53 mailgate.login.arduino.cc udp
US 8.8.8.8:53 ftp.id.zalo.me udp
US 8.8.8.8:53 pop3.skills.shawacademy.com udp
US 8.8.8.8:53 ftp.auth.riotgames.com udp
DE 185.159.159.143:80 account.protonvpn.com tcp
VN 202.160.124.82:80 myaccount.vndirect.com.vn tcp
US 104.18.4.160:80 gamejolt.com tcp
GB 104.103.202.103:80 help.steampowered.com tcp
US 8.8.8.8:53 mail.school.wvbs.org udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 airbox.home udp
US 8.8.8.8:53 ftp.airbox.home udp
US 8.8.8.8:53 mail.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 8.8.8.8:53 ssh.users.nexusmods.com udp
US 8.8.8.8:53 ssh.sshstores.net udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 mail.students.kuccps.net udp
US 8.8.8.8:53 imap.store.steampowered.com udp
US 8.8.8.8:53 vddswrwooe4osvbi3yy3gdgi575xmw6dwguqvdehvkzvbs3quzca.mx-verification.google.com udp
US 8.8.8.8:53 mail.auth.riotgames.com udp
US 8.8.8.8:53 imap.login.arduino.cc udp
US 8.8.8.8:53 imap.portal.health.go.ke udp
US 8.8.8.8:53 mail24.mydevil.net udp
US 8.8.8.8:53 pop.students.kuccps.net udp
US 8.8.8.8:53 pop3.portal.yabatech.edu.ng udp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 imap.events.crowdsense.ai udp
US 8.8.8.8:53 ftp.gamejolt.com udp
US 8.8.8.8:53 ftp.shopee.ph udp
US 8.8.8.8:53 mail.lista-minecraft.pl udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 ftp.trade.vndirect.com.vn udp
US 8.8.8.8:53 ssh.ncsrail.com udp
IE 209.85.203.84:80 accounts.google.com tcp
US 162.159.136.232:80 discord.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
US 8.8.8.8:53 ftp.remotedesktop.google.com udp
US 8.8.8.8:53 ftp.vio.edu.vn udp
US 8.8.8.8:53 ssh.auth.riotgames.com udp
US 8.8.8.8:53 ssh.help.steampowered.com udp
US 8.8.8.8:53 ssh.school.wvbs.org udp
US 8.8.8.8:53 pop3.school.wvbs.org udp
US 8.8.8.8:53 mail.users.nexusmods.com udp
DE 185.159.159.143:80 account.protonvpn.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
SG 18.143.238.134:80 ftp.azota.vn tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 216.58.201.110:80 remotedesktop.google.com tcp
VN 49.213.95.230:80 id.zalo.me tcp
US 104.20.93.59:80 windscribe.com tcp
US 104.16.119.50:80 auth.riotgames.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
SG 157.230.193.203:80 sshstores.net tcp
US 162.159.136.232:80 discord.com tcp
FR 51.91.227.135:80 portal.reemo.io tcp
GB 104.103.202.103:80 help.steampowered.com tcp
US 208.109.57.122:80 www.gameutha.com tcp
VN 202.160.124.58:443 id.vndirect.com.vn tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 172.64.145.202:80 users.nexusmods.com tcp
PL 185.36.169.113:80 lista-serwerow.emecz.pl tcp
PL 188.210.221.79:80 mail.lista-minecraft.pl tcp
VN 125.212.254.122:80 trade.vndirect.com.vn tcp
US 104.26.11.45:443 spwarta.mobidziennik.pl tcp
DE 173.249.52.237:443 ftp.ncsrail.com tcp
US 8.8.8.8:53 ftp.auth.riotgames.com udp
US 8.8.8.8:53 ssh.airbox.home udp
US 8.8.8.8:53 ftp.shopee.ph udp
US 8.8.8.8:53 ssh.account.protonvpn.com udp
US 8.8.8.8:53 pop.portal.reemo.io udp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 subesiz.vakifbank.com.tr udp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
US 8.8.8.8:53 imap.skills.shawacademy.com udp
US 8.8.8.8:53 mail.airbox.home udp
US 8.8.8.8:53 ssh.ny3.blynk.cloud udp
US 8.8.8.8:53 vddswrwooe4osvbi3yy3gdgi575xmw6dwguqvdehvkzvbs3quzca.mx-verification.google.com udp
US 8.8.8.8:53 mailgate.portal.yabatech.edu.ng udp
US 8.8.8.8:53 ssh.gameutha.com udp
US 8.8.8.8:53 mail.account.protonvpn.com udp
US 8.8.8.8:53 route1.mx.cloudflare.net udp
VN 103.174.216.148:80 vio.edu.vn tcp
PL 188.210.221.79:80 mail.lista-minecraft.pl tcp
US 8.8.8.8:53 pop3.help.steampowered.com udp
US 8.8.8.8:53 ssh.sshstores.net udp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 8.8.8.8:53 ftp.airbox.home udp
US 8.8.8.8:53 imap.portal.yabatech.edu.ng udp
US 8.8.8.8:53 pop3.students.kuccps.net udp
US 8.8.8.8:53 imap.portal.health.go.ke udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 mail.students.kuccps.net udp
US 8.8.8.8:53 imap.store.steampowered.com udp
US 8.8.8.8:53 ssh.ncsrail.com udp
US 8.8.8.8:53 ftp.gamejolt.com udp
US 8.8.8.8:53 imap.events.crowdsense.ai udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 ftp.trade.vndirect.com.vn udp
US 8.8.8.8:53 pop3.app.blokada.org udp
PL 91.209.116.56:80 moje.gwo.pl tcp
GB 18.245.253.89:443 accounts.shutterstock.com tcp
US 8.8.8.8:53 ssh.remotedesktop.google.com udp
US 8.8.8.8:53 pop3.school.wvbs.org udp
US 8.8.8.8:53 ftp.is-apps.telusinternational.com udp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 pop3.forum.mobilism.org udp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
US 104.20.221.62:80 crossout.net tcp
SG 157.230.193.203:80 sshstores.net tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
PL 188.210.221.79:80 mail.lista-minecraft.pl tcp
IE 209.85.203.84:80 accounts.google.com tcp
VN 103.174.216.148:80 vio.edu.vn tcp
GB 104.103.202.103:80 steamcommunity.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 8.8.8.8:53 ssh.gamejolt.com udp
US 8.8.8.8:53 mxb-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 pop.account.protonvpn.com udp
US 8.8.8.8:53 ftp.zahcomputers.pk udp
US 8.8.8.8:53 ssh.id.zalo.me udp
US 8.8.8.8:53 internetbankaciligi.fibabanka.com.tr udp
US 8.8.8.8:53 giris.ibb.istanbul udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 113.169.36.185.in-addr.arpa udp
US 8.8.8.8:53 79.221.210.188.in-addr.arpa udp
GB 216.58.201.110:80 remotedesktop.google.com tcp
US 104.26.12.251:443 unknowncheats.me tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
SG 18.136.136.90:80 ftp.azota.vn tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 18.245.143.43:443 accounts.binance.com tcp
US 8.8.8.8:53 pop3.portal.health.go.ke udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 ssh.zahcomputers.pk udp
US 8.8.8.8:53 mailgate.login.arduino.cc udp
US 8.8.8.8:53 mailgate.events.crowdsense.ai udp
US 8.8.8.8:53 ftp.myaccount.vndirect.com.vn udp
IT 185.196.8.22:80 ckrehdr.net tcp
SG 18.143.238.134:80 ftp.azota.vn tcp
US 188.114.97.2:80 worrystitchsounddywuwp.site tcp
US 104.18.4.160:443 gamejolt.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
SG 157.230.193.203:80 sshstores.net tcp
US 104.26.9.68:80 game-debate.com tcp
TR 193.108.213.15:80 sube.halkbank.com.tr tcp
GB 104.103.202.103:443 steamcommunity.com tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
GB 18.245.253.83:80 accounts.shutterstock.com tcp
US 172.64.145.202:80 users.nexusmods.com tcp
US 104.18.9.28:443 krunker.io tcp
IE 209.85.203.84:80 accounts.google.com tcp
VN 125.212.254.122:80 trade.vndirect.com.vn tcp
PL 82.177.190.71:80 dolnoslaskie.edu.com.pl tcp
DE 173.249.52.237:80 ftp.ncsrail.com tcp
US 162.159.136.232:443 discord.com tcp
VN 202.160.124.58:80 id.vndirect.com.vn tcp
US 104.26.11.45:80 spwarta.mobidziennik.pl tcp
DE 185.159.159.143:443 account.protonvpn.com tcp
US 8.8.8.8:53 pop3.app.blokada.org udp
US 8.8.8.8:53 mx2.mail.ovh.net udp
US 8.8.8.8:53 ftp.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 ssh.vio.edu.vn udp
US 8.8.8.8:53 imap.skills.shawacademy.com udp
US 8.8.8.8:53 mail.airbox.home udp
US 8.8.8.8:53 mailgate.portal.yabatech.edu.ng udp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 mail.id.vndirect.com.vn udp
US 8.8.8.8:53 ssh.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 56.116.209.91.in-addr.arpa udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 imap.store.steampowered.com udp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 ssh.auth.riotgames.com udp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 ftp.trade.vndirect.com.vn udp
US 8.8.8.8:53 ssh.ncsrail.com udp
US 8.8.8.8:53 mail.portal.reemo.io udp
US 8.8.8.8:53 mail.school.wvbs.org udp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 pop3.students.kuccps.net udp
US 8.8.8.8:53 mail.app.blokada.org udp
US 8.8.8.8:53 mail.students.kuccps.net udp
US 8.8.8.8:53 imap.portal.health.go.ke udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 mail.id.zalo.me udp
US 8.8.8.8:53 esube.iskur.gov.tr udp
US 8.8.8.8:53 pop3.school.wvbs.org udp
US 8.8.8.8:53 ftp.is-apps.telusinternational.com udp
US 8.8.8.8:53 imap.gameutha.com udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 mailgate.forum.mobilism.org udp
US 8.8.8.8:53 ssh.remotedesktop.google.com udp
US 8.8.8.8:53 pop.auth.riotgames.com udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 imap.forum.mobilism.org udp
US 8.8.8.8:53 pop3.portal.reemo.io udp
US 8.8.8.8:53 ssh.users.nexusmods.com udp
US 8.8.8.8:53 imap.login.arduino.cc udp
US 8.8.8.8:53 pop3.help.steampowered.com udp
US 8.8.8.8:53 ftp.airbox.home udp
US 8.8.8.8:53 pop3.skills.shawacademy.com udp
DE 185.172.128.19:80 185.172.128.19 tcp
GB 173.222.13.40:80 tcp
US 15.204.234.61:9100 tcp
SG 143.92.75.92:80 shopee.ph tcp
PL 188.210.221.79:80 mail.lista-minecraft.pl tcp
IE 209.85.203.84:80 accounts.google.com tcp
VN 202.160.124.82:80 myaccount.vndirect.com.vn tcp
US 8.8.8.8:53 mailgate.login.arduino.cc udp
US 8.8.8.8:53 mail.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 ssh.id.vndirect.com.vn udp
US 8.8.8.8:53 ssh.accounts.binance.com udp
US 8.8.8.8:53 bireysel.ziraatbank.com.tr udp
PL 188.210.221.79:443 mail.lista-minecraft.pl tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
VN 202.160.124.58:80 id.vndirect.com.vn tcp
US 104.16.119.50:80 auth.riotgames.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
GB 18.245.143.43:80 accounts.binance.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 162.159.136.232:443 discord.com tcp
US 208.109.57.122:80 www.gameutha.com tcp
VN 49.213.95.230:443 id.zalo.me tcp
US 104.16.119.50:80 auth.riotgames.com tcp
US 104.26.12.251:80 unknowncheats.me tcp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
US 8.8.8.8:53 imap.students.kuccps.net udp
US 8.8.8.8:53 ftp.myaccount.vndirect.com.vn udp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
US 8.8.8.8:53 pop3.portal.health.go.ke udp
US 8.8.8.8:53 ssh.is-apps.telusinternational.com udp
US 8.8.8.8:53 mail.help.steampowered.com udp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
US 8.8.8.8:53 mail.users.nexusmods.com udp
US 8.8.8.8:53 mail.oauth.bpi.com.ph udp
US 8.8.8.8:53 pop3.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 mailgate.events.crowdsense.ai udp
US 8.8.8.8:53 mailgate.h5.stepworkstime.com udp
US 8.8.8.8:53 pop3.store.steampowered.com udp
US 8.8.8.8:53 mailgate.hub360.com.ng udp
US 8.8.8.8:53 passport.yandex.com.tr udp
US 8.8.8.8:53 e-devlet.riskmerkezi.org udp
TR 195.142.246.58:80 subesiz.vakifbank.com.tr tcp
IE 209.85.203.84:80 accounts.google.com tcp
SG 18.136.136.90:80 ftp.azota.vn tcp
PL 91.209.116.56:443 moje.gwo.pl tcp
PL 185.36.169.113:443 lista-serwerow.emecz.pl tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
N/A 104.18.21.226:80 tcp
N/A 104.18.21.226:80 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
NL 95.142.206.2:443 tcp
US 8.8.8.8:53 ftp.shopee.ph udp
US 8.8.8.8:53 imap.school.wvbs.org udp
US 8.8.8.8:53 ssh.airbox.home udp
US 8.8.8.8:53 mxa-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 ftp.lista-serwerow.emecz.pl udp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 mail.accounts.shutterstock.com udp
US 8.8.8.8:53 ftp.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 ssh.vio.edu.vn udp
US 8.8.8.8:53 mailgate.app.blokada.org udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 mail.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 mail.school.wvbs.org udp
US 8.8.8.8:53 pop.airbox.home udp
US 8.8.8.8:53 imap.skills.shawacademy.com udp
US 8.8.8.8:53 mail.airbox.home udp
US 8.8.8.8:53 mail.app.blokada.org udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 mail.skills.shawacademy.com udp
US 8.8.8.8:53 ssh.auth.riotgames.com udp
US 8.8.8.8:53 mailgate.portal.yabatech.edu.ng udp
US 8.8.8.8:53 mail.portal.yabatech.edu.ng udp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 pop3.gameutha.com udp
US 8.8.8.8:53 ftp.is-apps.telusinternational.com udp
US 8.8.8.8:53 ssh.ncsrail.com udp
US 8.8.8.8:53 pop3.portal.reemo.io udp
US 8.8.8.8:53 pop.auth.riotgames.com udp
US 8.8.8.8:53 mailgate.login.arduino.cc udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 mailgate.forum.mobilism.org udp
US 8.8.8.8:53 mail.students.kuccps.net udp
US 8.8.8.8:53 ftp.id.vndirect.com.vn udp
US 8.8.8.8:53 pop3.students.kuccps.net udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 8.8.8.8:53 ssh.trade.vndirect.com.vn udp
US 8.8.8.8:53 imap.portal.health.go.ke udp
US 8.8.8.8:53 accounts.binance.com udp
US 8.8.8.8:53 ssh.accounts.shutterstock.com udp
US 8.8.8.8:53 mail.id.vndirect.com.vn udp
US 8.8.8.8:53 ssh.help.steampowered.com udp
US 8.8.8.8:53 ssh.users.nexusmods.com udp
US 8.8.8.8:53 mail.id.zalo.me udp
US 8.8.8.8:53 mailgate.skills.shawacademy.com udp
TR 195.142.246.58:80 subesiz.vakifbank.com.tr tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
TR 185.68.222.101:80 giris.ibb.istanbul tcp
TR 193.108.213.15:80 sube.halkbank.com.tr tcp
US 104.18.9.28:80 krunker.io tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
TR 212.174.173.81:80 esube.iskur.gov.tr tcp
IE 209.85.203.84:80 accounts.google.com tcp
PL 188.210.221.79:80 mail.lista-minecraft.pl tcp
TR 95.0.131.147:80 online.spor.istanbul tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
US 162.159.136.232:80 discord.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
GB 104.103.202.103:80 help.steampowered.com tcp
TR 195.39.224.29:80 internetbankaciligi.fibabanka.com.tr tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
TR 195.39.224.29:80 internetbankaciligi.fibabanka.com.tr tcp
TR 213.14.252.53:80 bireysel.istanbulkart.istanbul tcp
VN 103.174.216.148:80 vio.edu.vn tcp
US 8.8.8.8:53 ssh.shopee.ph udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 mail.events.crowdsense.ai udp
US 8.8.8.8:53 mailgate.events.crowdsense.ai udp
US 8.8.8.8:53 mailgate.ny3.blynk.cloud udp
US 8.8.8.8:53 pop3.store.steampowered.com udp
US 8.8.8.8:53 pop.users.nexusmods.com udp
US 8.8.8.8:53 mail.users.nexusmods.com udp
US 8.8.8.8:53 ssh.gamejolt.com udp
US 8.8.8.8:53 imap.help.steampowered.com udp
US 8.8.8.8:53 mx1.mail.ovh.net udp
US 8.8.8.8:53 mail.oauth.bpi.com.ph udp
US 8.8.8.8:53 ssh.accounts.google.com udp
US 8.8.8.8:53 mail.is-apps.telusinternational.com udp
US 8.8.8.8:53 mail.id.zalo.me udp
US 8.8.8.8:53 pop.ncsrail.com udp
US 8.8.8.8:53 ssh.zahcomputers.pk udp
US 8.8.8.8:53 imap.portal.reemo.io udp
US 8.8.8.8:53 ftp.lista-minecraft.pl udp
US 8.8.8.8:53 mugenarchive.com udp
US 8.8.8.8:53 ssh.oauth.bpi.com.ph udp
US 8.8.8.8:53 ssh.remotedesktop.google.com udp
US 8.8.8.8:53 users.nexusmods.com udp
US 8.8.8.8:53 ftp.trade.vndirect.com.vn udp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 mail.account.protonvpn.com udp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
US 162.159.136.232:80 discord.com tcp
VN 49.213.95.230:80 id.zalo.me tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
US 34.120.58.86:80 is-apps.telusinternational.com tcp
GB 18.245.253.33:80 accounts.shutterstock.com tcp
TR 213.14.252.53:80 bireysel.istanbulkart.istanbul tcp
PL 185.36.169.113:80 ftp.lista-serwerow.emecz.pl tcp
PL 82.177.190.71:443 dolnoslaskie.edu.com.pl tcp
RU 213.180.204.24:80 passport.yandex.com.tr tcp
PL 91.209.116.56:80 moje.gwo.pl tcp
IT 185.196.8.22:80 ckrehdr.net tcp
TR 194.24.224.11:80 bireysel.ziraatbank.com.tr tcp
SG 18.136.136.90:80 azota.vn tcp
TR 95.0.131.147:80 online.spor.istanbul tcp
US 104.26.11.45:443 spwarta.mobidziennik.pl tcp
TR 185.68.222.101:443 giris.ibb.istanbul tcp
PL 188.210.221.79:80 ftp.lista-minecraft.pl tcp
IE 209.85.203.84:80 accounts.google.com tcp
TR 193.108.213.15:443 sube.halkbank.com.tr tcp
PL 185.36.169.113:80 ftp.lista-serwerow.emecz.pl tcp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
SG 143.92.75.92:80 shopee.ph tcp
SG 157.230.193.203:80 sshstores.net tcp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 ssh.vio.edu.vn udp
US 8.8.8.8:53 ftp.discord.com udp
US 8.8.8.8:53 pop3.portal.health.go.ke udp
US 8.8.8.8:53 mailgate.forum.mobilism.org udp
US 8.8.8.8:53 ssh.id.zalo.me udp
US 8.8.8.8:53 ssh.trade.vndirect.com.vn udp
US 8.8.8.8:53 ssh.krunker.io udp
US 8.8.8.8:53 subesiz.vakifbank.com.tr udp
US 8.8.8.8:53 mail.azota.vn udp
US 8.8.8.8:53 imap.pakrail.gov.pk udp
US 8.8.8.8:53 alt4.aspmx.l.google.com udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 mailgate.ny3.blynk.cloud udp
US 8.8.8.8:53 en.onlinesoccermanager.com udp
US 8.8.8.8:53 imap.portal.health.go.ke udp
US 8.8.8.8:53 playsultan.com udp
US 8.8.8.8:53 imap.school.wvbs.org udp
US 8.8.8.8:53 mail.auth.riotgames.com udp
US 8.8.8.8:53 pop3.account.protonvpn.com udp
RU 213.180.204.24:80 passport.yandex.com.tr tcp
DE 185.159.159.143:443 account.protonvpn.com tcp
GB 104.103.202.103:80 help.steampowered.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
US 8.8.8.8:53 mailgate.forum.mobilism.org udp
US 8.8.8.8:53 ssh.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 mail.students.kuccps.net udp
US 8.8.8.8:53 airbox.home udp
US 8.8.8.8:53 33.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 11.224.24.194.in-addr.arpa udp
US 8.8.8.8:53 ssh.id.vndirect.com.vn udp
US 8.8.8.8:53 mail.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 pop.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 ssh.ncsrail.com udp
VN 125.212.254.122:80 trade.vndirect.com.vn tcp
US 104.18.4.160:80 gamejolt.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
TR 195.87.92.188:80 e-devlet.riskmerkezi.org tcp
US 8.8.8.8:53 ftp.oauth.bpi.com.ph udp
US 8.8.8.8:53 mailgate.help.steampowered.com udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 imap.dash.studentsearncash.co udp
US 8.8.8.8:53 ftp.aolweb.meb.gov.tr udp
US 8.8.8.8:53 mail.account.protonvpn.com udp
US 8.8.8.8:53 mail.id.vndirect.com.vn udp
US 8.8.8.8:53 mailgate.events.crowdsense.ai udp
US 8.8.8.8:53 mail.events.crowdsense.ai udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 pop.ncsrail.com udp
US 8.8.8.8:53 _dc-mx.6677cb836089.mugenarchive.com udp
US 8.8.8.8:53 ssh.remotedesktop.google.com udp
US 8.8.8.8:53 pop.id.zalo.me udp
US 8.8.8.8:53 ssh.oauth.bpi.com.ph udp
US 8.8.8.8:53 ftp.moje.gwo.pl udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 relay.events.crowdsense.ai udp
US 8.8.8.8:53 pop3.pakrail.gov.pk udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 imap.portal.reemo.io udp
US 8.8.8.8:53 mailgate.store.steampowered.com udp
US 8.8.8.8:53 ssh.gamejolt.com udp
US 8.8.8.8:53 mail.users.nexusmods.com udp
US 8.8.8.8:53 pop.trade.vndirect.com.vn udp
US 8.8.8.8:53 mail.trade.vndirect.com.vn udp
VN 202.160.124.58:80 id.vndirect.com.vn tcp
PL 188.210.221.79:80 ftp.lista-minecraft.pl tcp
TR 195.142.246.58:80 subesiz.vakifbank.com.tr tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
GB 18.245.143.55:80 accounts.binance.com tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
US 104.18.9.28:443 krunker.io tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 172.67.70.229:80 egitimhane.com tcp
VN 49.213.95.230:80 id.zalo.me tcp
PL 188.210.221.79:80 ftp.lista-minecraft.pl tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 8.8.8.8:53 ftp.unknowncheats.me udp
US 8.8.8.8:53 pop.nairaland.com udp
US 8.8.8.8:53 mail.oauth.bpi.com.ph udp
US 8.8.8.8:53 mail.accounts.shutterstock.com udp
US 8.8.8.8:53 mailgate.ny3.blynk.cloud udp
US 8.8.8.8:53 vddswrwooe4osvbi3yy3gdgi575xmw6dwguqvdehvkzvbs3quzca.mx-verification.google.com udp
US 8.8.8.8:53 ssh.airbox.home udp
US 8.8.8.8:53 mailgate.portal.yabatech.edu.ng udp
US 8.8.8.8:53 imap.account.protonvpn.com udp
US 8.8.8.8:53 imap.auth.riotgames.com udp
US 8.8.8.8:53 relay.login.arduino.cc udp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 pop.anilist.co udp
US 8.8.8.8:53 ssh.is-apps.telusinternational.com udp
US 8.8.8.8:53 ssh.moje.gwo.pl udp
TR 195.87.92.188:80 e-devlet.riskmerkezi.org tcp
US 104.16.119.50:443 auth.riotgames.com tcp
TR 195.142.246.58:80 subesiz.vakifbank.com.tr tcp
GB 18.245.253.33:80 accounts.shutterstock.com tcp
TR 193.108.213.15:80 sube.halkbank.com.tr tcp
PL 82.177.190.74:80 ftp.dolnoslaskie.edu.com.pl tcp
PL 185.36.169.113:443 ftp.lista-serwerow.emecz.pl tcp
PL 91.209.116.56:80 moje.gwo.pl tcp
US 162.159.136.232:80 discord.com tcp
US 172.67.70.229:80 egitimhane.com tcp
US 104.26.11.45:80 spwarta.mobidziennik.pl tcp
TR 85.111.38.82:80 giris.eba.gov.tr tcp
