Analysis Overview
SHA256
ddb2ab0e9897b57abc9e1c96a439e4c00be2e6ef45562506af8f2407331ac064
Threat Level: Known bad
The file s2.exe was found to be: Known bad.
Malicious Activity Summary
Amadey
Detected Djvu ransomware
RisePro
RedLine
Formbook
RedLine payload
ZGRat
Djvu Ransomware
SmokeLoader
Detect ZGRat V1
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Formbook payload
Stops running service(s)
Creates new service(s)
Downloads MZ/PE file
Contacts a large (792) amount of remote hosts
Checks computer location settings
.NET Reactor proctector
Themida packer
Modifies file permissions
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
Checks BIOS information in registry
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks whether UAC is enabled
AutoIT Executable
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Program crash
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:05
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:02
Reported
2024-01-25 17:08
Platform
win7-20231215-en
Max time kernel
6s
Max time network
86s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Downloads MZ/PE file
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\GuardFox\qyhWJHjjuuV2DTQHhY6NpCiW.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\s2.exe
"C:\Users\Admin\AppData\Local\Temp\s2.exe"
C:\Users\Admin\Documents\GuardFox\c5bdWaXe7w6LjFh5aUvSC_h0.exe
"C:\Users\Admin\Documents\GuardFox\c5bdWaXe7w6LjFh5aUvSC_h0.exe"
C:\Users\Admin\Documents\GuardFox\tLtmdRvUSqoRnn6GuxdF94RX.exe
"C:\Users\Admin\Documents\GuardFox\tLtmdRvUSqoRnn6GuxdF94RX.exe"
C:\Users\Admin\Documents\GuardFox\dKXQmNpnfPnHrbU3B2zW9lW6.exe
"C:\Users\Admin\Documents\GuardFox\dKXQmNpnfPnHrbU3B2zW9lW6.exe"
C:\Users\Admin\Documents\GuardFox\DpPU23wMmzQ1E5ua6mqUEp6d.exe
"C:\Users\Admin\Documents\GuardFox\DpPU23wMmzQ1E5ua6mqUEp6d.exe"
C:\Users\Admin\Documents\GuardFox\D8wdWxf3JSCHBsT1rCOc1muQ.exe
"C:\Users\Admin\Documents\GuardFox\D8wdWxf3JSCHBsT1rCOc1muQ.exe"
C:\Users\Admin\Documents\GuardFox\xz1RKwuJjY0wuRJysoWmeJ5a.exe
"C:\Users\Admin\Documents\GuardFox\xz1RKwuJjY0wuRJysoWmeJ5a.exe"
C:\Users\Admin\Documents\GuardFox\fK2aKDF8knxiBD3coQzd3lQE.exe
"C:\Users\Admin\Documents\GuardFox\fK2aKDF8knxiBD3coQzd3lQE.exe"
C:\Users\Admin\Documents\GuardFox\IBKA6K2MCKIWp1kzupytH_7X.exe
"C:\Users\Admin\Documents\GuardFox\IBKA6K2MCKIWp1kzupytH_7X.exe"
C:\Users\Admin\Documents\GuardFox\G1FNYCMERpNS0KfUugymvuXY.exe
"C:\Users\Admin\Documents\GuardFox\G1FNYCMERpNS0KfUugymvuXY.exe"
C:\Users\Admin\AppData\Local\Temp\is-D41BL.tmp\D8wdWxf3JSCHBsT1rCOc1muQ.tmp
"C:\Users\Admin\AppData\Local\Temp\is-D41BL.tmp\D8wdWxf3JSCHBsT1rCOc1muQ.tmp" /SL5="$40180,6434705,337408,C:\Users\Admin\Documents\GuardFox\D8wdWxf3JSCHBsT1rCOc1muQ.exe"
C:\Users\Admin\Documents\GuardFox\GVbm6Twivy92UCZaccmFxnZT.exe
"C:\Users\Admin\Documents\GuardFox\GVbm6Twivy92UCZaccmFxnZT.exe"
C:\Users\Admin\Documents\GuardFox\zqOmM715lPnpTmRkQGRYV6MW.exe
"C:\Users\Admin\Documents\GuardFox\zqOmM715lPnpTmRkQGRYV6MW.exe"
C:\Users\Admin\Documents\GuardFox\sSPmXTvm1u21s_coex8Vrqwo.exe
"C:\Users\Admin\Documents\GuardFox\sSPmXTvm1u21s_coex8Vrqwo.exe"
C:\Users\Admin\Documents\GuardFox\KiMvkBAdmu4Q7Cpnu58EfRae.exe
"C:\Users\Admin\Documents\GuardFox\KiMvkBAdmu4Q7Cpnu58EfRae.exe"
C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe
"C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe
"C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe"
C:\Users\Admin\Documents\GuardFox\qyhWJHjjuuV2DTQHhY6NpCiW.exe
"C:\Users\Admin\Documents\GuardFox\qyhWJHjjuuV2DTQHhY6NpCiW.exe"
C:\Users\Admin\Documents\GuardFox\qhK8h985Nvs6aHjoZcpIIVdR.exe
"C:\Users\Admin\Documents\GuardFox\qhK8h985Nvs6aHjoZcpIIVdR.exe"
C:\Users\Admin\Documents\GuardFox\14JlbCy1eTD6_59JM48ARyLK.exe
"C:\Users\Admin\Documents\GuardFox\14JlbCy1eTD6_59JM48ARyLK.exe"
C:\Users\Admin\Documents\GuardFox\jpz5Y3DdIgw6FHJF3bGdZ8tw.exe
"C:\Users\Admin\Documents\GuardFox\jpz5Y3DdIgw6FHJF3bGdZ8tw.exe"
C:\Users\Admin\Documents\GuardFox\6vnWRT4TKBC5lsawhQByZBAt.exe
"C:\Users\Admin\Documents\GuardFox\6vnWRT4TKBC5lsawhQByZBAt.exe"
C:\Users\Admin\Documents\GuardFox\iCYwd_WLY9eMg9YWFa8cIjFY.exe
"C:\Users\Admin\Documents\GuardFox\iCYwd_WLY9eMg9YWFa8cIjFY.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 616
Network
| Country | Destination | Domain | Proto |
| NL | 195.20.16.45:80 | tcp | |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | ok.spartabig.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| US | 104.21.15.216:80 | ok.spartabig.com | tcp |
| US | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| US | 162.159.129.233:80 | cdn.discordapp.com | tcp |
| US | 172.67.189.229:443 | 294self-limited.sbs | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| PA | 190.219.136.87:80 | cczhk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| PA | 190.219.136.87:80 | cczhk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | tcp | |
| NL | 95.142.206.3:443 | tcp | |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| FR | 199.232.168.193:443 | i.imgur.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| RU | 193.233.132.67:50505 | tcp | |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
Files
memory/2136-0-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-1-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-6-0x000007FEFD840000-0x000007FEFD8AC000-memory.dmp
memory/2136-7-0x000007FEFD840000-0x000007FEFD8AC000-memory.dmp
memory/2136-8-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2136-9-0x000007FEFD840000-0x000007FEFD8AC000-memory.dmp
memory/2136-11-0x0000000077990000-0x0000000077B39000-memory.dmp
memory/2136-10-0x000007FE80010000-0x000007FE80011000-memory.dmp
memory/2136-12-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-13-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-14-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-15-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-16-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-17-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-18-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-19-0x000000013F610000-0x000000013FFF9000-memory.dmp
memory/2136-20-0x000000013F610000-0x000000013FFF9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabA0C4.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarA105.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\Documents\GuardFox\c5bdWaXe7w6LjFh5aUvSC_h0.exe
| MD5 | b9fb15243dc3f59a362a3980304e61ee |
| SHA1 | 568d289eb8fea03a0437e8b4fbf0e85f01df0f76 |
| SHA256 | 739bf3743e6f9efefb54081f2ec7780e5cb94945d69a417150406f128a9c5873 |
| SHA512 | 9c396ad453514ea195ca98a75c321e554be3507fc292542c99253d1b660a52211472e737c1ce95df3871fc9836b8a9cebb994d1e2cf1bdc4b44bce89699e6879 |
C:\Users\Admin\Documents\GuardFox\D8wdWxf3JSCHBsT1rCOc1muQ.exe
| MD5 | 43c10530c3b8feddb7e3d57f73c6e313 |
| SHA1 | 92e72edd3c09fdf6155c8a95877d5e60e6affeaf |
| SHA256 | 749ca4b3235eb1ce8653d7b75662ab9f25402dde307a51e7a0d0a476235c27b2 |
| SHA512 | b34086c36f7dedac013ebd8479a129595065897f4176f3cd3cb424e304a5737cdd9c030f5d20621b07cb2862eab50033e7edb6d03cebb6f18e619271c1ae5b17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dfbfa7c088f2efc279f2a907dac4dfa |
| SHA1 | 4514103809415344da84c3b9f990251989785d58 |
| SHA256 | 5c893f6ca4e74526d822dfaaef3c634b238b05a0f554709db007642bc5915e16 |
| SHA512 | 58db4ac0ebc0e17224ff46b031778c8a6fb256a32175026941a2814949a1e13dadc217162297a2c64d5637a978ddc69cd406d21d1a148f7ad45c8ca80f980f11 |
memory/2136-159-0x000000013F610000-0x000000013FFF9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\xz1RKwuJjY0wuRJysoWmeJ5a.exe
| MD5 | 5eddaac7b298695f32c8cc0436942b2c |
| SHA1 | 8452d327921af9d65d3d7fa895115414ec48347d |
| SHA256 | d140da91e571d4c6f38dd719425e078c4d670eccddf49aecc905fe531a503ac6 |
| SHA512 | d342d00e9e27b53559e343f074d84b027b7be11a86711239c3e51a634936cff0528bb9397ab9e1dd9875157ac83e438b8ff391f4ac2c52695aaeee37210169f0 |
C:\Users\Admin\Documents\GuardFox\DpPU23wMmzQ1E5ua6mqUEp6d.exe
| MD5 | 6d457934761db9cbb94efdd7b30dba09 |
| SHA1 | 0f9e5e83d57c9f7c4add5eb95308e37618288d45 |
| SHA256 | 5155ac5cd32eb277eb828d76c7e50fdce7e528e3cf89645c1928a4512f7253ad |
| SHA512 | 0488b2ed9b24cc5c5a56107a4a0dc75206760804e3542e5554df87997e4bf19b79d9be03ed7a9d5bd931d873f76b1f44b916286e8044c1d2d874a382a9f0acad |
C:\Users\Admin\Documents\GuardFox\tLtmdRvUSqoRnn6GuxdF94RX.exe
| MD5 | 05d581f4eb964f86214bb9d58f7662d3 |
| SHA1 | 332aeeec89870c2a8b66f64602e6e08424f0892a |
| SHA256 | 45b94ceae660678e0db55565580fc2b82f56b4b7a1106fb92b0da85e5469d5cb |
| SHA512 | 4b8f0f290fb283ab040ff9ff12aee022f724eb531ece1e40f8686a0cfbe2c678e33cbe3e26974b99f3c1a66c90208c8a3cf8f7e07f98835b0908e4afb423b342 |
C:\Users\Admin\Documents\GuardFox\IBKA6K2MCKIWp1kzupytH_7X.exe
| MD5 | 5d86afb61c4afa433917d68c4b8d017c |
| SHA1 | cc1e12b3fa533e476ee8e369159561ce941140ff |
| SHA256 | ad3f38b2794de60d5bda67d92f24ae080e3b5a49245cbe931825002c92539bc2 |
| SHA512 | 71b5a1a2fdc4a254c9c13dd855c1f1a326d9bbcf54f6ccae0df1b381957fe111dcca027abbf8aeb1b590db697cda451f4a05d03c362a5a651fa6f175895dfefe |
C:\Users\Admin\Documents\GuardFox\fK2aKDF8knxiBD3coQzd3lQE.exe
| MD5 | f8cf1cf73f73475ffaa5da3b485799c9 |
| SHA1 | ea5cf7c44fe8dfe53647f376e1adfa9e65515998 |
| SHA256 | 26c4733079ddc0e687cfa665d5c278e59ca8e1ece6b7da9de56077b51a06d66f |
| SHA512 | 7cbbf5cef0fcc3e12f37f47afb0be9ce50511d63d559dcadc2a4c3f869a502f43ddd3920013fee79733764b3813d9007fd42f9cc9fcd1a2c92dc0c75cb1f1bf2 |
C:\Users\Admin\Documents\GuardFox\dKXQmNpnfPnHrbU3B2zW9lW6.exe
| MD5 | fd08f8746afe7feb5c0faa3eb9bdf3f5 |
| SHA1 | 2a72d6e7b64037c7ced7636f90f0ccab66afffc0 |
| SHA256 | bd977ac3052ee0062477fec2fede9f6c9d8ebbdfae66e489d2e857b0debe2588 |
| SHA512 | 6ca1672cb985d65ae680c52a2a09590f0e00c14bf8f06249069b05d274049a9d1b8ccc783c6a4e335ee87ab249598288d6f10df522c72f6b06f9eac6d35b5b65 |
C:\Users\Admin\Documents\GuardFox\jpz5Y3DdIgw6FHJF3bGdZ8tw.exe
| MD5 | 8c9e1739c98341570233a1062ca9df65 |
| SHA1 | bccde656b35e56472e8b292ca117bb2d43552c52 |
| SHA256 | b921157d1d659e389d51b211eb45d59a60dc8edcb01637c0dc16c364aa7f6d83 |
| SHA512 | afdeb3725442d08f615c895d38cc12368c0f304dc5f7d7322d25d39bc5a29e59c026cd46b9cdc9212c6d8605647e9119a2eaf6c5942a70aaf51669edcd126742 |
C:\Users\Admin\Documents\GuardFox\14JlbCy1eTD6_59JM48ARyLK.exe
| MD5 | ecba5a965f3b41d0595f02ee22c68a6d |
| SHA1 | dad7440f1cdf71c742ea31e66793e4541a9e525a |
| SHA256 | 21161c967f379df4179d23e7251dd6b28b80612130e19bbbc911c4063e685c79 |
| SHA512 | 3dcf04153915ef97f6b78381f1c95404f3c8cb4d353a6d805e049448f3fbc20584b918571c70f538c79ed52817800110f626619f9e8228eb4866537485aa7ecd |
memory/2136-254-0x000000013F610000-0x000000013FFF9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\GVbm6Twivy92UCZaccmFxnZT.exe
| MD5 | 398a2b1b084ea85c0b1efd883b1e7497 |
| SHA1 | 8ee03fa061b498d0f09fe598abc619676b42d9f5 |
| SHA256 | 3888255e6a4f7fa55f78c82585e094390c71c7a6c5010e5df134bdb9175740e7 |
| SHA512 | 59dd75737ef85509d0fd3474338e73d6ac11b8554b8c7f5c9153b75635a715e9783262e7288e044f2b6c0c9f5fe7f8aab4aef63b3d7c094766884ea0c69e7b5f |
C:\Users\Admin\Documents\GuardFox\JUMmk2RJuU7yxbWE75YV9bqG.exe
| MD5 | f046c64184e464f2777a29901a79e368 |
| SHA1 | b15650ffadcb7fc10a5ebd120118a16bbaf194c9 |
| SHA256 | 3f035755f99a22ac597ae326df08d5898e90792a4d057e636aeabf207c178b37 |
| SHA512 | 5f14bc830638fa6ed4f72a5cd3c66eabe232f07e2cc0d2c8ae2590760854dfe3b331616357c085987651130ba6d6b0df57f5a39d9fd05f6f95528814547ed3c9 |
C:\Users\Admin\Documents\GuardFox\mgmrMWnNXibY35NgmUTenKD1.exe
| MD5 | 0b98614dc2148320258fda8f2eea6cc8 |
| SHA1 | eeb40c6f658cee5f82f85fa24db14d0fed688795 |
| SHA256 | 662c2661a05943b53ee8c19de71679f4a021f99774304bed339981741ce5f4c0 |
| SHA512 | 64b6e75a654c71f6768ba2357f00ed45db4d1cbc572c465c2ff13c3a23f323c694c8f3418d2620fe3e02d518050413b16dca36df5b2bf997035726c5c743241b |
memory/2136-276-0x000007FEFD840000-0x000007FEFD8AC000-memory.dmp
C:\Users\Admin\Documents\GuardFox\qyhWJHjjuuV2DTQHhY6NpCiW.exe
| MD5 | 8813254a5132fb42b017a72b6fa0ba9f |
| SHA1 | 17a915c238bc4db093bf3131e1578170a1e16e3f |
| SHA256 | 12577bb4c552aa90228680a42eaf823491a069fd3ddbf17930c2c722ba40c5ba |
| SHA512 | 801d8a22b0420f715a5f925616cc3eea2d5a49e59ee7087659d4ee312600ccafbfb159a5a2852ccaef34f5150f79be1fb8c0b6e74d7daa4c302fbfaf2e27ecec |
C:\Users\Admin\Documents\GuardFox\G1FNYCMERpNS0KfUugymvuXY.exe
| MD5 | aa632897369e659c68f7aea061fda7ff |
| SHA1 | 7ef45bbe9d6865dc945bfb7f77e04f8c4bb43866 |
| SHA256 | 266381b3e49f929fb71104caaf299a00599e5c84b963fb4145f550bb6d802abc |
| SHA512 | 85e95b6f6a7457ce903badd6bbb7c9b0a75a049e109ee91df761830f52c90fcbf771a7538ad6064e9e21426ff275713bc75a236f79195486c153a6f777f7e67a |
C:\Users\Admin\Documents\GuardFox\iCYwd_WLY9eMg9YWFa8cIjFY.exe
| MD5 | 29180c1a5ff20e7126504f7cb869e1db |
| SHA1 | 7e5e0907aaec9b7346f50a3023e07b904674b2c6 |
| SHA256 | 58d913c17469e8d3b4e9aa1cc8b6fa1e097238a9a40d81e3857756bb38d7526f |
| SHA512 | 63035ab620df00265b669b36586dabb65724f85093e629c1e0ee1adb8aa7b4f04413b09ee9514915e51cd4e66bca2bb0c0dca74c7792cd064e486d70e7f7866b |
C:\Users\Admin\Documents\GuardFox\zqOmM715lPnpTmRkQGRYV6MW.exe
| MD5 | 1c0793131785ef7293cb891edf354ec9 |
| SHA1 | 5c8edcea9b8bb4f341226635244e4b7709c0b1af |
| SHA256 | f412f5a78019a187f989166d9be523ed1e84f5c5b59d5c38d57d5ed6924c62e9 |
| SHA512 | 54398237e51164ee04003bae33ab66e53f61879f8039d737827a77c39df4eeb6cd440f0200a0029fee667e1dcf7f59fbc7a6d9fd0d4897ccbfbb7625a0ae15ea |
C:\Users\Admin\Documents\GuardFox\6vnWRT4TKBC5lsawhQByZBAt.exe
| MD5 | 8bbfe36a6ced67875956bcbcfd48df98 |
| SHA1 | ab1fc3092f915beb1c1892afb8925c2558a8479b |
| SHA256 | dfe970f00c2aac8e8192069d51e6afc501281dd654bae2a06f94096962823252 |
| SHA512 | c10ef2ac908019fad696eccdd927c33f58592566ca9d530ea04367b6a669179fe4ca0231ad3c1cb98a2ae553804de649ee13058950d8ebe7ac1bd9dd9607d403 |
C:\Users\Admin\Documents\GuardFox\sSPmXTvm1u21s_coex8Vrqwo.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe
| MD5 | 06d546f3c528d88249b888d3c03c6fb0 |
| SHA1 | 360f0ad4c558ffb4614a20635226e60cefef2171 |
| SHA256 | fe240a2cc5f16f810c841c0127f6bd8b962708d2aff892ad14958974f5cd3a8d |
| SHA512 | 9decf0f0ab8110eb523b480d802e73ec735cc52b879d8b6e9b12e3ee7ef8373da2af2b8feaaf12178ec57a653f9eb4718ba717a0dc0d5c2eeb457bc40ffb01b8 |
C:\Users\Admin\Documents\GuardFox\MgpV_UOslGvjxK6pVEvyBz8L.exe
| MD5 | 9036dab4dfe22465dc81c41a8d88174b |
| SHA1 | c826f07e481b90d836c2d8ada62fd66ec05ba71b |
| SHA256 | e6472305820863f82eed45719a0797f194cc8f91960ee1837416b2e11a1a8e65 |
| SHA512 | 06d7b7504327f23a2bc342d6e731d6059a2cfe11284328c224c84c34137736d86f71f076a4816f4da31371878148b63b765a242b26e0b4b39de747e1afc2ab6c |
C:\Users\Admin\Documents\GuardFox\KiMvkBAdmu4Q7Cpnu58EfRae.exe
| MD5 | 87b85abe65e16ee6da92741add9ea114 |
| SHA1 | 534467366e1c4c78c300400cce6f6cd4ad513e03 |
| SHA256 | 9ec0f956cad46f8b45d7c34d55f22766896835c4473c92f3bc0e7d09b6874abc |
| SHA512 | 741cb221d774f1f101f690a27b0e01784ed6d6331b191711f5b811f9393e93546e3ca1a6a4cf3738489abae8ff6c651baf436956255391431950bfb87356f94b |
C:\Users\Admin\Documents\GuardFox\D8wdWxf3JSCHBsT1rCOc1muQ.exe
| MD5 | 3a63d67bf84192025b48a6aeff7d18d0 |
| SHA1 | b2809626dc0d019d363e0f6eb63c620cf0084b27 |
| SHA256 | 96012d0233271ffd38874fb80236cfb39376461cab9a35d9e6f1a0adf3c945f2 |
| SHA512 | ab137726dce13051a94f42cb9bff44874bd8fd9a71ceebc876c0c4926b5955bb355286ab22a26fb32e24d6dde6fc353eb0faab975baad055a9295c56cc7911e1 |
\Users\Admin\Documents\GuardFox\IBKA6K2MCKIWp1kzupytH_7X.exe
| MD5 | 24408bc938165168f9d308f5d2b5f70b |
| SHA1 | 823f2fe9c3f6e4e7ed9ea5410ced60dc5c58a8ae |
| SHA256 | d3b25ee4cff87a53b0e6332d3d71012b041a39c0757aa4a33cb4e076850cf6a7 |
| SHA512 | 2eba8845ffdf14c3459716f29366e41d774b2ad55f7321ab7dc991aa98e330591914d8b1af3abc42755b46802e6d741de2887c5cc9462e2a7527d01ae200c234 |
C:\Users\Admin\Documents\GuardFox\6vnWRT4TKBC5lsawhQByZBAt.exe
| MD5 | 117d9fbcd53674bcd676e2feea2353ea |
| SHA1 | 0745d6f14a4c4efa9d6b834d9a4acfe0677be34d |
| SHA256 | ac0a93764222695ce5036919a92daf22ef563e5b5484afa0bf951620dea1d98b |
| SHA512 | f8a393bc4df2e4d4011606bfa4034a7a750bfae69fcf1b00d0baf7dc03e28695f1d5eaf54e9900791b800d57e882ba854310d251d1639716e0ae2c83abccb69a |
memory/2160-389-0x00000000FFC10000-0x00000000FFC62000-memory.dmp
C:\Users\Admin\Documents\GuardFox\iCYwd_WLY9eMg9YWFa8cIjFY.exe
| MD5 | 5447f40c9e6c773eae03b832acebc845 |
| SHA1 | ebb0de7cfb14674b8683ad42cee8fb2eb7c3c213 |
| SHA256 | 2bb19a06e55b3c17630d613a2e84a8ff33e396bd8ff4da785892d0f5e50e547f |
| SHA512 | 7510027cb511bd74986d7691fa0eb6bd6ec3258d81d5f7c4a2d5d8a933d62fc50ce6cc3a7a52cc47a54a85ed2480abc7117ebe810f378de568bb66a2c7d0036f |
C:\Users\Admin\Documents\GuardFox\qyhWJHjjuuV2DTQHhY6NpCiW.exe
| MD5 | 94ba025c3b653019f424187f63c6149e |
| SHA1 | 88f4ec0991fdf13ecb5f00dab3d24142f6cb339a |
| SHA256 | 121a09bc4696de63f35cdad8e09edaf6b3a7988228402adc9611ebfa715f8b3b |
| SHA512 | 92c7b95946ca05c3b6abfeaf839bbb3fbaeec78e1280d2dc99bb5682ca45d0d9fb8ffd090758fc13ed66dfe0b15ed6da5470298a2a70bd8d3af4b119cbbc9b2c |
C:\Users\Admin\Documents\GuardFox\KiMvkBAdmu4Q7Cpnu58EfRae.exe
| MD5 | c278d48f69f5fb77f7e9ea66067fa0cb |
| SHA1 | f59f50a5c669562c7e78771c2c0ca76866908288 |
| SHA256 | bb9b854ee17b849e409775acd43b3dfd8a07e64e3d1987b4b5015a753ce757bf |
| SHA512 | 0992dc3463bfe4c4526e9e01ae7bfd322891c2b266c16149330c74a046b6dae38c4ebefed0a45f126434d5516c643408779449b0a5828d22c6f224579769fc7d |
C:\Users\Admin\Documents\GuardFox\KiMvkBAdmu4Q7Cpnu58EfRae.exe
| MD5 | 81a47ba2a880de61b18659f3e134805b |
| SHA1 | dbbc2f8751b05393003ff3c6089270e924a46f88 |
| SHA256 | f138a538c70747988758d2cb3d12b187da830d0003f3a929e15c6df1f14850ed |
| SHA512 | 68e3ddbfeefd3a16a4dee26e62cc1edbd0f1a01b51e609351b6bb2cddae7f787701d479ed44581389785f60b991279abc6f70cb78405eb27d180038a96e7705b |
\Users\Admin\Documents\GuardFox\sSPmXTvm1u21s_coex8Vrqwo.exe
| MD5 | 33d4cbb6de6da38446349de83c76ec86 |
| SHA1 | ac536fa0876d31c8b4875b334700866fee54587a |
| SHA256 | 5c0a4fe417fcb2530868aa4c874edcd5d9e320073bb262223ab4a370e9a2a689 |
| SHA512 | fc91905eeff3aad30970ea2e63117ef89e185d7e12c1ab676a1f5184a3db36366a2d5843d85bf9b042020d62c55749c9b83ec62c33f7376fb1adfb5a6409229d |
memory/2136-424-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/2768-433-0x000000013F9C0000-0x000000013FCA1000-memory.dmp
memory/1680-455-0x00000000008C0000-0x0000000001873000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-D41BL.tmp\D8wdWxf3JSCHBsT1rCOc1muQ.tmp
| MD5 | fece577965d34192265a9308e2b4c6d6 |
| SHA1 | 42d7d4791c1576045217226828cc62881f2a499d |
| SHA256 | f5aed4d9d12ac81733daae6ad00b8a5d284c5a92a916647eb29913d449088dd6 |
| SHA512 | a1e698503775e52e8a2ce939dc0f12badd49b92cf0f30301901072250844efb22935fbe9b429fd4b56e19670e1ffa066582b8db82e5ab0b49bd0681d9b652e25 |
C:\Users\Admin\Documents\GuardFox\jpz5Y3DdIgw6FHJF3bGdZ8tw.exe
| MD5 | 597ebc76bba735d6ba22b7a941c3b374 |
| SHA1 | 9cbf4a38b1af32ca6aa17fd1680005744844f063 |
| SHA256 | 6868c254639258f4d55ebfa874bb1654bb69d56d7de196cc8905e7b75eb1988e |
| SHA512 | 109361ffec5f5f23400de1ffbdcbfe169159d4741bc117353f5c3fbfeb78c65114ef0758e49f11fc984f9c33de5a60c9a5f348e4e17ea91f3c34b53d52475c66 |
C:\Users\Admin\Documents\GuardFox\G1FNYCMERpNS0KfUugymvuXY.exe
| MD5 | 28d4dbeabcbefabae4e394af7cb57603 |
| SHA1 | e864039bf8b568ba43acf9278cdd6fc7670f708b |
| SHA256 | cbb5da884c82a856a91982207e1f2aefafad8b6556fb8927b45f1e5757f96297 |
| SHA512 | 9bb03f330fd1fdb880a4b17064dd8ecc3fb54511bf1dffddde87e361aacc23c5b9a145283a20d12b4093fe01df77f7a2b1db1838c1c9c1b56126c1c0955e69e5 |
C:\Users\Admin\Documents\GuardFox\GVbm6Twivy92UCZaccmFxnZT.exe
| MD5 | b5db6490815c1ce47717c241d78ef142 |
| SHA1 | a56e0b5ce008237226d08a7f51fd21682dc71c7f |
| SHA256 | b55bf286e9203219988f97642bf873aa0d642debd340850e6f395df533f1cbe1 |
| SHA512 | 62eb03330c37ce1c2cee321fc80294ae0cef7fb5eda2df962b621923e457ae93eac47a05515ec0f80dfd7cc38cf8ff735a486de4568f53d41cd5c6268882ea0b |
C:\Users\Admin\Documents\GuardFox\GVbm6Twivy92UCZaccmFxnZT.exe
| MD5 | af8c29f814232710221ead7065f34df2 |
| SHA1 | a0795e65f58a821f7c5f7d38ec41ff65c52edb49 |
| SHA256 | fadd49c3630d23916c6a68c2263987eb70b944d5688231548a3224b036d4c110 |
| SHA512 | 4e23288be04ff34ce3cb89f329e218187abbf19a70fd0bfb81c702ba3133f29c3eaf693f3dda08f766452b71b30026874fcb14a73f42c1ce0101068d82ce5fe9 |
C:\Users\Admin\Documents\GuardFox\G1FNYCMERpNS0KfUugymvuXY.exe
| MD5 | 41a4b43f1858921c9f3a4d51006fe285 |
| SHA1 | 2989ab16c96e4fa2e278ae0a9ecfeeea2a9b22e1 |
| SHA256 | d0b92a974e03c39bb821e96940ee95c2f0615f801622886e42231a4953c34da7 |
| SHA512 | 1e411945f32d7fc497af82587123465a6ff36dbbc3e5c506749660647556b48b941bc03dd97e6ae0388bcfb3f4424c590dbd9b63ac3549add297a17ca53290ab |
C:\Users\Admin\Documents\GuardFox\zqOmM715lPnpTmRkQGRYV6MW.exe
| MD5 | f288ac6269b75f37929a531c55830b92 |
| SHA1 | 734b7864cdcf0746607c383fa22cbf90748eff56 |
| SHA256 | 1edf88fc6ba87ae4b969031db13272743ac8e630a4921779a739fbb0067e52fd |
| SHA512 | 4ebb16b23e882dc36ba7608c609d008c3326304fd644f3b6f883e29b869bc4a89575c3e5f6d27d5c0ee4f8f6ffcdba1e290c514acb45b3c1a4bc706afbe970a0 |
C:\Users\Admin\Documents\GuardFox\G1FNYCMERpNS0KfUugymvuXY.exe
| MD5 | 0fd567504f804e89313c79297ac8d432 |
| SHA1 | ca83ad205192f6c4333a48954995ba69d58de579 |
| SHA256 | 80a6bf1ed3bee697949b483795e610bff1db6b0ec69bf5e81cbdafb6f81a5cc8 |
| SHA512 | c9d875232db257be4d7145230e784489a8cd3230356cc8229035086ee26eef8d49b382dae69e0dbdcfc5c11f72feb66a454fc0be49926e674f8879cc20bf1614 |
C:\Users\Admin\Documents\GuardFox\sSPmXTvm1u21s_coex8Vrqwo.exe
| MD5 | d3efb66b2fa1bc1b90001111e37fb96e |
| SHA1 | a477146b36acee3535266f7f9547e755bef33854 |
| SHA256 | f5db7989c2e1bcc749983d2cbe994974118c1b1c592afcaf4dd36228d8874d84 |
| SHA512 | 31ae4ba2b62714d93dc82ef33ddf1dabc39182a71c00c98d2e2d79004a373a44bd0225a7ff53b295487d7fe43b7df058b9a79e43b6da32963f0df4af18b04d46 |
C:\Users\Admin\Documents\GuardFox\sSPmXTvm1u21s_coex8Vrqwo.exe
| MD5 | a3f2200a7e1212c51a510e492c8760c6 |
| SHA1 | dd40ba268c35b2abc8d047fb4428100f507fa977 |
| SHA256 | 594101ed02be36ffbbab499ca64955f91ed1cc982cd8c6dcd65bcd6835eac945 |
| SHA512 | e774d7c84f779321c92354754b4e8670cfd1f7c3cb9ecac58f587789488c49d6acaec49215bd27db60e9189ed22ec854fc4b6836c73fdeddd1f47864b1e374a9 |
memory/2484-439-0x0000000000310000-0x00000000003A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-D41BL.tmp\D8wdWxf3JSCHBsT1rCOc1muQ.tmp
| MD5 | 209590a98cf4b52389d471375d857f99 |
| SHA1 | 3b493d41a3868bb587b299c3c7acbf841bdbd18b |
| SHA256 | aeab83b9b4b7f21717c02167b5fbee07807ceb8b445054ebdd3b7506b0a39e61 |
| SHA512 | 83d9d19e9ca9ee46e7b78cbc7394c79363ec1dcfb996620f64471f20c8e25b4f41cb1213ddca52c3e0664fab90126c5e3f5876c72f017289301d0b37fc22321e |
C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe
| MD5 | 3452f77aa5089d61190416dccdc21f8b |
| SHA1 | 72f530a197921204e708b0ee21fb3ebe5cc7afc2 |
| SHA256 | 0e3b5d3ad403555ba06244df854b3d7896690855853dd2beb84e54d0d82dd43c |
| SHA512 | 9d92399aa16a7ea14db8df965675b4309355ff86e6dc97a0a6abf2ce42ee427fa4b158b24175554e172502e22e313438543fbe280581dac6661b56be56152104 |
C:\Users\Admin\Documents\GuardFox\qhK8h985Nvs6aHjoZcpIIVdR.exe
| MD5 | 58e700206f6a0227bc7766b73fb9ddf6 |
| SHA1 | 621552e56e4e04a26c6b3bedade7d9c61c45c182 |
| SHA256 | 673c0967978f9f3bac500c25e2a3a93969344dbce0f00a99b30d1ef71f9bacf8 |
| SHA512 | c8d4573faf53ee9d44cb10a147a65a8992b5965ecb4d1abe9b2c4b477b9fa970d0b9b17f70f1dd56a2d7193a269756f219bd4dfda09d6eaea1c7693ac3fe606f |
C:\Users\Admin\Documents\GuardFox\zqOmM715lPnpTmRkQGRYV6MW.exe
| MD5 | 3276f72b6b34121afe4bb16ed5159e2c |
| SHA1 | 0aea2d115191a5303c4d7d021d3e3b2616a1e5f3 |
| SHA256 | 75f02ddfb1586bc58c4d09e4983ffe7acd33a474cfd907d976f105e6f07cfd6a |
| SHA512 | 6f12295038beec43639705b5af121541523f10dca3c9884017d07e23321c7d33ff5a481bf29eb80fc204e813c98d7f9ca7d80d30ff471d8f1954dd5e8b51e92b |