US 8.8.8.8:53 mail.app.blokada.org udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 pop.help.steampowered.com udp
US 8.8.8.8:53 gamejolt.com udp
US 8.8.8.8:53 mailgate.portal.health.go.ke udp
US 8.8.8.8:53 ssh.discord.com udp
US 8.8.8.8:53 app.tinyletter.com udp
US 8.8.8.8:53 imap.pakrail.gov.pk udp
US 8.8.8.8:53 mail.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 ssh.account.protonvpn.com udp
US 8.8.8.8:53 mixlr.com udp
TR 212.174.173.81:80 esube.iskur.gov.tr tcp
VN 202.160.124.82:80 myaccount.vndirect.com.vn tcp
TR 185.68.222.101:80 giris.ibb.istanbul tcp
US 104.21.83.66:80 mugenarchive.com tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
US 8.8.8.8:53 pop.ncsrail.com udp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 104.21.11.165:80 zahcomputers.pk tcp
US 8.8.8.8:53 ftp.krunker.io udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
TR 213.14.252.53:80 bireysel.istanbulkart.istanbul tcp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 airbox.home udp
US 8.8.8.8:53 mail.skills.shawacademy.com udp
US 8.8.8.8:53 mail.portal.reemo.io udp
US 8.8.8.8:53 mail.steamcommunity.com udp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
GB 104.103.202.103:80 steamcommunity.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.26.12.251:80 unknowncheats.me tcp
TR 195.39.224.29:80 internetbankaciligi.fibabanka.com.tr tcp
GB 104.103.202.103:80 steamcommunity.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 162.159.136.232:443 discord.com tcp
DE 173.249.52.237:80 ftp.ncsrail.com tcp
US 8.8.8.8:53 mailgate.forum.mobilism.org udp
US 8.8.8.8:53 mail.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 ssh.lista-serwerow.emecz.pl udp
US 8.8.8.8:53 mail.students.kuccps.net udp
US 8.8.8.8:53 mxb-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 vio.edu.vn udp
US 8.8.8.8:53 shopee.ph udp
US 8.8.8.8:53 pop.remotedesktop.google.com udp
US 8.8.8.8:53 mailgate.help.steampowered.com udp
US 8.8.8.8:53 mailgate.school.wvbs.org udp
US 8.8.8.8:53 imap.gameutha.com udp
US 8.8.8.8:53 mail.is-apps.telusinternational.com udp
US 8.8.8.8:53 mail.account.protonvpn.com udp
US 8.8.8.8:53 mail.events.crowdsense.ai udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 ftp.moje.gwo.pl udp
US 8.8.8.8:53 pop.trade.vndirect.com.vn udp
US 8.8.8.8:53 mailgate.store.steampowered.com udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 relay.events.crowdsense.ai udp
US 8.8.8.8:53 ssh.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 ssh.gamejolt.com udp
US 8.8.8.8:53 ssh.oauth.bpi.com.ph udp
US 8.8.8.8:53 mail.sshstores.net udp
US 8.8.8.8:53 ftp.giris.ibb.istanbul udp
US 8.8.8.8:53 ssh.shopee.ph udp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 ssh.id.vndirect.com.vn udp
US 8.8.8.8:53 ssh.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 pop.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 mailgate.app.blokada.org udp
TR 195.39.224.29:80 internetbankaciligi.fibabanka.com.tr tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
US 8.8.8.8:53 ssh.lista-minecraft.pl udp
US 8.8.8.8:53 ssh.dolnoslaskie.edu.com.pl udp
US 8.8.8.8:53 mxa-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 mail.trade.vndirect.com.vn udp
US 8.8.8.8:53 ftp.internetbankaciligi.fibabanka.com.tr udp
US 8.8.8.8:53 ftp.aolweb.meb.gov.tr udp
US 8.8.8.8:53 pop3.pakrail.gov.pk udp
US 8.8.8.8:53 pop.id.zalo.me udp
TR 212.174.173.81:443 esube.iskur.gov.tr tcp
RU 213.180.204.24:80 passport.yandex.com.tr tcp
US 8.8.8.8:53 imap.account.protonvpn.com udp
US 8.8.8.8:53 vddswrwooe4osvbi3yy3gdgi575xmw6dwguqvdehvkzvbs3quzca.mx-verification.google.com udp
US 8.8.8.8:53 ssh.airbox.home udp
US 8.8.8.8:53 imap.auth.riotgames.com udp
US 8.8.8.8:53 ftp.unknowncheats.me udp
US 8.8.8.8:53 pop.nairaland.com udp
US 8.8.8.8:53 mail.portal.yabatech.edu.ng udp
US 8.8.8.8:53 mail.auth.riotgames.com udp
US 8.8.8.8:53 ftp.discord.com udp
US 8.8.8.8:53 ssh.is-apps.telusinternational.com udp
US 8.8.8.8:53 mail.oauth.bpi.com.ph udp
US 8.8.8.8:53 mailgate.portal.reemo.io udp
US 8.8.8.8:53 ftp.account.protonvpn.com udp
TR 213.14.252.53:80 bireysel.istanbulkart.istanbul tcp
VN 125.212.254.122:80 trade.vndirect.com.vn tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 104.16.119.50:80 auth.riotgames.com tcp
TR 193.108.213.15:80 sube.halkbank.com.tr tcp
US 104.18.4.160:80 gamejolt.com tcp
US 8.8.8.8:53 ftp.esube.iskur.gov.tr udp
US 8.8.8.8:53 mx2.zoho.com udp
US 8.8.8.8:53 imap.store.steampowered.com udp
US 8.8.8.8:53 mailgate.app.blokada.org udp
US 8.8.8.8:53 ssh.trade.vndirect.com.vn udp
US 8.8.8.8:53 relay.forum.mobilism.org udp
US 8.8.8.8:53 ssh.vio.edu.vn udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 mailgate.login.arduino.cc udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 ssh.account.protonvpn.com udp
US 8.8.8.8:53 imap.pakrail.gov.pk udp
US 8.8.8.8:53 pop.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 pop3.auth.riotgames.com udp
US 8.8.8.8:53 ssh.unknowncheats.me udp
US 8.8.8.8:53 pop.accounts.shutterstock.com udp
US 8.8.8.8:53 mailgate.skills.shawacademy.com udp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
US 172.67.70.229:443 egitimhane.com tcp
US 104.18.9.28:80 krunker.io tcp
PL 185.36.169.113:80 ssh.lista-serwerow.emecz.pl tcp
US 104.16.90.146:80 en.onlinesoccermanager.com tcp
TR 194.24.224.11:80 bireysel.ziraatbank.com.tr tcp
TR 212.174.173.81:443 esube.iskur.gov.tr tcp
TR 85.111.38.82:80 giris.eba.gov.tr tcp
US 104.21.82.210:80 playsultan.com tcp
US 104.21.82.210:80 playsultan.com tcp
TR 85.111.38.82:80 giris.eba.gov.tr tcp
RU 213.180.204.24:80 passport.yandex.com.tr tcp
TR 185.68.222.101:80 giris.ibb.istanbul tcp
IT 185.196.8.22:80 ckrehdr.net tcp
GB 104.103.202.103:80 help.steampowered.com tcp
US 162.159.136.232:80 discord.com tcp
TR 95.0.131.147:80 online.spor.istanbul tcp
VN 202.160.124.82:80 myaccount.vndirect.com.vn tcp
PH 203.161.188.178:80 oauth.bpi.com.ph tcp
PH 121.96.38.199:80 mybdo.com.ph tcp
US 205.201.132.23:80 app.tinyletter.com tcp
US 8.8.8.8:53 imap.users.nexusmods.com udp
US 8.8.8.8:53 mail.giris.ibb.istanbul udp
GB 104.103.202.103:80 help.steampowered.com tcp
TR 195.87.92.188:80 e-devlet.riskmerkezi.org tcp
TR 195.142.246.58:80 subesiz.vakifbank.com.tr tcp
US 8.8.8.8:53 is-apps.telusinternational.com udp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 mail.users.nexusmods.com udp
US 8.8.8.8:53 ssh.steamcommunity.com udp
US 8.8.8.8:53 mail.moje.gwo.pl udp
US 8.8.8.8:53 mail.school.wvbs.org udp
US 8.8.8.8:53 subesiz.vakifbank.com.tr udp
PH 203.177.92.210:80 mybdo.com.ph tcp
VN 202.160.124.58:80 id.vndirect.com.vn tcp
US 8.8.8.8:53 mail.auth.riotgames.com udp
US 8.8.8.8:53 ssh.sube.halkbank.com.tr udp
US 8.8.8.8:53 mail.skills.shawacademy.com udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 mail.aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 ftp.krunker.io udp
US 8.8.8.8:53 mail.aolweb.meb.gov.tr udp
US 8.8.8.8:53 mailgate.forum.mobilism.org udp
US 8.8.8.8:53 mail.sshstores.net udp
US 8.8.8.8:53 mobile.twitter.com udp
US 8.8.8.8:53 ssh.accounts.shutterstock.com udp
US 8.8.8.8:53 mail.portal.reemo.io udp
US 8.8.8.8:53 mail.students.kuccps.net udp
US 8.8.8.8:53 ssh.krunker.io udp
US 8.8.8.8:53 pop.id.vndirect.com.vn udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 accounts.binance.com udp
US 8.8.8.8:53 pop.nairaland.com udp
US 8.8.8.8:53 mail.sube.halkbank.com.tr udp
US 8.8.8.8:53 ftp.online.spor.istanbul udp
US 8.8.8.8:53 ssh.aolweb.meb.gov.tr udp
US 8.8.8.8:53 imap.remotedesktop.google.com udp
US 8.8.8.8:53 ssh.oauth.bpi.com.ph udp
US 8.8.8.8:53 mail.account.protonvpn.com udp
US 8.8.8.8:53 ssh.shopee.ph udp
US 8.8.8.8:53 mailgate.gameutha.com udp
US 8.8.8.8:53 mailgate.help.steampowered.com udp
US 8.8.8.8:53 mail.events.crowdsense.ai udp
US 8.8.8.8:53 ftp.giris.ibb.istanbul udp
US 8.8.8.8:53 pop.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 mailgate.store.steampowered.com udp
US 8.8.8.8:53 ssh.id.vndirect.com.vn udp
US 8.8.8.8:53 mailgate.school.wvbs.org udp
US 8.8.8.8:53 ssh.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 mail.app.blokada.org udp
US 8.8.8.8:53 ftp.passport.yandex.com.tr udp
US 8.8.8.8:53 gizmoetc.dealpos.com udp
US 8.8.8.8:53 mail.forum.mobilism.org udp
US 8.8.8.8:53 ssh.discord.com udp
US 8.8.8.8:53 forum.scriptcase.net udp
US 8.8.8.8:53 account.ui.com udp
US 8.8.8.8:53 ejournals.ph udp
US 8.8.8.8:53 mailgate.login.arduino.cc udp
US 8.8.8.8:53 www.egitimhane.com udp
US 8.8.8.8:53 mail.airbox.home udp
US 8.8.8.8:53 mail.steamcommunity.com udp
US 8.8.8.8:53 mail.subesiz.vakifbank.com.tr udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 pop3.airbox.home udp
US 8.8.8.8:53 pop3.pakrail.gov.pk udp
US 8.8.8.8:53 ftp.aolweb.meb.gov.tr udp
US 8.8.8.8:53 ssh.lista-minecraft.pl udp
US 8.8.8.8:53 mxa-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 mail.trade.vndirect.com.vn udp
VN 103.160.85.100:80 vio.edu.vn tcp
US 8.8.8.8:53 ftp.steamcommunity.com udp
US 8.8.8.8:53 pop3.account.protonvpn.com udp
US 8.8.8.8:53 mail.accounts.shutterstock.com udp
US 8.8.8.8:53 mailgate.ny3.blynk.cloud udp
US 8.8.8.8:53 vddswrwooe4osvbi3yy3gdgi575xmw6dwguqvdehvkzvbs3quzca.mx-verification.google.com udp
PH 121.96.38.199:80 mybdo.com.ph tcp
TR 195.87.92.188:80 e-devlet.riskmerkezi.org tcp
PL 188.210.221.79:80 ftp.lista-minecraft.pl tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
US 104.26.11.45:80 spwarta.mobidziennik.pl tcp
US 104.16.119.50:80 auth.riotgames.com tcp
GB 18.245.253.33:80 accounts.shutterstock.com tcp
US 8.8.8.8:53 mxb-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 pop.is-apps.telusinternational.com udp
US 8.8.8.8:53 ssh.myaccount.vndirect.com.vn udp
TR 193.108.213.15:443 sube.halkbank.com.tr tcp
PL 82.177.190.74:443 ssh.dolnoslaskie.edu.com.pl tcp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 ssh.accounts.binance.com udp
US 8.8.8.8:53 mail.internetbankaciligi.fibabanka.com.tr udp
US 8.8.8.8:53 smtp.h5.stepworkstime.com udp
US 8.8.8.8:53 mail.auth.riotgames.com udp
US 8.8.8.8:53 forum.scriptcase.net udp
US 8.8.8.8:53 account.ui.com udp
US 8.8.8.8:53 ejournals.ph udp
US 8.8.8.8:53 pop3.auth.riotgames.com udp
US 8.8.8.8:53 relay.forum.mobilism.org udp
US 8.8.8.8:53 relay.portal.yabatech.edu.ng udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 ssh.account.protonvpn.com udp
US 8.8.8.8:53 ssh.trade.vndirect.com.vn udp
US 8.8.8.8:53 ssh.giris.ibb.istanbul udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 pop.trade.vndirect.com.vn udp
US 8.8.8.8:53 mail.is-apps.telusinternational.com udp
US 8.8.8.8:53 pop.remotedesktop.google.com udp
US 8.8.8.8:53 relay.events.crowdsense.ai udp
TR 212.174.173.81:80 esube.iskur.gov.tr tcp
US 104.244.42.134:80 mobile.twitter.com tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
SG 172.188.8.218:80 gizmoetc.dealpos.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
VN 125.212.254.122:80 trade.vndirect.com.vn tcp
US 104.16.90.146:443 en.onlinesoccermanager.com tcp
PL 91.209.116.56:80 moje.gwo.pl tcp
US 104.21.82.210:80 playsultan.com tcp
SG 202.181.90.248:80 shopee.ph tcp
DE 173.249.52.237:80 ftp.ncsrail.com tcp
US 104.21.11.165:80 zahcomputers.pk tcp
TR 185.68.222.101:443 giris.ibb.istanbul tcp
TR 212.174.173.81:80 esube.iskur.gov.tr tcp
US 205.201.132.23:80 app.tinyletter.com tcp
PH 103.53.154.98:80 online.rcbcbankard.com tcp
TR 195.39.224.29:80 internetbankaciligi.fibabanka.com.tr tcp
US 104.21.82.210:80 playsultan.com tcp
TR 85.111.38.82:80 giris.eba.gov.tr tcp
GB 104.103.202.103:80 help.steampowered.com tcp
GB 104.103.202.103:80 help.steampowered.com tcp
SG 209.58.169.46:80 jongmedellin.sg3.quickconnect.to tcp
TR 95.0.131.147:80 online.spor.istanbul tcp
TR 213.14.252.53:80 bireysel.istanbulkart.istanbul tcp
US 8.8.8.8:53 mailgate.students.kuccps.net udp
US 8.8.8.8:53 relay.h5.stepworkstime.com udp
US 8.8.8.8:53 mailgate.portal.reemo.io udp
US 8.8.8.8:53 accounts.shutterstock.com udp
US 8.8.8.8:53 pop3.myaccount.vndirect.com.vn udp
US 8.8.8.8:53 ftp.sube.halkbank.com.tr udp
US 8.8.8.8:53 pop3.help.steampowered.com udp
US 8.8.8.8:53 mail.id.vndirect.com.vn udp
US 8.8.8.8:53 ftp.mugenarchive.com udp
SG 209.58.169.46:80 jongmedellin.sg3.quickconnect.to tcp
SG 172.188.8.218:80 gizmoetc.dealpos.com tcp
US 8.8.8.8:53 ftp.bireysel.istanbulkart.istanbul udp
US 8.8.8.8:53 ftp.subesiz.vakifbank.com.tr udp
US 8.8.8.8:53 mail.login.arduino.cc udp
US 8.8.8.8:53 mail.giris.ibb.istanbul udp
US 8.8.8.8:53 imap.help.steampowered.com udp
US 8.8.8.8:53 mail.school.wvbs.org udp
PH 203.177.92.210:80 mybdo.com.ph tcp
VN 202.160.124.58:80 id.vndirect.com.vn tcp
US 8.8.8.8:53 mail.aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 mailgate.forum.mobilism.org udp
US 8.8.8.8:53 mail.sshstores.net udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 imap.id.zalo.me udp
US 8.8.8.8:53 9656349.in1.mandrillapp.com udp
US 8.8.8.8:53 relay.school.wvbs.org udp
US 8.8.8.8:53 ssh.id.vndirect.com.vn udp
TR 194.24.224.11:443 bireysel.ziraatbank.com.tr tcp
TR 194.24.224.11:443 bireysel.ziraatbank.com.tr tcp
RU 213.180.204.24:80 passport.yandex.com.tr tcp
US 8.8.8.8:53 minecraftcapes.net udp
US 8.8.8.8:53 mail.users.nexusmods.com udp
US 8.8.8.8:53 ssh.sube.halkbank.com.tr udp
US 8.8.8.8:53 mail.ejournals.ph udp
US 8.8.8.8:53 pop3.account.protonvpn.com udp
US 8.8.8.8:53 mail.trade.vndirect.com.vn udp
US 8.8.8.8:53 pop3.pakrail.gov.pk udp
US 8.8.8.8:53 pop3.airbox.home udp
US 8.8.8.8:53 mailgate.ny3.blynk.cloud udp
US 8.8.8.8:53 relay.ny3.blynk.cloud udp
US 8.8.8.8:53 vddswrwooe4osvbi3yy3gdgi575xmw6dwguqvdehvkzvbs3quzca.mx-verification.google.com udp
US 8.8.8.8:53 mail.portal.yabatech.edu.ng udp
US 8.8.8.8:53 ssh.discord.com udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 pop.accounts.shutterstock.com udp
US 8.8.8.8:53 pop.oauth.bpi.com.ph udp
US 8.8.8.8:53 relay.portal.yabatech.edu.ng udp
US 8.8.8.8:53 imap.airbox.home udp
US 8.8.8.8:53 mail.subesiz.vakifbank.com.tr udp
US 8.8.8.8:53 pop.is-apps.telusinternational.com udp
US 8.8.8.8:53 mxb-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 mailgate.app.blokada.org udp
US 8.8.8.8:53 mail.mybdo.com.ph udp
US 8.8.8.8:53 pop3.auth.riotgames.com udp
US 8.8.8.8:53 mail.internetbankaciligi.fibabanka.com.tr udp
US 8.8.8.8:53 pop3.ncsrail.com udp
US 8.8.8.8:53 ftp.internetbankaciligi.fibabanka.com.tr udp
US 8.8.8.8:53 mail.online.spor.istanbul udp
US 8.8.8.8:53 mailgate.account.protonvpn.com udp
US 8.8.8.8:53 mail.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 pop.id.zalo.me udp
US 8.8.8.8:53 mail.is-apps.telusinternational.com udp
US 8.8.8.8:53 mail.store.steampowered.com udp
US 8.8.8.8:53 100.85.160.103.in-addr.arpa udp
US 8.8.8.8:53 218.8.188.172.in-addr.arpa udp
US 8.8.8.8:53 248.90.181.202.in-addr.arpa udp
US 8.8.8.8:53 lms.matrixcomsec.com udp
US 8.8.8.8:53 46.169.58.209.in-addr.arpa udp
US 8.8.8.8:53 mail.app.blokada.org udp
US 8.8.8.8:53 ssh.aolweb.aol.meb.gov.tr udp
TR 193.108.213.15:80 sube.halkbank.com.tr tcp
TR 195.142.246.58:80 subesiz.vakifbank.com.tr tcp
US 104.18.8.28:80 krunker.io tcp
IT 185.196.8.22:80 ckrehdr.net tcp
PL 188.210.221.79:80 ftp.lista-minecraft.pl tcp
GB 18.245.143.55:80 accounts.binance.com tcp
US 8.8.8.8:53 ftp.bireysel.ziraatbank.com.tr udp
US 8.8.8.8:53 online.bdo.com.ph udp
US 8.8.8.8:53 mailgate.school.wvbs.org udp
US 8.8.8.8:53 mail.steamcommunity.com udp
US 8.8.8.8:53 app.alie3ksgaa.com udp
US 8.8.8.8:53 mail.bireysel.ziraatbank.com.tr udp
US 8.8.8.8:53 mail.e-devlet.riskmerkezi.org udp
US 8.8.8.8:53 imap.users.nexusmods.com udp
US 8.8.8.8:53 ftp.giris.ibb.istanbul udp
US 8.8.8.8:53 ssh.lista-minecraft.pl udp
US 8.8.8.8:53 mxa-004fae02.gslb.pphosted.com udp
US 8.8.8.8:53 ftp.aolweb.meb.gov.tr udp
US 8.8.8.8:53 mailgate.portal.reemo.io udp
US 8.8.8.8:53 pop.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 mail.sube.halkbank.com.tr udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
TR 212.175.170.107:80 aolweb.meb.gov.tr tcp
US 104.18.4.160:80 gamejolt.com tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 104.16.90.146:80 en.onlinesoccermanager.com tcp
US 162.159.136.232:80 discord.com tcp
VN 125.212.254.122:80 trade.vndirect.com.vn tcp
TR 185.68.222.101:80 giris.ibb.istanbul tcp
US 172.67.70.229:80 www.egitimhane.com tcp
US 162.159.136.232:80 discord.com tcp
GB 104.103.202.103:80 steamcommunity.com tcp
SG 202.181.90.248:80 shopee.ph tcp
US 8.8.8.8:53 ssh.bireysel.istanbulkart.istanbul udp
US 8.8.8.8:53 developer.globelabs.com.ph udp
TR 195.39.224.29:80 internetbankaciligi.fibabanka.com.tr tcp
GB 18.164.68.22:80 account.ui.com tcp
US 205.201.132.23:80 app.tinyletter.com tcp
SG 172.188.8.218:80 slscauto.dealpos.com tcp
US 104.21.82.210:80 playsultan.com tcp
PL 185.36.169.113:80 ssh.lista-serwerow.emecz.pl tcp
PH 103.53.154.98:80 online.rcbcbankard.com tcp
US 104.21.83.66:80 mugenarchive.com tcp
TR 95.0.131.147:443 online.spor.istanbul tcp
US 8.8.8.8:53 pop3.help.steampowered.com udp
US 8.8.8.8:53 ssh.auth.riotgames.com udp
US 8.8.8.8:53 account.jetbrains.com udp
US 8.8.8.8:53 developer.globelabs.com.ph udp
US 8.8.8.8:53 gobouy.com udp
TR 195.87.92.188:80 e-devlet.riskmerkezi.org tcp
TR 85.111.38.82:80 giris.eba.gov.tr tcp
US 8.8.8.8:53 ssh.egitimhane.com udp
US 8.8.8.8:53 aolweb.aol.meb.gov.tr udp
US 8.8.8.8:53 mail.aolweb.meb.gov.tr udp
PL 82.177.190.74:80 dolnoslaskie.edu.com.pl tcp
TR 194.24.224.11:80 bireysel.ziraatbank.com.tr tcp
TR 213.14.252.53:80 bireysel.istanbulkart.istanbul tcp
US 8.8.8.8:53 mail.bireysel.ziraatbank.com.tr udp
US 8.8.8.8:53 account.ui.com udp
US 8.8.8.8:53 subesiz.vakifbank.com.tr udp
US 8.8.8.8:53 mail.help.steampowered.com udp
US 8.8.8.8:53 mail.giris.ibb.istanbul udp
US 8.8.8.8:53 mail.bireysel.istanbulkart.istanbul udp
US 8.8.8.8:53 pop.moje.gwo.pl udp
US 8.8.8.8:53 mail.moje.gwo.pl udp
US 8.8.8.8:53 imap.ncsrail.com udp
US 52.44.240.235:80 forum.scriptcase.net tcp
US 172.67.74.225:80 spwarta.mobidziennik.pl tcp
SG 172.188.8.218:443 slscauto.dealpos.com tcp
DE 185.159.159.143:80 account.protonvpn.com tcp
GB 104.84.77.49:80 online.bdo.com.ph tcp
US 18.232.5.147:80 ejournals.ph tcp
PH 103.53.154.98:80 online.rcbcbankard.com tcp
US 8.8.8.8:53 pop3.nairaland.com udp
US 8.8.8.8:53 pop3.auth.riotgames.com udp
US 8.8.8.8:53 mail.remotedesktop.google.com udp
US 8.8.8.8:53 pop3.users.nexusmods.com udp
US 8.8.8.8:53 relay.store.steampowered.com udp
US 8.8.8.8:53 mail.airbox.home udp
US 8.8.8.8:53 ftp.mybdo.com.ph udp
US 8.8.8.8:53 ftp.en.onlinesoccermanager.com udp
US 8.8.8.8:53 mail.internetbankaciligi.fibabanka.com.tr udp
US 8.8.8.8:53 ssh.e-devlet.riskmerkezi.org udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 mail.esube.iskur.gov.tr udp
US 8.8.8.8:53 mail.uc-forum.com udp
US 8.8.8.8:53 imap.accounts.binance.com udp
US 8.8.8.8:53 mail.skills.shawacademy.com udp
US 8.8.8.8:53 vddswrwooe4osvbi3yy3gdgi575xmw6dwguqvdehvkzvbs3quzca.mx-verification.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 pop3.airbox.home udp
US 8.8.8.8:53 mail.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.is-apps.telusinternational.com udp
US 8.8.8.8:53 blynk.cloud udp
US 8.8.8.8:53 mx3.mail.ovh.net udp
US 8.8.8.8:53 mailgate.account.protonvpn.com udp
US 8.8.8.8:53 mailgate.app.blokada.org udp
US 8.8.8.8:53 smtp.portal.yabatech.edu.ng udp
US 8.8.8.8:53 ssh.spwarta.mobidziennik.pl udp
US 8.8.8.8:53 mail.lista-serwerow.emecz.pl udp
US 8.8.8.8:53 ssh.esube.iskur.gov.tr udp
US 8.8.8.8:53 mailgate.portal.reemo.io udp
US 8.8.8.8:53 mail.portal.health.go.ke udp
US 8.8.8.8:53 relay.login.arduino.cc udp
US 8.8.8.8:53 imap.pakrail.gov.pk udp
US 8.8.8.8:53 relay.help.steampowered.com udp
US 8.8.8.8:53 pop.is-apps.telusinternational.com udp
US 8.8.8.8:53 imap.airbox.home udp
US 8.8.8.8:53 relay.ny3.blynk.cloud udp
US 8.8.8.8:53 mail.unknowncheats.me udp
US 8.8.8.8:53 ssh.discord.com udp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
TR 212.174.173.81:80 esube.iskur.gov.tr tcp
VN 103.160.85.100:80 vio.edu.vn tcp
PH 121.96.38.199:80 mybdo.com.ph tcp
GB 104.84.77.49:80 online.bdo.com.ph tcp
US 18.232.5.147:80 ejournals.ph tcp
SG 172.188.8.218:80 slscauto.dealpos.com tcp
IN 223.31.219.250:80 lms.matrixcomsec.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fba38883c4ea1c000dbd9c38d017e733
SHA1 85e0906708a55073287ddfa21f757162b21c3573
SHA256 9e233584c57cb57ff648be1beaa1fff2112600fd78a0be082476c9ec5cfc5972
SHA512 a832dbfc9ed009c686cbe003fe04a67898c37f6cd3e0c19ff8a6d4af7649a8c7e36eeb2e2e4c4206752da80fbde7c26c7241a472d4098b1edc5ab4057d54f1a2

\??\pipe\LOCAL\crashpad_4052_GIMLUPXFBBAMUUKY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d07eed130e6024cf2b6c76082a0d3b4
SHA1 82aed96c1f16b4aedb118aed466c01c248f9af9e
SHA256 41541e8e0e5fd274e7d98d615cc16278d2e8bcc7a9e5a273d4967f1f148b0df5
SHA512 07145e78e1c92c60fdc3371b3e99a5e20e7eb2129aec39601835710ea570fc0429a2c3361a5b5603a9923a17958f8e64da4a437497a828017ffa391e8255f559

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8f6483d8aefad80532a52fb2d2358aa
SHA1 dd5b7a71172b7bba6b32463fb3177b18e97ca0db
SHA256 1578a3b2f6a2ab00e948e13837b906f5aee40969383bc2853a04a4fb2e91e088
SHA512 0b3730ff10a599e788376c9d46a3ca0789301eff31678aa70140be5849a498d493ede879b84a947d65c26eb4562d0bef0d2f9b941bd7770f0d4bba66e5eac366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f868eff56eade9ae89cc21aa0bd7080d
SHA1 6744a2eac94f609fa82baec2bf278e539c067bc6
SHA256 dcf64c3c87d25f8d7d9207c01a2958f5398a50034489f6a87bce395dcf18314f
SHA512 bd59e8bbf3891740c784d09674fe0dbe6eec041a73d603f6e98700937bc90adb045155caad102aa43273d1149e521cf47f440460fbc712f07bcc327e1ae8dabe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 de8827d93011d8af360f82cc1f8ce73e
SHA1 87774343c086d15d6da295268cbca6fed80b621f
SHA256 511050e65ef86e0692adf41262e7be695993b28b629ba66f3e174e27d78ba6c5
SHA512 fa0527111401d82e4e05a16d1908ff9e149d396ff088d970855755ca5a8589476b19a96746c445284b803f3589f1544a02b4d67e31bb56c596a3b79f49d7948f