C:\Users\Admin\Documents\GuardFox\KiMvkBAdmu4Q7Cpnu58EfRae.exe
| MD5 | e57369d882af5f2646b77790b6e9d233 |
| SHA1 | ffdfbcf358dc6804a7286a4c72d343a3974a54bf |
| SHA256 | 92da5aff1993e39b5cc41bda6923302867a1eb445dbbc31255ea377e0c40ce17 |
| SHA512 | b138da286b6558b8898b6f913c04c0b7ac3ff23b163f9e39d136f101a89f92c95495f7ffe6c63570f51d3fbd27996b7d5cf265e9bab88f114ba946353bb1fdbf |
C:\Users\Admin\Documents\GuardFox\14JlbCy1eTD6_59JM48ARyLK.exe
| MD5 | 600482e3585d3b8e561033055d8ea8a6 |
| SHA1 | 79ad7caaca4c48fc545995c26e750666bb7ed400 |
| SHA256 | 1e959004b37cd9fb538ae5d6ae020959b9f444913ba50d5234cfdf4bffd9b449 |
| SHA512 | 3261fede14563a971b4b205801f4faf0ba5504a0f71198080a7b0117c6c8f761bf63fc5e8e66ca9bf20fedccef41fb9223b844bfb4cb9fe80d2e4945c7db58e6 |
C:\Users\Admin\Documents\GuardFox\6vnWRT4TKBC5lsawhQByZBAt.exe
| MD5 | e1d83e721f8f497f7f9bafe7eeb3c087 |
| SHA1 | a3066ee0d8c9840b74f69303694519e32fa81337 |
| SHA256 | 6e07d6754b411ac54bc21a71784dfceeb8f091bbd5f253fc3599e0d9fe347f9a |
| SHA512 | 51db3319c648a5b2c64384ea398e0090ec5118eeed4c22bb52b428ff731b1825364d1363afbde0a4ff99c9a745332a3236fa01a46778d4e576854e11f72bb1e4 |
C:\Users\Admin\Documents\GuardFox\D8wdWxf3JSCHBsT1rCOc1muQ.exe
| MD5 | 4b7c077823c34e2f6bd2084077b8d589 |
| SHA1 | d6b34df9396ac16d30db283940ef3076b25974da |
| SHA256 | 602b487986dd827962630176d20ac56bf92d2cbd73c1bf21250c77b9b7f6ea94 |
| SHA512 | 0e54cf6048e23ab46989b5d8e8191d7fe5a6a466751525c434a089c009546aad585ae405182bb82170381215b2b201fd8b2bfb54d139be754004a774b478032a |
C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe
| MD5 | 0bc0232489e8e2577ea0e7ecde602014 |
| SHA1 | 36cb32e4c572a84e70ab13de2e7f59243f7c662e |
| SHA256 | 19865186cf4dc436f93ceec5e86530d0f7676891487444ea6ba9ef056df4b64b |
| SHA512 | ff19e9a35c6cf4132b33922f1964b3ca59a8ff048903a368af4d3c67f2134aacb0c3f647fd6447b77b93e01747aa3064e79e4aa3f409fc0c9790411563cf262f |
C:\Users\Admin\Documents\GuardFox\qyhWJHjjuuV2DTQHhY6NpCiW.exe
| MD5 | 600f0230f9a808d1b6dd9b0546177be6 |
| SHA1 | 584259e033e7d7c30800365483fc0921f6407ad5 |
| SHA256 | 2528c463acea96adab1c4faad25391b62bb5a166ebdc5b59444447b69584d424 |
| SHA512 | 947f4ace8c70b216a3126f7354f741dc9bccf915b4d68cbecaaf3ce749f2cb400fbb428fe2c38dc3b4c0e65045725bd8ffff88f249bf57b8b831e963fa024f8d |
C:\Users\Admin\Documents\GuardFox\14JlbCy1eTD6_59JM48ARyLK.exe
| MD5 | db1776c617f997f3adb4c37f99e7e100 |
| SHA1 | af5860ab016d802a99df146b9cbf1c0a63ed1b12 |
| SHA256 | 11ac0c40f1f636866038c6b8eb0e10a528b472c01a64355a6f4332358a78183e |
| SHA512 | 21dd77ea74b591b02649479740589e75ccf862219ce17a3bd210541c5422a6685d04b32ff1fb4168e152edb1267d89d9d32c05e4807eb2693841d61655843f9b |
\Users\Admin\Documents\GuardFox\jpz5Y3DdIgw6FHJF3bGdZ8tw.exe
| MD5 | 197d4593d987907db1b1862edb8a2287 |
| SHA1 | 27e324347928935bdaf180c02242a4ea98064255 |
| SHA256 | e832fd7d1f463c69b65b9c4cb7b474375885356b3f0c84070c5d88685dbfa225 |
| SHA512 | 41d1a324c6ef7ed19b52334efdf5d05a22cbec8cf4f67b89118d0378682590634c61f5db1dccdb6d2527168fb51e9d15c82bd2d9b51cc99c1bd956cf3e6b35c7 |
\Users\Admin\Documents\GuardFox\jpz5Y3DdIgw6FHJF3bGdZ8tw.exe
| MD5 | b05f9187bf50fc14505a2468fa048773 |
| SHA1 | 28f8f79b21fbb78be6d0dc1ee54cfab11b6c4e3b |
| SHA256 | a4eee3492b302c17a6d6a044e8ff9f4fd74f184ad62c182592c1df14d2af965e |
| SHA512 | 1eaba882183f1f49ddd72f706051b15cf317cf417ab10968e1d7b4a4e5cb4af26c0c2c0e0e73fffaea7ccc4a422872c4b86828e610f4b0b534d70e678744595d |
C:\Users\Admin\Documents\GuardFox\IBKA6K2MCKIWp1kzupytH_7X.exe
| MD5 | 4e756a088261f115eaa237e256c2c68a |
| SHA1 | b331c50ff5d8bf06b2cf12bd1e7dbaf48aafa43e |
| SHA256 | 9790b6e226ae1bcebf47721e790b536add6d716d0e402639c551affb1569b8e0 |
| SHA512 | 799b39c6c303f4ecbca0b374c215e5c7c71b7c5b3200828526f373ab3c3d47c7da017917c97c3a554f827273dbe280e76a0e0887d31b04018da22229146080d2 |
C:\Users\Admin\Documents\GuardFox\c5bdWaXe7w6LjFh5aUvSC_h0.exe
| MD5 | 9ced2baf414a0d8f57c498d1670c36e0 |
| SHA1 | 2f6e6cabefbdd9c19b37ee0eb7b08d0ff2ab7f91 |
| SHA256 | 451ed4cc648753baf0d21ef81deb67f91603da10c3a357ae7641f23e1537883a |
| SHA512 | c65ae9443914885c7935ff71860ce229e189128a494119ac7a1a05943b0e0133c0335b7f23ff105be9f998f72e5d285b2ed1270b982821483a37a452cd468b10 |
C:\Users\Admin\Documents\GuardFox\fK2aKDF8knxiBD3coQzd3lQE.exe
| MD5 | 68b6361cc1f9f10844d043711780b5c6 |
| SHA1 | 1ffb1f786c7c00af8926f2b97f5f8152fe4c87cc |
| SHA256 | 272450c0411e0fa1a1b93755fd3ed369e5e5c783a9ab612dd364d3454902f246 |
| SHA512 | c4708b4fffbfa383a905a2dc0792ae317c2bbe25efdc502123e96e29d104cd0206b834c8ff648b3dc75cf0da8c7bdce1b97d3eb886767836f68f4d6666d02b49 |
C:\Users\Admin\Documents\GuardFox\xz1RKwuJjY0wuRJysoWmeJ5a.exe
| MD5 | dd9f78e0c4abab4e3d3b18c3d1fb12bb |
| SHA1 | 9a48a8f813cd2730b84ae73fd11d3ed3cfd82d40 |
| SHA256 | eb6372e092b175fea7aa3b5f4311c7c3b409d9a232fa50fb3645251c8ba96e6f |
| SHA512 | f038fba5d6582505d7d5088d16d27091d1a82c856cc36634be8b96987820f1eaeac241340d6031d7d543075552377e71a82e61768cdb0dbebf35e44d88c04508 |
C:\Users\Admin\Documents\GuardFox\DpPU23wMmzQ1E5ua6mqUEp6d.exe
| MD5 | 834beccc3019e7e0de955718fb643b08 |
| SHA1 | b503bbd420eb47d725f3c9d94c81676aa85a5c03 |
| SHA256 | 097927c7bbf5916f598397d7a8fd19fe1db40c85c201ce34300adeeab6e8aee2 |
| SHA512 | 128a32a9b4c90503833ec9d34e774173dc7564fdf93d5574ec244ebba35b5c2d3a436beaadedf9896c3e1a66319fc9744e9aa41b928c9036dd66b6a463978d76 |
memory/2136-381-0x0000000077990000-0x0000000077B39000-memory.dmp
memory/1268-463-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/1268-467-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/1268-472-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2200-473-0x0000000077B40000-0x0000000077B42000-memory.dmp
memory/1680-468-0x00000000008C0000-0x0000000001873000-memory.dmp
memory/1268-475-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/2940-482-0x0000000000400000-0x000000000043E000-memory.dmp
memory/2888-486-0x0000000005210000-0x0000000005474000-memory.dmp
memory/2940-487-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2940-485-0x00000000005D3000-0x00000000005E1000-memory.dmp
memory/1216-493-0x00000000010A0000-0x00000000019E7000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe
| MD5 | cef9756ebf12d2ce0c80d3ea2cc84bfd |
| SHA1 | f5b7a55e906f94736b66c5ca05e13e5b999c28a5 |
| SHA256 | 577c50df8ae75ace6fe2558ab2715e8251da51a68fe009b4482eaac5ac6cc17b |
| SHA512 | 3a524f2a29990f06001a8b1a774e8c1a8d50e7b4565a95554b73bd78cd47f7bd57ca4b51300f0bfba4f0a99706602703fcaef63e0307e9810dbfeb145f5f84cc |
memory/1216-492-0x0000000000130000-0x0000000000131000-memory.dmp
memory/2424-498-0x0000000000B70000-0x00000000013B8000-memory.dmp
memory/1692-501-0x0000000000F70000-0x0000000000FF2000-memory.dmp
memory/3048-504-0x00000000008F0000-0x0000000000DC2000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94d76965c77fbd341dc1ff7d0a4e5aa4 |
| SHA1 | 7a0628e3367e844ec022df84b690ff801391f60a |
| SHA256 | 9fbe043bab6c742989f7d76bbe392f1be4cbc132879ce390349c6cab923bf023 |
| SHA512 | 170921c46173ad761cedcfbf5c2cb9f7a7de8373bc540072dd85bfbf474d7a4bc4cfbf1709a2ab7c59685ded41f6136fd0df90aa86a0a98924bffb8e8c3fb290 |
memory/2424-507-0x0000000076D80000-0x0000000076E90000-memory.dmp
memory/880-529-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2484-542-0x0000000000310000-0x00000000003A2000-memory.dmp
memory/1680-519-0x00000000008C0000-0x0000000001873000-memory.dmp
memory/2788-547-0x0000000004F60000-0x00000000051AE000-memory.dmp
memory/2484-546-0x0000000000AC0000-0x0000000000BDB000-memory.dmp
memory/2888-545-0x0000000004FB0000-0x0000000005212000-memory.dmp
memory/1680-544-0x00000000008C0000-0x0000000001873000-memory.dmp
memory/1680-549-0x00000000008C0000-0x0000000001873000-memory.dmp
memory/2424-552-0x0000000076A50000-0x0000000076A97000-memory.dmp
memory/1224-551-0x0000000002B00000-0x0000000002B16000-memory.dmp
memory/2936-548-0x0000000000FD0000-0x0000000001052000-memory.dmp
memory/2424-543-0x0000000076D80000-0x0000000076E90000-memory.dmp
memory/2136-520-0x000000013F610000-0x000000013FFF9000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-9HM3S.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-9HM3S.tmp\_isetup\_isdecmp.dll
| MD5 | b6f11a0ab7715f570f45900a1fe84732 |
| SHA1 | 77b1201e535445af5ea94c1b03c0a1c34d67a77b |
| SHA256 | e47dd306a9854599f02bc1b07ca6dfbd5220f8a1352faa9616d1a327de0bbf67 |
| SHA512 | 78a757e67d21eb7cc95954df15e3eeff56113d6b40fb73f0c5f53304265cc52c79125d6f1b3655b64f9a411711b5b70f746080d708d7c222f4e65bad64b1b771 |
\Users\Admin\AppData\Local\Temp\is-9HM3S.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\is-D41BL.tmp\D8wdWxf3JSCHBsT1rCOc1muQ.tmp
| MD5 | f4f1185f6a7ed160fcffc3d0717e72f6 |
| SHA1 | 383565e6044b6c4c001dc11f0c45b4759e0ab987 |
| SHA256 | 5ef5adfa33b56d32b661b95e2e222d59c7334a95406505acba07df3c604a67f7 |
| SHA512 | 56a833a2aa8bd4e63c8c9ea3e46295adb3a69d10ff600042d9c54f7c8774b52afa6b5a5b93dddad8bf81c334070dcedd8f3f64e867ce8ba5c65404a4601483e5 |
memory/1268-526-0x0000000000400000-0x0000000000D40000-memory.dmp
\Users\Admin\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe
| MD5 | 953945cfe1c149a2eb6f0a7f0fbe23ea |
| SHA1 | 789931bac9c0803e7a64150258b29cb7ec5b66eb |
| SHA256 | 50386748a0895565f784f21bf24515a48300afe1cc3ba2303888f28af57bb178 |
| SHA512 | a7286a049ced1ef6f1a0673870d1f2d1d3772c2b5cb4db76c74b9fe2909e24a085762b27d0adff3f7d5451b8d3a281cf8e3bbe88acb2bda2219a9d849fee7cba |
C:\Users\Admin\Documents\GuardFox\Ls912Ku_zKaa4zeOMs488lla.exe
| MD5 | 1042e5098f713142849551349a44dc80 |
| SHA1 | 51af1eadaedf9732e36972be27bc818b205414e3 |
| SHA256 | 4bae1b4d93dc4e8d72cab11675aca572b6860212cafe5557fd0fa5dbb59a0921 |
| SHA512 | 3b33a8c5f0914317db6e52bb519f4977f2cfa6e4afc8bd7c9a266d70ad87c4e401068d0eaefcea1666c89f14fd24621c6ce7e2703e469fd4c8e2418e1b58c8e0 |
memory/880-503-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\qhK8h985Nvs6aHjoZcpIIVdR.exe
| MD5 | 447307833189cf0c5e9004d2ac63b6d6 |
| SHA1 | 527d9c5b9950d55fb40c3eaf88e5d2125829ed82 |
| SHA256 | 32ba734297e805e023800a5145b564a70332d08cd69c0ad26e9343a15db0253e |
| SHA512 | 5d301604496a42c422713f162e4e4ed700ed6e2bd988791218ae36dcc10ee5cc9a5af1b944b0f5bcb6d8da3be7fd6bc00bdcc252d02c9b3289046394dc3c0bb2 |
C:\Users\Admin\Documents\GuardFox\zqOmM715lPnpTmRkQGRYV6MW.exe
| MD5 | 07bc1d317cc26821181345a0f9025700 |
| SHA1 | 96869c0fff5a42a008e807aa9ed0c387feea3a28 |
| SHA256 | 8eb85e98c0b64d44f5d1345bcd8218b3ba56d2ce011b7f0b8661bcd306232e10 |
| SHA512 | 7e39aef3899fae1f2c74edc324541464b14052695c53a32c6868c026be469e193e8e0330ad094c970aaa64d8e8b7dfab40e06d535498f07606bf832db1f37db0 |
memory/880-497-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2920-496-0x0000000000EF0000-0x00000000013CA000-memory.dmp
memory/1216-490-0x0000000000130000-0x0000000000131000-memory.dmp
memory/2788-484-0x00000000051B0000-0x0000000005400000-memory.dmp
C:\Users\Admin\Documents\GuardFox\iCYwd_WLY9eMg9YWFa8cIjFY.exe
| MD5 | b95d3402df0fd33cbe6c50ae003335b3 |
| SHA1 | 05dcab5ff71b9c3f80e5e73c65fd374e5c92a837 |
| SHA256 | 09734dc92f947c67d9e6cf9774d1846de28e22d954b70c90998d690c56e9c6e9 |
| SHA512 | 9e90afdd9d6b7311c8e8ccfb67c17287d015bb30b503f0d47a823db6673317b6cdc5bd1209195ca6334f860b6e5de768c062113bb980e546f07114396d1a8b93 |
C:\Users\Admin\Documents\GuardFox\14JlbCy1eTD6_59JM48ARyLK.exe
| MD5 | 9e49222a9b8485f3a544ca279be70677 |
| SHA1 | dc5d40a5072ce3428383b4b874714c5ae029d9b7 |
| SHA256 | 92b09b3fc661dcbb5cb330ecd87da8ec851464393e76bb7a390d3f89b5726ce7 |
| SHA512 | 850f4550d945764c690d419778a2781d7f7c8891778ce3094de59a2aa8336a3b2bf13e6c569f515bb575f30bfff4e64cec68519b7bb2fdfba524372d5dfaa4c1 |
C:\Users\Admin\Documents\GuardFox\xz1RKwuJjY0wuRJysoWmeJ5a.exe
| MD5 | 3382830873cbfd9284572d95a7995295 |
| SHA1 | 67c77dee1b36ec971004d60cfc27b4404d1ad7e7 |
| SHA256 | c13276841bba9c2c8f4c12f83e392d9eb0c1118c9c3d5115eaf9b8bd71c57e4f |
| SHA512 | 3a9aab60642a6d788d958d15f6a61f0332bc16ed9afd9c53eb1dae44d0af3cf64b561bd52eaba567d0c6c6fd51beba4a1c69fcc876646974101cde248642d218 |
C:\Users\Admin\Documents\GuardFox\tLtmdRvUSqoRnn6GuxdF94RX.exe
| MD5 | 9257cf605adab36eca2859d54e079459 |
| SHA1 | 986e91f72bdb224728bf4f8f6fafbbddf912e3fd |
| SHA256 | 438c783e0c232a1db1ebc9415fba2c6f4496f13bd363cc1db4e1c3bbe50b8f86 |
| SHA512 | a2e72e8f940eae5f2e6f4140e92a76e90b049bae89b9a9376d1cc4eaf3fc7ce4296084a5d870c7b6f52cd988c186c98a67ea60502362073538e5cd21e5a177fe |
memory/2652-354-0x0000000000400000-0x0000000000459000-memory.dmp
memory/1680-550-0x00000000008C0000-0x0000000001873000-memory.dmp
memory/2028-555-0x0000000000400000-0x000000000043E000-memory.dmp
memory/2424-556-0x0000000076D80000-0x0000000076E90000-memory.dmp
memory/2028-560-0x0000000000563000-0x0000000000571000-memory.dmp
memory/2028-561-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2136-557-0x000000013F610000-0x000000013FFF9000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:02
Reported
2024-01-25 17:11
Platform
win10v2004-20231215-en
Max time kernel
280s
Max time network
298s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Formbook
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Formbook payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Contacts a large (792) amount of remote hosts
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | iplogger.org | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\s2.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\s2.exe
"C:\Users\Admin\AppData\Local\Temp\s2.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\n8lts3wu3LEK31H_8scS0swh.exe
"C:\Users\Admin\Documents\GuardFox\n8lts3wu3LEK31H_8scS0swh.exe"
C:\Users\Admin\Documents\GuardFox\JW8JVK3h2UKJp3Mga4JfrDPi.exe
"C:\Users\Admin\Documents\GuardFox\JW8JVK3h2UKJp3Mga4JfrDPi.exe"
C:\Users\Admin\Documents\GuardFox\tutjpA9F7ey1Qilb1V2axRiZ.exe
"C:\Users\Admin\Documents\GuardFox\tutjpA9F7ey1Qilb1V2axRiZ.exe"
C:\Users\Admin\Documents\GuardFox\jU7SJ07UicWF7hD0MaZuy4mY.exe
"C:\Users\Admin\Documents\GuardFox\jU7SJ07UicWF7hD0MaZuy4mY.exe"
C:\Users\Admin\Documents\GuardFox\QWeM4i6raY5Hi6jGEd2QFH85.exe
"C:\Users\Admin\Documents\GuardFox\QWeM4i6raY5Hi6jGEd2QFH85.exe"
C:\Users\Admin\Documents\GuardFox\SO8uK9Sp2tKWtWgD2eBltM6S.exe
"C:\Users\Admin\Documents\GuardFox\SO8uK9Sp2tKWtWgD2eBltM6S.exe"
C:\Users\Admin\Documents\GuardFox\QQw5SFBO7t77B3jDUdWt8lSr.exe
"C:\Users\Admin\Documents\GuardFox\QQw5SFBO7t77B3jDUdWt8lSr.exe"
C:\Users\Admin\Documents\GuardFox\GjtKAmOQqOXlDAbTCFnU40uH.exe
"C:\Users\Admin\Documents\GuardFox\GjtKAmOQqOXlDAbTCFnU40uH.exe"
C:\Users\Admin\Documents\GuardFox\hpyyixkRm6Wny8XDpx52VFFK.exe
"C:\Users\Admin\Documents\GuardFox\hpyyixkRm6Wny8XDpx52VFFK.exe"
C:\Users\Admin\Documents\GuardFox\w5Lf1N4ErTFYfCw1MdICIKF3.exe
"C:\Users\Admin\Documents\GuardFox\w5Lf1N4ErTFYfCw1MdICIKF3.exe"
C:\Users\Admin\Documents\GuardFox\rn57asznEP_ooX3h_4l7PyoD.exe
"C:\Users\Admin\Documents\GuardFox\rn57asznEP_ooX3h_4l7PyoD.exe"
C:\Users\Admin\Documents\GuardFox\Z_aNIQGQvDICmgvUH1CicY9e.exe
"C:\Users\Admin\Documents\GuardFox\Z_aNIQGQvDICmgvUH1CicY9e.exe"
C:\Users\Admin\Documents\GuardFox\LIt9vu_JfOkv1gObfODgn5vc.exe
"C:\Users\Admin\Documents\GuardFox\LIt9vu_JfOkv1gObfODgn5vc.exe"
C:\Users\Admin\Documents\GuardFox\rQXZgMqhos5xuslx24PhY0rG.exe
"C:\Users\Admin\Documents\GuardFox\rQXZgMqhos5xuslx24PhY0rG.exe"
C:\Users\Admin\Documents\GuardFox\wGltadLuoDTS0V2cHtWka4dO.exe
"C:\Users\Admin\Documents\GuardFox\wGltadLuoDTS0V2cHtWka4dO.exe"
C:\Users\Admin\Documents\GuardFox\TQQ0xmPBCt_xVf6bm5xuslyp.exe
"C:\Users\Admin\Documents\GuardFox\TQQ0xmPBCt_xVf6bm5xuslyp.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5940 -ip 5940
C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe
"C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe" -i
C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe
"C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe" -s
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 340
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
"C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe"
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
"C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe"
C:\Users\Admin\Documents\GuardFox\p65tzIrYYt1dXE8eGE1C8a0j.exe
"C:\Users\Admin\Documents\GuardFox\p65tzIrYYt1dXE8eGE1C8a0j.exe"
C:\Users\Admin\Documents\GuardFox\yzzuLArvtRtf4YRRZrW8wLXz.exe
"C:\Users\Admin\Documents\GuardFox\yzzuLArvtRtf4YRRZrW8wLXz.exe"
C:\Users\Admin\AppData\Local\Temp\is-L6FK0.tmp\QQw5SFBO7t77B3jDUdWt8lSr.tmp
"C:\Users\Admin\AppData\Local\Temp\is-L6FK0.tmp\QQw5SFBO7t77B3jDUdWt8lSr.tmp" /SL5="$7021C,6434705,337408,C:\Users\Admin\Documents\GuardFox\QQw5SFBO7t77B3jDUdWt8lSr.exe"
C:\Users\Admin\Documents\GuardFox\v45HMWE4NwLCcmbZT7FlI17g.exe
"C:\Users\Admin\Documents\GuardFox\v45HMWE4NwLCcmbZT7FlI17g.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
"C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\5dc07894-4694-47cb-9696-420e2bcb5b96" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN tpoyBHopaqQxso0Btt4FF7fE.exe /TR "C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe" /F
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" -s KVE~767O.KG -U
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\IEUpdater574\IEUpdater574.exe" /tn "IEUpdater574 HR" /sc HOURLY /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5240 -ip 5240
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 972
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\IEUpdater574\IEUpdater574.exe" /tn "IEUpdater574 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\726C.exe
C:\Users\Admin\AppData\Local\Temp\726C.exe
C:\Users\Admin\AppData\Local\Temp\726C.exe
C:\Users\Admin\AppData\Local\Temp\726C.exe
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
"C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\7D2B.exe
C:\Users\Admin\AppData\Local\Temp\7D2B.exe
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
"C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe" --Admin IsNotAutoStart IsNotTask
C:\ProgramData\IEUpdater574\IEUpdater574.exe
"C:\ProgramData\IEUpdater574\IEUpdater574.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5676 -ip 5676
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5676 -ip 5676
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2616 -ip 2616
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 988
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\jU7SJ07UicWF7hD0MaZuy4mY.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5924 -ip 5924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 2364
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\9D85.exe
C:\Users\Admin\AppData\Local\Temp\9D85.exe
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\h8JVvbxopEQSIIcJxn_r.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\h8JVvbxopEQSIIcJxn_r.exe"
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\4U5oN8ynaIMYFPuZ8Xpz.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\4U5oN8ynaIMYFPuZ8Xpz.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\_mq5QkEoHyRX1Tz9EBfc.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\_mq5QkEoHyRX1Tz9EBfc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc823b46f8,0x7ffc823b4708,0x7ffc823b4718
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1404 -ip 1404
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\49YgtRVnm44zkHTi8Sly.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\49YgtRVnm44zkHTi8Sly.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 1380
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\ENVq517tiOWBsKOTmr8V.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\ENVq517tiOWBsKOTmr8V.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc823b46f8,0x7ffc823b4708,0x7ffc823b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc823b46f8,0x7ffc823b4708,0x7ffc823b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc823b46f8,0x7ffc823b4708,0x7ffc823b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffc823b46f8,0x7ffc823b4708,0x7ffc823b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc823b46f8,0x7ffc823b4708,0x7ffc823b4718
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc72e89758,0x7ffc72e89768,0x7ffc72e89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc72e89758,0x7ffc72e89768,0x7ffc72e89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc72e89758,0x7ffc72e89768,0x7ffc72e89778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5869664984242584907,9721453986783170696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5869664984242584907,9721453986783170696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1180 -ip 1180
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.0.664098056\2030547651" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64386da5-3b92-47b5-ae03-c2784253c7f1} 708 "\\.\pipe\gecko-crash-server-pipe.708" 1956 23271608158 gpu
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 1012
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,10952870413389283843,2005136854693400141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9991900077285983046,2363093535801731692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,18072916294253413203,1765599729463325459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13354385603861284690,15003466240795696997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\D530.exe
C:\Users\Admin\AppData\Local\Temp\D530.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.1.35756523\454901518" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff025545-1fc5-47e6-bef7-c5ef3223b9cc} 708 "\\.\pipe\gecko-crash-server-pipe.708" 2436 232703ef258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.2.628374538\1600509942" -childID 1 -isForBrowser -prefsHandle 3468 -prefMapHandle 2924 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffcd6668-542e-4ced-9059-ee4a70478603} 708 "\\.\pipe\gecko-crash-server-pipe.708" 3464 23274632958 tab
C:\Users\Admin\AppData\Local\Temp\is-PLOGQ.tmp\D530.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PLOGQ.tmp\D530.tmp" /SL5="$20406,6135014,54272,C:\Users\Admin\AppData\Local\Temp\D530.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.3.452445957\1036058701" -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23c392fa-6818-480c-8a62-95a7d37868bb} 708 "\\.\pipe\gecko-crash-server-pipe.708" 3916 23263c2db58 tab
C:\Users\Admin\AppData\Local\Temp\1000583001\store.exe
"C:\Users\Admin\AppData\Local\Temp\1000583001\store.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.4.667003886\1815394424" -childID 3 -isForBrowser -prefsHandle 4724 -prefMapHandle 4720 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77a35555-90c8-436a-9dc7-d45949c35e37} 708 "\\.\pipe\gecko-crash-server-pipe.708" 4736 23275970458 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4592 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=2028,i,12064770790383997706,7823112598127460262,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4840 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000609001\stan.exe
"C:\Users\Admin\AppData\Local\Temp\1000609001\stan.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=2028,i,12064770790383997706,7823112598127460262,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1948,i,1527621679058514605,12473658403978102727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1948,i,1527621679058514605,12473658403978102727,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3944 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.5.1665713384\792737824" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4888 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec479983-0074-4703-b8e7-33f8eb8a68ae} 708 "\\.\pipe\gecko-crash-server-pipe.708" 4932 232769d2e58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:2