C:\Users\Admin\Downloads\file_v1_3.rar

MD5 9accfa9662f3ff2c3d94cd116b66b024
SHA1 98ccf058f99df84e23531845d53df22773183042
SHA256 f042333260e274a0ab6135153f672d09e88f1eeb3c4a53d33deba3a10479dacc
SHA512 c7dd23edd50e2fda79d0bb23cbc8a71ae40f58510db7b618abb51627dea6123b5d22b707de384136a694db5e3d25e5b9632548675cee71342847fbe4927feefb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aeca5f840b1b8319dffce0d7ba0f7ab6
SHA1 ab221da027988d590c6d36e28bc66d3bf0bc0a8a
SHA256 9c794f17387395de70896e95857f5f481bddadfa646fe45576260ceed4b25ad8
SHA512 b9b5c22ca7a3719e1a3a678371d5a50fdff47bd43dc48b1396e14d2460a98a515574af6c3cc2b87eef14fa432fca1f980114e31b6d7355fff27b302e4932d335

C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe

MD5 9e5e1aae98b1ab1d51204f98034d5da5
SHA1 3d90dac234ba1f933571d8d0d619b440e97158f8
SHA256 fa4c8653bda620d651b6a7227a2735cef256704c20ca780f98d66e4225b05745
SHA512 75dc25db8f14487c90f13f9d647e1b80140b2ce750af066d501c66aa34b8599ea1886b5d7afe8d809d906daf8ba71d5ad28943816b3d1aa3b04d894e1f499f14

C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe

MD5 b07d2e3f5775a5adfd12ec02481a6b21
SHA1 871a1180127c16c9906104f170c4a19168bcabbd
SHA256 cab0885e5783277d5bbf332e881036ab7b79746da9cd6bb8ef23ee55fd063640
SHA512 b52a053288641fb745ec840eff3ea94322bac0cfde34f2cc16f08afca73936a09cab91cbdbf811b16836521cf5e29ba3b9f1873e92b61666004f60ae993b6946

C:\Users\Admin\AppData\Local\Temp\7zO8FE60E68\setup.exe

MD5 03eb819a90179fead116fd26f7484307
SHA1 fc0e6aeef4a0e66943d083b2a51ceef0f27cb236
SHA256 4618b6613315a2637d4289b2f089b3252be9b71c8c8267272f8aef0a5ebe0f6b
SHA512 9b6002a5c8f5687ea265128f3fd5014a7e30435daa8a2b58670da313e260175b40bbb8344646d71c318c409621c0e1dc21d01b58b1a67a4705fe1570ae4996d4

memory/4640-131-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-132-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-137-0x00007FF99E220000-0x00007FF99E2DD000-memory.dmp

memory/4640-138-0x00007FF99E220000-0x00007FF99E2DD000-memory.dmp

memory/4640-139-0x00007FF99CD80000-0x00007FF99D0F4000-memory.dmp

memory/4640-144-0x00007FF99E220000-0x00007FF99E2DD000-memory.dmp

memory/4640-143-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-140-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-142-0x00007FF980030000-0x00007FF980031000-memory.dmp

memory/4640-141-0x00007FF99F5C0000-0x00007FF99F7C9000-memory.dmp

memory/4640-146-0x00007FF980000000-0x00007FF980002000-memory.dmp

memory/4640-145-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-147-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-148-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-149-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-150-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-151-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-152-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/4640-160-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e990a6f6c92fad3b3423023364fa7f00
SHA1 71c254745ea580106647904b17d6e516c5fbdff1
SHA256 d7ace459a59991c03aad408988eb825d103aef1a5183b53cab40e8ac7d7a3bf5
SHA512 b8af6ca772efed15eb4ae5487e2d49be3bbc7421db89ce87baac899b4cec81c3ba38c7ebe5b93e148637aafedf25994648f28e55857363a0191cbb6cd9cc3b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ded63b5810e8db0c535de74879c83e8
SHA1 2d5ef52d1f983df8f2ca48bf579600736b335e87
SHA256 9eeb388b8f40c5041d58d21c129b042dd930a8dc09c72fdfc29954f2bd021a57
SHA512 5d6081d47198329272f31c40697aebbd4da3396621df7352228f441986be18bda7308486bc0547a8ef5734eb39961747197eaf3f8d11b628f000ac920de2e98d

C:\Users\Admin\Documents\GuardFox\ylbNv2I6pJRyyq2Z6jo0C555.exe

MD5 f94e4080d6ed77277fc9e7b0874fdca2
SHA1 a28fc9b691ac4f669d658d89c97b220e2f6cdcf0
SHA256 9b50319fd40cca7d198b0e11ffffd5f4bfeb4083038f65f1c714226d9d76cdff
SHA512 1a5daadad88636fc54dfe4a314fefa0006c7e49b77b7fef4aaf7fe168bb01c4b93621727c5d108d1622e62ee281805a4484d0749f7fc6635c31ee1665b5b6d5a

C:\Users\Admin\Documents\GuardFox\y4yC_rPdDmdprPwTTD9davK9.exe

MD5 8d2d9648cb9fb6614b1ea5136ebd6214
SHA1 12372f7cefcf57f927b0f911855029a353673539
SHA256 6399af8cca1643aefa498aa24d192bbd4731cbe824d5b7addb860a74a8db83ae
SHA512 3de16f11cbfdce9333a42223e877236a50d9444dfc5d6c57571dd6bec8c8f4937e191b5cb11cf264aa00978fdf8687e3147594475f6a7f810c45acfe1a42b307

C:\Users\Admin\Documents\GuardFox\H42iXnPOtFfxqvPtyRDtOu6I.exe

MD5 5c44af6cc421be884c81d03adf2c3697
SHA1 8943672115ccd7495e7b86bc919e1f51d0315790
SHA256 b1136ce4e7fe4cae65bd0dac1597f5401362898a8127f0642c3c12a724e42fc8
SHA512 22d7e333ce9e8f7fb1efccb7c1e93227aef4fa70d43da5ee758c24ff5a433c2b2dde3dd9b025ffbf5c1c26ef4ff63a2723c4f85d51431cd8e4a73737258603eb

C:\Users\Admin\Documents\GuardFox\QvtP_jsUgsHtpp7F1y7gfce7.exe

MD5 9207f8883b8e27dc9f850b80051cf807
SHA1 2bbe9ddbf5128aa04d56389c79d6eb63176caea0
SHA256 95f7aa3f48b126b36e495f89d8c95af2019cdeb2d43d2c3c889bdc8f9b72e647
SHA512 d33b147af68212947d7f2f0f7622700eb96c18f51941174f510e15db0afb7536eec3ddaf6a8e7ffd4f6c551e446f8922a70541635836d7967320cc05f527c709

memory/4640-209-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

C:\Users\Admin\Documents\GuardFox\VnCu_qJVTVlY8tiAlWCcYJ7I.exe

MD5 9e6edb1ff538c84fe5c95e3df9b189d0
SHA1 6807eabf77448e1bccdb62b769bdf4cb90669bbc
SHA256 a367f94676f581e8c6df3d449a82dcf815591a450b41e1caa7a16a52c8543d27
SHA512 f39c5a0e08b9859a086da9d7e2996450ed582a46b0ad52e96d87a9231546b7fd05ce8ac3ca86b5fbfd886838cbc86c33084b8dfdacdf852ea92c331112cb518e

C:\Users\Admin\Documents\GuardFox\BQOSFGVriAy9AKInre_hAXN4.exe

MD5 8c7c10f96fdb5774835f981825e7c74c
SHA1 e870f97971f7584287f1c115d9bd1a34c698e4dd
SHA256 43e764538b3beba9be1002cbe718c39f92f927648170e88105fd2c355b671820
SHA512 364e3109e9f480284943a438f572c354c8fccd08996f094e956944afeba63b727c826bcc7eb3d35fe91905a89ec2562b2eeab6c107960408db0f1f502610c2d2

C:\Users\Admin\Documents\GuardFox\UFGeewl8pMJT1e_JpfAftPNt.exe

MD5 0d491f260f98a3a5f74fce24ebd74431
SHA1 dc675127500ea60c3ca2a5a90b5b515bd8dad7a3
SHA256 d88fc0321b4e92c35ac650982898e6e57dfc727f5d21930108851a01ce600345
SHA512 947e063786f6ed5eaf827a90a1d67a199ffae82ce9465750a83d5e73ee7f733e13a9738b1efc513e1bcac5c747d51b4a855a4fa700b4508b78b11759715e6dac

C:\Users\Admin\Documents\GuardFox\TZdp3snXzMAgVUb1VNznoitC.exe

MD5 707fd025e366ed4c75f82d8d0aa3479e
SHA1 d5de55e821fa0f6759b327abe2fa0ce3d8984b0b
SHA256 322663148b4e0ea0c04d55ee57c40b8774e28f3430652e30e7fde4748bffc72a
SHA512 4679a7fd53af5b152b8a3f23f58272a880a2d35ab2df6303e9e517fda81826af8ffc53136b4fe4c3ceb2e82e44f1b462d97cabd8fee667f72bdc53135e7c80d7

C:\Users\Admin\Documents\GuardFox\Et7zBTck9Arc0Y2KbphAmWVJ.exe

MD5 48f3be001e23454e0f366049d57f9571
SHA1 0cd41f43d92d7914a60ea89c8de35a5a958b8e06
SHA256 9abb3c3596bea8a65b305be9177b8faf5d3c53c721efda9b93d6c50057e36f95
SHA512 6e1bf05793489d571967225314810145e46a202312a071dc40a916fcd066a971b80cfebab0bf390d2124244d2925e75c0ae5a44c852d7b356f735cd9b2c52e4d

C:\Users\Admin\Documents\GuardFox\8xYeBNKZAHFl38iDOmFsxuAM.exe

MD5 81b69782a071c6de9d470572508e2a53
SHA1 5ce92e5a81245cae4073abfe3bf3ba2f144e800c
SHA256 4332301aea28418af35199c2da4a545a26989c2919181ad84b952f75c24aa8ed
SHA512 96be216e7d5b372d80b382ee8e1a833706ceb885c59a590f24e7f400fdf4daa0a559d4af2cc922b5842080653d338a9e953fb6de809f74d215cfd346d1594d53

C:\Users\Admin\Documents\GuardFox\laq4ihVEVr3AvKvHmskKG7_C.exe

MD5 f6d7b52a876d646644aee2b9e93a6c8c
SHA1 efdbbf7206b5bfa42cbdf73d6b3db3de181ae7cc
SHA256 66829aafdfb03536403b929b5754fbda215c65896f25e50ab81c9d6dcfa8d38a
SHA512 7483da0c146b83982a5efcf621b5f333e529d8c2def6f2d6a14cf74521db80428efa8e7d223e95a94c69d57eb19a1db50300ee8b5e625c55c6952ae2b237ea68

C:\Users\Admin\Documents\GuardFox\fCZZsmLsAh_Dkc9KhY1C66iK.exe

MD5 e4f9ae037c0b6f9447748dca7338173a
SHA1 e972d7c6695dab4c8b6b56f1c5b5e83e5cf62fa8
SHA256 9267deddc891fc0c0d6c0cc95cb959401d539ac179848693a34878120d21e4ab
SHA512 55155bf5ab1c745a696d0bb30cbd856bdcb91370fc0b1975224035f2db6311f6941ce32481e2a047bc7b7f9ee6f53488829d5adf3331b00d8d9c105e730e49b6

C:\Users\Admin\Documents\GuardFox\zEK0yRxdhqLQY1DTqtlcakBU.exe

MD5 02e0f439d896f7537721790b36b3fba0
SHA1 1a884c1b8b3125074598965b264c99006bf84e3c
SHA256 94eae9e97b224871e54c6820138538f7ab2d625b4ad27fce6cd806a53437e86a
SHA512 86af9ad3b6cd1de6f682b8c7aab8f3659e6f523f705b32944a58272eebfa9276c4a7be776b7aa6240ba80897a1c0d383ca80fa7493500d2cfeb3658af34ae97f

C:\Users\Admin\Documents\GuardFox\ZhaDcBby6zPadOq8C3wVe6CV.exe

MD5 a2af4287d627ffba7457671ec251236c
SHA1 fb1c3e97a0927909e260632570855907b64919e7
SHA256 6c18ac10e21252e337464618873b4d7a5a40e65032e8bf45819b31a243be064c
SHA512 bbf36b3091b466295db0d87a142f8c166b3a2ff8ddf2470d546e1a50973cff7c15a7e677eeed24be39757271ecad250261fd20760d7433b5bf163460ac43f4fc

C:\Users\Admin\Documents\GuardFox\xbMD5qh1qln8RrgFzm3t8Q_u.exe

MD5 e733d02ef8b39cb81df8555a3c626ba1
SHA1 c06452e6a2d8253912f3c947a3a4fbab9a4f428f
SHA256 b4b91169a5a8c0c8586e1587754d5c44d10103f991f8c4b5dbdb7d8ad659e002
SHA512 148c323ac11f1afa02fc917637ca5c04147df4be7d5c21844e9bb61cd9791921fdb06f644e18d01e0226ef23e5650d51733f6f0678086f82b89f24e9831c3e97

C:\Users\Admin\Documents\GuardFox\ssF8cX0XI8ScmLsPeAglNqQQ.exe

MD5 a9afb03b3c160ad1412215a1a0c55375
SHA1 ab232277c722e535928284b6f469048811c7b93e
SHA256 9ca9321f31cb04b72046a1cc3865433c3cdc4058b024fa477f145a6c627437b7
SHA512 2ab2f02dfd1edbbf7e992dbf0e20748f267042994e7e157b2ec2f5ef343ed8ba9763eb20bb3b4ddca408c2bdfb2d5fcecd2d1da471208847328a87404d4a1e84

C:\Users\Admin\Documents\GuardFox\tUPZXI5LBMnbTEXEUxLri3yy.exe

MD5 053a287b9cfeef20de314c6b2f8ac82b
SHA1 05763dc9bb8e4cb4c47796d149f6e03ae5985b51
SHA256 9f351cf531e4f0562e4dbf4ab714ccf5344de770fa8ed5a6c9023d939254b73d
SHA512 8ec939bc9326c7070ea55342354d1be7ee6efb638178ec6295311c59589ee85c24a17105eaa859a5ac88bb35bee2fd13ae11e07162669c69b4de8a6a14d422b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 24d8ec73b8fbef37e65e32bc4aca8ffa
SHA1 0e56ee6409ca72894b261e7079613897696b64d9
SHA256 8dd710c299d72bb9575b62a06bb6dfb5a1e465118872bc62aaad4235d9b8a646
SHA512 79cf26cd3d5fb0bd56b3d8f32507c3c6c5f18f82d480062be85df48f62f708b08afbd6da90ee2fc3d485433ced3808aca4efe8bcbbf630a8d8d0f71f1e46f7e1

C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe

MD5 c102f433d546abaa95fdb0a516328799
SHA1 ebdd8d0a054960e83bddef70f9a95e77fab8d62e
SHA256 c288a06593fa4e0c09e5a6c360f171522b25447cd1afa71b85cd9096848d7ba4
SHA512 9131071a38e24797e306e3c6215c61a2c8cd6279386dfb9bf8174c7fcc25b335950571d093fd8f37fb06a7f68cc38b70819036d7ce711184c2d6e99c63893b58

C:\Users\Admin\Documents\GuardFox\49wyDbmXdmLBnze98IVVbQvu.exe

MD5 1d40a8c3547ca2d5f188d51001c7f4d3
SHA1 3b64b841748bf51474167ebdadcfa0c1fc70fe9f
SHA256 fc41ce6af5213c51ab8f8d79d6adb15462afde1bccab96f402b3affab8ee8d5b
SHA512 5a2ab414f46df2397e2d407de16b8f35b34d9710615b9ec2a579a5f3ffb912514f18303326ff5aace4e1c5a84ec42831ad7e6bbbb2bc94c933456dfd43f88de0

C:\Users\Admin\Documents\GuardFox\zjpIAqEfqs8ivfHLgVi2KsYc.exe

MD5 e7008da987f52d37038e8759aeabf409
SHA1 0644bd6aed2bbc737c868f9dcac9d734c72b346d
SHA256 8dc920f206a533b8088ea0a6ff29faff50a3c346062b998b8ecb5b10b1e4e618
SHA512 513aa8b0b1bc3855dbe3a607c454a71ae76c967b533f5dd9c05575586f47593e293c857cf1466d978e817b445c5745fb0bb303d26132184ec7ce22ebf21f0de8

C:\Users\Admin\Documents\GuardFox\FgVemMkM_gYC9B2T5mKid_K2.exe

MD5 5a5f90fd315abafa41fb0c2424427f4b
SHA1 f7745a6001c9c2943520d757564cf6fbe261943a
SHA256 fd8e3b7db974963fc4b4251c6311cbdb13277817227651f945938fd7084192a9
SHA512 821b6fe52beb853e28412401acd61f8dd03ed2824d512506b936f06aad4f4fde08d7f50f4decd9ba4c5fad237bc626b597af36c8820f753044e591511f2cd50e

C:\Users\Admin\Documents\GuardFox\ssF8cX0XI8ScmLsPeAglNqQQ.exe

MD5 10edfa1f17997ac6bb319a84f14351dd
SHA1 c5d5cf12e7e0a01beafe8c36a2263bd462b7f0de
SHA256 4134318c8a4a0cc49344566b556a45a124ccf3dff8675ecfc9c0e3370ede3d21
SHA512 67dba8c1d535454f431ab8dc55a55cd8cc36710b5dcbf984efd4d09c5bb47d2124548054ee0068b11565cfce1a70277ce9dc6e508f0c7ba752a2a099b759e800

C:\Users\Admin\Documents\GuardFox\ssF8cX0XI8ScmLsPeAglNqQQ.exe

MD5 6310fad2b3e313cd9b39916e2371ec78
SHA1 27e6aca795accb26a4521192e2f9a1201acc9d74
SHA256 d7ac8328eda0b4e07ae71bb7badebaa83f3b5d183ae68aeef64f5e310aa9e48a
SHA512 b46b85e291075f9dcf15fc7d4c20880641344ece4fd45a48da46dba3cd7e4793ae08dd6c06690d108eb6f6e46c0171233f5c0888ece4c6c370cdf55b229aa0bf

C:\Users\Admin\Documents\GuardFox\ylbNv2I6pJRyyq2Z6jo0C555.exe

MD5 8967e4155ae49bbe6890787b351c200d
SHA1 f2f76716171c5c4aefe1f30de4e158e6b2faa742
SHA256 f3fac8d4fc631ef4daff9c1f54799b0c15ef45346af116a01ea1757f61da8d54
SHA512 f4286f94ad6ac8f94462484d23ff12afd15740188da4d68e7b3f659328d32a6f75cbd5b542e7b936434b9ed7e697e00f94968fa4d53df1199e33436d70c40963

C:\Users\Admin\Documents\GuardFox\H42iXnPOtFfxqvPtyRDtOu6I.exe

MD5 f8a036313e2230dad9027ada00509b87
SHA1 7e252a4ced69b2fecc9e3fd6baf846724e779dd2
SHA256 5aa7dc73a18adf0c34fbbf36ec55017f558df6625b3be00f4f939124ea9c313c
SHA512 0cf5b5938836b1df0b36fad9c222cb322d5598aa5c55a29a5f274c7ae35055f565673e0dd65c9aabb387b296c7a323b79c078b90f390d0b59a0cf6ffd542c2b4

memory/3500-943-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4640-944-0x00007FF980010000-0x00007FF980011000-memory.dmp

memory/7064-950-0x00000000003E0000-0x00000000008C3000-memory.dmp

C:\Users\Admin\Documents\GuardFox\QvtP_jsUgsHtpp7F1y7gfce7.exe

MD5 198be0b1720356720111b954bd0ce9ab
SHA1 fed7aae8291e5bcbf78f03e10a3b1a7786b7992a
SHA256 fefdb37daa6790b7d39504b9b0559f93412050538e2398b6ad00a9f7a2fd5388
SHA512 f9f47a17d79316df277aa1d4d21ddad9be19c4da91f96ad649e29d44e8a05c8435c546f64063f840c9ef109b2e21b8e256b9e2fb14bb46c524539aa9446e3491

memory/3500-952-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-LNM8H.tmp\H42iXnPOtFfxqvPtyRDtOu6I.tmp

MD5 7a8aefe6b8f3d31fc059393a2c520867
SHA1 3de554f4bdfee37f2dc5732683772abcef5a37df
SHA256 9d3c33198da99de64e19794e959f909f9d24755df99985478a34d0b5088f67a2
SHA512 452a2a5ac4bf5aa81d160ead868833f3412e04bb2e3d007a24cec75a4487d9bd4c71126365108ba3f9d844b063105da9cf8987512ccedfb77c114b65aee5d25b

memory/7120-957-0x0000000000400000-0x000000000043E000-memory.dmp

memory/7120-956-0x0000000000580000-0x000000000058B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RO323.tmp\_isetup\_isdecmp.dll

MD5 b6f11a0ab7715f570f45900a1fe84732
SHA1 77b1201e535445af5ea94c1b03c0a1c34d67a77b
SHA256 e47dd306a9854599f02bc1b07ca6dfbd5220f8a1352faa9616d1a327de0bbf67
SHA512 78a757e67d21eb7cc95954df15e3eeff56113d6b40fb73f0c5f53304265cc52c79125d6f1b3655b64f9a411711b5b70f746080d708d7c222f4e65bad64b1b771