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Users\Admin\AppData\Local\Temp\1000612001\TrueCrypt_NyNIUi.exe
"C:\Users\Admin\AppData\Local\Temp\1000612001\TrueCrypt_NyNIUi.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6124 -ip 6124
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 1000
C:\Users\Admin\AppData\Local\Temp\2D63.exe
C:\Users\Admin\AppData\Local\Temp\2D63.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\3CC6.exe
C:\Users\Admin\AppData\Local\Temp\3CC6.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4912 -ip 4912
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\1000617001\moto.exe
"C:\Users\Admin\AppData\Local\Temp\1000617001\moto.exe"
C:\Users\Admin\AppData\Local\Temp\435E.exe
C:\Users\Admin\AppData\Local\Temp\435E.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 348
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\47F3.exe
C:\Users\Admin\AppData\Local\Temp\47F3.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "FLWCUERA"
C:\Users\Admin\AppData\Local\Temp\1000622001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000622001\leg221.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474 0x490
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:8
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\60FA.dll
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\AppData\Local\Temp\1000623001\latestrocki.exe
"C:\Users\Admin\AppData\Local\Temp\1000623001\latestrocki.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"
C:\Users\Admin\AppData\Local\Temp\1000624001\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\1000624001\crypted.exe"
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\60FA.dll
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\6fcd292fd77f48b7b88d4cd897f8fdab /t 6320 /p 6896
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\1000625001\2024.exe
"C:\Users\Admin\AppData\Local\Temp\1000625001\2024.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3008 -ip 3008
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\Users\Admin\AppData\Local\Temp\1000626001\alex.exe
"C:\Users\Admin\AppData\Local\Temp\1000626001\alex.exe"
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Users\Admin\AppData\Local\Temp\1000627001\rdx1122.exe
"C:\Users\Admin\AppData\Local\Temp\1000627001\rdx1122.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 352
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Users\Admin\AppData\Local\Temp\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\FirstZ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7420 -ip 7420
C:\Windows\system32\conhost.exe
conhost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000617001\moto.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "FLWCUERA"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Users\Admin\AppData\Local\Temp\1000628001\gold1201001.exe
"C:\Users\Admin\AppData\Local\Temp\1000628001\gold1201001.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 372
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
"C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe"
C:\Users\Admin\AppData\Local\Temp\1000629001\installs.exe
"C:\Users\Admin\AppData\Local\Temp\1000629001\installs.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1928,i,5868315499484849610,828339526587506877,131072 /prefetch:8
C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7420 -ip 7420
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
"C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 376
C:\Windows\system32\conhost.exe
conhost.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7420 -ip 7420
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe
"C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe" -i
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Query
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 392
C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe
"C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe" -s
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 7420 -ip 7420
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 680
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 212 -ip 212
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 212 -s 552
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7420 -ip 7420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 692
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 664
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 1100
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7420 -ip 7420
C:\Users\Admin\AppData\Roaming\rcaifbg
C:\Users\Admin\AppData\Roaming\rcaifbg
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 692
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7420 -ip 7420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 748
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 7420 -ip 7420
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 756
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc72b19758,0x7ffc72b19768,0x7ffc72b19778
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /1
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1704,i,800700162255148476,2695259915063331389,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1044 -ip 1044
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1704,i,800700162255148476,2695259915063331389,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1704,i,800700162255148476,2695259915063331389,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1704,i,800700162255148476,2695259915063331389,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1704,i,800700162255148476,2695259915063331389,131072 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 228
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7420 -ip 7420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 772
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7420 -ip 7420
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 824
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7420 -ip 7420
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1704,i,800700162255148476,2695259915063331389,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 660
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 7420 -ip 7420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 884
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 804
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7420 -ip 7420
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc72b19758,0x7ffc72b19768,0x7ffc72b19778
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 3740 -ip 3740
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 672
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 672
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 732
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4028 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:1
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
"C:\ProgramData\wikombernizc\reakuqnanrkn.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1884,i,12425335401544110283,5897065034745467891,131072 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.9.59:443 | api.myip.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.9.26.104.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | ok.spartabig.com | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 104.21.15.216:80 | ok.spartabig.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 162.159.133.233:80 | cdn.discordapp.com | tcp |
| US | 162.159.133.233:80 | cdn.discordapp.com | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 162.159.133.233:80 | cdn.discordapp.com | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| US | 172.67.189.229:443 | 294self-limited.sbs | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| MX | 189.232.10.46:80 | cczhk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| MX | 189.232.10.46:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 40.13.222.173.in-addr.arpa | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.3:443 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.1:443 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| NL | 95.142.206.2:443 | tcp | |
| NL | 95.142.206.0:443 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | udp | |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | 32.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.4.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 172.67.139.220:443 | tcp | |
| US | 20.12.23.50:443 | tcp | |
| NL | 45.15.156.229:80 | tcp | |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 104.26.9.59:443 | api.myip.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| DE | 185.172.128.19:80 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| FR | 199.232.168.193:443 | tcp | |
| RU | 91.215.85.120:80 | tcp | |
| DE | 162.55.91.19:443 | tcp | |
| US | 172.67.173.86:80 | tcp | |
| NL | 91.92.245.15:80 | tcp | |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| RU | 193.233.132.67:50500 | tcp | |
| US | 8.8.8.8:53 | 86.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.113.215.185.in-addr.arpa | udp |
| FI | 109.107.182.3:80 | tcp | |
| DE | 162.55.91.19:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 20.190.177.147:443 | tcp | |
| FR | 20.190.177.147:443 | tcp | |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| IE | 209.85.203.84:443 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| IE | 209.85.203.84:443 | udp | |
| FI | 65.109.67.182:443 | tcp | |
| US | 50.112.167.115:443 | tcp | |
| DE | 185.172.128.19:80 | tcp | |
| US | 8.8.8.8:53 | 35.195.240.157.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | tcp | |
| US | 157.240.229.35:443 | udp | |
| US | 34.107.221.82:80 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.179.238:443 | clients2.google.com | tcp |
| US | 188.114.97.2:443 | ikevopoka.shop | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 172.67.129.233:443 | tcp | |
| GB | 216.58.201.110:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | udp | |
| GB | 216.58.204.68:443 | www.google.com | udp |
| FR | 172.217.130.232:443 | tcp | |
| FR | 172.217.130.232:443 | tcp | |
| SE | 185.225.114.22:9001 | tcp | |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| DE | 138.201.125.92:15647 | tcp | |
| US | 8.8.8.8:53 | 92.125.201.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thompsonchemists.shop | udp |
| PA | 190.219.136.87:80 | cczhk.com | tcp |
| LT | 84.32.84.32:443 | tcp | |
| US | 8.8.8.8:53 | altaibalanceskfkk.shop | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | digital-humanities.shop | udp |
| US | 162.254.39.137:443 | altaibalanceskfkk.shop | tcp |
| US | 8.8.8.8:53 | moonriversnaturals.shop | udp |
| US | 172.67.199.155:80 | policaincreations.shop | tcp |
| US | 188.114.96.2:80 | ikevopoka.shop | tcp |
| US | 8.8.8.8:53 | 13.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.39.254.162.in-addr.arpa | udp |
| US | 188.114.97.2:80 | ikevopoka.shop | tcp |
| US | 8.8.8.8:53 | oporttunidadeunica.shop | udp |
| US | 8.8.8.8:53 | worldscentsandmore.shop | udp |
| US | 172.67.210.117:80 | moonriversnaturals.shop | tcp |
| US | 8.8.8.8:53 | udp | |
| BR | 45.152.46.145:443 | crescendonodigital.shop | tcp |
| US | 8.8.8.8:53 | barbaraclothingline.shop | udp |
| BR | 185.213.81.172:443 | oporttunidadeunica.shop | tcp |
| US | 172.67.158.2:80 | shopwillowandbirch.shop | tcp |
| US | 8.8.8.8:53 | escoladalongevidade.shop | udp |
| US | 8.8.8.8:53 | 155.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.46.152.45.in-addr.arpa | udp |
| US | 188.114.96.2:80 | worldscentsandmore.shop | tcp |
| JP | 160.251.148.85:443 | digital-humanities.shop | tcp |
| US | 50.6.138.140:443 | sorteiodosbrothers.shop | tcp |
| US | 8.8.8.8:53 | www.jaibharatartgallery.shop | udp |
| US | 162.241.224.20:443 | barbaraclothingline.shop | tcp |
| US | 188.114.97.2:80 | worldscentsandmore.shop | tcp |
| US | 154.49.142.241:443 | tcp | |
| US | 8.8.8.8:53 | eliminandodornascostass.shop | udp |
| DE | 185.172.128.90:80 | tcp | |
| US | 8.8.8.8:53 | 204.58.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.243.190.103.in-addr.arpa | udp |
| BR | 45.152.46.199:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | headshotzofbeverlyhills.shop | udp |
| BR | 149.100.155.191:443 | tcp | |
| US | 188.114.96.2:80 | worldscentsandmore.shop | tcp |
| US | 172.67.75.172:443 | tcp | |
| US | 172.67.186.67:80 | the-outsiders-journey.shop | tcp |
| US | 8.8.8.8:53 | wingshingofficefurniture.shop | udp |
| US | 8.8.8.8:53 | bestproductswithdiscount.shop | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | shopcaliforniaaccessories.shop | udp |
| US | 104.21.58.234:80 | headshotzofbeverlyhills.shop | tcp |
| US | 195.179.236.250:443 | tcp | |
| US | 162.241.224.20:443 | barbaraclothingline.shop | tcp |
| US | 8.8.8.8:53 | aivia.biz | udp |
| DE | 185.172.128.53:80 | tcp | |
| US | 8.8.8.8:53 | ufa999.biz | udp |
| US | 8.8.8.8:53 | xwin888.biz | udp |
| IN | 103.190.243.3:443 | tcp | |
| US | 8.8.8.8:53 | 250.236.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | idola69toto.life | udp |
| US | 172.67.183.217:443 | ufa999.biz | tcp |
| US | 162.159.137.9:443 | tcp | |
| US | 8.8.8.8:53 | pgslot718.biz | udp |
| US | 8.8.8.8:53 | prettygame11.biz | udp |
| US | 162.241.216.113:443 | tcp | |
| US | 8.8.8.8:53 | www.royalrentals.com | udp |
| US | 8.8.8.8:53 | born2leadwear.biz | udp |
| US | 8.8.8.8:53 | wallmouldingmalang.biz | udp |
| US | 188.114.97.2:443 | pgslot718.biz | tcp |
| US | 188.114.96.2:443 | pgslot718.biz | tcp |
| US | 172.67.184.75:443 | prettygame11.biz | tcp |
| US | 188.114.96.2:443 | pgslot718.biz | tcp |
| US | 8.8.8.8:53 | undependableexpress.biz | udp |
| US | 8.8.8.8:53 | trollingdawg.site | udp |
| US | 50.62.172.132:443 | tcp | |
| US | 66.45.245.68:443 | tcp | |
| US | 162.241.244.109:443 | tcp | |
| US | 172.67.144.108:443 | wallmouldingmalang.biz | tcp |
| ID | 153.92.9.45:443 | tcp | |
| ID | 153.92.9.45:443 | tcp | |
| ID | 153.92.9.45:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 198.54.116.134:443 | tcp | |
| US | 8.8.8.8:53 | siteexclusivo.site | udp |
| US | 8.8.8.8:53 | suksesagen869.site | udp |
| US | 104.21.39.89:443 | tcp | |
| US | 3.33.130.190:443 | tcp | |
| CA | 192.99.4.70:443 | btobleads.biz | tcp |
| US | 8.8.8.8:53 | bruxacleopatra.site | udp |
| IT | 195.231.86.129:443 | trollingdawg.site | tcp |
| US | 8.8.8.8:53 | divinospresets.site | udp |
| US | 8.8.8.8:53 | 32.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.245.45.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.4.99.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.152.251.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.244.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.172.62.50.in-addr.arpa | udp |
| US | 205.251.152.162:80 | born2leadwear.biz | tcp |
| US | 8.8.8.8:53 | 108.144.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | viniciusvargas.site | udp |
| US | 104.21.58.204:443 | tcp | |
| US | 8.8.8.8:53 | bateriarenovada.site | udp |
| US | 8.8.8.8:53 | clinicaestetica.site | udp |
| FI | 65.108.108.217:443 | tcp | |
| US | 8.8.8.8:53 | termurahagen531.site | udp |
| JP | 141.147.185.135:443 | tcp | |
| US | 8.8.8.8:53 | instantedebeleza.site | udp |
| US | 104.21.39.89:80 | tcp | |
| ID | 153.92.9.45:443 | termurahagen531.site | tcp |
| SG | 156.67.213.70:443 | sdn2girimukti.site | tcp |
| US | 8.8.8.8:53 | perdanadaftar882.site | udp |
| US | 162.241.2.157:443 | siteexclusivo.site | tcp |
| US | 8.8.8.8:53 | presentesurpresa.site | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.116.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.9.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.86.231.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.sekaino-kousaten.site | udp |
| BR | 170.81.42.166:443 | divinospresets.site | tcp |
| US | 192.185.215.219:443 | viniciusvargas.site | tcp |
| US | 8.8.8.8:53 | casajardimaurelia.site | udp |
| LT | 84.32.84.32:443 | presentesurpresa.site | tcp |
| US | 8.8.8.8:53 | crossroadsenglish.site | udp |
| US | 8.8.8.8:53 | starkgroup.site | udp |
| US | 8.8.8.8:53 | appliancedepotllpi.site | udp |
| US | 8.8.8.8:53 | affordablemobility.site | udp |
| US | 8.8.8.8:53 | backdatazoimperial.site | udp |
| NL | 80.79.4.61:18236 | tcp | |
| ID | 153.92.9.45:443 | perdanadaftar882.site | tcp |
| US | 50.6.138.95:443 | bruxacleopatra.site | tcp |
| US | 8.8.8.8:53 | discountoffertoday.site | udp |
| US | 8.8.8.8:53 | 217.108.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.185.147.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.213.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.2.241.162.in-addr.arpa | udp |
| ID | 153.92.9.45:443 | perdanadaftar882.site | tcp |
| US | 8.8.8.8:53 | financascomsucesso.site | udp |
| LT | 84.32.84.32:443 | presentesurpresa.site | tcp |
| US | 8.8.8.8:53 | lesionesdeportivas.site | udp |
| US | 8.8.8.8:53 | liberdadecomiphone.site | udp |
| US | 8.8.8.8:53 | pruinemanufacturer.site | udp |
| US | 8.8.8.8:53 | cursodigitaloficial.site | udp |
| US | 8.8.8.8:53 | envirotechsolutions.site | udp |
| US | 8.8.8.8:53 | fiqueicuriososoaqui.site | udp |
| US | 8.8.8.8:53 | condicioneslaborales.site | udp |
| US | 8.8.8.8:53 | zerkalo-leonbets3016.site | udp |
| US | 54.210.171.245:443 | appliancedepotllpi.site | tcp |
| US | 45.77.74.30:443 | backdatazoimperial.site | tcp |
| US | 74.208.236.86:80 | affordablemobility.site | tcp |
| BR | 89.117.7.214:443 | casajardimaurelia.site | tcp |
| US | 8.8.8.8:53 | benchfurniturecompany.site | udp |
| US | 8.8.8.8:53 | 219.215.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.42.81.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.4.79.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metodoagendamilionaria.site | udp |
| US | 162.254.39.112:443 | crossroadsenglish.site | tcp |
| US | 191.96.56.102:443 | tcp | |
| US | 8.8.8.8:53 | psicologajouselibarrozo.site | udp |
| US | 167.99.126.174:443 | starkgroup.site | tcp |
| US | 8.8.8.8:53 | www.dbwebdesigns.com | udp |
| US | 8.8.8.8:53 | espiritosantomeumelhoramigo.site | udp |
| BR | 82.180.153.173:443 | liberdadecomiphone.site | tcp |
| BR | 149.100.155.211:443 | financascomsucesso.site | tcp |
| US | 162.241.224.20:443 | benchfurniturecompany.site | tcp |
| BR | 154.49.247.26:443 | cursodigitaloficial.site | tcp |
| US | 8.8.8.8:53 | upall.store | udp |
| NL | 75.102.58.86:443 | condicioneslaborales.site | tcp |
| US | 8.8.8.8:53 | dealgifts.shop | udp |
| US | 8.8.8.8:53 | durasheds.shop | udp |
| SG | 193.168.194.36:443 | envirotechsolutions.site | tcp |
| US | 8.8.8.8:53 | summitbuildingcampaign.site | udp |
| US | 8.8.8.8:53 | 95.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eadigital.shop | udp |
| JP | 118.27.122.88:443 | www.sekaino-kousaten.site | tcp |
| US | 8.8.8.8:53 | opall.store | udp |
| US | 8.8.8.8:53 | hourcraft.shop | udp |
| US | 8.8.8.8:53 | ikeropase.shop | udp |
| US | 162.241.224.20:443 | benchfurniturecompany.site | tcp |
| BR | 45.152.44.4:443 | metodoagendamilionaria.site | tcp |
| US | 217.21.76.145:443 | lesionesdeportivas.site | tcp |
| US | 8.8.8.8:53 | gudangada.shop | udp |
| US | 8.8.8.8:53 | 30.74.77.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.7.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ilerepoca.shop | udp |
| US | 8.8.8.8:53 | iranpanel.shop | udp |
| US | 63.250.43.12:443 | durasheds.shop | tcp |
| US | 104.21.85.173:443 | eadigital.shop | tcp |
| CA | 23.227.38.65:443 | dealgifts.shop | tcp |
| US | 162.254.39.102:443 | summitbuildingcampaign.site | tcp |
| SG | 31.220.110.20:443 | opall.store | tcp |
| DE | 217.160.0.187:443 | www.dbwebdesigns.com | tcp |
| SG | 31.220.110.20:443 | opall.store | tcp |
| US | 50.6.138.96:443 | espiritosantomeumelhoramigo.site | tcp |
| US | 8.8.8.8:53 | jollyarts.shop | udp |
| US | 8.8.8.8:53 | www.khalsgems.shop | udp |
| US | 162.241.2.77:443 | psicologajouselibarrozo.site | tcp |
| US | 8.8.8.8:53 | malayalam.shop | udp |
| US | 8.8.8.8:53 | melarikan.shop | udp |
| US | 188.114.96.2:80 | ilerepoca.shop | tcp |
| US | 8.8.8.8:53 | menekules.shop | udp |
| US | 188.114.96.2:443 | ilerepoca.shop | tcp |
| US | 188.114.97.2:443 | ilerepoca.shop | tcp |
| US | 8.8.8.8:53 | 173.153.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.194.168.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.122.27.118.in-addr.arpa | udp |
| FI | 65.21.207.219:443 | iranpanel.shop | tcp |
| US | 172.67.214.101:443 | www.khalsgems.shop | tcp |
| US | 8.8.8.8:53 | pabegimas.shop | udp |
| SG | 185.232.14.145:443 | gudangada.shop | tcp |
| DK | 46.30.213.132:443 | jollyarts.shop | tcp |
| US | 188.114.97.2:443 | ilerepoca.shop | tcp |
| US | 104.21.58.204:80 | tcp | |
| US | 8.8.8.8:53 | www.peekwises.shop | udp |
| US | 8.8.8.8:53 | 132.213.30.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.proportas.shop | udp |
| US | 172.67.165.108:443 | tcp | |
| US | 172.67.133.71:443 | pabegimas.shop | tcp |
| US | 172.67.149.202:443 | melarikan.shop | tcp |
| US | 8.8.8.8:53 | dbwebdesigns.com | udp |
| US | 89.117.50.161:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | raregifts.shop | udp |
| US | 188.114.97.2:443 | www.proportas.shop | tcp |
| US | 8.8.8.8:53 | quirkyart.shop | udp |
| US | 8.8.8.8:53 | www.sammoonss.shop | udp |
| US | 8.8.8.8:53 | www.sensuales.shop | udp |
| US | 188.114.97.2:443 | www.sammoonss.shop | tcp |
| US | 8.8.8.8:53 | shedbuild.shop | udp |
| US | 8.8.8.8:53 | www.swellwake.shop | udp |
| US | 8.8.8.8:53 | tubeworks.shop | udp |
| US | 8.8.8.8:53 | www.hourcraft.shop | udp |
| US | 8.8.8.8:53 | www.turnertoy.shop | udp |
| US | 8.8.8.8:53 | www.vapordnas.shop | udp |
| US | 188.114.97.2:443 | www.vapordnas.shop | tcp |
| US | 8.8.8.8:53 | 145.14.232.185.in-addr.arpa | udp |
| US | 188.114.96.2:443 | www.vapordnas.shop | tcp |
| US | 104.21.93.254:443 | quirkyart.shop | tcp |
| US | 104.21.72.223:443 | www.sensuales.shop | tcp |
| DE | 217.160.0.187:443 | dbwebdesigns.com | tcp |
| US | 149.100.151.96:443 | tcp | |
| US | 8.8.8.8:53 | comercio24.shop | udp |
| US | 8.8.8.8:53 | coolandhot.shop | udp |
| US | 8.8.8.8:53 | 71.133.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.149.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.165.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.50.117.89.in-addr.arpa | udp |
| DE | 62.171.180.6:9001 | tcp | |
| CA | 23.227.38.65:443 | raregifts.shop | tcp |
| KR | 183.111.242.42:443 | tubeworks.shop | tcp |
| US | 172.67.167.172:443 | www.turnertoy.shop | tcp |
| US | 188.114.97.2:443 | www.vapordnas.shop | tcp |
| BR | 185.239.210.61:443 | tcp | |
| US | 8.8.8.8:53 | www.electronis.shop | udp |
| US | 188.114.96.2:443 | www.electronis.shop | tcp |
| US | 8.8.8.8:53 | www.fasondeviv.shop | udp |
| BR | 154.49.247.55:443 | tcp | |
| US | 172.67.148.252:443 | tcp | |
| US | 198.54.116.234:443 | tcp | |
| FR | 89.117.169.184:443 | comercio24.shop | tcp |
| US | 188.114.97.2:443 | www.electronis.shop | tcp |
| BR | 89.117.7.105:443 | tcp | |
| US | 8.8.8.8:53 | handcrafty.shop | udp |
| US | 34.107.243.93:443 | tcp | |
| US | 34.117.237.239:443 | tcp | |
| US | 34.160.144.191:443 | tcp | |
| US | 34.149.100.209:443 | tcp | |
| US | 207.244.240.242:80 | coolandhot.shop | tcp |
| US | 188.114.96.2:443 | www.electronis.shop | tcp |
| US | 172.67.193.176:443 | www.fasondeviv.shop | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 172.67.161.136:443 | tcp | |
| US | 104.21.23.161:443 | tcp | |
| US | 8.8.8.8:53 | phytoherbs.shop | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| BR | 146.235.39.204:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.67.177.31:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 104.21.83.20:443 | tcp | |
| US | 8.8.8.8:53 | 176.193.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.23.21.104.in-addr.arpa | udp |
| US | 172.67.196.209:443 | tcp | |
| US | 8.8.8.8:53 | tailoredup.shop | udp |
| US | 8.8.8.8:53 | www.u7jewelrys.shop | udp |
| US | 212.1.208.225:443 | premiumaeu.shop | tcp |
| FR | 141.94.69.46:443 | tcp | |
| US | 172.67.186.199:443 | tcp | |
| US | 8.8.8.8:53 | www.vaporkings.shop | udp |
| US | 8.8.8.8:53 | theboxiptv.shop | udp |
| US | 172.67.167.133:443 | tcp | |
| US | 8.8.8.8:53 | www.wenproducs.shop | udp |
| US | 8.8.8.8:53 | www.vapecraves.shop | udp |
| US | 104.21.43.169:443 | tcp | |
| US | 52.12.188.245:443 | ritzyrobot.shop | tcp |
| US | 8.8.8.8:53 | 204.39.235.146.in-addr.arpa | udp |
| US | 63.250.43.15:443 | tailoredup.shop | tcp |
| US | 172.67.177.31:443 | tcp | |
| US | 8.8.8.8:53 | www.westernsol.shop | udp |
| US | 8.8.8.8:53 | altyazilizlexxx.shop | udp |
| US | 23.139.0.1:443 | tcp | |
| US | 104.21.84.59:443 | www.u7jewelrys.shop | tcp |
| US | 8.8.8.8:53 | www.zerajewels.shop | udp |
| US | 8.8.8.8:53 | 12thtribess.shop | udp |
| US | 8.8.8.8:53 | alhamdfoods.shop | udp |
| US | 8.8.8.8:53 | allingarden.shop | udp |
| US | 8.8.8.8:53 | altyazilimfmxx3.shop | udp |
| US | 8.8.8.8:53 | 20.83.21.104.in-addr.arpa | udp |
| US | 172.67.153.42:443 | www.vapecraves.shop | tcp |
| US | 8.8.8.8:53 | 209.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.69.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.208.1.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.167.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.43.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | anauthentis.shop | udp |
| US | 172.67.217.189:443 | www.wenproducs.shop | tcp |
| US | 104.21.89.165:443 | www.vaporkings.shop | tcp |
| NL | 212.107.17.234:443 | theboxiptv.shop | tcp |
| US | 8.8.8.8:53 | www.aussiebabys.shop | udp |
| US | 8.8.8.8:53 | babyplanets.shop | udp |
| US | 8.8.8.8:53 | bohobeachhu.shop | udp |
| IN | 68.178.145.13:443 | alhamdfoods.shop | tcp |
| US | 188.114.96.2:443 | bohobeachhu.shop | tcp |
| US | 104.21.31.134:443 | altyazilizlexxx.shop | tcp |
| US | 104.21.66.22:443 | www.zerajewels.shop | tcp |
| US | 8.8.8.8:53 | www.buenoblocks.shop | udp |
| US | 104.21.12.116:80 | anauthentis.shop | tcp |
| US | 188.114.97.2:80 | www.buenoblocks.shop | tcp |
| US | 195.35.10.194:443 | allingarden.shop | tcp |
| US | 172.67.156.168:443 | altyazilimfmxx3.shop | tcp |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 8.8.8.8:53 | caftanlalla.shop | udp |
| US | 8.8.8.8:53 | 245.188.12.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.0.139.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.84.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.153.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.89.21.104.in-addr.arpa | udp |
| US | 188.114.96.2:80 | www.buenoblocks.shop | tcp |
| US | 8.8.8.8:53 | 234.17.107.212.in-addr.arpa | udp |
| US | 172.67.172.166:443 | copyrightspareddcitwew.site | tcp |
| US | 104.21.0.208:443 | www.aussiebabys.shop | tcp |
| US | 8.8.8.8:53 | eco-berleco.shop | udp |
| US | 31.170.167.14:443 | babyplanets.shop | tcp |
| FR | 185.221.181.128:443 | caftanlalla.shop | tcp |
| US | 8.8.8.8:53 | franceluxes.shop | udp |
| US | 8.8.8.8:53 | traltyazilix.shop | udp |
| US | 8.8.8.8:53 | 22.66.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.145.178.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.31.21.104.in-addr.arpa | udp |
| FI | 65.109.67.182:443 | tcp | |
| US | 8.8.8.8:53 | www.garden-tren.shop | udp |
| US | 8.8.8.8:53 | 168.156.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.anauthentis.shop | udp |
| US | 8.8.8.8:53 | www.12thtribess.shop | udp |
| US | 8.8.8.8:53 | www.glazdjewels.shop | udp |
| US | 8.8.8.8:53 | www.huzzahtoyss.shop | udp |
| US | 8.8.8.8:53 | iptvprosubs.shop | udp |
| US | 8.8.8.8:53 | itsfastlean.shop | udp |
| UA | 185.68.16.202:443 | eco-berleco.shop | tcp |
| US | 8.8.8.8:53 | kopedasxx4.shop | udp |
| US | 104.21.90.155:80 | franceluxes.shop | tcp |
| US | 8.8.8.8:53 | www.bohobeachhu.shop | udp |
| US | 8.8.8.8:53 | www.kidsplaytos.shop | udp |
| US | 8.8.8.8:53 | 166.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.10.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.0.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.181.221.185.in-addr.arpa | udp |
| US | 188.114.97.2:443 | www.bohobeachhu.shop | tcp |
| US | 8.8.8.8:53 | www.leatherandc.shop | udp |
| US | 104.21.10.186:443 | traltyazilix.shop | tcp |
| US | 104.21.69.195:443 | www.garden-tren.shop | tcp |
| US | 8.8.8.8:53 | lifeshopstk.shop | udp |
| US | 172.67.160.190:443 | www.huzzahtoyss.shop | tcp |
| BR | 185.239.210.70:443 | itsfastlean.shop | tcp |
| US | 89.117.139.10:443 | iptvprosubs.shop | tcp |
| US | 188.114.96.2:443 | www.bohobeachhu.shop | tcp |
| US | 188.114.96.2:443 | www.bohobeachhu.shop | tcp |
| US | 172.67.209.130:443 | kopedasxx4.shop | tcp |
| US | 8.8.8.8:53 | www.mia-bijouxs.shop | udp |
| US | 8.8.8.8:53 | phoshmgarde.shop | udp |
| US | 8.8.8.8:53 | www.rainbowloom.shop | udp |
| US | 8.8.8.8:53 | www.rebelnellss.shop | udp |
| US | 172.67.128.13:80 | thompsonchemists.shop | tcp |
| US | 188.114.97.2:80 | www.bohobeachhu.shop | tcp |
| US | 8.8.8.8:53 | 14.167.170.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.16.68.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.90.21.104.in-addr.arpa | udp |
| US | 188.114.96.2:80 | www.bohobeachhu.shop | tcp |
| US | 188.114.96.2:80 | www.bohobeachhu.shop | tcp |
| US | 188.114.96.2:443 | www.bohobeachhu.shop | tcp |
| US | 172.67.152.71:443 | www.anauthentis.shop | tcp |
| US | 8.8.8.8:53 | www.franceluxes.shop | udp |
| US | 8.8.8.8:53 | www.sedrocsport.shop | udp |
| US | 172.67.128.91:443 | www.leatherandc.shop | tcp |
| US | 8.8.8.8:53 | www.shapewearss.shop | udp |
| US | 8.8.8.8:53 | shanagulati.shop | udp |
| US | 8.8.8.8:53 | www.shop-peches.shop | udp |
| US | 104.21.64.82:443 | www.rebelnellss.shop | tcp |
| LT | 84.32.84.32:443 | phoshmgarde.shop | tcp |
| US | 8.8.8.8:53 | 186.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.210.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | streamingmj.shop | udp |
| NL | 195.20.16.103:20440 | tcp | |
| US | 104.21.90.209:443 | www.mia-bijouxs.shop | tcp |
| US | 172.67.186.17:443 | www.rainbowloom.shop | tcp |
| DE | 144.76.1.85:25894 | tcp | |
| US | 8.8.8.8:53 | www.eco-berleco.shop | udp |
| US | 188.114.97.2:443 | www.shapewearss.shop | tcp |
| US | 8.8.8.8:53 | www.taijewelrys.shop | udp |
| US | 8.8.8.8:53 | tryendopeak.shop | udp |
| US | 8.8.8.8:53 | www.uniquitiess.shop | udp |
| US | 172.67.175.211:80 | shanagulati.shop | tcp |
| US | 8.8.8.8:53 | urbangroups.shop | udp |
| US | 8.8.8.8:53 | www.selfandmore.shop | udp |
| US | 8.8.8.8:53 | 71.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | violetgoods.shop | udp |
| US | 217.21.76.198:443 | streamingmj.shop | tcp |
| US | 172.67.202.64:443 | www.franceluxes.shop | tcp |
| US | 8.8.8.8:53 | www.winningmove.shop | udp |
| US | 8.8.8.8:53 | woodentoyss.shop | udp |
| US | 8.8.8.8:53 | woodeyindia.shop | udp |
| US | 8.8.8.8:53 | yourtoylink.shop | udp |
| US | 8.8.8.8:53 | bewellwithmichele.com | udp |
| US | 8.8.8.8:53 | lanahoteldungquat.com | udp |
| US | 8.8.8.8:53 | lankarealcinnamon.com | udp |
| US | 8.8.8.8:53 | www.laxmikumarimamidi.com | udp |
| US | 8.8.8.8:53 | learnersforchrist.com | udp |
| US | 8.8.8.8:53 | 82.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.16.20.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.1.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learningstarfield.com | udp |
| US | 8.8.8.8:53 | www.lilypad-labs.com | udp |
| US | 172.67.134.233:443 | www.sedrocsport.shop | tcp |
| UA | 185.68.16.202:443 | www.eco-berleco.shop | tcp |
| US | 104.21.36.34:443 | www.shop-peches.shop | tcp |
| US | 104.21.88.85:443 | www.taijewelrys.shop | tcp |
| US | 104.21.66.26:443 | www.uniquitiess.shop | tcp |
| US | 8.8.8.8:53 | linuxcloudservers.com | udp |
| GB | 96.17.179.193:80 | tcp | |
| US | 104.21.77.135:443 | www.selfandmore.shop | tcp |
| US | 62.72.50.77:443 | urbangroups.shop | tcp |
| US | 188.114.96.2:80 | www.shapewearss.shop | tcp |
| US | 89.117.139.90:443 | violetgoods.shop | tcp |
| US | 172.67.128.173:443 | www.winningmove.shop | tcp |
| SG | 156.67.222.238:443 | lankarealcinnamon.com | tcp |
| US | 86.38.202.77:443 | learningstarfield.com | tcp |
| US | 45.55.184.239:443 | www.lilypad-labs.com | tcp |
| US | 173.236.192.167:443 | www.laxmikumarimamidi.com | tcp |
| US | 8.8.8.8:53 | lipsfillersnearme.com | udp |
| ZA | 41.185.114.15:443 | bewellwithmichele.com | tcp |
| US | 104.21.11.158:80 | yourtoylink.shop | tcp |
| US | 8.8.8.8:53 | 211.175.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.76.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lisadeemerreviews.com | udp |
| US | 8.8.8.8:53 | www.shanagulati.shop | udp |
| US | 8.8.8.8:53 | lowestmarketvalue.com | udp |
| US | 104.21.15.62:80 | tcp | |
| US | 188.114.97.2:80 | www.shapewearss.shop | tcp |
| US | 8.8.8.8:53 | maavaishnavitrust.com | udp |
| US | 172.67.178.144:443 | learnersforchrist.com | tcp |
| US | 172.67.175.187:443 | tcp | |
| US | 104.21.38.174:443 | tcp | |
| US | 188.114.96.2:443 | www.shapewearss.shop | tcp |
| US | 8.8.8.8:53 | mamadoukonateactu.com | udp |
| US | 8.8.8.8:53 | longocompanysales.com | udp |
| US | 8.8.8.8:53 | 233.134.67.172.in-addr.arpa | udp |
| VN | 103.3.247.5:443 | lanahoteldungquat.com | tcp |
| US | 172.67.213.202:80 | woodentoyss.shop | tcp |
| SG | 45.76.191.136:443 | linuxcloudservers.com | tcp |
| LT | 84.32.84.32:443 | lipsfillersnearme.com | tcp |
| US | 8.8.8.8:53 | 34.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.88.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.66.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.50.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mantechuniversity.com | udp |
| US | 8.8.8.8:53 | maquinadevendasai.com | udp |
| US | 8.8.8.8:53 | mariagekerendavid.com | udp |
| US | 8.8.8.8:53 | massage-signature.com | udp |
| US | 8.8.8.8:53 | masteryskillspace.com | udp |
| US | 8.8.8.8:53 | maxidresssaleshop.com | udp |
| US | 50.6.138.179:443 | lowestmarketvalue.com | tcp |
| US | 8.8.8.8:53 | medicalwriting008.com | udp |
| US | 8.8.8.8:53 | medicapnorthernmy.com | udp |
| US | 8.8.8.8:53 | mindgrowthacademy.com | udp |
| US | 149.100.151.231:443 | lisadeemerreviews.com | tcp |
| IN | 68.178.148.155:80 | maavaishnavitrust.com | tcp |
| US | 8.8.8.8:53 | minhacaixadasorte.com | udp |
| US | 8.8.8.8:53 | monecollagenstore.com | udp |
| US | 8.8.8.8:53 | muazlatestfashion.com | udp |
| US | 8.8.8.8:53 | mwmictandsecurity.com | udp |
| US | 8.8.8.8:53 | 90.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.184.55.45.in-addr.arpa | udp |
| US | 104.21.83.121:443 | www.shanagulati.shop | tcp |
| US | 162.241.24.227:443 | mamadoukonateactu.com | tcp |
| US | 188.114.96.2:443 | medicapnorthernmy.com | tcp |
| US | 8.8.8.8:53 | 167.192.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.114.185.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mxmotocrosstracks.com | udp |
| US | 149.100.151.224:443 | mantechuniversity.com | tcp |
| FR | 185.221.182.22:443 | mariagekerendavid.com | tcp |
| BR | 149.100.155.198:443 | maquinadevendasai.com | tcp |
| FR | 154.49.245.191:443 | massage-signature.com | tcp |
| US | 8.8.8.8:53 | naturalafghanmewa.com | udp |
| US | 8.8.8.8:53 | naturaskincarehub.com | udp |
| US | 8.8.8.8:53 | www.yourtoylink.shop | udp |
| US | 8.8.8.8:53 | www.nechamaetguerison.com | udp |
| US | 8.8.8.8:53 | negociosxinternet.com | udp |
| BR | 45.224.128.33:443 | minhacaixadasorte.com | tcp |
| GB | 153.92.6.245:443 | masteryskillspace.com | tcp |
| TH | 203.146.252.149:443 | monecollagenstore.com | tcp |
| US | 8.8.8.8:53 | nettoyagedomicile.com | udp |
| US | 8.8.8.8:53 | 144.178.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.213.67.172.in-addr.arpa | udp |
| US | 104.21.0.172:443 | maxidresssaleshop.com | tcp |
| US | 8.8.8.8:53 | 136.191.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.247.3.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.newrealitymarkets.com | udp |
| US | 8.8.8.8:53 | mycollegewellness.com | udp |
| US | 8.8.8.8:53 | www.woodentoyss.shop | udp |
| US | 8.8.8.8:53 | nextgenerationind.com | udp |
| US | 8.8.8.8:53 | nnpdiscountbazaar.com | udp |
| US | 8.8.8.8:53 | lilypad-labs.com | udp |
| US | 8.8.8.8:53 | noithatducthanghp.com | udp |
| IN | 89.117.188.176:443 | mindgrowthacademy.com | tcp |
| US | 8.8.8.8:53 | 231.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.148.178.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nurturingtimidity.com | udp |
| SG | 31.220.110.36:443 | naturalafghanmewa.com | tcp |
| US | 8.8.8.8:53 | nplusonesolutions.com | udp |
| US | 188.114.97.2:443 | www.woodentoyss.shop | tcp |
| US | 8.8.8.8:53 | ocularista-espana.com | udp |
| US | 8.8.8.8:53 | officefilecreator.com | udp |
| US | 195.179.239.66:443 | negociosxinternet.com | tcp |
| US | 104.21.11.158:443 | www.yourtoylink.shop | tcp |
| US | 8.8.8.8:53 | oficialrecoverbet.com | udp |
| FR | 109.234.165.181:443 | www.nechamaetguerison.com | tcp |
| US | 8.8.8.8:53 | olavallenataradio.com | udp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| US | 8.8.8.8:53 | onlineglobaloffer.com | udp |
| US | 8.8.8.8:53 | 227.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.182.221.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.6.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.0.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.128.224.45.in-addr.arpa | udp |
| FR | 92.205.7.58:80 | nettoyagedomicile.com | tcp |
| IN | 154.41.233.69:443 | medicalwriting008.com | tcp |
| US | 64.227.15.19:443 | www.newrealitymarkets.com | tcp |
| US | 160.153.0.68:443 | mycollegewellness.com | tcp |
| US | 188.114.96.2:443 | www.woodentoyss.shop | tcp |
| US | 195.179.237.162:443 | muazlatestfashion.com | tcp |
| US | 45.55.184.239:443 | lilypad-labs.com | tcp |
| FR | 92.205.13.243:80 | mwmictandsecurity.com | tcp |
| US | 192.185.105.67:443 | nextgenerationind.com | tcp |
| US | 104.21.74.164:443 | mxmotocrosstracks.com | tcp |
| US | 8.8.8.8:53 | onlinemarketszone.com | udp |
| US | 8.8.8.8:53 | packanglobaltrade.com | udp |
| US | 8.8.8.8:53 | paininstituteofga.com | udp |
| IN | 103.14.122.182:443 | nnpdiscountbazaar.com | tcp |
| VN | 45.252.251.31:443 | noithatducthanghp.com | tcp |
| IN | 82.180.167.117:443 | nplusonesolutions.com | tcp |
| JP | 139.162.67.176:443 | nurturingtimidity.com | tcp |
| FR | 109.234.164.252:443 | ocularista-espana.com | tcp |
| US | 8.8.8.8:53 | 149.252.146.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.188.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.110.220.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | parentofprodigals.com | udp |
| US | 8.8.8.8:53 | paritzkyfamilylaw.com | udp |
| US | 8.8.8.8:53 | patinetesscooters.com | udp |
| US | 8.8.8.8:53 | personhoodgeorgia.com | udp |
| US | 8.8.8.8:53 | www.pharmacytech-jobs.com | udp |
| US | 8.8.8.8:53 | phlebotomist-jobs.com | udp |
| CA | 148.113.168.24:443 | olavallenataradio.com | tcp |
| BR | 154.49.247.17:443 | onlineglobaloffer.com | tcp |
| JP | 183.181.88.100:80 | officefilecreator.com | tcp |
| GB | 109.70.148.36:443 | packanglobaltrade.com | tcp |
| US | 149.100.151.214:443 | onlinemarketszone.com | tcp |
| US | 8.8.8.8:53 | 66.239.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.7.205.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.74.21.104.in-addr.arpa | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| BR | 89.117.7.242:443 | oficialrecoverbet.com | tcp |
| US | 8.8.8.8:53 | 243.13.205.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | photostoportraits.com | udp |
| US | 148.72.65.190:80 | paininstituteofga.com | tcp |
| US | 8.8.8.8:53 | pilatoskounatidis.gr | udp |
| FR | 89.117.169.70:443 | patinetesscooters.com | tcp |
| US | 18.225.12.241:80 | parentofprodigals.com | tcp |
| US | 8.8.8.8:53 | pleasantonthreads.com | udp |
| US | 8.8.8.8:53 | 67.105.185.192.in-addr.arpa | udp |
| US | 66.198.240.20:443 | phlebotomist-jobs.com | tcp |
| US | 8.8.8.8:53 | 162.237.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.164.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.122.14.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.167.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.67.162.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.252.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | portablepowerlife.com | udp |
| US | 8.8.8.8:53 | prodigydigitalhub.com | udp |
| US | 8.8.8.8:53 | productosygadgets.com | udp |
| US | 8.8.8.8:53 | protocolforhealth.com | udp |
| US | 8.8.8.8:53 | idouhotels.website | udp |
| US | 8.8.8.8:53 | yourpunchlistpro.com | udp |
| US | 155.138.202.96:443 | photostoportraits.com | tcp |
| US | 8.8.8.8:53 | zgtourconsultant.com | udp |
| US | 8.8.8.8:53 | zilavietnamgroup.com | udp |
| US | 8.8.8.8:53 | 123tuinproducten.com | udp |
| US | 8.8.8.8:53 | 24.168.113.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.88.181.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.7.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.65.72.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.169.117.89.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | tcp | |
| US | 67.222.54.95:443 | personhoodgeorgia.com | tcp |
| US | 8.8.8.8:53 | 1ndustrye1even11.com | udp |
| US | 143.95.81.223:443 | paritzkyfamilylaw.com | tcp |
| US | 162.241.24.92:443 | pleasantonthreads.com | tcp |
| US | 66.198.240.20:443 | phlebotomist-jobs.com | tcp |
| US | 172.67.160.46:443 | pilatoskounatidis.gr | tcp |
| US | 8.8.8.8:53 | 13developerayush.com | udp |
| US | 8.8.8.8:53 | 24hrbraidsnsalon.com | udp |
| US | 50.116.65.218:443 | portablepowerlife.com | tcp |
| US | 8.8.8.8:53 | 24marathiexpress.com | udp |
| US | 8.8.8.8:53 | www.paininstituteofga.com | udp |
| US | 8.8.8.8:53 | 7dollardownloads.com | udp |
| DE | 195.201.179.80:80 | idouhotels.website | tcp |
| AR | 200.58.112.57:443 | productosygadgets.com | tcp |
| US | 8.8.8.8:53 | agadirthingstodo.com | udp |
| US | 8.8.8.8:53 | academypoostiran.com | udp |
| US | 8.8.8.8:53 | aidataprivacylaw.com | udp |
| US | 8.8.8.8:53 | 241.12.225.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.240.198.66.in-addr.arpa | udp |
| CA | 142.44.226.116:443 | prodigydigitalhub.com | tcp |
| US | 8.8.8.8:53 | aides-habitation.com | udp |
| US | 8.8.8.8:53 | alhabalinstitute.com | udp |
| US | 8.8.8.8:53 | allaboutvolvocar.com | udp |
| US | 8.8.8.8:53 | allcheapdealsllc.com | udp |
| FI | 135.181.130.117:443 | agadirthingstodo.com | tcp |
| DE | 159.69.102.26:443 | academypoostiran.com | tcp |
| US | 162.241.225.36:443 | 1ndustrye1even11.com | tcp |
| GB | 153.92.6.72:443 | protocolforhealth.com | tcp |
| US | 8.8.8.8:53 | www.sartori-berger.de | udp |
| HK | 141.98.234.31:53 | aahzglo.ru | udp |
| FI | 65.108.66.125:80 | zgtourconsultant.com | tcp |
| US | 188.114.96.2:443 | mileyl.com | tcp |
| US | 8.8.8.8:53 | 95.54.222.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.81.95.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.160.67.172.in-addr.arpa | udp |
| NL | 45.82.191.34:80 | 123tuinproducten.com | tcp |
| US | 107.154.154.3:443 | yourpunchlistpro.com | tcp |
| US | 8.8.8.8:53 | alltrendingblogs.com | udp |
| GB | 185.77.97.84:443 | 13developerayush.com | tcp |
| US | 208.91.199.114:443 | 24hrbraidsnsalon.com | tcp |
| US | 50.87.170.173:443 | protips4gardening.com | tcp |
| IN | 89.117.188.197:443 | 24marathiexpress.com | tcp |
| US | 148.72.65.190:80 | www.paininstituteofga.com | tcp |
| US | 192.64.119.7:443 | 7dollardownloads.com | tcp |
| US | 8.8.8.8:53 | amarresconpasion.com | udp |
| US | 8.8.8.8:53 | almontabfoodintr.com | udp |
| US | 208.109.24.238:443 | aidataprivacylaw.com | tcp |
| JP | 183.181.88.100:443 | officefilecreator.com | tcp |
| US | 8.8.8.8:53 | www.aquariumexotique.com | udp |
| FR | 89.117.116.31:443 | aides-habitation.com | tcp |
| US | 173.252.167.20:443 | alhabalinstitute.com | tcp |
| US | 8.8.8.8:53 | www.aquariumpoissons.com | udp |
| US | 8.8.8.8:53 | ascengineeringbd.com | udp |
| US | 8.8.8.8:53 | ashleylovebeauty.com | udp |
| US | 8.8.8.8:53 | 218.65.116.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.179.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.112.58.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.226.44.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ashpazkhoonekala.com | udp |
| US | 8.8.8.8:53 | astrorudraboston.com | udp |
| US | 8.8.8.8:53 | astronomicalmind.com | udp |
| US | 8.8.8.8:53 | attaqwapharmindo.com | udp |
| US | 8.8.8.8:53 | www.auburnchinahouse.com | udp |
| US | 8.8.8.8:53 | attorneyadvisers.com | udp |
| US | 8.8.8.8:53 | recaptcha.cloud | udp |
| US | 8.8.8.8:53 | 31.234.98.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.6.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.102.69.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.130.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.191.82.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.66.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.154.154.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.199.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.170.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.188.117.89.in-addr.arpa | udp |
| GB | 82.163.176.124:443 | almontabfoodintr.com | tcp |
| US | 160.153.0.191:443 | alltrendingblogs.com | tcp |
| US | 8.8.8.8:53 | backyardkoiponds.com | udp |
| US | 8.8.8.8:53 | beautyandkittens.com | udp |
| US | 160.153.0.66:443 | allcheapdealsllc.com | tcp |
| DE | 80.237.217.230:443 | www.sartori-berger.de | tcp |
| KR | 158.247.249.207:443 | allaboutvolvocar.com | tcp |
| US | 8.8.8.8:53 | beautyofjoseonae.com | udp |
| US | 149.100.151.115:443 | ashleylovebeauty.com | tcp |
| US | 172.67.155.154:443 | astrorudraboston.com | tcp |
| US | 209.133.195.90:443 | ascengineeringbd.com | tcp |
| IN | 154.41.233.99:443 | astronomicalmind.com | tcp |
| IR | 185.94.98.201:443 | ashpazkhoonekala.com | tcp |
| US | 8.8.8.8:53 | belcavesolutions.com | udp |
| US | 8.8.8.8:53 | augietsguestlist.com | udp |
| US | 8.8.8.8:53 | bellapornatureza.com | udp |
| US | 8.8.8.8:53 | senaautocare.com | udp |
| US | 8.8.8.8:53 | servicemulta.com | udp |
| US | 8.8.8.8:53 | www.shklmarriage.com | udp |
| FR | 89.116.147.62:443 | amarresconpasion.com | tcp |
| US | 8.8.8.8:53 | 238.24.109.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.116.117.89.in-addr.arpa | udp |
| FR | 109.234.165.180:443 | www.aquariumpoissons.com | tcp |
| US | 8.8.8.8:53 | shobhahasini.com | udp |
| US | 8.8.8.8:53 | shohayokfood.com | udp |
| GB | 185.77.97.179:443 | attorneyadvisers.com | tcp |
| US | 8.8.8.8:53 | shokaleather.com | udp |
| GB | 91.238.161.176:443 | axialrecruitment.com | tcp |
| US | 8.8.8.8:53 | silicium-enr.com | udp |
| US | 8.8.8.8:53 | silverlinexx.com | udp |
| DE | 141.95.211.148:46011 | tcp | |
| US | 8.8.8.8:53 | 124.176.163.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.0.153.160.in-addr.arpa | udp |
| FR | 109.234.165.180:443 | www.aquariumpoissons.com | tcp |
| US | 8.8.8.8:53 | simplifybyte.com | udp |