C:\Users\Admin\AppData\Local\Temp\is-RO323.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

memory/2000-977-0x0000000000780000-0x0000000000880000-memory.dmp

memory/2000-1056-0x0000000002330000-0x000000000234C000-memory.dmp

C:\Users\Admin\Documents\GuardFox\UFGeewl8pMJT1e_JpfAftPNt.exe

MD5 11d9e5a1d6e045ad585a124f9f82c595
SHA1 e8f59661be568fafe83f83e238adcc07698fecb9
SHA256 f22d346f5b2edc3af9718ac828f6434d9f664000e4d79c36136630aac2bf4d58
SHA512 8950c3be91c853ede2e889f424e42f6fcb542d3d2a3a8aafd5ef2ec6b2336fbbc307c0b55122c62b6cd18e37ed8cee04bd9fc5ad48b03669ef55c51117e86cb7

C:\Users\Admin\Documents\GuardFox\zjpIAqEfqs8ivfHLgVi2KsYc.exe

MD5 ca5f7b226152a3c1d6c2e17a43d1d712
SHA1 48d58e60e440868b423d486e51aacbfec0e15d65
SHA256 b8e8d903ee12cc5de9c48e6d6a95ec982cc52b01da20d9e14d1d9d0c7186c94f
SHA512 ff1a680c01eab8d99135253b59a3c998941a4a7d6b304378e8b9226abbc43d2798f3a6b892d661b29085f2ee9c00d56a0bf99156cf51ec59cf2e57d6bfd47dd0

C:\Users\Admin\Documents\GuardFox\BQOSFGVriAy9AKInre_hAXN4.exe

MD5 6873bbf724710b91ac14eec7e0574f6c
SHA1 5138da1295ed825fde4d1b2139ad54bcce09266b
SHA256 4c4630ccd11161e1487a5cc79978d66c8255ba056dbd80fe703d6a84ce617931
SHA512 7d142777481215f10ee49265b16b2fc654a9f9f255e40c446298294af895d6d77c584eb5b8bf5ed28cebf3caf6a8e101613775ddd494e08701ad81f9730379e3

C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe

MD5 89d192819379232d17561763447d5b02
SHA1 2c624cb4cf66d453ff780b8d39cfd871fc051893
SHA256 78804a64458d2a9a54ae6fab76c11e5ab152d31e9d917e2d0b75adae3c298225
SHA512 a2c134ae552a04a04bd216a58ca4286f13f12763db74411a570220cd001683409bda938b647876615714f8a1a685194a0355fc888a0ef3f4a8039e7e7a9bfd0f

C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe

MD5 2e86beabdd9d97ad3d2f6bcfba6493e6
SHA1 6df7aefcdcc46cf71539341f2936003804daca70
SHA256 939336f80a9686474de57cc588ae3cb0ad909cdcf68dab4687f8929efad55bb4
SHA512 3c1707fc240364311fb4e7d3ee5c8f9489834d184243a63889174608694b3409afb40f64dea35521b69dd104db8345301483602a477ea029b4f0256ddb4c3164

C:\Users\Admin\Documents\GuardFox\laq4ihVEVr3AvKvHmskKG7_C.exe

MD5 3e6064da52f486e48203e2e67ad48e58
SHA1 6e05493332e804c2ea43f11262b4553e1e98e7d7
SHA256 1a764ad1e06528f034e2e5a90f43a97fccb3975202c50105810592fcc22cb091
SHA512 a47fd48aab0a321b3899d0b768e829c8dd36db710cb443b01956cd3fc5ba35b5edc8afb94b2c77465a0e91791ae9d05af6f1f547d983e1b7668e39fc9026be6c

memory/7008-1090-0x0000000000020000-0x00000000000A2000-memory.dmp

C:\Users\Admin\Documents\GuardFox\laq4ihVEVr3AvKvHmskKG7_C.exe

MD5 91eac8b0f9cba970ed0906ef22d23509
SHA1 cc5e7dcffd44b7f7c234ac0eb79aa78a8f38018b
SHA256 b55940270339caddf8cf7c42208224aa15bf6826fb0679db2026cb08ebb70fca
SHA512 8da9af347e3cb76219206c0bb90ef4b0530a27c4f7f7a21eefa3a87e05126b47ebdd61085b70d1ab9aaf7186ce0bb2b460ddfbceaad8455eaad6be3013d0e131

C:\Users\Admin\Documents\GuardFox\8xYeBNKZAHFl38iDOmFsxuAM.exe

MD5 73aa76e4fa8b645f4d431d012bbbdd17
SHA1 efe779c13f59d9c3bc9e9cca26fada06c8ece6f4
SHA256 4ac54c49331d47e863c8a9efa7d3e3544da5904a08bdafba123dad69321737a7
SHA512 bebf223b40f238ffcf1854ceb9c20966b87a49960992e8f876e8d2504863ed565ea8e7d1df422023b44417795f1269a2bdb15e1bd4a8c8fddd2343a9cc313e0e

C:\Users\Admin\Documents\GuardFox\Et7zBTck9Arc0Y2KbphAmWVJ.exe

MD5 b7fd7d58182fe84612b5a57e2130b266
SHA1 c05e5dc53ffc1692174ce064bd736e2633e8e05d
SHA256 f76234ce7cf7da4c0c71a08c9655c8c1157c01bcf1e9c28459e35d9315990da0
SHA512 f2eb327fab01d11a6428eb33028520a79f4ed6515ff668565283c615563eb2210d005876d6c5887a6a7c0d0b40439cad492738d8e67a35a3dd081ccac33d6d27

C:\Users\Admin\Documents\GuardFox\8xYeBNKZAHFl38iDOmFsxuAM.exe

MD5 29a6d4abfa1d91b24a78d7118e28a245
SHA1 526f8599dbeb1a18beda78bbc1504256b6284211
SHA256 266c37582757629ecba9c63c013d2084010d0ca413aedd2c8a6ccc73ff93451a
SHA512 5f8bd55578f90b5e6209254433eaa2459545fc4c924c1113ca42722218df5d557e0b6bcf513791fc520b7df112e242eaa1e849fa68162d5f0de87f4357b62dc7

C:\Users\Admin\Documents\GuardFox\Et7zBTck9Arc0Y2KbphAmWVJ.exe

MD5 91dd0a278a8d8dd135f2121b80ca2b83
SHA1 cfdcdbc47c8f1047eb02cae4ae22dc6a7cb05667
SHA256 b792bb84f41f0ff7611a03ffc0474281f2e3e8abc7d23d182fb5a423dd7b1617
SHA512 34d7421e5c61117aa6f16d4e2b2fe7b218c0ba3bf3ae315f487710472e2189d274f4b880a801b2e5bfce5511f1d287ffd824fbe05d488b771a5700cfa8ac87de

memory/3772-1080-0x00007FF7691E0000-0x00007FF7694C1000-memory.dmp

C:\Users\Admin\Documents\GuardFox\FgVemMkM_gYC9B2T5mKid_K2.exe

MD5 8c7325853d3e185da65417b39b5151e4
SHA1 8938d24343206d927e731bc531e901a9fe25f34f
SHA256 4947476302b72a36a17e41da403cab98f8e97b62306eeaab64077abc5e48c09d
SHA512 6a54a9a233f862147b83abda7a91cbe05caa855b6e1f08826bb75dfa76cb45ae6fb196e26157f896ae1d6f73214e78fed0acb80c4503f3537fadfa10216c5a17

C:\Users\Admin\Documents\GuardFox\xbMD5qh1qln8RrgFzm3t8Q_u.exe

MD5 ceb0f83d65e8ac5ac91aac1b7c592090
SHA1 f4174bdea25a529973e878e275830ec7dafc1256
SHA256 fabff846f71d71395a8aa21b17552b3423fe455b13076b0677a8b5fcc76f05a3
SHA512 4ce9855fab6632684287fbccd6aa7d2277e89379cdfac2e26a6e0a028ce8a654ff48ffdf3ffbdeac0bb1251892335e29c4bb0463be59a4d1910e5303b152ab25

C:\Users\Admin\Documents\GuardFox\ZhaDcBby6zPadOq8C3wVe6CV.exe

MD5 5961a26079c343f139842d18a4cc1c8d
SHA1 648c865ab7d920f80cf84bfdf3e25fd77a860c66
SHA256 2ec72864a2ab181a4712fc19c54d6aadeb3f2de5b08cf1b547b8153e8bb8fb19
SHA512 d473ab0a4b9f0dd21da05633cef7f2a1e2d6089993c7eeaa9e1e89e33b7423b296278febc9e9f0feaa63868d705b544e731ac60f74611fa54d0e3838c356b3ff

C:\Users\Admin\Documents\GuardFox\ZhaDcBby6zPadOq8C3wVe6CV.exe

MD5 20d414edf2645bdf9b8b0b52bc8850b4
SHA1 e27ba404128ebdd862b704b7d8c12b7ef2409b0b
SHA256 a9b1339c39a97363f3f59da7465c7826fe5fb2b70b0ad4470bc46818530aaf38
SHA512 a60fbefd7f9ffa5880b47a77a185aef15ce0298cd46ed7bc18824839e0e12e84a01f92cba6a02de091d25f263917aef2269335f8a321867781a1c4833fc977fd

C:\Users\Admin\Documents\GuardFox\zjpIAqEfqs8ivfHLgVi2KsYc.exe

MD5 ef8f6070323de15fc888d5dce913d325
SHA1 26711f5ced05b5d5b9f463a7409b7b3a3f328ab6
SHA256 227a79869dd37e9c3f3a7898685fea4d985242adb63963bfae68141e4b12ccc3
SHA512 72c21ebe12a783b4d1d5e54515886cf3e55a9892b687dcd586d991f05893b51bb1a9bdf6f95b2a06e21ed39791987492894749d992aac916bfe9800d1fefce54

C:\Users\Admin\Documents\GuardFox\UFGeewl8pMJT1e_JpfAftPNt.exe

MD5 5f2a7eb91e46884168fdb3936eabae07
SHA1 be99e1ffe4c1bcae050c89ec358059783ead828c
SHA256 0dd7700029b515b216527dfd4690b94de96434357f6313f7f095832bd4a60e91
SHA512 76a105980f4681b977794d995197312290b3fc4e5ca62193a2ffbb377eb069cb90b81dd44cfec93d604bb93c44b0f5e6a81d92310260ed15c31f4c2079b02ae5

memory/4596-1104-0x00000000732E0000-0x0000000073A91000-memory.dmp

C:\Users\Admin\Documents\GuardFox\fCZZsmLsAh_Dkc9KhY1C66iK.exe

MD5 b054b78d8e635f67c477a25b73b64147
SHA1 05b6fa60f6eda04f8f477233091a6836ea93502e
SHA256 c87190d3fd369212c4a310c5ed81deed50a84c4c3138beddb6aeb4b5b2a46b1d
SHA512 5839e783f8737c814d0c4e1513e4f82b897527626006f24bf691081e1dfc5468d0a489300b215917a62671779b8548234fbae12240137e9d3720503d4c392f34

C:\Users\Admin\Documents\GuardFox\fCZZsmLsAh_Dkc9KhY1C66iK.exe

MD5 a59c6850cc60860481999c5810cb251d
SHA1 ad39df21f482007f61f882a5d683dd768462c6fd
SHA256 5773d7598b7033f55416b96c8679d1d9919d8a6651940261556e2d6ec21ba088
SHA512 1b7ae503438dd36e72d248afd78f622625955e9d4541310ea3a1492d2feb1f9f041d831fc3a2a3a84dd98c0db0f6985185b868f652805f0a49ac1fec04aa6262

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 07137731c93ee0510bcb5999e934e74e
SHA1 1e2e04924ed0c7bfffbfffd64e6fbbe1a8154786
SHA256 e10b6a5e8741315d7e82a5439905be08f4053bdd01f56c3c2d109d97e5b94948
SHA512 4c47da1a32e7abf576414b31fbb06e02646d78b68ffa77279872f4283a91181e91add2eb0de6f2b831398753d5a60d79c71d3e15dbfc73d2645e4dbb8ea9d36f

memory/4596-1102-0x0000000000B80000-0x000000000105A000-memory.dmp

memory/6936-1095-0x0000000000E90000-0x0000000000F12000-memory.dmp

C:\Users\Admin\Documents\GuardFox\BQOSFGVriAy9AKInre_hAXN4.exe

MD5 5a51956146a99fac934933d1a11b0f1a
SHA1 67fc7ce9f69096c432c33a2e91f811a01b007b4e
SHA256 21a45ef5161dd8db8138590fece717066fcabeaf892eb0e1237466b70bc7b6fb
SHA512 13269b09879d05d1c9a5f1f80db87c235e69ea4dd7c5f53b8b642aa175fa2a5e5f695feac024df0ae4612c49f364bec869497fa0a23d0bf4ce5b741240ab0197

memory/2000-1086-0x0000000000400000-0x000000000062E000-memory.dmp

C:\Users\Admin\Documents\GuardFox\xbMD5qh1qln8RrgFzm3t8Q_u.exe

MD5 6a953b363b44804e5e98be80ab09b92b
SHA1 8faa6fbfa84016a581127647b0e8c21d1a970429
SHA256 4ebbf4fba6bc20430724a56258327a88959b34bbc792b58ad50cf2ceb97f39b6
SHA512 639836e5eeb72d3ae65ef2c8bba0e137a7b149ed1f3c9f4a1e3270d3ccc94c7813f627e2a07d51c003920cdcf7b7dfa0445099bf660b3a151bd1da22b8c2f066

C:\Users\Admin\Documents\GuardFox\49wyDbmXdmLBnze98IVVbQvu.exe

MD5 60dd281e79c13a235de102e1d3161e5b
SHA1 0ba546f27c880ab2230acf60fb8a06645979c027
SHA256 b14c97092d3bde1e188ead0ba4c928eaf8e21fecbfeabd6733d2937d87a7a937
SHA512 a1acc1e008fa1dbb70add267182d7b35e4a64e842395fe75e0c90e5db603cb528559ad69555722272389bc72dbcf7c89da0a5761436b9ff68766e44dda8029f3

C:\Users\Admin\Documents\GuardFox\FgVemMkM_gYC9B2T5mKid_K2.exe

MD5 2cb4fbe9abe24b0c28082946397400d1
SHA1 32c4e7020358890baff180ab5f52a1a119591867
SHA256 3e767059c90b92aed754d045a37bd96a79b050ecd58344fabbd6dddc016f6b42
SHA512 ddac2f36deb8b545a9d012ccca9c6dae31b38f8f2c893d5c0de9a5f966f712f0bfcb76505f70db6f856fb3fc2424375be6d178fd60a7f6c0b645ba05c7d84409

C:\Users\Admin\Documents\GuardFox\49wyDbmXdmLBnze98IVVbQvu.exe

MD5 eff4436fa23ce976c51b0596f6f4f461
SHA1 88a6f634a6fa9869a5a8285f950e0a39740affa9
SHA256 06a708ec5ac28310837cca53ff9a2923ad5ff1651c20ddfa6d637d33939642c9
SHA512 d94a3e99f687e49d2b9a533274094bb9867321306f4ebfbff5ccf390dd94348de28fe9106edb6d0dc60f86c352b8873d00878e2c73887bf400704a9cc08ab05c

memory/4088-1103-0x0000000005420000-0x0000000005670000-memory.dmp

memory/1560-1127-0x0000000000C50000-0x0000000001122000-memory.dmp

memory/2836-976-0x0000000000400000-0x000000000043E000-memory.dmp

memory/2836-972-0x0000000002150000-0x000000000215B000-memory.dmp

memory/2836-958-0x00000000005D0000-0x00000000006D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-LNM8H.tmp\H42iXnPOtFfxqvPtyRDtOu6I.tmp