| DE | 78.47.205.166:443 | recaptcha.cloud | tcp |
| US | 52.42.81.71:443 | www.auburnchinahouse.com | tcp |
| ID | 203.175.9.114:443 | attaqwapharmindo.com | tcp |
| US | 162.241.218.46:443 | beautyandkittens.com | tcp |
| US | 154.56.47.18:443 | beautyofjoseonae.com | tcp |
| US | 172.67.175.2:443 | senaautocare.com | tcp |
| US | 162.241.218.97:443 | backyardkoiponds.com | tcp |
| US | 8.8.8.8:53 | simpnecklace.com | udp |
| US | 89.117.139.60:443 | belcavesolutions.com | tcp |
| IN | 154.41.233.96:443 | shobhahasini.com | tcp |
| US | 63.250.43.129:80 | augietsguestlist.com | tcp |
| CA | 184.107.41.83:443 | servicemulta.com | tcp |
| BR | 149.100.155.2:443 | bellapornatureza.com | tcp |
| US | 154.56.44.222:443 | silverlinexx.com | tcp |
| FR | 154.41.237.137:443 | silicium-enr.com | tcp |
| US | 8.8.8.8:53 | 66.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.217.237.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.155.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.195.133.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.98.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.165.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.161.238.91.in-addr.arpa | udp |
| US | 104.129.59.5:443 | www.shklmarriage.com | tcp |
| US | 162.213.251.52:443 | shohayokfood.com | tcp |
| IR | 87.248.152.6:443 | shokaleather.com | tcp |
| US | 8.8.8.8:53 | www.sis-networks.com | udp |
| US | 162.214.81.26:443 | simplifybyte.com | tcp |
| US | 8.8.8.8:53 | imunify-alert.com | udp |
| US | 8.8.8.8:53 | skinbellezza.com | udp |
| US | 8.8.8.8:53 | skinmagicbox.com | udp |
| US | 8.8.8.8:53 | sknewsupdate.com | udp |
| US | 8.8.8.8:53 | slimagiccaps.com | udp |
| US | 8.8.8.8:53 | 148.211.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.205.47.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.81.42.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.175.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.9.175.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.218.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | socialkyashi.com | udp |
| US | 8.8.8.8:53 | somalitaaris.com | udp |
| US | 8.8.8.8:53 | soothdesigns.com | udp |
| US | 8.8.8.8:53 | spookypinion.com | udp |
| US | 8.8.8.8:53 | sportfisherz.com | udp |
| US | 8.8.8.8:53 | sportstrides.com | udp |
| US | 8.8.8.8:53 | st-raphaelmc.com | udp |
| US | 8.8.8.8:53 | spotustravel.com | udp |
| US | 8.8.8.8:53 | stakeminepro.com | udp |
| US | 8.8.8.8:53 | starearnings.com | udp |
| US | 8.8.8.8:53 | 137.237.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.41.107.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.44.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.59.129.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.152.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.251.213.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | starspickllc.com | udp |
| US | 8.8.8.8:53 | stcursonline.com | udp |
| US | 188.114.96.2:443 | simpnecklace.com | tcp |
| US | 159.89.92.60:443 | www.sis-networks.com | tcp |
| US | 172.67.176.47:443 | imunify-alert.com | tcp |
| LT | 84.32.84.32:443 | siswanresort.com | tcp |
| US | 154.49.142.222:443 | skinmagicbox.com | tcp |
| RU | 193.233.132.67:50505 | tcp | |
| IN | 154.41.233.42:443 | sknewsupdate.com | tcp |
| US | 8.8.8.8:53 | steffisblogs.com | udp |
| US | 50.87.143.111:443 | somalitaaris.com | tcp |
| NL | 185.166.188.62:443 | soothdesigns.com | tcp |
| IN | 154.41.233.81:443 | socialkyashi.com | tcp |
| US | 8.8.8.8:53 | chirasthievents.com | udp |
| US | 8.8.8.8:53 | stewarttrust.com | udp |
| US | 8.8.8.8:53 | strandbadpak.com | udp |
| US | 8.8.8.8:53 | stratomiclab.com | udp |
| IT | 185.196.8.22:80 | aahzglo.ru | tcp |
| US | 160.153.0.103:443 | spookypinion.com | tcp |
| US | 162.241.230.55:443 | sportstrides.com | tcp |
| US | 8.8.8.8:53 | straylightpr.com | udp |
| US | 8.8.8.8:53 | 26.81.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stumptowndad.com | udp |
| US | 8.8.8.8:53 | sundaysavory.com | udp |
| US | 8.8.8.8:53 | stylesleek24.com | udp |
| US | 8.8.8.8:53 | svbbrainbulb.com | udp |
| US | 8.8.8.8:53 | taaazakhabar.com | udp |
| US | 8.8.8.8:53 | tailieutrade.com | udp |
| US | 8.8.8.8:53 | tacticooltee.com | udp |
| US | 8.8.8.8:53 | takbamtehran.com | udp |
| US | 8.8.8.8:53 | talkabout111.com | udp |
| US | 8.8.8.8:53 | tania-polisa.com | udp |
| US | 8.8.8.8:53 | tastyturkiye.com | udp |
| US | 8.8.8.8:53 | stronghorses.com | udp |
| BR | 154.49.247.45:443 | stcursonline.com | tcp |
| US | 67.205.13.196:443 | st-raphaelmc.com | tcp |
| US | 8.8.8.8:53 | teambodyevol.com | udp |
| GB | 154.49.138.41:443 | starearnings.com | tcp |
| US | 160.153.0.196:443 | starspickllc.com | tcp |
| US | 8.8.8.8:53 | 47.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.92.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.142.49.154.in-addr.arpa | udp |
| US | 160.153.0.196:443 | starspickllc.com | tcp |
| US | 8.8.8.8:53 | techavishkar.com | udp |
| US | 8.8.8.8:53 | techbestinfo.com | udp |
| DE | 176.9.47.240:2023 | tcp | |
| US | 8.8.8.8:53 | techifyhouse.com | udp |
| CA | 23.227.38.65:443 | sportfisherz.com | tcp |
| US | 149.100.151.245:443 | steffisblogs.com | tcp |
| US | 195.35.33.185:443 | stratomiclab.com | tcp |
| US | 172.67.143.107:443 | strandbadpak.com | tcp |
| SG | 194.233.67.196:443 | chirasthievents.com | tcp |
| US | 8.8.8.8:53 | technolo-gic.com | udp |
| DE | 212.224.88.188:443 | stewarttrust.com | tcp |
| US | 8.8.8.8:53 | axialrecruitment.co.uk | udp |
| US | 8.8.8.8:53 | techthoughtz.com | udp |
| US | 8.8.8.8:53 | 62.188.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.8.196.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.143.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.233.41.154.in-addr.arpa | udp |
| US | 208.113.163.252:443 | stumptowndad.com | tcp |
| US | 8.8.8.8:53 | 103.0.153.160.in-addr.arpa | udp |
| US | 107.154.169.18:443 | straylightpr.com | tcp |
| GB | 154.49.138.208:443 | svbbrainbulb.com | tcp |
| IN | 89.117.27.201:443 | taaazakhabar.com | tcp |
| US | 162.241.224.185:443 | sundaysavory.com | tcp |
| US | 8.8.8.8:53 | techvantagek.com | udp |
| FR | 178.33.33.109:443 | tania-polisa.com | tcp |
| IR | 5.144.131.241:443 | takbamtehran.com | tcp |
| US | 192.185.71.128:443 | tastyturkiye.com | tcp |
| US | 68.66.226.125:443 | tailieutrade.com | tcp |
| LT | 84.32.84.32:443 | tacticooltee.com | tcp |
| CA | 167.114.141.20:443 | stronghorses.com | tcp |
| IN | 89.117.27.250:443 | techavishkar.com | tcp |
| US | 8.8.8.8:53 | techyhosting.com | udp |
| US | 8.8.8.8:53 | qualifiedbehaviorrykej.site | udp |
| IN | 62.72.28.9:443 | talkabout111.com | tcp |
| US | 8.8.8.8:53 | teguhwiharso.com | udp |
| US | 8.8.8.8:53 | 196.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.13.205.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.47.9.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tenderooperu.com | udp |
| US | 86.38.202.140:443 | techbestinfo.com | tcp |
| US | 188.114.97.2:443 | techifyhouse.com | tcp |
| SG | 159.89.203.89:443 | stylesleek24.com | tcp |
| US | 8.8.8.8:53 | tgbellimages.com | udp |
| US | 8.8.8.8:53 | thecoinsavvy.com | udp |
| US | 8.8.8.8:53 | thefirewomen.com | udp |
| US | 8.8.8.8:53 | thehardhoney.com | udp |
| US | 104.21.35.143:443 | qualifiedbehaviorrykej.site | tcp |
| US | 8.8.8.8:53 | theglgstudio.com | udp |
| US | 13.52.20.136:80 | techthoughtz.com | tcp |
| GB | 185.77.97.86:443 | technolo-gic.com | tcp |
| IN | 154.41.233.83:443 | techvantagek.com | tcp |
| US | 8.8.8.8:53 | thehotsports.com | udp |
| GB | 91.238.161.176:443 | axialrecruitment.co.uk | tcp |
| US | 8.8.8.8:53 | themagicstep.com | udp |
| US | 172.67.199.81:443 | techyhosting.com | tcp |
| US | 8.8.8.8:53 | 107.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.88.224.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.33.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.163.113.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.169.154.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.67.233.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thenerdsnest.com | udp |
| US | 8.8.8.8:53 | theshamashop.com | udp |
| US | 8.8.8.8:53 | thinkersinfo.com | udp |
| US | 8.8.8.8:53 | thesimstoday.com | udp |
| US | 8.8.8.8:53 | titansemgale.com | udp |
| US | 162.241.51.212:443 | tenderooperu.com | tcp |
| US | 8.8.8.8:53 | tolisticgrow.com | udp |
| US | 8.8.8.8:53 | www.toomutchwood.com | udp |
| US | 8.8.8.8:53 | tradexgenius.com | udp |
| US | 160.153.0.19:443 | thehardhoney.com | tcp |
| US | 104.26.4.77:443 | theglgstudio.com | tcp |
| NL | 185.166.188.145:443 | thefirewomen.com | tcp |
| US | 8.8.8.8:53 | topnotchguru.com | udp |
| US | 8.8.8.8:53 | trainwithvik.com | udp |
| US | 8.8.8.8:53 | 109.33.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.131.144.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.71.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.141.114.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.226.66.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.28.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trosscapital.com | udp |
| SG | 151.106.119.206:80 | teguhwiharso.com | tcp |
| US | 23.229.155.192:80 | tgbellimages.com | tcp |
| US | 8.8.8.8:53 | trustpilotpk.com | udp |
| FR | 15.188.219.54:443 | thesimstoday.com | tcp |
| IN | 154.41.233.100:443 | themagicstep.com | tcp |
| US | 8.8.8.8:53 | tunemycareer.com | udp |
| US | 8.8.8.8:53 | trendbytehub.com | udp |
| US | 8.8.8.8:53 | travelsnexus.com | udp |
| US | 8.8.8.8:53 | triaxistudio.com | udp |
| US | 8.8.8.8:53 | tuventilador.com | udp |
| US | 8.8.8.8:53 | 143.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.203.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.20.52.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| US | 149.100.151.120:443 | thecoinsavvy.com | tcp |
| US | 192.185.223.51:443 | titansemgale.com | tcp |
| NL | 145.14.156.97:443 | tradexgenius.com | tcp |
| DE | 81.169.145.151:443 | tolisticgrow.com | tcp |
| US | 69.163.217.151:443 | www.toomutchwood.com | tcp |
| US | 104.197.183.198:443 | trainwithvik.com | tcp |
| IN | 154.41.233.66:443 | theshamashop.com | tcp |
| US | 170.39.76.95:443 | topnotchguru.com | tcp |
| US | 72.167.67.73:443 | thehotsports.com | tcp |
| US | 85.31.226.32:443 | thenerdsnest.com | tcp |
| US | 8.8.8.8:53 | tvsannanagar.com | udp |
| US | 8.8.8.8:53 | twodudestees.com | udp |
| US | 8.8.8.8:53 | www.st-raphaelmc.com | udp |
| US | 8.8.8.8:53 | tylerfeezell.com | udp |
| US | 8.8.8.8:53 | udayakannada.com | udp |
| US | 104.21.58.60:443 | trosscapital.com | tcp |
| US | 8.8.8.8:53 | unionchosica.com | udp |
| US | 8.8.8.8:53 | universowhey.com | udp |
| US | 8.8.8.8:53 | uzmasflorals.com | udp |
| US | 13.52.20.136:443 | techthoughtz.com | tcp |
| US | 8.8.8.8:53 | 212.51.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.188.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | viethoopsnat.com | udp |
| US | 8.8.8.8:53 | viral-khabar.com | udp |
| US | 86.38.202.175:443 | trustpilotpk.com | tcp |
| IN | 217.21.87.18:443 | tunemycareer.com | tcp |
| IN | 89.117.188.164:443 | travelsnexus.com | tcp |
| US | 8.8.8.8:53 | groannysoapblockedstiw.site | udp |
| US | 8.8.8.8:53 | wanghaonancn.com | udp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| US | 8.8.8.8:53 | weareoneclan.com | udp |
| US | 8.8.8.8:53 | 206.119.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.155.229.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | webpagestory.com | udp |
| US | 8.8.8.8:53 | visualfranco.com | udp |
| US | 8.8.8.8:53 | wellnesstmpl.com | udp |
| IN | 89.117.27.212:443 | trendbytehub.com | tcp |
| DE | 81.169.145.85:80 | tuventilador.com | tcp |
| US | 67.205.13.196:443 | www.st-raphaelmc.com | tcp |
| US | 50.87.171.226:443 | twodudestees.com | tcp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | watersspring.com | udp |
| US | 8.8.8.8:53 | www.tgbellimages.com | udp |
| US | 195.179.239.31:443 | udayakannada.com | tcp |
| US | 8.8.8.8:53 | combinethemepiggerygoj.site | udp |
| US | 104.21.64.245:443 | groannysoapblockedstiw.site | tcp |
| GB | 154.49.138.229:443 | triaxistudio.com | tcp |
| US | 8.8.8.8:53 | wilsongoulty.com | udp |
| US | 170.39.76.95:443 | topnotchguru.com | tcp |
| US | 8.8.8.8:53 | 97.156.14.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.223.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.183.197.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.76.39.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.217.163.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.67.167.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.226.31.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.58.21.104.in-addr.arpa | udp |
| IN | 154.41.233.120:443 | tvsannanagar.com | tcp |
| US | 8.8.8.8:53 | winnermodels.com | udp |
| DE | 165.227.159.168:443 | tylerfeezell.com | tcp |
| US | 8.8.8.8:53 | wollmartshop.com | udp |
| US | 192.185.140.111:80 | unionchosica.com | tcp |
| US | 162.241.224.50:443 | uzmasflorals.com | tcp |
| IT | 86.105.14.18:443 | www.vivindonesia.com | tcp |
| IN | 89.117.157.226:443 | viral-khabar.com | tcp |
| GB | 149.255.60.170:443 | weareoneclan.com | tcp |
| US | 96.44.182.131:80 | wanghaonancn.com | tcp |
| US | 70.40.220.126:443 | viethoopsnat.com | tcp |
| US | 8.8.8.8:53 | workers-hack.com | udp |
| US | 8.8.8.8:53 | wepromiseinc.com | udp |
| US | 8.8.8.8:53 | brigyte.com | udp |
| US | 8.8.8.8:53 | bsmatic.com | udp |
| US | 8.8.8.8:53 | bytacko.com | udp |
| TR | 104.247.162.99:443 | winnermodels.com | tcp |
| US | 8.8.8.8:53 | cadetus.com | udp |
| US | 198.57.184.124:443 | wilsongoulty.com | tcp |
| US | 8.8.8.8:53 | 175.202.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.87.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.188.117.89.in-addr.arpa | udp |
| FR | 195.35.49.73:443 | visualfranco.com | tcp |
| GB | 154.49.138.96:443 | wellnesstmpl.com | tcp |
| US | 23.229.155.192:443 | www.tgbellimages.com | tcp |
| US | 31.170.167.91:443 | watersspring.com | tcp |
| US | 149.100.151.131:443 | webpagestory.com | tcp |
| US | 8.8.8.8:53 | cessaly.com | udp |
| US | 188.114.96.2:443 | combinethemepiggerygoj.site | tcp |
| US | 8.8.8.8:53 | chacora.com | udp |
| US | 8.8.8.8:53 | chebsaj.com | udp |
| US | 8.8.8.8:53 | canceco.com | udp |
| US | 8.8.8.8:53 | carreil.com | udp |
| US | 8.8.8.8:53 | www.techthoughtz.com | udp |
| US | 8.8.8.8:53 | catagna.com | udp |
| US | 8.8.8.8:53 | cereida.com | udp |
| US | 8.8.8.8:53 | 85.145.169.81.in-addr.arpa | udp |
| JP | 163.43.252.166:443 | workers-hack.com | tcp |
| FR | 91.234.195.123:80 | bytacko.com | tcp |
| US | 8.8.8.8:53 | 212.27.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.171.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.239.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.159.227.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.233.41.154.in-addr.arpa | udp |
| US | 50.63.92.61:80 | bsmatic.com | tcp |
| US | 8.8.8.8:53 | 111.140.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.157.117.89.in-addr.arpa | udp |
| IN | 68.178.147.69:443 | cadetus.com | tcp |
| US | 8.8.8.8:53 | 50.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.60.255.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.182.44.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chiordi.com | udp |
| US | 8.8.8.8:53 | cookbey.com | udp |
| US | 8.8.8.8:53 | chidahr.com | udp |
| US | 8.8.8.8:53 | cppmore.com | udp |
| US | 8.8.8.8:53 | cormury.com | udp |
| US | 8.8.8.8:53 | crcalgo.com | udp |
| US | 8.8.8.8:53 | curimex.com | udp |
| US | 8.8.8.8:53 | danyuki.com | udp |
| US | 8.8.8.8:53 | coubest.com | udp |
| US | 8.8.8.8:53 | daysabt.com | udp |
| US | 8.8.8.8:53 | conpini.com | udp |
| US | 8.8.8.8:53 | 124.184.57.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.49.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cliread.com | udp |
| SG | 184.168.97.21:80 | brigyte.com | tcp |
| US | 162.241.226.73:443 | wepromiseinc.com | tcp |
| US | 8.8.8.8:53 | delhihq.com | udp |
| US | 104.21.37.245:443 | cessaly.com | tcp |
| US | 8.8.8.8:53 | depto11.com | udp |
| US | 8.8.8.8:53 | dewakee.com | udp |
| US | 13.52.20.136:443 | www.techthoughtz.com | tcp |
| US | 172.67.164.111:443 | cereida.com | tcp |
| US | 172.67.177.197:443 | catagna.com | tcp |
| US | 188.114.96.2:443 | depto11.com | tcp |
| US | 172.67.135.157:443 | carreil.com | tcp |
| GB | 141.136.33.40:443 | co-resa.com | tcp |
| US | 172.67.206.248:443 | cookbey.com | tcp |
| FR | 178.32.139.137:80 | chiordi.com | tcp |
| US | 188.114.96.2:443 | depto11.com | tcp |
| US | 198.54.125.112:443 | chebsaj.com | tcp |
| US | 8.8.8.8:53 | digi777.com | udp |
| US | 8.8.8.8:53 | 131.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.195.234.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.252.43.163.in-addr.arpa | udp |
| DE | 116.202.235.234:443 | crcalgo.com | tcp |
| KR | 158.247.243.23:443 | coubest.com | tcp |
| FR | 89.117.169.132:443 | curimex.com | tcp |
| US | 162.254.39.135:443 | cliread.com | tcp |
| US | 104.21.60.148:443 | conpini.com | tcp |
| IR | 194.147.142.196:443 | daysabt.com | tcp |
| IN | 217.21.91.45:443 | delhihq.com | tcp |
| US | 8.8.8.8:53 | digipio.com | udp |
| US | 8.8.8.8:53 | dillowe.com | udp |
| VN | 103.57.221.50:80 | danyuki.com | tcp |
| IR | 89.39.208.174:80 | chidahr.com | tcp |
| US | 8.8.8.8:53 | divstyl.com | udp |
| US | 104.21.9.154:443 | cormury.com | tcp |
| HK | 182.16.38.163:443 | cppmore.com | tcp |
| US | 104.21.4.168:443 | dewakee.com | tcp |
| US | 188.114.96.2:443 | dillowe.com | tcp |
| US | 8.8.8.8:53 | 69.147.178.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.226.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.97.168.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.37.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diyonna.com | udp |
| US | 8.8.8.8:53 | consciouosoepewmausj.site | udp |
| US | 172.67.141.68:443 | consciouosoepewmausj.site | tcp |
| US | 8.8.8.8:53 | dnaisha.com | udp |
| US | 8.8.8.8:53 | doudari.com | udp |
| US | 8.8.8.8:53 | drnajdi.com | udp |
| US | 64.31.23.22:443 | digipio.com | tcp |
| US | 8.8.8.8:53 | dygnosu.com | udp |
| FR | 193.203.239.79:80 | divstyl.com | tcp |
| US | 188.114.96.2:443 | diyonna.com | tcp |
| US | 8.8.8.8:53 | 111.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.135.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.139.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.125.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.235.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.142.147.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.91.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.208.39.89.in-addr.arpa | udp |
| US | 188.114.96.2:443 | diyonna.com | tcp |
| US | 8.8.8.8:53 | 135.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.243.247.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.221.57.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.9.21.104.in-addr.arpa | udp |
| US | 104.21.12.19:443 | doudari.com | tcp |
| IN | 13.233.197.167:443 | dygnosu.com | tcp |
| US | 8.8.8.8:53 | 168.4.21.104.in-addr.arpa | udp |
| IR | 217.144.105.174:80 | drnajdi.com | tcp |
| US | 8.8.8.8:53 | dsaeead.com | udp |
| US | 8.8.8.8:53 | www.cessaly.com | udp |
| US | 8.8.8.8:53 | dyspach.com | udp |
| US | 8.8.8.8:53 | www.bytacko.com | udp |
| US | 8.8.8.8:53 | weedpairfolkloredheryw.site | udp |
| US | 8.8.8.8:53 | www.chacora.com | udp |
| US | 8.8.8.8:53 | e-bukun.com | udp |
| US | 8.8.8.8:53 | www.carreil.com | udp |
| US | 8.8.8.8:53 | eagowri.com | udp |
| US | 8.8.8.8:53 | 163.38.16.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.141.67.172.in-addr.arpa | udp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 22.23.31.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eli-can.com | udp |
| US | 8.8.8.8:53 | elmassg.com | udp |
| US | 8.8.8.8:53 | www.canceco.com | udp |
| US | 8.8.8.8:53 | www.chiordi.com | udp |
| US | 8.8.8.8:53 | elstera.com | udp |
| US | 8.8.8.8:53 | www.catagna.com | udp |
| US | 8.8.8.8:53 | emdrtig.com | udp |
| US | 188.114.96.2:443 | www.chacora.com | tcp |
| US | 8.8.8.8:53 | emtenou.com | udp |
| US | 8.8.8.8:53 | www.erickgs.com | udp |
| US | 8.8.8.8:53 | www.dewakee.com | udp |
| US | 8.8.8.8:53 | www.cormury.com | udp |
| US | 8.8.8.8:53 | erppass.com | udp |
| TR | 188.132.158.176:80 | eli-can.com | tcp |
| BR | 149.100.155.50:443 | elmassg.com | tcp |
| US | 172.67.202.24:443 | www.canceco.com | tcp |
| US | 8.8.8.8:53 | www.dillowe.com | udp |
| US | 8.8.8.8:53 | www.erqin99.com | udp |
| US | 8.8.8.8:53 | escobin.com | udp |
| US | 172.67.206.248:443 | cookbey.com | tcp |
| VN | 103.57.221.50:443 | danyuki.com | tcp |
| FR | 178.32.139.137:80 | www.chiordi.com | tcp |
| US | 104.21.20.171:443 | dnaisha.com | tcp |
| US | 8.8.8.8:53 | etynltd.com | udp |
| US | 8.8.8.8:53 | 19.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.89.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.105.144.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.197.233.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | evrhire.com | udp |
| US | 8.8.8.8:53 | www.cppmore.com | udp |
| US | 52.111.227.11:443 | tcp | |
| AU | 170.64.145.60:443 | dyspach.com | tcp |
| FR | 91.234.195.123:80 | www.bytacko.com | tcp |
| IN | 89.117.157.243:443 | eagowri.com | tcp |
| DE | 193.141.3.72:443 | e-bukun.com | tcp |
| US | 104.21.70.14:443 | dsaeead.com | tcp |
| US | 188.114.96.2:443 | etynltd.com | tcp |
| US | 104.21.37.245:443 | www.cessaly.com | tcp |
| US | 104.21.26.74:443 | www.carreil.com | tcp |
| NL | 52.174.110.121:443 | emdrtig.com | tcp |
| US | 104.21.17.183:443 | www.catagna.com | tcp |
| BG | 185.45.66.180:443 | elstera.com | tcp |
| US | 188.114.96.2:443 | etynltd.com | tcp |
| US | 8.8.8.8:53 | www.diyonna.com | udp |
| US | 8.8.8.8:53 | ponible.com | udp |
| US | 8.8.8.8:53 | ponsync.com | udp |
| US | 62.72.7.119:443 | www.dyralpz.com | tcp |
| US | 162.214.189.93:443 | www.erickgs.com | tcp |
| US | 31.170.161.152:443 | erppass.com | tcp |
| IR | 217.144.105.174:443 | drnajdi.com | tcp |
| US | 8.8.8.8:53 | pramkiz.com | udp |
| US | 8.8.8.8:53 | www.doudari.com | udp |
| US | 8.8.8.8:53 | pintupa.com | udp |
| US | 104.21.9.154:443 | www.cormury.com | tcp |
| US | 188.114.97.2:443 | www.diyonna.com | tcp |
| US | 172.67.129.233:443 | tcp | |
| US | 188.114.96.2:443 | www.diyonna.com | tcp |
| SG | 15.235.193.145:443 | www.erqin99.com | tcp |
| US | 66.235.200.145:443 | evrhire.com | tcp |
| US | 188.114.96.2:443 | www.diyonna.com | tcp |
| US | 172.67.182.16:443 | escobin.com | tcp |
| ES | 188.164.195.236:443 | ponible.com | tcp |
| US | 188.114.96.2:443 | www.diyonna.com | tcp |
| US | 8.8.8.8:53 | 24.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.158.132.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.20.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.17.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.110.174.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.3.141.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.157.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.145.64.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.prosglb.com | udp |
| HK | 182.16.38.163:443 | www.cppmore.com | tcp |
| US | 172.67.180.193:443 | ponsync.com | tcp |
| US | 8.8.8.8:53 | rconaatt.com | udp |
| US | 8.8.8.8:53 | remartly.com | udp |
| US | 104.21.10.109:443 | pramkiz.com | tcp |
| US | 172.67.151.75:443 | www.doudari.com | tcp |
| US | 104.21.18.73:443 | pintupa.com | tcp |
| US | 8.8.8.8:53 | revva360.com | udp |
| HK | 43.198.89.245:443 | www.prosglb.com | tcp |
| US | 8.8.8.8:53 | rhinoflh.com | udp |
| US | 8.8.8.8:53 | 152.161.170.31.in-addr.arpa | udp |
| US | 108.61.119.65:443 | priroad.com | tcp |
| US | 8.8.8.8:53 | richskop.com | udp |
| US | 8.8.8.8:53 | 119.7.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.189.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.200.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.195.164.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.193.235.15.in-addr.arpa | udp |
| US | 154.41.231.236:443 | remartly.com | tcp |
| US | 8.8.8.8:53 | rloiseau.com | udp |
| US | 8.8.8.8:53 | rmgmonis.com | udp |
| US | 8.8.8.8:53 | www.dsaeead.com | udp |
| US | 8.8.8.8:53 | robilete.com | udp |
| US | 8.8.8.8:53 | rootzpro.com | udp |
| US | 8.8.8.8:53 | roverdan.com | udp |
| US | 8.8.8.8:53 | www.dnaisha.com | udp |
| US | 8.8.8.8:53 | rubronya.com | udp |
| US | 8.8.8.8:53 | rutazone.com | udp |
| US | 8.8.8.8:53 | ruyabett.com | udp |
| US | 8.8.8.8:53 | 193.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ryne-tec.com | udp |
| US | 8.8.8.8:53 | sagapood.com | udp |
| US | 8.8.8.8:53 | samikuhl.com | udp |
| US | 8.8.8.8:53 | www.dyspach.com | udp |
| US | 8.8.8.8:53 | sammagik.com | udp |
| US | 50.87.172.132:443 | richskop.com | tcp |
| US | 8.8.8.8:53 | sample-1.com | udp |
| RU | 5.42.65.31:48396 | tcp | |
| FR | 154.49.245.191:443 | rloiseau.com | tcp |
| US | 104.21.84.117:443 | rmgmonis.com | tcp |
| US | 188.114.96.2:443 | ruyabett.com | tcp |
| US | 188.114.96.2:443 | ruyabett.com | tcp |
| US | 34.68.234.4:443 | revva360.com | tcp |
| FR | 89.117.169.161:443 | reuaerat.com | tcp |
| US | 167.71.25.126:443 | rhinoflh.com | tcp |
| US | 188.114.96.2:443 | ruyabett.com | tcp |
| US | 195.35.39.27:443 | rootzpro.com | tcp |
| US | 172.67.205.226:443 | rubronya.com | tcp |
| RO | 185.171.184.35:443 | robilete.com | tcp |
| US | 8.8.8.8:53 | www.escobin.com | udp |
| US | 8.8.8.8:53 | sanabulk.com | udp |
| US | 8.8.8.8:53 | sczcakes.com | udp |
| GB | 185.77.97.190:443 | saisfasa.com | tcp |
| ES | 82.194.68.86:443 | rutazone.com | tcp |
| US | 162.241.225.27:443 | sammagik.com | tcp |
| US | 8.8.8.8:53 | selemlek.com | udp |
| US | 8.8.8.8:53 | seamoove.com | udp |
| US | 8.8.8.8:53 | scantixx.com | udp |
| US | 8.8.8.8:53 | semacell.com | udp |
| US | 8.8.8.8:53 | 245.89.198.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sendonyx.com | udp |
| US | 188.114.97.2:443 | ruyabett.com | tcp |
| US | 8.8.8.8:53 | seobruce.com | udp |
| US | 8.8.8.8:53 | seopapai.com | udp |
| LU | 198.251.88.24:443 | sagapood.com | tcp |
| US | 8.8.8.8:53 | pri-towing.com | udp |
| US | 8.8.8.8:53 | 236.231.41.154.in-addr.arpa | udp |
| AU | 170.64.145.60:443 | www.dyspach.com | tcp |
| US | 8.8.8.8:53 | seraj-sa.com | udp |
| US | 8.8.8.8:53 | sevasilk.com | udp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | sharise1.com | udp |
| US | 8.8.8.8:53 | shldhaka.com | udp |
| US | 172.67.182.16:443 | www.escobin.com | tcp |
| US | 153.92.215.176:443 | sczcakes.com | tcp |
| US | 8.8.8.8:53 | sinarpos.com | udp |
| NL | 160.153.138.10:443 | ryne-tec.com | tcp |
| US | 104.21.84.136:443 | samikuhl.com | tcp |
| US | 104.21.34.221:443 | selemlek.com | tcp |
| US | 72.167.78.221:80 | sample-1.com | tcp |
| SG | 193.168.193.115:443 | scantixx.com | tcp |
| US | 172.67.133.5:443 | sendonyx.com | tcp |
| US | 151.101.66.159:443 | seobruce.com | tcp |
| US | 8.8.8.8:53 | sktopics.com | udp |
| ES | 185.34.194.76:80 | seamoove.com | tcp |
| US | 8.8.8.8:53 | 132.172.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.169.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.205.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.68.194.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.25.71.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.234.68.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.39.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.225.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.88.251.198.in-addr.arpa | udp |
| US | 108.61.119.65:443 | pri-towing.com | tcp |
| US | 8.8.8.8:53 | smithpat.com | udp |
| US | 8.8.8.8:53 | snowlips.com | udp |
| IN | 195.35.45.248:443 | seopapai.com | tcp |
| US | 8.8.8.8:53 | sport-b2.com | udp |
| US | 8.8.8.8:53 | soliahei.com | udp |
| US | 52.200.254.71:443 | sevasilk.com | tcp |
| US | 8.8.8.8:53 | pleasehold.studio | udp |
| NL | 185.166.188.108:443 | seraj-sa.com | tcp |
| US | 8.8.8.8:53 | ca-rca.com | udp |
| US | 8.8.8.8:53 | ccporg.com | udp |
| US | 8.8.8.8:53 | softvato.com | udp |
| US | 8.8.8.8:53 | 10.138.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.84.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.215.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.34.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cndmmo.com | udp |
| US | 8.8.8.8:53 | cosbil.com | udp |
| US | 8.8.8.8:53 | crstai.com | udp |
| DE | 185.172.128.33:8924 | tcp | |
| US | 67.225.137.57:443 | shldhaka.com | tcp |
| US | 104.21.60.84:443 | smithpat.com | tcp |
| US | 50.87.184.207:443 | sktopics.com | tcp |
| US | 8.8.8.8:53 | cvghfh.com | udp |
| US | 8.8.8.8:53 | datzai.com | udp |
| SG | 109.106.253.225:443 | sinarpos.com | tcp |
| US | 65.181.111.151:80 | sharise1.com | tcp |
| US | 8.8.8.8:53 | dgrinn.com | udp |
| SG | 184.168.107.98:443 | sport-b2.com | tcp |
| US | 8.8.8.8:53 | dylime.com | udp |
| US | 188.114.97.2:443 | dylime.com | tcp |
| US | 8.8.8.8:53 | ebeiri.com | udp |
| GB | 185.77.97.113:443 | softvato.com | tcp |
| NZ | 103.250.233.242:443 | snowlips.com | tcp |
| US | 66.29.146.195:443 | ccporg.com | tcp |
| SG | 185.232.14.184:443 | ca-rca.com | tcp |
| US | 8.8.8.8:53 | 159.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.133.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.194.34.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.78.167.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.193.168.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.45.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.188.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecprom.com | udp |
| US | 8.8.8.8:53 | eiejab.com | udp |
| US | 199.250.198.199:443 | connoa.com | tcp |
| HK | 47.243.22.142:443 | crstai.com | tcp |
| US | 188.114.97.2:443 | dylime.com | tcp |
| US | 8.8.8.8:53 | ekidzy.com | udp |
| US | 8.8.8.8:53 | elhaku.com | udp |
| US | 162.254.39.145:443 | pleasehold.studio | tcp |
| US | 8.8.8.8:53 | emu-ru.com | udp |
| US | 188.114.97.2:443 | dylime.com | tcp |
| US | 8.8.8.8:53 | eso116.com | udp |
| US | 149.100.151.214:443 | ebeiri.com | tcp |
| US | 164.92.91.83:443 | datzai.com | tcp |
| US | 8.8.8.8:53 | enzofx.com | udp |
| US | 8.8.8.8:53 | excetv.com | udp |
| US | 8.8.8.8:53 | 84.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.137.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.184.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.111.181.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.253.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | faqcol.com | udp |
| US | 8.8.8.8:53 | www.seamoove.com | udp |
| ID | 103.163.138.107:443 | elhaku.com | tcp |
| US | 8.8.8.8:53 | fudboi.com | udp |
| FI | 65.108.68.235:443 | eiejab.com | tcp |
| US | 154.56.47.110:443 | dgrinn.com | tcp |
| US | 8.8.8.8:53 | fxseen.com | udp |
| US | 162.240.210.173:443 | ekidzy.com | tcp |
| US | 184.171.242.25:443 | ecprom.com | tcp |
| US | 8.8.8.8:53 | ga4biz.com | udp |
| US | 8.8.8.8:53 | gigach.com | udp |
| US | 8.8.8.8:53 | gdasys.com | udp |
| US | 8.8.8.8:53 | www.samikuhl.com | udp |
| US | 8.8.8.8:53 | gay-ck.com | udp |
| US | 8.8.8.8:53 | glooux.com | udp |
| ES | 185.34.194.76:80 | www.seamoove.com | tcp |
| US | 162.241.253.93:443 | etooil.com | tcp |
| US | 8.8.8.8:53 | graapk.com | udp |
| US | 104.21.71.190:443 | excetv.com | tcp |
| US | 8.8.8.8:53 | 98.107.168.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.198.250.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.146.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.14.232.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.39.254.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.233.250.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.22.243.47.in-addr.arpa | udp |
| RU | 77.222.62.142:80 | f-hood.com | tcp |
| US | 69.61.52.104:443 | faqcol.com | tcp |
| US | 8.8.8.8:53 | toneshiftmedia.com | udp |
| US | 162.241.68.240:443 | fudboi.com | tcp |
| US | 8.8.8.8:53 | www.smithpat.com | udp |
| US | 8.8.8.8:53 | gutomo.com | udp |
| US | 8.8.8.8:53 | haangt.com | udp |
| US | 8.8.8.8:53 | gycnzs.com | udp |
| NL | 195.20.16.45:80 | tcp | |
| US | 8.8.8.8:53 | hd-zog.com | udp |
| US | 195.179.237.134:443 | enzofx.com | tcp |
| US | 8.8.8.8:53 | www.soliahei.com | udp |
| US | 8.8.8.8:53 | hotajs.com | udp |
| US | 192.185.225.171:443 | emu-ru.com | tcp |
| US | 103.123.243.29:443 | eso116.com | tcp |
| FR | 154.49.245.177:443 | ga4biz.com | tcp |
| US | 8.8.8.8:53 | hrt-us.com | udp |
| US | 188.114.96.2:443 | www.soliahei.com | tcp |
| US | 172.67.193.87:443 | www.samikuhl.com | tcp |
| GB | 185.77.97.165:443 | gigach.com | tcp |
| US | 108.179.232.152:443 | gdasys.com | tcp |
| US | 8.8.8.8:53 | 235.68.108.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.210.240.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.242.171.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.chidahr.com | udp |
| US | 104.21.26.99:443 | graapk.com | tcp |
| US | 162.0.235.208:443 | toneshiftmedia.com | tcp |
| US | 162.241.24.53:443 | fxseen.com | tcp |
| US | 8.8.8.8:53 | ifoiet.com | udp |
| US | 188.114.97.2:80 | www.soliahei.com | tcp |
| US | 8.8.8.8:53 | in2set.com | udp |
| US | 104.21.25.80:443 | hd-zog.com | tcp |
| US | 8.8.8.8:53 | isf-hu.com | udp |
| DE | 162.55.132.97:443 | haangt.com | tcp |
| US | 188.114.97.2:443 | www.soliahei.com | tcp |
| US | 8.8.8.8:53 | itcmem.com | udp |
| US | 172.67.194.250:443 | www.smithpat.com | tcp |
| US | 8.8.8.8:53 | jajika.com | udp |
| US | 8.8.8.8:53 | jbpars.com | udp |
| US | 8.8.8.8:53 | 93.253.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.62.222.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.52.61.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.68.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.193.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.237.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.225.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.123.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.232.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.sample-1.com | udp |
| US | 8.8.8.8:53 | jnvaag.com | udp |
| US | 8.8.8.8:53 | joumws.com | udp |
| US | 8.8.8.8:53 | jurabr.com | udp |
| US | 8.8.8.8:53 | kaiabe.com | udp |
| US | 8.8.8.8:53 | key-os.com | udp |
| US | 8.8.8.8:53 | koksik.com | udp |
| US | 8.8.8.8:53 | koyyok.com | udp |
| US | 8.8.8.8:53 | laanga.com | udp |
| IR | 89.39.208.174:80 | www.chidahr.com | tcp |
| US | 38.34.175.53:443 | hotajs.com | tcp |
| US | 8.8.8.8:53 | lebnyc.com | udp |
| NL | 85.17.63.135:443 | ifoiet.com | tcp |
| US | 38.47.254.70:80 | gycnzs.com | tcp |
| CA | 144.217.195.254:443 | hrt-us.com | tcp |
| US | 8.8.8.8:53 | passport.abv.bg | udp |
| KR | 183.111.183.55:443 | itcmem.com | tcp |
| IR | 217.144.105.207:443 | in2set.com | tcp |
| US | 104.21.64.240:443 | jurabr.com | tcp |
| US | 72.167.78.221:80 | www.sample-1.com | tcp |
| US | 85.239.241.50:443 | laimaq.com | tcp |
| IR | 45.139.11.244:443 | jajika.com | tcp |
| US | 8.8.8.8:53 | 99.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.24.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.25.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.132.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newajs.com | udp |
| US | 8.8.8.8:53 | lttpet.com | udp |
| US | 8.8.8.8:53 | m-grip.com | udp |
| US | 8.8.8.8:53 | www.maocke.com | udp |
| US | 8.8.8.8:53 | mcmona.com | udp |
| US | 8.8.8.8:53 | nay-iq.com | udp |
| US | 8.8.8.8:53 | notaab.com | udp |
| US | 8.8.8.8:53 | linfey.com | udp |
| US | 8.8.8.8:53 | www.nowfad.com | udp |
| BG | 194.153.145.110:443 | passport.abv.bg | tcp |
| DE | 176.9.47.240:2023 | tcp | |
| US | 188.114.97.2:443 | key-os.com | tcp |
| US | 188.114.96.2:443 | key-os.com | tcp |
| US | 8.8.8.8:53 | nu-vid.com | udp |
| US | 8.8.8.8:53 | old-je.com | udp |
| US | 8.8.8.8:53 | origpg.com | udp |
| DE | 38.242.215.55:443 | koksik.com | tcp |
| US | 160.153.0.94:80 | lebnyc.com | tcp |
| FR | 154.49.245.25:443 | joumws.com | tcp |
| US | 143.198.98.171:443 | laanga.com | tcp |
| IN | 154.41.233.42:443 | jnvaag.com | tcp |
| US | 8.8.8.8:53 | www.otalib.com | udp |
| US | 8.8.8.8:53 | 250.194.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.63.17.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.195.217.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.175.34.38.in-addr.arpa | udp |
| TH | 202.9.90.210:80 | koyyok.com | tcp |
| DE | 148.251.87.195:443 | jbpars.com | tcp |
| US | 8.8.8.8:53 | 70.254.47.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | owjmed.com | udp |
| US | 8.8.8.8:53 | pgauga.com | udp |
| IR | 188.212.22.252:80 | isf-hu.com | tcp |
| US | 8.8.8.8:53 | popshr.com | udp |
| SG | 154.26.131.226:443 | m-grip.com | tcp |
| US | 154.56.47.11:443 | nay-iq.com | tcp |
| JP | 115.38.244.41:80 | mcmona.com | tcp |
| US | 154.56.47.145:443 | lttpet.com | tcp |
| US | 188.114.96.2:443 | key-os.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | ppsalt.com | udp |
| US | 8.8.8.8:53 | qumraa.com | udp |
| US | 8.8.8.8:53 | raziqu.com | udp |
| US | 38.34.175.49:443 | newajs.com | tcp |
| US | 38.34.175.53:443 | hotajs.com | tcp |
| US | 8.8.8.8:53 | romhin.com | udp |
| US | 8.8.8.8:53 | rta-bd.com | udp |
| US | 8.8.8.8:53 | 240.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.105.144.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.11.139.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.239.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.183.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.145.153.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.215.242.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.245.49.154.in-addr.arpa | udp |
| US | 104.21.62.55:443 | www.nowfad.com | tcp |
| CN | 111.229.146.141:443 | www.maocke.com | tcp |
| DE | 46.4.96.88:443 | origpg.com | tcp |
| US | 172.67.172.197:443 | old-je.com | tcp |
| US | 104.21.27.76:443 | nu-vid.com | tcp |
| US | 8.8.8.8:53 | sanysa.com | udp |
| US | 8.8.8.8:53 | sienha.com | udp |
| US | 8.8.8.8:53 | sobirt.com | udp |
| US | 8.8.8.8:53 | swhubs.com | udp |
| US | 8.8.8.8:53 | sxzwcg.com | udp |
| US | 8.8.8.8:53 | ressss.com | udp |
| IR | 89.39.208.251:443 | notaab.com | tcp |
| US | 154.56.47.49:443 | popshr.com | tcp |
| CN | 39.104.28.58:443 | www.otalib.com | tcp |
| US | 8.8.8.8:53 | tbhhub.com | udp |
| US | 8.8.8.8:53 | www.tbt.de | udp |
| US | 8.8.8.8:53 | teapku.com | udp |
| US | 8.8.8.8:53 | jnvbaagh.in | udp |
| US | 74.208.236.190:443 | owjmed.com | tcp |
| US | 195.179.236.64:443 | raziqu.com | tcp |
| US | 8.8.8.8:53 | 171.98.198.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 8.8.8.8:53 | 195.87.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.22.212.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.90.9.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.131.26.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.175.34.38.in-addr.arpa | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| FR | 51.91.236.193:443 | rta-bd.com | tcp |
| US | 195.179.238.88:443 | romhin.com | tcp |
| US | 34.120.137.41:443 | sanysa.com | tcp |
| IN | 154.41.233.69:443 | ppsalt.com | tcp |
| US | 8.8.8.8:53 | 55.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tebidu.com | udp |
| US | 8.8.8.8:53 | towoio.com | udp |
| US | 8.8.8.8:53 | traumt.com | udp |
| US | 8.8.8.8:53 | trysoz.com | udp |
| US | 8.8.8.8:53 | tvromw.com | udp |
| US | 8.8.8.8:53 | uhmsmp.com | udp |
| US | 8.8.8.8:53 | ubinpk.com | udp |
| US | 8.8.8.8:53 | usesoz.com | udp |
| US | 8.8.8.8:53 | varihe.com | udp |
| US | 8.8.8.8:53 | tvtoop.com | udp |
| US | 8.8.8.8:53 | venaai.com | udp |
| FR | 89.116.147.129:443 | sienha.com | tcp |
| DE | 206.189.55.37:443 | sobirt.com | tcp |
| US | 72.167.253.214:443 | swhubs.com | tcp |
| KR | 141.164.63.52:443 | ressss.com | tcp |
| HK | 154.95.239.50:80 | sxzwcg.com | tcp |
| US | 172.67.142.175:443 | teapku.com | tcp |
| DE | 116.203.1.84:443 | www.tbt.de | tcp |
| IN | 154.41.233.42:443 | jnvbaagh.in | tcp |
| SG | 194.163.38.120:443 | tbhhub.com | tcp |
| US | 8.8.8.8:53 | 76.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.96.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.208.39.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.47.56.154.in-addr.arpa | udp |
| FR | 37.187.155.34:443 | tebgan.com | tcp |
| US | 72.52.134.22:443 | qumraa.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | vigiwi.com | udp |
| US | 38.34.175.49:443 | newajs.com | tcp |
| SG | 139.99.2.52:443 | www.vaynbv.com | tcp |
| IN | 154.41.233.120:443 | venaai.com | tcp |
| US | 154.56.47.109:443 | ubinpk.com | tcp |
| DE | 78.46.152.62:443 | traumt.com | tcp |
| US | 160.153.0.108:80 | uhmsmp.com | tcp |
| US | 104.21.41.17:443 | tvtoop.com | tcp |
| GB | 154.49.138.69:443 | towoio.com | tcp |
| GB | 31.220.106.249:443 | varihe.com | tcp |
| US | 35.168.248.167:443 | usesoz.com | tcp |
| CN | 42.194.240.119:443 | tvromw.com | tcp |
| US | 8.8.8.8:53 | vindje.com | udp |
| SG | 207.148.71.70:443 | tebidu.com | tcp |
| US | 8.8.8.8:53 | sobirt.com.br | udp |
| US | 8.8.8.8:53 | 59.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.236.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.236.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.236.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.238.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.137.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.55.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.1.203.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.253.167.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.38.163.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.239.95.154.in-addr.arpa | udp |
| US | 35.168.248.167:443 | usesoz.com | tcp |
| SG | 206.189.152.5:443 | vigiwi.com | tcp |
| US | 8.8.8.8:53 | vipcgb.com | udp |
| US | 8.8.8.8:53 | thethaiger.cfd | udp |
| US | 8.8.8.8:53 | newsindia.buzz | udp |
| US | 8.8.8.8:53 | metroweekly.cfd | udp |
| US | 8.8.8.8:53 | hazim.pro | udp |
| US | 8.8.8.8:53 | ussplayers.buzz | udp |
| DE | 206.189.55.37:443 | sobirt.com.br | tcp |
| US | 8.8.8.8:53 | 34.155.187.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.134.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.41.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.138.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.106.220.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.152.46.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.2.99.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | topviet.pro | udp |
| US | 8.8.8.8:53 | lockbot.pro | udp |
| HK | 154.95.239.55:80 | vipcgb.com | tcp |
| US | 63.250.43.3:80 | vindje.com | tcp |
| US | 8.8.8.8:53 | desihub.pro | udp |
| US | 8.8.8.8:53 | adpross.pro | udp |
| US | 8.8.8.8:53 | lamaking.pro | udp |
| US | 66.29.141.150:443 | metroweekly.cfd | tcp |
| US | 160.153.0.108:443 | uhmsmp.com | tcp |
| US | 8.8.8.8:53 | roberman.pro | udp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| US | 8.8.8.8:53 | hrmentor.pro | udp |
| IN | 148.113.17.52:80 | ussplayers.buzz | tcp |
| IN | 82.180.143.182:443 | newsindia.buzz | tcp |
| US | 66.29.141.150:443 | metroweekly.cfd | tcp |
| US | 8.8.8.8:53 | clicksuds.pro | udp |
| US | 8.8.8.8:53 | www.sxzwcg.com | udp |
| US | 104.21.68.160:443 | topviet.pro | tcp |
| US | 8.8.8.8:53 | bardlogin.pro | udp |
| US | 8.8.8.8:53 | alexkonon.pro | udp |
| US | 8.8.8.8:53 | oxyscrape.pro | udp |
| US | 8.8.8.8:53 | ocriativo.pro | udp |
| US | 104.21.75.21:443 | desihub.pro | tcp |
| US | 154.56.47.55:443 | lockbot.pro | tcp |
| US | 8.8.8.8:53 | 70.71.148.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | digitalit.pro | udp |
| US | 8.8.8.8:53 | allcalidad.pro | udp |
| IN | 193.203.185.204:443 | adpross.pro | tcp |
| US | 104.21.58.234:80 | roberman.pro | tcp |
| US | 8.8.8.8:53 | xrps20coin.pro | udp |
| US | 8.8.8.8:53 | writecraft.pro | udp |
| US | 8.8.8.8:53 | wp-trading.pro | udp |
| US | 8.8.8.8:53 | maxresource.pro | udp |
| US | 8.8.8.8:53 | binarygames.pro | udp |
| US | 8.8.8.8:53 | turcasseries.pro | udp |
| US | 8.8.8.8:53 | www.tebidu.com | udp |
| US | 8.8.8.8:53 | 55.239.95.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.43.250.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.141.29.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.16.20.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.youtube.com | udp |
| US | 8.8.8.8:53 | mgtow.space | udp |
| MY | 185.93.166.166:443 | lamaking.pro | tcp |
| GB | 142.250.200.46:443 | m.youtube.com | tcp |
| DE | 176.9.47.240:2023 | tcp | |
| RO | 188.241.222.254:443 | hrmentor.pro | tcp |
| RU | 95.213.255.249:443 | alexkonon.pro | tcp |
| HK | 154.95.239.50:80 | www.sxzwcg.com | tcp |
| BR | 62.72.62.215:443 | ocriativo.pro | tcp |
| US | 82.165.214.231:443 | digitalit.pro | tcp |
| SG | 207.148.71.70:443 | www.tebidu.com | tcp |
| CZ | 80.211.194.194:443 | xrps20coin.pro | tcp |
| US | 8.8.8.8:53 | coutto.space | udp |
| US | 188.114.97.2:443 | turcasseries.pro | tcp |
| US | 8.8.8.8:53 | judatap.space | udp |
| US | 8.8.8.8:53 | 182.143.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x-borg.space | udp |
| US | 8.8.8.8:53 | 21.75.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.17.113.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.185.203.193.in-addr.arpa | udp |
| RU | 77.222.40.223:80 | maxresource.pro | tcp |
| US | 8.8.8.8:53 | www.vipcgb.com | udp |
| US | 209.17.116.160:80 | mgtow.space | tcp |
| US | 85.31.227.211:443 | writecraft.pro | tcp |
| US | 172.67.201.63:443 | allcalidad.pro | tcp |
| US | 104.21.6.124:443 | binarygames.pro | tcp |
| US | 8.8.8.8:53 | neera-art.space | udp |
| US | 165.140.70.174:443 | livewithdreams.pro | tcp |
| CN | 101.43.108.213:443 | wp-trading.pro | tcp |
| US | 104.21.31.245:443 | yethz.space | tcp |
| US | 172.67.157.108:443 | oxyscrape.pro | tcp |
| US | 8.8.8.8:53 | makecrypto.space | udp |
| US | 8.8.8.8:53 | design4you.space | udp |
| US | 8.8.8.8:53 | vitalvertex.space | udp |
| US | 8.8.8.8:53 | ipdaeen.space | udp |
| US | 8.8.8.8:53 | corpotaosonhado.space | udp |
| DE | 78.47.205.166:443 | recaptcha.cloud | tcp |
| US | 8.8.8.8:53 | alexfloresanimation.space | udp |
| US | 8.8.8.8:53 | 166.166.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| BR | 154.49.247.117:443 | coutto.space | tcp |
| US | 8.8.8.8:53 | 249.255.213.95.in-addr.arpa | udp |
| CN | 140.143.125.217:443 | topgun.space | tcp |
| US | 8.8.8.8:53 | sitedevendasoficial.space | udp |
| US | 8.8.8.8:53 | articulacoesdossonhos.space | udp |
| US | 8.8.8.8:53 | gkhan.dev | udp |
| US | 8.8.8.8:53 | dstein.dev | udp |
| US | 8.8.8.8:53 | brweb.dev | udp |
| SG | 109.106.252.5:443 | x-borg.space | tcp |
| HK | 154.95.239.55:80 | www.vipcgb.com | tcp |