MD5 da10923e3497f14ab4fae200266a7451
SHA1 89c17d6834d32e89a012fc7facfbe981015a4435
SHA256 45b527243aee9f8256ab52dc29b55b0591b6128effcc1de60ae24fd96f425161
SHA512 8b4df7963efb63cce440a61bb07c11b554a91d31e6357705bace589fee6bca05a4e79235103880bb4c62fe903a44183f9574b63267a1eeafa3aa1db1761f665c

memory/2484-951-0x00007FF6593F0000-0x00007FF659442000-memory.dmp

C:\Users\Admin\Documents\GuardFox\QvtP_jsUgsHtpp7F1y7gfce7.exe

MD5 73df28fd0ef2be84177a1b1430d516bc
SHA1 803fe6783fa76dbae47efed534ebc3d0993fb1fd
SHA256 0def400ad94cd03d3f3c25ff5fb6e3d5aab72fc494f17ea97e7b1d2230ef649e
SHA512 3155d86b019285ad707a95f81d01df225f6e71bf4838e09f9fa4aca6417ea433a53742e4a236bc0a53969213a3cd3362fffb49a154135fef6a393c0c5104e1ee

C:\Users\Admin\Documents\GuardFox\H42iXnPOtFfxqvPtyRDtOu6I.exe

MD5 ea3f1b2e99ac7e8076978b0e8e2f5e2c
SHA1 628a4e73d66e713a654126c4a530a8ec59d69486
SHA256 7e451625d316d214223e00181f5652f4c8531e14f021c60cabf4b43e04d621fe
SHA512 b54a052ea5f9d4925b9a441d7ed351c0b72fbbce300c6b7263e99cbd43b96ab2f864fb72f451cc2b77dbcbc5c0ae2bc97659a23942468916596e6a209d5259cc

C:\Users\Admin\Documents\GuardFox\zEK0yRxdhqLQY1DTqtlcakBU.exe

MD5 03c5ba3b1ffb475a65e80ad1801e2b18
SHA1 e558374aff6c8f5ce79dfb59a8031654bc1c2523
SHA256 37fb2493b3e86b838e28f4431e4a33dc88c919be052d89c6b62638c05072dd27
SHA512 cf75e748e1fd389ad93c8e8eb652f15019bc9e8db060d2adecd8ac19158ca9afec3b0368c3fd7c644a8e98bdb8e14ca111027eb21528f966a0b360ff975ae4d9

memory/4088-1142-0x0000000005670000-0x0000000005C16000-memory.dmp

memory/4088-1143-0x00000000051C0000-0x000000000540E000-memory.dmp

memory/6936-1148-0x0000000005E50000-0x0000000006468000-memory.dmp

memory/6936-1141-0x00000000732E0000-0x0000000073A91000-memory.dmp

memory/4596-1140-0x00000000059D0000-0x0000000005A6C000-memory.dmp

memory/4640-928-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

C:\Users\Admin\Documents\GuardFox\VnCu_qJVTVlY8tiAlWCcYJ7I.exe

MD5 39ef852f14c7e927ee4c3ac16287d6ca
SHA1 8a95adf4bdf470d3ce801b2f01759260465f779e
SHA256 7147e18de75c8fadcd8904316d55b4192c17b193dec5c50c6e8827b1a8555bb5
SHA512 d30d800464c10521f6151c6da8847ce846f9ef0390acf67055ce73533238801a4b09635cdd1c8cbef800ea35e1622b20834bf56760b63c4e9ecfc18cc2b2959e

C:\Users\Admin\Documents\GuardFox\zEK0yRxdhqLQY1DTqtlcakBU.exe

MD5 e2850ba146266a3ed87b24a52ab5152c
SHA1 84b1709900f51745cd92014df8490953ca2b85b1
SHA256 ba36241fe9e58a8c06608b05d15193b930b7b846f8d4143998f51a780376565e
SHA512 afe174ce25a585b7e1b1a26ef2256bf83d8b8c64624c6a365a08130b1d9cbe2535b59e3495541984cdb5afcc1d7a480cbc2c036825bb973e8477e71d14b0fce5

C:\Users\Admin\Documents\GuardFox\8xYeBNKZAHFl38iDOmFsxuAM.exe

MD5 b76829e6e3a403dfce5f2e098dede9de
SHA1 126eaecf4bc6d5a63d9aec31c0c7221561bfa21e
SHA256 729cde0e8eaef67912d94df7c696d36bfe3f33191a8e9cac478ea804e0db293e
SHA512 434a2831e922daf5dcb0e2345d13f7353685b64df6ca0625579f26abe0635ad96288c6c41b03d80503127a477f7d4a3b8b7465b8e532656fc85008853332b36f

C:\Users\Admin\Documents\GuardFox\zjpIAqEfqs8ivfHLgVi2KsYc.exe

MD5 a91213295177955f852fd7831eb1290a
SHA1 18fef047cffd4fb0a30b4b4fa29dac2956b5c851
SHA256 abf2d186766ae12a47d377e0bb1365f7c80ddcbc86328c3f0e5fdee791d99925
SHA512 eba5cedd16a186613c159339866b09971d2a5c891cf341a8c5d9999c3d4267e5f9b106f030d5c6df31cf604813b57a85f860c89cdae244ea3e90081905906a3a

C:\Users\Admin\Documents\GuardFox\49wyDbmXdmLBnze98IVVbQvu.exe

MD5 8ab9fe8455a2a0137cadc28be2a6db5d
SHA1 257836936e6026533857c213c749d6223e7306aa
SHA256 e69f1f0c6df6ede9fd93f3c6147c8b326d4b9d6d65e9d8157fe5aa1c750aa05b
SHA512 89e7c6651bfabcf56d3e1c57943d3a46ebecac88860a2fd0ff8f29bb6b6b7a68de44f56a6f563e5248a879d48c75c00d4b2d7a5a17cb137cdf6187bf666c5f5f

C:\Users\Admin\Documents\GuardFox\UFGeewl8pMJT1e_JpfAftPNt.exe

MD5 8addc40d2933de9a4b32b286e88b2a54
SHA1 33e97e0faf8eb3c1d08b081376cae7a965fa2a46
SHA256 04cfd0b05d172ec3e7c57a012d29873db997a3e65db7160af5b2f8d98eeeea00
SHA512 47a92c435967165cbdf5b795b239585ceebe89a4fc2145053c907b9614e3d02efb5e399a0d6bb42a26ad3059c79207bda2ecae9bdea4872ad1351e503003c68b

C:\Users\Admin\Documents\GuardFox\ZhaDcBby6zPadOq8C3wVe6CV.exe

MD5 1c13124fb5e354c6ad01e10649e6fbc0
SHA1 61cf3c020fd4e564b95d5b6322366225b1fa6cca
SHA256 76b00c89fd3133485b39e3f1df7188a641bef1bcc748021dc84b97a56feef2cc
SHA512 1e472c95fffb43728b46606f0db0e5494080e2396ddeaa700b79977f11ed33cc1942ced33029b0a9281e8de1d799a5f4477037cfd8d7113e645c724e994d89dc

C:\Users\Admin\Documents\GuardFox\FgVemMkM_gYC9B2T5mKid_K2.exe

MD5 e9f384bad907d50d58f8cf5930d148f0
SHA1 f5f79ffc85f4dd77b73a2648885d8567381e0615
SHA256 456c057d76173f1f75e01d4a6d0b04ac130d6390d16384996a99cce2f2ae1b0d
SHA512 3e1cac4d28245696146ec4535a0c926ee7e3f0198d41a9c759298736f3aceba21b808151a7266c6021075683bffff5266992f770e3b1f9dc89a8f1ac034a88c4

memory/5820-1151-0x0000000000400000-0x0000000000537000-memory.dmp

memory/6936-1152-0x0000000005870000-0x0000000005882000-memory.dmp

memory/3652-1154-0x0000000000400000-0x0000000000633000-memory.dmp

C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe

MD5 8b283d0a3311daf74643146e38270c8c
SHA1 66edc775edf10db5be13b35effcb8eb9e014659b
SHA256 44064cffe225ba2810c3881724394fdd003656de718acc0f6297b653aa959a42
SHA512 1d36daccafdcf8d736c8a55a6241e59685bd32691d1ad8190462488dd6c7e8b7bfcfa13b8d8ca382ef2d7bd38ffd3b5c3b42a98d205c86e661d56793534fdb08

memory/6936-1159-0x00000000059A0000-0x0000000005AAA000-memory.dmp

memory/1560-1158-0x00000000732E0000-0x0000000073A91000-memory.dmp

memory/5820-1157-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\Documents\GuardFox\U6tlORlZZty2irsUDKDv9iSc.exe

MD5 d8b95b125d57704d41debe8034e0e22c
SHA1 34123e36f1e057849dec6976d258dc3b23b75126
SHA256 904675ab9180384cbc287ec4f6304a3dc397ab8bf4f4b1c70034c2734e73455d
SHA512 571a3f8b86ce16ab8f0c5dd87aee57855271f4665a5036383a794d3fd8496a89737c5ccea66c4a2a4c4d6484a66ed4221a19f14d16f202f78ea5782e365b2ae6

C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe

MD5 a4faeb3ccf346f80a74874482336e38b
SHA1 ad96fbe86d8d65a792adb0ff6cfe3f21d502a0a6
SHA256 a5d3e547714f62f234dd60610c7804fc313682985ffa6b849bb55d738ddb9837
SHA512 bd04c4bd730a567e958288c07ae631ef95994c9e0e201a39bfaef6e3e7096a5f26bced6cb0e34bdf2682c0388d799594fdae7e7500e66751c2a070f8df3b1662

memory/7008-1147-0x00000000732E0000-0x0000000073A91000-memory.dmp

memory/6936-1162-0x00000000058D0000-0x000000000590C000-memory.dmp

memory/6936-1168-0x0000000005930000-0x000000000597C000-memory.dmp

memory/4868-1173-0x0000000000400000-0x0000000000454000-memory.dmp

memory/4088-1182-0x00000000051B0000-0x00000000051C0000-memory.dmp

memory/3224-1171-0x0000000002380000-0x0000000002396000-memory.dmp

memory/7120-1187-0x0000000000400000-0x000000000043E000-memory.dmp

memory/5820-1170-0x0000000000400000-0x0000000000537000-memory.dmp

memory/7008-1175-0x0000000004A00000-0x0000000004A10000-memory.dmp

memory/4112-1169-0x0000000000C30000-0x0000000001478000-memory.dmp

memory/5820-1164-0x0000000000400000-0x0000000000537000-memory.dmp

memory/3652-1165-0x0000000000400000-0x0000000000633000-memory.dmp

memory/5784-1163-0x00000000025A0000-0x00000000026BB000-memory.dmp

memory/5784-1161-0x0000000000C2E000-0x0000000000CC0000-memory.dmp

memory/7008-1192-0x00000000732E0000-0x0000000073A91000-memory.dmp

memory/4024-1195-0x0000000002A40000-0x0000000002A41000-memory.dmp

memory/6272-1196-0x0000000000400000-0x0000000000830000-memory.dmp

memory/4868-1194-0x00000000050D0000-0x0000000005162000-memory.dmp

memory/4088-1193-0x00000000051B0000-0x00000000051C0000-memory.dmp

memory/4088-1191-0x00000000051B0000-0x00000000051C0000-memory.dmp

memory/7120-1190-0x000000000060C000-0x0000000000619000-memory.dmp

memory/6936-1185-0x0000000005820000-0x0000000005830000-memory.dmp

memory/6936-1204-0x0000000005CA0000-0x0000000005D06000-memory.dmp

memory/4868-1203-0x0000000005060000-0x000000000506A000-memory.dmp

memory/1000-1202-0x00007FF99F7D0000-0x00007FF99F7D2000-memory.dmp

memory/4112-1201-0x0000000000C30000-0x0000000001478000-memory.dmp

memory/4024-1198-0x0000000000400000-0x0000000000D40000-memory.dmp

memory/6272-1205-0x0000000000400000-0x0000000000830000-memory.dmp

memory/4112-1207-0x0000000076160000-0x0000000076250000-memory.dmp

memory/4640-1197-0x00007FF6CC410000-0x00007FF6CCE03000-memory.dmp

memory/1000-1206-0x0000000140000000-0x0000000140876000-memory.dmp

memory/4112-1209-0x0000000076160000-0x0000000076250000-memory.dmp

memory/4088-1217-0x00000000732E0000-0x0000000073A91000-memory.dmp

memory/2000-1218-0x0000000000400000-0x000000000062E000-memory.dmp

memory/3500-1215-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4088-1212-0x00000000051B0000-0x00000000051C0000-memory.dmp

memory/7064-1220-0x00000000003E0000-0x00000000008C3000-memory.dmp

memory/4236-1223-0x0000000000BB0000-0x0000000001B63000-memory.dmp

memory/3040-1226-0x0000000000400000-0x0000000000633000-memory.dmp

memory/1824-1224-0x0000000000400000-0x00000000004BD000-memory.dmp

memory/6272-1236-0x0000000000400000-0x0000000000830000-memory.dmp

memory/4024-1235-0x0000000002B50000-0x0000000002B51000-memory.dmp

memory/3124-1225-0x0000000003C30000-0x0000000003C31000-memory.dmp

memory/3124-1241-0x0000000000ED0000-0x0000000001817000-memory.dmp

memory/4024-1286-0x0000000000400000-0x0000000000D40000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7f1424ee8d817734fe97c503a21c067
SHA1 e2b2a46ec2c695a274a4d6d1fc6859d4862a9d41
SHA256 61bd289ad4e87b60b1aeb01a6b74fe4524d41a3ed31a690bddf1346207b8c6f1
SHA512 2ef81edbeea93a7f26eca148d8954f4a5e7e3d76addb68fb00f647c7c4692a4e32e265d256c8cf8ab0b442916cef3925961bf63f206b4ad427e882b99aa33bfb

memory/1824-1318-0x0000000000720000-0x0000000000721000-memory.dmp

memory/4868-1320-0x0000000005280000-0x0000000005290000-memory.dmp

memory/6936-1317-0x0000000006740000-0x00000000067B6000-memory.dmp

memory/4112-1325-0x0000000076160000-0x0000000076250000-memory.dmp

memory/1000-1323-0x0000000140000000-0x0000000140876000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RwIOep.cpl

MD5 b5bce925fc9e831c9d995dc053b7da3d
SHA1 d267b25ac1179f2eb9a02ee2365228dd32ad3b0a
SHA256 d769d3a8292b13cf246fdac99359d6755a5d4918df2648e0d1f5a0a777f343ca
SHA512 38d15552133a4628fee31aed1daeabc4a355b00af9865de4f1735b4ea48361163d2d5549293249651569868af8df219bfce02e8327766871e2f788dfa855d25c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f9ae45a6f0a0e1a77b98be09a6041ac5
SHA1 346e9e987217b9bf080bad99126098fcd2c676d3
SHA256 182657d6815d42856cd9cf4b4eb18d73c83aae292848c5cbd8d7001c2a6f6c4b
SHA512 e2fc3b09018819f377298c962f8a048c5fd155be4ca5de3f651e6c103cb831bcd4e76725c144143ebb23d11738104b9e766082aa440be83a555ed610a306b46f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