| US | 66.81.203.198:443 | ipdaeen.space | tcp |
| DE | 81.169.145.70:443 | neera-art.space | tcp |
| US | 8.8.8.8:53 | www.digitalit.pro | udp |
| US | 8.8.8.8:53 | www.ibenaddi.dev | udp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| US | 8.8.8.8:53 | 231.214.165.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.62.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.201.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.40.222.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.227.31.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.31.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.157.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.70.140.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iternal.us | udp |
| US | 8.8.8.8:53 | ajinanban.dev | udp |
| US | 50.6.138.136:443 | corpotaosonhado.space | tcp |
| US | 66.81.203.198:443 | ipdaeen.space | tcp |
| UA | 185.143.145.233:443 | makecrypto.space | tcp |
| NL | 31.131.26.178:443 | design4you.space | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | worrystitchsounddywuwp.site | udp |
| US | 162.241.224.119:443 | alexfloresanimation.space | tcp |
| US | 8.8.8.8:53 | adamvogel.dev | udp |
| US | 82.165.214.231:443 | www.digitalit.pro | tcp |
| FR | 62.72.16.241:443 | www.ibenaddi.dev | tcp |
| US | 108.179.253.222:443 | articulacoesdossonhos.space | tcp |
| TR | 217.18.85.230:80 | cicekci.dev | tcp |
| GB | 82.3.44.7:443 | brweb.dev | tcp |
| US | 50.87.231.135:443 | gkhan.dev | tcp |
| US | 8.8.8.8:53 | dotnetace.dev | udp |
| US | 188.114.97.2:443 | adamvogel.dev | tcp |
| US | 8.8.8.8:53 | coolcoding.dev | udp |
| US | 8.8.8.8:53 | danielsantos.dev | udp |
| US | 8.8.8.8:53 | 160.116.17.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.252.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | propertyguaranteed.dev | udp |
| US | 8.8.8.8:53 | olon.life | udp |
| US | 8.8.8.8:53 | spicanet.net | udp |
| US | 82.180.174.108:443 | prioritylogisticexpress.space | tcp |
| US | 8.8.8.8:53 | zentra.life | udp |
| US | 8.8.8.8:53 | william-martin.dev | udp |
| US | 8.8.8.8:53 | tripiz.life | udp |
| US | 8.8.8.8:53 | ibutio.life | udp |
| US | 188.114.96.2:443 | olon.life | tcp |
| US | 8.8.8.8:53 | labalance.life | udp |
| JP | 18.182.191.165:443 | ajinanban.dev | tcp |
| US | 104.225.208.23:80 | dstein.dev | tcp |
| US | 172.66.40.56:443 | iternal.us | tcp |
| US | 192.185.35.93:443 | dotnetace.dev | tcp |
| US | 195.179.239.25:443 | coolcoding.dev | tcp |
| US | 8.8.8.8:53 | 178.26.131.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.145.143.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.138.6.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.16.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.44.3.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | amyalvarez.life | udp |
| US | 143.244.147.30:443 | wellspring.dev | tcp |
| US | 192.254.250.186:443 | tripiz.life | tcp |
| US | 66.235.200.145:443 | william-martin.dev | tcp |
| US | 8.8.8.8:53 | mousetrapguy.life | udp |
| US | 8.8.8.8:53 | areyoubeautiful.life | udp |
| US | 8.8.8.8:53 | hammockfactory.life | udp |
| US | 8.8.8.8:53 | fernandaferreira.life | udp |
| US | 8.8.8.8:53 | theprogrammer.life | udp |
| US | 8.8.8.8:53 | 222.253.179.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.231.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.174.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youit.fun | udp |
| US | 8.8.8.8:53 | drinx.fun | udp |
| US | 8.8.8.8:53 | xgenz.fun | udp |
| US | 8.8.8.8:53 | krotko.fun | udp |
| US | 8.8.8.8:53 | holazom.fun | udp |
| US | 8.8.8.8:53 | thehair.fun | udp |
| US | 188.114.97.2:443 | olon.life | tcp |
| US | 172.67.138.64:443 | propertyguaranteed.dev | tcp |
| US | 172.67.164.71:443 | spicanet.net | tcp |
| GB | 185.77.97.236:443 | danielsantos.dev | tcp |
| US | 141.193.213.11:443 | labalance.life | tcp |
| US | 62.72.2.220:443 | ibutio.life | tcp |
| US | 8.8.8.8:53 | plenoapp.fun | udp |
| US | 8.8.8.8:53 | gamerhub.fun | udp |
| US | 23.111.132.90:443 | fitnation.life | tcp |
| UA | 185.143.145.233:443 | makecrypto.space | tcp |
| US | 66.81.203.198:80 | amyalvarez.life | tcp |
| US | 8.8.8.8:53 | 56.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.35.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.239.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.208.225.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.147.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.191.182.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.250.254.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | welovepets.fun | udp |
| US | 82.180.174.232:443 | thehair.fun | tcp |
| US | 8.8.8.8:53 | lalfatafat.fun | udp |
| FR | 213.32.10.111:80 | krotko.fun | tcp |
| LT | 84.32.84.32:443 | youit.fun | tcp |
| US | 34.132.240.12:443 | drinx.fun | tcp |
| US | 216.24.57.1:443 | holazom.fun | tcp |
| US | 173.201.178.72:80 | theprogrammer.life | tcp |
| US | 172.67.222.183:443 | idola69toto.life | tcp |
| BR | 149.100.155.67:443 | fernandaferreira.life | tcp |
| US | 160.153.0.78:443 | mousetrapguy.life | tcp |
| US | 8.8.8.8:53 | imparaveis.fun | udp |
| US | 8.8.8.8:53 | techfixpro.fun | udp |
| US | 8.8.8.8:53 | pcdoctorpro.fun | udp |
| US | 8.8.8.8:53 | elberpassos.fun | udp |
| US | 8.8.8.8:53 | dogfriendly.fun | udp |
| US | 8.8.8.8:53 | 64.138.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.97.77.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.2.72.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vivamasleve.fun | udp |
| US | 8.8.8.8:53 | dummywebsite.fun | udp |
| US | 104.21.90.91:443 | plenoapp.fun | tcp |
| US | 8.8.8.8:53 | sejaradiante.fun | udp |
| HK | 35.220.147.109:443 | welovepets.fun | tcp |
| US | 89.117.139.123:443 | lalfatafat.fun | tcp |
| ID | 153.92.13.220:443 | pcdoctorpro.fun | tcp |
| US | 8.8.8.8:53 | colorfortune.fun | udp |
| US | 8.8.8.8:53 | governorsindh.fun | udp |
| US | 8.8.8.8:53 | music-liceum.fun | udp |
| ID | 153.92.13.220:443 | pcdoctorpro.fun | tcp |
| ID | 153.92.13.220:443 | pcdoctorpro.fun | tcp |
| US | 162.241.203.231:443 | vivamasleve.fun | tcp |
| US | 8.8.8.8:53 | vidaemqualidade.fun | udp |
| US | 8.8.8.8:53 | aubin.cloud | udp |
| US | 8.8.8.8:53 | www.luxpc.de | udp |
| US | 162.241.2.157:443 | imparaveis.fun | tcp |
| US | 154.56.47.92:443 | dummywebsite.fun | tcp |
| US | 8.8.8.8:53 | 111.10.32.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.132.111.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.57.24.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.222.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.0.153.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.174.180.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.240.132.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.178.201.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.155.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.21.104.in-addr.arpa | udp |
| US | 149.100.151.5:443 | dogfriendly.fun | tcp |
| US | 8.8.8.8:53 | vanoni.cloud | udp |
| IN | 217.21.85.173:443 | colorfortune.fun | tcp |
| US | 8.8.8.8:53 | www.sohib21.cloud | udp |
| US | 8.8.8.8:53 | appespia.cloud | udp |
| UA | 185.104.45.52:443 | music-liceum.fun | tcp |
| US | 198.54.115.171:443 | governorsindh.fun | tcp |
| LT | 84.32.84.32:443 | vidaemqualidade.fun | tcp |
| VN | 103.121.89.179:443 | xgenz.fun | tcp |
| US | 8.8.8.8:53 | giftbazar.cloud | udp |
| US | 8.8.8.8:53 | www.drinx.fun | udp |
| DE | 82.165.109.38:443 | vanoni.cloud | tcp |
| US | 8.8.8.8:53 | cctv-online.cloud | udp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| BR | 154.49.247.224:443 | appespia.cloud | tcp |
| DE | 217.13.206.102:443 | www.luxpc.de | tcp |
| FR | 51.91.236.193:80 | aubin.cloud | tcp |
| US | 8.8.8.8:53 | 123.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.13.92.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.203.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.47.56.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.45.104.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.85.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esportes-bonus.com | udp |
| US | 172.67.186.191:443 | www.sohib21.cloud | tcp |
| US | 8.8.8.8:53 | esotericastyle.com | udp |
| US | 8.8.8.8:53 | estudiotermico.com | udp |
| US | 8.8.8.8:53 | espressovoyage.com | udp |
| FI | 95.216.158.154:443 | webcrafters.cloud | tcp |
| US | 8.8.8.8:53 | etefoodtrading.com | udp |
| US | 34.132.240.12:443 | www.drinx.fun | tcp |
| US | 8.8.8.8:53 | eufabetcasinos.com | udp |
| US | 8.8.8.8:53 | eunetfinancial.com | udp |
| US | 8.8.8.8:53 | eutopiatherapy.com | udp |
| US | 104.21.90.28:443 | giftbazar.cloud | tcp |
| DE | 38.242.194.224:443 | tcp | |
| NL | 185.104.29.38:80 | etefoodtrading.com | tcp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| US | 8.8.8.8:53 | evagiantgroups.com | udp |
| US | 8.8.8.8:53 | exclusifdriver.com | udp |
| US | 8.8.8.8:53 | 171.115.54.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.206.13.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.186.67.172.in-addr.arpa | udp |
| US | 178.128.150.35:443 | esportes-bonus.com | tcp |
| US | 216.246.46.86:443 | esotericastyle.com | tcp |
| NL | 160.153.138.10:443 | eutopiatherapy.com | tcp |
| US | 8.8.8.8:53 | facilitatehere.com | udp |
| US | 8.8.8.8:53 | faithfootsteps.com | udp |
| US | 104.21.5.215:443 | tcp | |
| US | 8.8.8.8:53 | falconassetsec.com | udp |
| US | 8.8.8.8:53 | www.music-liceum.fun | udp |
| US | 104.21.88.126:443 | espressovoyage.com | tcp |
| US | 8.8.8.8:53 | factandfinding.com | udp |
| SG | 5.181.216.135:443 | cctv-online.cloud | tcp |
| US | 173.201.178.186:443 | eunetfinancial.com | tcp |
| ES | 194.36.123.88:443 | estudiotermico.com | tcp |
| US | 188.114.97.2:443 | eufabetcasinos.com | tcp |
| FR | 154.49.245.30:443 | exclusifdriver.com | tcp |
| DE | 139.162.132.15:443 | evagiantgroups.com | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 8.8.8.8:53 | 154.158.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.194.242.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.29.104.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.150.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | familytakecare.com | udp |
| US | 172.67.221.100:443 | faithfootsteps.com | tcp |
| US | 216.172.161.28:443 | facilitatehere.com | tcp |
| US | 8.8.8.8:53 | fansmembership.com | udp |
| US | 72.52.238.103:443 | expertserveltd.com | tcp |
| GB | 109.70.148.64:443 | falconassetsec.com | tcp |
| US | 8.8.8.8:53 | feellikehealth.com | udp |
| US | 8.8.8.8:53 | femelectronics.com | udp |
| UA | 185.104.45.52:443 | www.music-liceum.fun | tcp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | feverishsnacks.com | udp |
| IN | 69.57.172.21:443 | factandfinding.com | tcp |
| US | 8.8.8.8:53 | findpakcareers.com | udp |
| US | 8.8.8.8:53 | www.etefoodtrading.com | udp |
| BR | 154.49.247.132:443 | fansmembership.com | tcp |
| US | 8.8.8.8:53 | firdausrahiman.com | udp |
| US | 8.8.8.8:53 | fishingcompare.com | udp |
| US | 8.8.8.8:53 | 86.46.246.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.88.21.104.in-addr.arpa | udp |
| SG | 18.143.237.165:80 | familytakecare.com | tcp |
| US | 172.67.220.74:80 | feellikehealth.com | tcp |
| SG | 139.180.144.103:443 | femelectronics.com | tcp |
| US | 104.21.83.32:443 | feverishsnacks.com | tcp |
| SG | 172.104.49.127:443 | firdausrahiman.com | tcp |
| US | 8.8.8.8:53 | 88.123.36.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.245.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.132.162.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.178.201.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.216.181.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.161.172.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.238.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fishingprowess.com | udp |
| US | 8.8.8.8:53 | fishworldwides.com | udp |
| US | 8.8.8.8:53 | floatnightlife.com | udp |
| US | 8.8.8.8:53 | fly360holidays.com | udp |
| US | 8.8.8.8:53 | ford-s1mienbac.com | udp |
| US | 8.8.8.8:53 | foodsrecipes99.com | udp |
| US | 8.8.8.8:53 | four-microonde.com | udp |
| NL | 185.104.29.38:80 | www.etefoodtrading.com | tcp |
| PL | 146.59.70.127:443 | findpakcareers.com | tcp |
| US | 8.8.8.8:53 | 64.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.172.57.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.french-express.com | udp |
| US | 8.8.8.8:53 | freshairgizmos.com | udp |
| US | 8.8.8.8:53 | funbitessnacks.com | udp |
| US | 8.8.8.8:53 | funpianoforall.com | udp |
| US | 8.8.8.8:53 | furatechnology.com | udp |
| US | 8.8.8.8:53 | 165.237.143.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.247.49.154.in-addr.arpa | udp |
| US | 64.91.238.47:443 | fishingcompare.com | tcp |
| US | 8.8.8.8:53 | gabnochtelecom.com | udp |
| IN | 217.21.85.207:443 | floatnightlife.com | tcp |
| US | 89.117.9.111:443 | fishingprowess.com | tcp |
| US | 188.114.96.2:443 | funbitessnacks.com | tcp |
| FR | 91.234.195.182:443 | four-microonde.com | tcp |
| US | 8.8.8.8:53 | gamebaitienlen.com | udp |
| US | 8.8.8.8:53 | gangguanmental.com | udp |
| US | 8.8.8.8:53 | geniusworldnep.com | udp |
| US | 8.8.8.8:53 | www.georgeshaeffer.com | udp |
| US | 172.67.168.230:443 | fishworldwides.com | tcp |
| US | 38.46.221.66:443 | fly360holidays.com | tcp |
| US | 8.8.8.8:53 | millengroup.com | udp |
| IN | 154.41.233.156:443 | foodsrecipes99.com | tcp |
| US | 8.8.8.8:53 | getcoinupdates.com | udp |
| US | 8.8.8.8:53 | ghostcatshoppe.com | udp |
| US | 8.8.8.8:53 | 32.83.21.104.in-addr.arpa | udp |
| DE | 161.97.163.141:443 | gabnochtelecom.com | tcp |
| US | 8.8.8.8:53 | 103.144.180.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ginkgobiloba80.com | udp |
| US | 8.8.8.8:53 | giselaeleandro.com | udp |
| US | 198.46.82.224:443 | www.french-express.com | tcp |
| US | 8.8.8.8:53 | giseleetsimone.com | udp |
| US | 8.8.8.8:53 | gjonajholdings.com | udp |
| US | 8.8.8.8:53 | gkcomputersedu.com | udp |
| US | 8.8.8.8:53 | glamtikreviews.com | udp |
| US | 8.8.8.8:53 | 127.49.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.70.59.146.in-addr.arpa | udp |
| US | 162.241.224.236:80 | funpianoforall.com | tcp |
| IN | 154.41.233.110:443 | geniusworldnep.com | tcp |
| GB | 149.255.62.50:443 | furatechnology.com | tcp |
| ID | 153.92.9.226:80 | gangguanmental.com | tcp |
| US | 8.8.8.8:53 | 47.238.91.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.168.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gokyuzuseyahat.com | udp |
| US | 8.8.8.8:53 | 207.85.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.195.234.91.in-addr.arpa | udp |
| US | 188.114.97.2:443 | millengroup.com | tcp |
| US | 173.208.242.178:443 | www.georgeshaeffer.com | tcp |
| US | 188.114.97.2:443 | millengroup.com | tcp |
| US | 192.185.90.151:443 | ghostcatshoppe.com | tcp |
| US | 188.114.97.2:443 | millengroup.com | tcp |
| IN | 142.93.211.40:443 | getcoinupdates.com | tcp |
| US | 172.67.205.87:443 | gamebaitienlen.com | tcp |
| US | 104.21.67.99:443 | feellikehealth.com | tcp |
| US | 8.8.8.8:53 | goldfinchsalon.com | udp |
| ES | 82.223.118.196:443 | ginkgobiloba80.com | tcp |
| US | 149.100.151.26:443 | glamtikreviews.com | tcp |
| FR | 94.247.180.147:443 | giseleetsimone.com | tcp |
| US | 104.21.83.47:443 | gjonajholdings.com | tcp |
| IN | 154.41.233.162:443 | gkcomputersedu.com | tcp |
| TR | 80.253.244.118:443 | gokyuzuseyahat.com | tcp |
| US | 8.8.8.8:53 | gourmettactics.com | udp |
| US | 8.8.8.8:53 | 111.9.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.221.46.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.163.97.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.82.46.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.224.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.242.208.173.in-addr.arpa | udp |
| US | 139.144.46.10:443 | giselaeleandro.com | tcp |
| US | 8.8.8.8:53 | gracedestrange.com | udp |
| US | 8.8.8.8:53 | grandotelanapa.com | udp |
| US | 66.84.30.17:80 | goldfinchsalon.com | tcp |
| US | 8.8.8.8:53 | www.greenautograph.com | udp |
| US | 8.8.8.8:53 | greenprint1552.com | udp |
| US | 8.8.8.8:53 | gris-hairsalon.com | udp |
| US | 195.179.236.182:443 | graphicsdigits.com | tcp |
| US | 8.8.8.8:53 | groupe-kandaya.com | udp |
| FR | 89.116.147.77:443 | gourmettactics.com | tcp |
| US | 8.8.8.8:53 | shopfastchoice.com | udp |
| US | 8.8.8.8:53 | shoppysticated.com | udp |
| US | 172.67.223.129:443 | grandotelanapa.com | tcp |
| US | 217.21.77.4:443 | gracedestrange.com | tcp |
| DE | 88.198.22.18:443 | www.greenautograph.com | tcp |
| US | 8.8.8.8:53 | 151.90.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.205.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.211.93.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.180.247.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.118.223.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.244.253.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.151.100.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.233.41.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.46.144.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.30.84.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | simonestippich.com | udp |
| GB | 99.86.114.12:443 | gris-hairsalon.com | tcp |
| DE | 217.160.0.51:80 | groupe-kandaya.com | tcp |
| FR | 94.247.180.147:443 | giseleetsimone.com | tcp |
| AU | 27.54.85.145:80 | shopfastchoice.com | tcp |
| US | 188.114.96.2:443 | millengroup.com | tcp |
| US | 160.153.0.119:80 | shoppysticated.com | tcp |
| US | 8.8.8.8:53 | silverstarpins.com | udp |
| US | 8.8.8.8:53 | www.gourmettactics.com | udp |
| US | 8.8.8.8:53 | sinataradiante.com | udp |
| US | 8.8.8.8:53 | skbpropertindo.com | udp |
| US | 8.8.8.8:53 | skincare-cloth.com | udp |
| US | 8.8.8.8:53 | smarthomegears.com | udp |
| US | 8.8.8.8:53 | smilepapeleria.com | udp |
| US | 8.8.8.8:53 | smmrscapiz1999.com | udp |
| US | 8.8.8.8:53 | sobhasprojects.com | udp |
| US | 8.8.8.8:53 | 77.147.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.223.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.236.179.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.22.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.77.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | snuggleseekers.com | udp |
| US | 8.8.8.8:53 | solarinreading.com | udp |
| US | 172.67.144.52:443 | simonestippich.com | tcp |
| US | 8.8.8.8:53 | soundwavegurus.com | udp |
| US | 8.8.8.8:53 | www.graphicsdigits.com | udp |
| US | 162.241.244.85:443 | smilepapeleria.com | tcp |
| US | 72.167.248.167:443 | smokerdelivery.com | tcp |
| IN | 157.245.104.194:443 | sobhasprojects.com | tcp |
| US | 8.8.8.8:53 | sourcebytenews.com | udp |
| US | 188.114.96.2:443 | snuggleseekers.com | tcp |
| US | 8.8.8.8:53 | specialty-deal.com | udp |
| US | 8.8.8.8:53 | speakingsmooth.com | udp |
| US | 8.8.8.8:53 | speedtestchamp.com | udp |
| US | 8.8.8.8:53 | spinamusements.com | udp |
| US | 8.8.8.8:53 | spinozzidesign.com | udp |
| US | 8.8.8.8:53 | stamar-selitve.com | udp |
| US | 8.8.8.8:53 | sspatnabouncer.com | udp |
| FR | 92.205.101.46:443 | solarinreading.com | tcp |
| US | 8.8.8.8:53 | starkindicador.com | udp |
| US | 8.8.8.8:53 | 12.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.85.54.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.144.67.172.in-addr.arpa | udp |
| US | 104.129.59.5:443 | skincare-cloth.com | tcp |
| SG | 156.67.222.26:443 | smmrscapiz1999.com | tcp |
| ID | 153.92.11.10:443 | skbpropertindo.com | tcp |
| FR | 89.116.147.77:443 | www.gourmettactics.com | tcp |
| US | 89.117.139.236:443 | smarthomegears.com | tcp |
| US | 195.179.236.182:443 | www.graphicsdigits.com | tcp |
| US | 104.21.12.166:443 | sourcebytenews.com | tcp |
| US | 8.8.8.8:53 | stationeryhues.com | udp |
| US | 160.153.0.119:443 | shoppysticated.com | tcp |
| US | 172.67.188.254:443 | soundwavegurus.com | tcp |
| BR | 89.117.7.146:443 | specialty-deal.com | tcp |
| US | 173.254.1.247:443 | spinamusements.com | tcp |
| GB | 77.72.1.46:443 | silverstarpins.com | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 172.67.145.251:443 | speakingsmooth.com | tcp |
| IN | 68.178.145.184:80 | sspatnabouncer.com | tcp |
| US | 162.241.216.41:443 | spinozzidesign.com | tcp |
| US | 108.167.181.251:80 | stamar-selitve.com | tcp |
| BR | 154.49.247.187:443 | starkindicador.com | tcp |
| US | 8.8.8.8:53 | 85.244.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.248.167.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.104.245.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.101.205.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.12.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.222.67.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.139.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.188.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.1.72.77.in-addr.arpa | udp |
| US | 64.31.43.186:80 | starplus-saudi.com | tcp |
| US | 8.8.8.8:53 | suddenlyprofit.com | udp |
| US | 192.185.141.132:443 | stationeryhues.com | tcp |
| US | 8.8.8.8:53 | sunrise-shares.com | udp |
| US | 8.8.8.8:53 | sunsetservicez.com | udp |
| US | 8.8.8.8:53 | sub2maxtermind.com | udp |
| GB | 141.136.33.43:443 | stretchacanvas.com | tcp |
| US | 8.8.8.8:53 | sureprofitpune.com | udp |
| US | 8.8.8.8:53 | supergrowpusat.com | udp |
| US | 50.87.172.242:443 | suddenlyprofit.com | tcp |
| DE | 217.160.0.51:443 | groupe-kandaya.com | tcp |
| US | 8.8.8.8:53 | sweettreatpals.com | udp |
| US | 172.67.137.17:443 | sunsetservicez.com | tcp |
| US | 8.8.8.8:53 | sydneytolifson.com | udp |
| US | 8.8.8.8:53 | tailwagwonders.com | udp |
| US | 8.8.8.8:53 | systeme-tester.com | udp |
| US | 8.8.8.8:53 | 247.1.254.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.7.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.181.167.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.145.178.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.43.31.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.247.49.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.141.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tamraghtseasun.com | udp |
| US | 8.8.8.8:53 | tanzzi-trading.com | udp |
| MY | 110.4.45.164:443 | sunrise-shares.com | tcp |
| IN | 217.21.90.146:443 | sureprofitpune.com | tcp |
| US | 50.87.136.33:443 | sub2maxtermind.com | tcp |
| LT | 84.32.84.32:443 | supergrowpusat.com | tcp |
| US | 104.21.29.172:443 | sweettreatpals.com | tcp |
| US | 8.8.8.8:53 | www.getcoinupdates.com | udp |
| GB | 45.77.57.25:443 | sybluepapillon.com | tcp |
| US | 8.8.8.8:53 | 242.172.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.137.67.172.in-addr.arpa | udp |
| US | 50.87.253.134:443 | sydneytolifson.com | tcp |
| FR | 92.222.139.190:443 | tamraghtseasun.com | tcp |
| DE | 85.13.143.137:80 | systeme-tester.com | tcp |
| KR | 183.111.183.83:443 | tanzzi-trading.com | tcp |
| US | 104.21.67.176:443 | tailwagwonders.com | tcp |
| US | 104.21.39.103:443 | simonestippich.com | tcp |
| US | 8.8.8.8:53 | 164.45.4.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.90.21.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.136.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.57.77.45.in-addr.arpa | udp |
| IN | 142.93.211.40:443 | www.getcoinupdates.com | tcp |