MD5 d5f3d2440a8ef3bc32ef9463ee2c3609
SHA1 29608184d847ae2b6a484b795b881799100592cb
SHA256 372ee45ed4ffd1c7125e5b257bd33f39391e1bd2a6d5d1fe1adb2b19b7c66c03
SHA512 65761d5f894648f70d3f4bdcd3071a59f854f8ceb6f71ad3f87159f2bfd808f1430cbcc4052bc51d60c2e2cf432a195bbfd6aaf8661322d7574a0eb530bf54da

C:\Users\Admin\Documents\GuardFox\kSGpykg6DSXeK1IENdHMpVjL.exe

MD5 e2bd490693742a9b276eb85dd442d975
SHA1 c4ccac19a7cae9a366498109f5497eabdcb96542
SHA256 3f55d444bab68982b7d996469388c22ec201111fb5d18ead0ba703731e6890c9
SHA512 ef98935e6fe144be794fb8f112dea83cc13bcecc24d1e2ca7d16aedf6334b3653ea3bfa3d6aa522397b6808ba5e13ece7eec0e252d2b4109678a622ad2ed293c

C:\Users\Admin\Documents\GuardFox\4Bx66NComd_TtOAnYPAiZEEO.exe

MD5 28fc646a21df7d28a7cbe18b9610d82f
SHA1 88311035ca48b91f2379b244f7f11d83191e7d78
SHA256 85ee538450d0b441b82ee6cb0312d0ffdf759027cfb684cb1d81e23eaff2928d
SHA512 8b7d4e68af338c30414750f4efacd0e6f51afffc1a078c096b0d05c00e1072f3c25a0c55e3dfd778ad23ffbe52178bc8311cffd5d08ca3d48190d7923cacc5b7

C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe

MD5 d0a392e15be2b72e16227638af14872a
SHA1 c99200e52fba4d2630f3d50c5e77bb9a7602520a
SHA256 b9bca4d9cd5740bb50c4c13c53903141b44cc1abadf793589bc21be5cb526541
SHA512 5942a801835aedf09b4ddf03caa45a36800f8751969ffea613ebc67cbbcd245ff49546c87985fec3d74af246e41e089539282b80fc26a0f34177df491c7bb91e

C:\ProgramData\mozglue.dll

MD5 effc8579b6123cc9665e6e35eb2e72b3
SHA1 e60b34f47f824b540499b19e5ee151403748653b
SHA256 df9619ef496e46a47c6edadda1f3809dbddeba6e4742e5c4f8c58a51babc7e1e
SHA512 c65f8659de75a6f542d668cadbccc51c46639c3835a2e279a3287f753f77232073c6e3fcd3ac66702b0f9fc8324bfd6f7ca488043967855a0ce42aec9f98f1b3

C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe

MD5 e2a8a6420023e3da73d14f8223bf2e8c
SHA1 192df3ca91acaa4d1019bb321f31499722961689
SHA256 b1d112a9294f01773cbd1834566d73ac5bf8b84bde3812f2f2a2e44fc4c8dab1
SHA512 7b7c502f21eeb8f875f9f06e8eb9202685f768def24c9ead9b6690f591f2fe6eb1b371f5fcb5f2f210321d4826ea5644966174c6750f1f262bb77147d6d61baf

C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe

MD5 06fe006884cd67b742738b06710847de
SHA1 bd34f3f4d9de6e8ccf81e2f50cbbbf51a1921e46
SHA256 fd6b976e241dec2c2aca926b1ad589552a6d9e908c66744c10e5392162b59578
SHA512 898ea53a02cd2381e6cdc62ce7de2b72a69c4f7d401746ea5f8641f125a8aad413af4d24adbda0a3c1f3e866ccbcc6e6b66a56709e5133ad03005c3d3f6a26b6

C:\Users\Admin\AppData\Local\Temp\nsg52F9.tmp\INetC.dll

MD5 c7ae096c02849c7eeb07623b18de8a59
SHA1 9f57c75aa9f96121413a793d356d876a09f564ca
SHA256 711ce1b5b08d30470c7cb844d2dd9345ffb6c2add9392f56a86e8c515ba89ed0
SHA512 2a070a13ed45b3cc289f8174eb313d244daf10c1ae36c837f305b450bf2f1b839850eed70f672bb94c75117fe232341b01a868824e42d4d01ddd754fa9b5670c

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus

MD5 e8147b261c05c7d1e398904b63c06d3a
SHA1 844bf6a7af125e515acdf7e90f545c59467b2ce6
SHA256 174175096b18030cd28edcd8abc477c76b9bde5df96b47021e39ca47c22d984d
SHA512 683105475c19a5384ca1c75760bf9c99fb0fc3bf6d37fc783eb11d75ceb7fa13ef9a9f83abf0b2e8d77f7e8ef0581299e1c426787bf23238ab4fa7375ccd1da7

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 bdec5cacfcb278418e003bf6a8ea6f01
SHA1 eb9b4e02671d00f2de03123d825a6005b181b9a5
SHA256 39c6f960465e0ab676f9ad5cdf58f4227e11d1e5755e62880eb830b9243f917a
SHA512 593400428d058644076622f1014ec49ea96a740111b35d3a51c3b75e86009368bfb45644676a723d421d27525d35d7b1f576edd1731224af4e751aea8550427f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 655040182e3a3939c5b080871e57d487
SHA1 c6c344d5b2ac1324162dc7e0a4521023c0128fb6
SHA256 b53ded54bce6819e7f8932e4e4075ccd6ed477799489a750c55d137760211c3c
SHA512 3411ca9dbc050ca39b1c92b733ab4574ac4a54bcd7eeb932d9668643e0e9270740c541d471c957abbb7e8cccdb697ade2432e960f4d387a67afbdc7e81d3bb63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fae928be60a4c6a959d7471656743a47
SHA1 dc270cc3ac915db5dc91aaf24e99863eeca31dcb
SHA256 f5644c62ca1d40c1147101310caf45a152b4d2cc74309d59ae8b04d66c508f84
SHA512 b60086ee84aefb33d4d630cb5d907d9fd26ea29f23a85b0e7fa26f5a99ccf38c7dccf08561b9edd66429de394d0506519b79fa22a037cbed50bdcf285c35e91f

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

MD5 6e4d0628e74291b5dec3b87dbc740479
SHA1 f96f5d7da6d97385597b6a8ab10f8bdac5ab1440
SHA256 aa2f12cb296860bbdf26421abd91484b0ce365773c4e30c47fef1420fceca593
SHA512 eba858bd7f4aa94a33125faa909b62a63af71e90d2abdd31f7c23255bb84a9a55de8beed52816bc5732d3057b543ec6bfbbd2f1ec891e1659a61f2872d0ccd3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5fa4d091-71bd-4f8a-bfe9-5a9524cce8fe.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0da5cc75f8ffdffdad617891df0508c8
SHA1 5d558a0a36dc7e7bd4773ebc3b015dc159f3a5a1
SHA256 f23ed679416d8d1200edf6871fd48228dc1183d9ec1dc3a28690847fff7c28cf
SHA512 df553bda5710d7a1b3a6291c553a3ef47f03375e0e088881bc09d367ca69226e0642cf3e6ab7fd9456042d8408963947b6bfbdb370b426a565fb45e45f2e8e9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cdf3adef1ec91f7fd9435bf776fac6e8
SHA1 8761d10e9ca6b2b66712756635139f067c0ebb27
SHA256 3766e743b004030e2612a7e91a3d59ee707843aabbc96a7e940e30d92d24b932
SHA512 fa16ff38965e7fc80916f9633a24f6b1c43ee151f6d779d85e3568ea39ec4cb3294ec9dd513fa0c8e5ad4d4efdabde3bd5cf468ca03078b51055437f7f75f2bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598a64.TMP

MD5 f4de41a9766b22b47c07983c940d3818
SHA1 595bcd7cecd14ce8c2ffd3841cc245eda3aff72d
SHA256 6afa4a9b28e1a2fea3d3867840905372e7ec04ca4eb3a970a30ef3e51f9b55bb
SHA512 326eed0ec38b6f6a56717e00be19d6651baf0ecbdabc2000e5115879747f3bf97cb106a037cc59b0b827f3f274defea8fde7da826976d328743575681f4d560b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a94f9312459a1244c2c3d4b3502fac2d
SHA1 fc65e85ea2058d07de83d8b9486766583c6adba9
SHA256 b50e311aa1acbb875e7a94d54c4a0bae527a14acb53234b2d41c3ef9bd64da4b
SHA512 3bb239ff2b1651943dc3f6a4599a7d8eb28efc42719ff9b2faddb50852968409bb72d4b40e893cadb6c2be7c90a7149d577b827f1e990f120e2a68c9dc5ac718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a0d34aba-fec7-43d1-b92f-782dc73d61e3.tmp

MD5 98b30cc4fb4ee9f09e71c83de7fbd02e
SHA1 e9d59950616f6626dcc16bc186c3b53ffd3b04af
SHA256 db3f8a271a09351a9f83a6665b6b58400072560d96a3d4e7419c7525808c1446
SHA512 1405ca590a23c9ba0e2e58ad95eae125ec87d9aee0b5f1ccf031de181d04163a3dae9e1593db03b24fabe56d3c847eb33d7fba405a75b6fa4017f7fe91847fa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6cec1a64902855dd15ef02a6d124447f
SHA1 234f8000843bd07c3147b050958b3fcbf2f956b7
SHA256 3d850d77689ebacb1633bd2f801204016f0c1a3140911d566deac7f63882257c
SHA512 99962952d95b2bf831c476e32000cecc4e79ef96f88851a50396fac003de0db7f82f3be9724b30180d0b90b3e211c881592e0c650b695b9b17d8b8117609373b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 87721e8991daa04b2923666d5444ec3f
SHA1 06a9415c63218242588b40fd0ffd33a4855f1162
SHA256 0f8e4b88370266ee72c00d7d1b1a9cbf2f1518e185ade716d71d74107dcb8b23
SHA512 b38a47a9f8844f3edb2668be4fe667a6e388ac2847bb5a981bef3d3823452364dc321fca9afb3b6f3fe09134ab5cd9f87891deb6592b8b35d408d19727f17cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\01b972640454b3a1efb48dab553f4d86

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 4e8dc22c5e857558dcea1f0f90f3602b
SHA1 e134d83e415bba5d4df75d948664a236d3b4a682
SHA256 e2b60926a8cf48833ca2796e54c6f8d5e3e7424c649376af323a9f10a042683d
SHA512 35b1bbe067e7a342a801dac585373d77e522b4405db010c27d94864e0c1d7854f7dd5d5a9be4636453d178965a980ba861d44a3855e39deaada2cf7381537ca9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5f6ab93f5b9f64661c3dedeb5c485236
SHA1 de6bf2032c03b4e3ae5d29c85bd6ee456aa1a560
SHA256 dd8a124ce90b6a8f17e14594fb9df9f6d31d782b4fe23c600a15f4aa8a2b7484
SHA512 e526b9f71eff7d3fe66159cb601a479c043c5316a84583a68319b2d92756ad77935f8dc8ed3d6240e521a3f199039e0ed16b667f3bef0e045e1b0ee3fab35762

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

C:\Users\Admin\AppData\Local\Temp\is-DVSNO.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5u5iepga.gje.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 946c0547fbc9dbe2ea1c89646516e0e0
SHA1 4d2532fc704b24225283172bdb18d7eba58cf870
SHA256 61a03a937e7e9ffb78d0ec2cdcbf3bccf370526adb512ef97e2f5761f6243855
SHA512 cd8dad4b0a7cdcb188b70030095b627934d2906aa435ebfda0dc2769f5005edd4b1432a10fcfaec9467f1cde28cb5b7d55a05c3c00c1c829fcf89770c9cd04d7

C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

MD5 d170030bdd3a6c1bb90011f8c527ee45
SHA1 4e5ce6c9db0ff5fbbad5840a54830067dd92cac1
SHA256 b2c5d94ef7d4e3ba11f504fc3671a311ac0bf20985e471a2e5a73f6fcaae50aa
SHA512 e61ed29b0493e47d2213c9d992e16ad2018c4604f32c9f61497a59365ba883bc07169a89bed18e2bdad3f6ef674faf406a9c7cc88da7151aafae2c026cceea6a

C:\ProgramData\EGHCBKKK

MD5 025c5d5534281c949e5ea9f62ac6a0f6
SHA1 305cbbf652fdd018631d474e150a80bcf3669084
SHA256 68bd6ce2a5062e7885bc41a3ab8341f30cc2e77005a05bf2ce22aba52c2f4f03
SHA512 da74de3cb440a5bb23f1ee85b9b347b67f737f8f026c54894cb5e3e3c01a93558f7c11a33da0d4d72dc0e0195ceedd4085c352cf1880e889893316df269c3561

C:\ProgramData\CFCBFBGD

MD5 93ef4286b4e02a0d76805027bf411143
SHA1 c2fd6deb9089c0c89de82977e35b46556df32f55
SHA256 8dba00c87ccb68f1a159fdc7ef9dc3b79aa861e6e5de1b1540236dc7308c7a5d
SHA512 abae994ce80d9b26e5e12f9cd65dc70d9208fdeef94e4c1c3dd888cd1e7cb6651f57ce866c74d96abc538d92d11e90c0f97b50d664394431d1ac66ddab0fc06b

C:\ProgramData\nss3.dll

MD5 d414a994d3057dc257ca8ba0c661d2d0
SHA1 b450c2eec38fdcc0d1cca0e664b2033db5ed5a5f
SHA256 14af687b089e6e6e92a293067dfca4c2c50a77d1438dfa6e4cec33244363f574
SHA512 3bc4ae9cdc55d735b18cd0b07ff4c746a573461ac9de53a9bd63d910eb6cd6f2bca0e9e174555c64944e9f6eeeadcf646b4f682e619b9ee8fdfae0daaa9be976

C:\ProgramData\RedoSearch.docx

MD5 324a039c5af0b6054c9b518253f366f7
SHA1 abfc3b7deb477d36943ec7ba4578595c4f9b3827
SHA256 16f4c676ab4b0a88e85e72e2eaa8b9908aa833a9c630ef9e011be81a1e23b80b
SHA512 5f82c0a06b31291586f20cbe4c7249f201004f1a80904a63adc4a2750ae742b37b947e5a1b25a316571ad8dc2d7d2007f8162411d233c60094c11393fd51a31b

C:\ProgramData\OpenRegister.txt

MD5 d182235f7bde72c50b51d503ad077582
SHA1 4f23eadf7810a586f28a8ec1ee65e4b8dfb247ca
SHA256 d1d2e749067da4ce3309034f4a929fb7781a7ff89e66c8cc0f17c31d419fd607
SHA512 99d638013b74fb2813f79980358de10b90cb3f137d2697bb6c594e5dccd5b1df3e731facfd325664ba5a6321cec9c9efdf6e2f885dd7727fad718ed656b23f9a

C:\Users\Admin\AppData\Local\Temp\tmpDBA4.tmp

MD5 00c8aa85a82f2aee8534fc507c96aa65
SHA1 528e38daf74cb9b3e7e4d889ae18258da1a2dfee
SHA256 52041e42c4ec3b7cf2043632d11a7cf759cdf1d1347a9bb93ec38df916d85bba
SHA512 28902a982fdf7194fc60c5c14f28d5919838e64d974a1e7b63ede551eac47e7f41609ebccd8dfc8ebdfadef5383302389b449c944dd59aae369adfd2abf1a2c9