| US | 8.8.8.8:53 | 190.139.222.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.143.13.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.253.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.39.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.183.111.183.in-addr.arpa | udp |
| IT | 185.196.8.22:80 | aahzglo.ru | tcp |
| DE | 176.9.47.240:2023 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.179.238:443 | clients2.google.com | tcp |
| US | 104.21.5.215:443 | tcp | |
| US | 8.8.8.8:53 | zeph-eu2.nanopool.org | udp |
| PL | 51.68.137.186:10943 | zeph-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 186.137.68.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.34.170:443 | pastebin.com | tcp |
| FR | 51.210.150.92:10943 | zeph-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 170.34.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.150.210.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.aiquicklinks.net | udp |
| US | 66.29.141.46:443 | www.aiquicklinks.net | tcp |
| US | 8.8.8.8:53 | paperambiguonusphoterew.site | udp |
| US | 172.67.177.31:443 | paperambiguonusphoterew.site | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | play.cine.ar | udp |
| US | 8.8.8.8:53 | play.cine.ar | udp |
| US | 8.8.8.8:53 | globalpage-prod.webex.com | udp |
| US | 8.8.8.8:53 | idp.movistar.com.ar | udp |
| US | 8.8.8.8:53 | idp.movistar.com.ar | udp |
| US | 8.8.8.8:53 | monografias.com | udp |
| GB | 62.109.231.32:22 | globalpage-prod.webex.com | tcp |
| AR | 186.33.228.177:22 | play.cine.ar | tcp |
| US | 8.8.8.8:53 | monografias.com | udp |
| AR | 186.33.228.177:21 | play.cine.ar | tcp |
| AR | 186.33.228.177:443 | play.cine.ar | tcp |
| GB | 62.109.231.32:21 | globalpage-prod.webex.com | tcp |
| US | 8.8.8.8:53 | accounts.snapchat.com | udp |
| US | 8.8.8.8:53 | web.flow.com.ar | udp |
| US | 8.8.8.8:53 | accounts.snapchat.com | udp |
| GB | 62.109.231.32:443 | globalpage-prod.webex.com | tcp |
| US | 8.8.8.8:53 | web.flow.com.ar | udp |
| US | 8.8.8.8:53 | social.livra.com | udp |
| GB | 18.245.187.109:443 | monografias.com | tcp |
| GB | 18.245.187.109:21 | monografias.com | tcp |
| GB | 18.245.187.109:22 | monografias.com | tcp |
| FR | 159.60.133.0:22 | idp.movistar.com.ar | tcp |
| FR | 159.60.133.0:21 | idp.movistar.com.ar | tcp |
| FR | 159.60.133.0:443 | idp.movistar.com.ar | tcp |
| US | 8.8.8.8:53 | social.livra.com | udp |
| US | 8.8.8.8:53 | ov.edesur.com.ar | udp |
| GB | 62.109.231.32:143 | globalpage-prod.webex.com | tcp |
| US | 34.149.46.130:22 | accounts.snapchat.com | tcp |
| US | 34.149.46.130:21 | accounts.snapchat.com | tcp |
| US | 8.8.8.8:53 | 177.228.33.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.231.109.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ov.edesur.com.ar | udp |
| US | 8.8.8.8:53 | registro.micuenta.metrogas.com.ar | udp |
| GB | 62.109.231.32:465 | globalpage-prod.webex.com | tcp |
| GB | 62.109.231.32:80 | globalpage-prod.webex.com | tcp |
| GB | 62.109.231.32:80 | globalpage-prod.webex.com | tcp |
| AR | 181.13.207.178:21 | web.flow.com.ar | tcp |
| AR | 181.13.207.178:22 | web.flow.com.ar | tcp |
| GB | 162.13.59.10:22 | social.livra.com | tcp |
| US | 8.8.8.8:53 | www.monografias.com | udp |
| US | 8.8.8.8:53 | registro.micuenta.metrogas.com.ar | udp |
| US | 8.8.8.8:53 | 109.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.133.60.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | asskova9q.accounts.ondemand.com | udp |
| GB | 62.109.231.32:995 | globalpage-prod.webex.com | tcp |
| AR | 186.33.228.177:143 | play.cine.ar | tcp |
| AR | 181.13.207.178:443 | web.flow.com.ar | tcp |
| FR | 159.60.133.0:143 | idp.movistar.com.ar | tcp |
| US | 34.149.46.130:443 | accounts.snapchat.com | tcp |
| GB | 162.13.59.10:21 | social.livra.com | tcp |
| US | 8.8.8.8:53 | asskova9q.accounts.ondemand.com | udp |
| US | 8.8.8.8:53 | radex.dnm.gov.ar | udp |
| AR | 186.33.228.177:465 | play.cine.ar | tcp |
| AR | 186.33.228.177:80 | play.cine.ar | tcp |
| GB | 18.245.187.109:80 | www.monografias.com | tcp |
| FR | 159.60.133.0:465 | idp.movistar.com.ar | tcp |
| IE | 209.85.202.26:465 | aspmx.l.google.com | tcp |
| FR | 159.60.133.0:80 | idp.movistar.com.ar | tcp |
| US | 45.60.87.88:22 | ov.edesur.com.ar | tcp |
| GB | 162.13.59.10:443 | social.livra.com | tcp |
| GB | 18.245.187.24:443 | www.monografias.com | tcp |
| US | 45.60.87.88:21 | ov.edesur.com.ar | tcp |
| US | 8.8.8.8:53 | radex.dnm.gov.ar | udp |
| US | 8.8.8.8:53 | miembros.encuentroadulto.net | udp |
| AR | 186.33.228.177:995 | play.cine.ar | tcp |
| IE | 209.85.202.26:143 | aspmx.l.google.com | tcp |
| IE | 209.85.202.26:995 | aspmx.l.google.com | tcp |
| FR | 159.60.133.0:995 | idp.movistar.com.ar | tcp |
| US | 8.8.8.8:53 | 130.46.149.34.in-addr.arpa | udp |
| GB | 18.245.187.24:22 | www.monografias.com | tcp |
| GB | 18.245.187.24:21 | www.monografias.com | tcp |
| AR | 186.33.228.177:80 | play.cine.ar | tcp |
| US | 8.8.8.8:53 | miembros.encuentroadulto.net | udp |
| US | 8.8.8.8:53 | betfun.com.ar | udp |
| AR | 181.13.207.178:465 | web.flow.com.ar | tcp |
| DE | 130.214.144.214:22 | asskova9q.accounts.ondemand.com | tcp |
| AR | 181.13.207.178:80 | web.flow.com.ar | tcp |
| BR | 130.214.96.229:22 | registro.micuenta.metrogas.com.ar | tcp |
| BR | 130.214.96.229:21 | registro.micuenta.metrogas.com.ar | tcp |
| GB | 62.109.231.32:443 | globalpage-prod.webex.com | tcp |
| AR | 181.13.207.178:143 | web.flow.com.ar | tcp |
| GB | 62.109.231.32:443 | globalpage-prod.webex.com | tcp |
| US | 34.149.46.130:143 | accounts.snapchat.com | tcp |
| GB | 162.13.59.10:143 | social.livra.com | tcp |
| GB | 62.109.231.32:80 | globalpage-prod.webex.com | tcp |
| GB | 162.13.59.10:80 | social.livra.com | tcp |
| DE | 130.214.144.214:21 | asskova9q.accounts.ondemand.com | tcp |
| BR | 130.214.96.229:443 | registro.micuenta.metrogas.com.ar | tcp |
| US | 8.8.8.8:53 | betfun.com.ar | udp |
| US | 8.8.8.8:53 | accounts.snapchat.com | udp |
| US | 45.60.87.88:443 | ov.edesur.com.ar | tcp |
| FR | 159.60.133.0:80 | idp.movistar.com.ar | tcp |
| GB | 162.13.59.10:465 | social.livra.com | tcp |
| GB | 18.245.187.109:443 | www.monografias.com | tcp |
| DE | 130.214.144.214:443 | asskova9q.accounts.ondemand.com | tcp |
| GB | 18.245.187.36:21 | www.monografias.com | tcp |
| GB | 18.245.187.36:22 | www.monografias.com | tcp |
| US | 34.149.46.130:80 | accounts.snapchat.com | tcp |
| US | 8.8.8.8:53 | jobsafari.com.pr | udp |
| US | 8.8.8.8:53 | 24.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.87.60.45.in-addr.arpa | udp |
| AR | 200.70.43.8:22 | radex.dnm.gov.ar | tcp |
| FR | 159.60.133.0:443 | idp.movistar.com.ar | tcp |
| US | 8.8.8.8:53 | www.ipsosisay.com | udp |
| AR | 181.13.207.178:995 | web.flow.com.ar | tcp |
| US | 45.60.87.88:143 | ov.edesur.com.ar | tcp |
| US | 34.149.46.130:80 | accounts.snapchat.com | tcp |
| US | 34.149.46.130:465 | accounts.snapchat.com | tcp |
| GB | 162.13.59.10:995 | social.livra.com | tcp |
| AR | 200.70.43.8:443 | radex.dnm.gov.ar | tcp |
| US | 8.8.8.8:53 | globalpage-prod.webex.com | udp |
| US | 8.8.8.8:53 | jobsafari.com.pr | udp |
| US | 104.21.77.124:21 | miembros.encuentroadulto.net | tcp |
| US | 104.21.77.124:22 | miembros.encuentroadulto.net | tcp |
| BR | 130.214.96.229:143 | registro.micuenta.metrogas.com.ar | tcp |
| US | 8.8.8.8:53 | 229.96.214.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.144.214.130.in-addr.arpa | udp |
| AR | 200.70.43.8:21 | radex.dnm.gov.ar | tcp |
| DE | 130.214.144.214:143 | asskova9q.accounts.ondemand.com | tcp |
| DE | 130.214.144.214:465 | asskova9q.accounts.ondemand.com | tcp |
| US | 45.60.87.88:465 | ov.edesur.com.ar | tcp |
| FR | 159.60.133.0:80 | idp.movistar.com.ar | tcp |
| US | 34.149.46.130:995 | accounts.snapchat.com | tcp |
| BR | 130.214.96.229:465 | registro.micuenta.metrogas.com.ar | tcp |
| US | 34.149.46.130:22 | accounts.snapchat.com | tcp |
| US | 188.114.97.2:22 | betfun.com.ar | tcp |
| US | 8.8.8.8:53 | pagos.dnm.gov.ar | udp |
| GB | 18.245.187.109:80 | www.monografias.com | tcp |
| DE | 130.214.144.214:80 | asskova9q.accounts.ondemand.com | tcp |
| US | 104.18.22.24:443 | www.ipsosisay.com | tcp |
| US | 45.60.87.88:80 | ov.edesur.com.ar | tcp |
| AR | 200.70.43.8:143 | radex.dnm.gov.ar | tcp |
| US | 188.114.97.2:21 | betfun.com.ar | tcp |
| US | 188.114.97.2:443 | betfun.com.ar | tcp |
| GB | 162.13.59.10:443 | social.livra.com | tcp |
| GB | 62.109.231.32:80 | globalpage-prod.webex.com | tcp |
| US | 34.149.46.130:21 | accounts.snapchat.com | tcp |
| US | 8.8.8.8:53 | pagos.dnm.gov.ar | udp |
| BR | 130.214.96.229:80 | registro.micuenta.metrogas.com.ar | tcp |
| US | 8.8.8.8:53 | 8.43.70.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.buenosaires.gob.ar | udp |
| US | 172.67.207.173:22 | miembros.encuentroadulto.net | tcp |
| US | 172.67.207.173:21 | miembros.encuentroadulto.net | tcp |
| DE | 130.214.144.214:995 | asskova9q.accounts.ondemand.com | tcp |
| US | 103.224.182.210:22 | jobsafari.com.pr | tcp |
| US | 45.60.87.88:995 | ov.edesur.com.ar | tcp |
| US | 8.8.8.8:53 | login.buenosaires.gob.ar | udp |
| AR | 186.33.228.177:443 | play.cine.ar | tcp |
| AR | 200.70.43.8:80 | pagos.dnm.gov.ar | tcp |
| US | 104.21.77.124:443 | miembros.encuentroadulto.net | tcp |
| FR | 159.60.133.0:443 | idp.movistar.com.ar | tcp |
| GB | 62.109.231.32:80 | globalpage-prod.webex.com | tcp |
| GB | 18.245.187.24:443 | www.monografias.com | tcp |
| BR | 130.214.96.229:995 | registro.micuenta.metrogas.com.ar | tcp |
| US | 8.8.8.8:53 | 24.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | selectplay.laplata.gob.ar | udp |
| US | 8.8.8.8:53 | palermo.in.tmes.trendmicro.com | udp |
| US | 104.21.77.124:143 | miembros.encuentroadulto.net | tcp |
| AR | 200.70.43.8:995 | pagos.dnm.gov.ar | tcp |
| US | 188.114.96.2:22 | betfun.com.ar | tcp |
| US | 34.149.46.130:443 | accounts.snapchat.com | tcp |
| US | 8.8.8.8:53 | globalpage-prod.webex.com | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | betfun.bet.ar | udp |
| DE | 130.214.144.214:80 | asskova9q.accounts.ondemand.com | tcp |
| US | 103.224.182.210:21 | jobsafari.com.pr | tcp |
| US | 103.224.182.210:443 | jobsafari.com.pr | tcp |
| AR | 200.70.43.8:465 | pagos.dnm.gov.ar | tcp |
| US | 8.8.8.8:53 | selectplay.laplata.gob.ar | udp |
| US | 104.21.77.124:465 | miembros.encuentroadulto.net | tcp |
| AR | 186.33.228.177:22 | play.cine.ar | tcp |
| US | 34.149.46.130:143 | accounts.snapchat.com | tcp |
| US | 188.114.96.2:21 | betfun.com.ar | tcp |
| US | 34.149.46.130:443 | accounts.snapchat.com | tcp |
| US | 8.8.8.8:53 | idpsesion.telecom.com.ar | udp |
| AR | 186.33.228.177:21 | play.cine.ar | tcp |
| GB | 62.109.231.32:22 | globalpage-prod.webex.com | tcp |
| GB | 62.109.231.32:21 | globalpage-prod.webex.com | tcp |
| GB | 18.245.187.109:22 | www.monografias.com | tcp |
| GB | 18.245.187.109:21 | www.monografias.com | tcp |
| AR | 200.70.43.8:21 | pagos.dnm.gov.ar | tcp |
| AR | 200.70.43.8:22 | pagos.dnm.gov.ar | tcp |
| US | 104.21.77.124:80 | miembros.encuentroadulto.net | tcp |
| FR | 159.60.133.0:21 | idp.movistar.com.ar | tcp |
| US | 172.67.207.173:465 | miembros.encuentroadulto.net | tcp |
| US | 45.60.87.88:80 | ov.edesur.com.ar | tcp |
| AR | 200.16.89.178:22 | login.buenosaires.gob.ar | tcp |
| US | 188.114.97.2:80 | betfun.com.ar | tcp |
| US | 8.8.8.8:53 | idpsesion.telecom.com.ar | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 172.67.207.173:143 | miembros.encuentroadulto.net | tcp |
| FR | 159.60.133.0:22 | idp.movistar.com.ar | tcp |
| GB | 18.245.187.24:22 | www.monografias.com | tcp |
| GB | 162.13.59.10:80 | social.livra.com | tcp |
| GB | 18.245.187.24:21 | www.monografias.com | tcp |
| US | 103.224.212.34:143 | park-mx.above.com | tcp |
| NL | 62.109.204.99:143 | globalpage-prod.webex.com | tcp |
| AR | 200.70.43.8:443 | pagos.dnm.gov.ar | tcp |
| AR | 186.33.228.177:80 | play.cine.ar | tcp |
| US | 104.21.77.124:995 | miembros.encuentroadulto.net | tcp |
| US | 8.8.8.8:53 | 124.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.182.224.103.in-addr.arpa | udp |
| AR | 181.13.207.178:22 | web.flow.com.ar | tcp |
| BR | 130.214.96.229:80 | registro.micuenta.metrogas.com.ar | tcp |
| AR | 200.16.89.178:21 | login.buenosaires.gob.ar | tcp |
| AR | 200.70.43.8:80 | pagos.dnm.gov.ar | tcp |
| AR | 200.70.57.190:22 | selectplay.laplata.gob.ar | tcp |
| US | 34.149.46.130:465 | accounts.snapchat.com | tcp |
| AR | 181.13.207.178:21 | web.flow.com.ar | tcp |
| US | 18.208.22.79:143 | palermo.in.tmes.trendmicro.com | tcp |
| US | 18.208.22.79:995 | palermo.in.tmes.trendmicro.com | tcp |
| AR | 186.33.228.177:465 | play.cine.ar | tcp |
| BR | 130.214.96.229:22 | registro.micuenta.metrogas.com.ar | tcp |
| FR | 159.60.133.0:80 | idp.movistar.com.ar | tcp |
| AR | 186.33.228.177:143 | play.cine.ar | tcp |
| US | 34.149.46.130:22 | accounts.snapchat.com | tcp |
| FR | 159.60.133.0:465 | idp.movistar.com.ar | tcp |
| US | 103.224.182.210:80 | jobsafari.com.pr | tcp |
| IE | 209.85.202.26:143 | aspmx.l.google.com | tcp |
| DE | 130.214.144.214:443 | asskova9q.accounts.ondemand.com | tcp |
| FR | 159.60.133.0:143 | idp.movistar.com.ar | tcp |
| AR | 181.13.207.178:80 | web.flow.com.ar | tcp |
| US | 45.60.87.88:22 | ov.edesur.com.ar | tcp |
| US | 104.18.22.24:443 | www.ipsosisay.com | tcp |
| US | 45.60.87.88:21 | ov.edesur.com.ar | tcp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 8.8.8.8:53 | lacasaca.com | udp |
| DE | 130.214.144.214:80 | asskova9q.accounts.ondemand.com | tcp |
| GB | 162.13.59.10:443 | social.livra.com | tcp |
| US | 172.67.207.173:995 | miembros.encuentroadulto.net | tcp |
| IE | 209.85.202.26:465 | aspmx.l.google.com | tcp |
| IE | 209.85.202.26:995 | aspmx.l.google.com | tcp |
| AR | 200.16.89.178:443 | login.buenosaires.gob.ar | tcp |
| US | 104.18.22.24:443 | www.ipsosisay.com | tcp |
| FR | 159.60.133.0:995 | idp.movistar.com.ar | tcp |
| NL | 62.109.204.99:465 | globalpage-prod.webex.com | tcp |
| US | 34.149.46.130:80 | accounts.snapchat.com | tcp |
| AR | 200.70.57.190:21 | selectplay.laplata.gob.ar | tcp |
| US | 34.149.46.130:995 | accounts.snapchat.com | tcp |
| GB | 162.13.59.10:22 | social.livra.com | tcp |
| US | 104.21.77.124:80 | miembros.encuentroadulto.net | tcp |
| NL | 62.109.204.99:443 | globalpage-prod.webex.com | tcp |
| GB | 62.109.231.32:80 | globalpage-prod.webex.com | tcp |
| US | 8.8.8.8:53 | opinionbureau.com | udp |
| AR | 200.70.43.8:143 | pagos.dnm.gov.ar | tcp |
| US | 18.208.22.77:995 | palermo.in.tmes.trendmicro.com | tcp |
| NL | 62.109.204.99:995 | globalpage-prod.webex.com | tcp |
| US | 103.224.212.34:465 | park-mx.above.com | tcp |
| US | 45.60.87.88:443 | ov.edesur.com.ar | tcp |
| GB | 162.13.59.10:21 | social.livra.com | tcp |
| AR | 181.13.207.178:143 | web.flow.com.ar | tcp |
| US | 103.224.212.34:995 | park-mx.above.com | tcp |
| BR | 130.214.96.229:21 | registro.micuenta.metrogas.com.ar | tcp |
| DE | 130.214.144.214:22 | asskova9q.accounts.ondemand.com | tcp |
| AR | 181.13.207.178:465 | web.flow.com.ar | tcp |
| GB | 162.13.59.10:995 | social.livra.com | tcp |
| US | 45.60.87.88:80 | ov.edesur.com.ar | tcp |
| AR | 186.33.228.177:80 | play.cine.ar | tcp |
| GB | 18.245.187.109:80 | www.monografias.com | tcp |
| AR | 200.70.43.8:22 | pagos.dnm.gov.ar | tcp |
| US | 8.8.8.8:53 | opinionbureau.com | udp |
| US | 8.8.8.8:53 | meetingsamer33.webex.com | udp |
| FR | 159.60.133.0:80 | idp.movistar.com.ar | tcp |
| US | 34.149.46.130:80 | accounts.snapchat.com | tcp |
| AR | 181.13.207.178:995 | web.flow.com.ar | tcp |
| US | 45.60.87.88:143 | ov.edesur.com.ar | tcp |
| AR | 200.70.57.190:443 | selectplay.laplata.gob.ar | tcp |
| US | 34.149.46.130:143 | accounts.snapchat.com | tcp |
| US | 34.149.46.130:465 | accounts.snapchat.com | tcp |
| GB | 162.13.59.10:143 | social.livra.com | tcp |
| US | 34.149.46.130:80 | accounts.snapchat.com | tcp |
| AR | 200.61.204.154:21 | idpsesion.telecom.com.ar | tcp |
| BR | 130.214.96.229:443 | registro.micuenta.metrogas.com.ar | tcp |
| US | 13.107.42.22:22 | account.live.com | tcp |
| DE | 130.214.144.214:21 | asskova9q.accounts.ondemand.com | tcp |
| US | 104.21.77.124:22 | miembros.encuentroadulto.net | tcp |
| US | 104.21.77.124:21 | miembros.encuentroadulto.net | tcp |
| AR | 200.70.43.8:80 | pagos.dnm.gov.ar | tcp |
Files
memory/880-0-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-1-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-7-0x00007FFC80000000-0x00007FFC80002000-memory.dmp
memory/880-6-0x00007FFC90590000-0x00007FFC9064E000-memory.dmp
memory/880-8-0x00007FFC8EA70000-0x00007FFC8ED39000-memory.dmp
memory/880-9-0x00007FFC80030000-0x00007FFC80031000-memory.dmp
memory/880-10-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-11-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-12-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-13-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-14-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-15-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-16-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-17-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-18-0x00007FF747D60000-0x00007FF748749000-memory.dmp
memory/880-19-0x00007FFC91250000-0x00007FFC91445000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 8ef9853d1881c5fe4d681bfb31282a01 |
| SHA1 | a05609065520e4b4e553784c566430ad9736f19f |
| SHA256 | 9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2 |
| SHA512 | 5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005 |
memory/880-27-0x00007FF747D60000-0x00007FF748749000-memory.dmp
C:\Users\Admin\Documents\GuardFox\jU7SJ07UicWF7hD0MaZuy4mY.exe
| MD5 | 43e2c6865acc761a565fdad5b614f8b8 |
| SHA1 | a4511faf461af991ebab47ec06d48ef7496c9386 |
| SHA256 | c64009f4d59f11d651d616cef5dd5c815652c9d53b7ef433860d6b245d8beb08 |
| SHA512 | dda84958244280539c449ef2a9a2a2186d6d24152974658fb8c1ad1d70536d6e5014f352688454bb6e9cbabba4070a5f14a1667b7be686d431d5761c5dbe9519 |
C:\Users\Admin\Documents\GuardFox\QQw5SFBO7t77B3jDUdWt8lSr.exe
| MD5 | 7cadb93fa3e07165fa16bd17e9b63283 |
| SHA1 | 7e8005f833d4a9f1c78dda84a4439d5560b78b2e |
| SHA256 | 56de5a5b90bb6269c4a09273fd3e1da9235ec9cc5fe51f0641fb4ca0f1c0e4a1 |
| SHA512 | b5a450857e3278124df5b273762d9d20473dcfd73debdc8f59a9491a9684b347fe598594123227138ffc5321260772ff5c1cc1e4ff50caa0a75f3715d1cdb0c9 |
C:\Users\Admin\Documents\GuardFox\n8lts3wu3LEK31H_8scS0swh.exe
| MD5 | 32b7e1ac683b3f2ad97394178eeb0964 |
| SHA1 | 2b43efc3657236125e0b5b3dc047b25a9012d129 |
| SHA256 | 6bf4a96a9cca2a8b3a9ac66671a63943b6464b4fd1d511863f627a0d841a1f7a |
| SHA512 | bb5be16ba598cb1ff1777b72d2e59ebce0c57507edc75fc74e22036eda623044b85f94a102cca8391f7ca4ff48bcb9289cc1905370b58c77b90b8afeb1eaf222 |
C:\Users\Admin\Documents\GuardFox\GjtKAmOQqOXlDAbTCFnU40uH.exe
| MD5 | fb61683805e8fad853335e68e1a06c09 |
| SHA1 | 6548d9ba605f860a312e78ea93301f59c75e604c |
| SHA256 | 6f9b5e88888cb88568237a6d99a2581431b66972dcf8d8d600e29ba183852738 |
| SHA512 | 56ccfc329f710a1878a41920ec8ea078c47bc5f4809faba0ade89fe1488b67ecb29703b50f92629076f49113b3fc6e1615cf500ed8a6aba6549bf8c680d3d55d |
C:\Users\Admin\Documents\GuardFox\QWeM4i6raY5Hi6jGEd2QFH85.exe
| MD5 | 6f67b11529dc6ddfba9a8a09beb78a28 |
| SHA1 | dbad61ebfbb74887e64d2055a9d9a66c72253a9e |
| SHA256 | 33f47765ebeafe082e6118fb425ec4cf7ccea460e48d24a26cb0b46b1a646641 |
| SHA512 | 7b427f9d30db980f079bbfcc9b485b7222609e1c3525f457c0d0d20c3d2194deb79b2f88c90919742b3e8b8ee849ad8af565e79c35d3b75a3dbff22faf6d71ba |
C:\Users\Admin\Documents\GuardFox\JW8JVK3h2UKJp3Mga4JfrDPi.exe
| MD5 | 986ccd4c8b2686a84219b37eb940807c |
| SHA1 | 7782d7ba1f8b7e98fdb625fd9143b9df7b6c0bb9 |
| SHA256 | 3c384c46b050af0d75ac6c85ea0d038075b27900dd5bc8da737286f131224a80 |
| SHA512 | b61330247587443a8a690caeca66d7109a621e09fafcd622ce1f20b41a903b9ea1cf69c9f8dc50206f91b49386d60f77f63ed0c416df7df6b1970fe8dcab028b |
C:\Users\Admin\Documents\GuardFox\tutjpA9F7ey1Qilb1V2axRiZ.exe
| MD5 | f8cf1cf73f73475ffaa5da3b485799c9 |
| SHA1 | ea5cf7c44fe8dfe53647f376e1adfa9e65515998 |
| SHA256 | 26c4733079ddc0e687cfa665d5c278e59ca8e1ece6b7da9de56077b51a06d66f |
| SHA512 | 7cbbf5cef0fcc3e12f37f47afb0be9ce50511d63d559dcadc2a4c3f869a502f43ddd3920013fee79733764b3813d9007fd42f9cc9fcd1a2c92dc0c75cb1f1bf2 |
C:\Users\Admin\Documents\GuardFox\SO8uK9Sp2tKWtWgD2eBltM6S.exe
| MD5 | fd08f8746afe7feb5c0faa3eb9bdf3f5 |
| SHA1 | 2a72d6e7b64037c7ced7636f90f0ccab66afffc0 |
| SHA256 | bd977ac3052ee0062477fec2fede9f6c9d8ebbdfae66e489d2e857b0debe2588 |
| SHA512 | 6ca1672cb985d65ae680c52a2a09590f0e00c14bf8f06249069b05d274049a9d1b8ccc783c6a4e335ee87ab249598288d6f10df522c72f6b06f9eac6d35b5b65 |
C:\Users\Admin\Documents\GuardFox\wGltadLuoDTS0V2cHtWka4dO.exe
| MD5 | 7369ab9fb2c91e81d69596519b8a1f57 |
| SHA1 | 32b032c3880b65344119cea3d69fbbdf09f56e40 |
| SHA256 | 3c8d901506b6c5501eda69ef554842defaac4ec9e30a3d9ff4a91f11a4304a36 |
| SHA512 | c1a5313712d5c6a789f416900641e4c52ec47f6f9945ca3c6e17cce5be7ea7ca1b9d5094af1fe3a6bb042811dce02b1af85373d34c6cc162a2b2d7dbf07a789d |
C:\Users\Admin\Documents\GuardFox\rQXZgMqhos5xuslx24PhY0rG.exe
| MD5 | 8b07082b52e3d181e948f065b66bd026 |
| SHA1 | a0e5156eb3d949c28b373d75c3e2000f79dd84cf |
| SHA256 | ed37a1111b82ff591fa221840009369d3cb489d418779be27ec6185e230a61c7 |
| SHA512 | 927ed0af8bb1f4aff6bcb56b4ea006fbd069d1516558e9e97db1b2e3d867daa5cac8ce86283fde806e00301d7a24f89a746768806667f389f020bedfdfb0ca4b |
C:\Users\Admin\Documents\GuardFox\Z_aNIQGQvDICmgvUH1CicY9e.exe
| MD5 | 1b3f7ec76433e6817be393aeac76f026 |
| SHA1 | 11e35418d31a4b9df1586780aa146fde04395718 |
| SHA256 | 0434a358f4dd544e7fd589a8f77343866dc16a8129ec5f5948d9d22e0db2b232 |
| SHA512 | 6d82a1dc8bc52c445d372ea55f6cbfe0348b73d9b541908f85df07cc0769bcaa23616b2d50f29c78375c44c010af6f8209402c2036776ea0deaedd2cc06c0520 |
C:\Users\Admin\Documents\GuardFox\FfObRUUuZA9snXO_6k96GmqP.exe
| MD5 | 2415ec4c64b07fd9c29b109031c9ee47 |
| SHA1 | c068a46b05b4d5cc83f3958577131defd29f542e |
| SHA256 | b3fa93c7620b9ffcd822f5c9209e1767c36b739188b67efde141ec6720c9c6b9 |
| SHA512 | ec98902f86fe4a99e59c8468346cb0382cb4569d2781d21886ff89f44d528c627916d50dd1456a10d13fb2f4f9fdc9a884cc7661f98eda8fbe5c13de70f7b577 |
C:\Users\Admin\Documents\GuardFox\TQQ0xmPBCt_xVf6bm5xuslyp.exe
| MD5 | e39c22880ed21fd733c4235e79fc561d |
| SHA1 | f07257ed3ba7688500cca01159d61cc6fab9583e |
| SHA256 | 057f5d09539d09a60d63b963dc1e85d44d17d7f07c48cff066d407abfd32b084 |
| SHA512 | 63add0ffa51d346f1f90dc9a70cccf94db11f644acbf2d767cc4d06c86e78aeb92e3d2bab0971150685347153a2f3fbfa0a954dedffebeb250b2bade76ca7b6c |
C:\Users\Admin\Documents\GuardFox\yzzuLArvtRtf4YRRZrW8wLXz.exe
| MD5 | 6bee501cb29beae1470c7a25a204a187 |
| SHA1 | 6d3991e7399c665e7d03684f8d0c5a28acedf7ec |
| SHA256 | d71736fcf4c31fd5f5c97bcfbd8a0c0f9b9f2ee11b4732e95246c8cf3b250f62 |
| SHA512 | 29595e7e90421f52f7bb66edf36e9c7febc3f289906e9e39667778b6c76462d487c11b8580634cd4dcbc6c1d255564ff01dbb19de82da9e2d562201b25b46e3b |
C:\Users\Admin\Documents\GuardFox\LIt9vu_JfOkv1gObfODgn5vc.exe
| MD5 | a6f76a95ea4232ead3661cf60560d113 |
| SHA1 | 26a8ee7023101c0ed3e606cb3c894d0c8ce45323 |
| SHA256 | 8d7c0e66d7c16c5b0b02eb0c228f57283119d6a7728fcd5142284df8c14110cc |
| SHA512 | b1c87311528f7fc184d06475a7325165aa15eeeebacefecd69c6b9862c89530ca7351325016a5cc5acc2f139f4de16dfa21962669dd8e5af2f17f733f580032e |
C:\Users\Admin\Documents\GuardFox\rn57asznEP_ooX3h_4l7PyoD.exe
| MD5 | 7397df478ccdffad628623f67aefea01 |
| SHA1 | f7af169b52d95dd852069f95a99ffb8ea0456f9d |
| SHA256 | 7777b6fb38538dbc6022b8d9b1bab059d3824b9ce2cd07a17481b9d88c22755a |
| SHA512 | 7a8c43aa7dfc4cd4271e10a14449ea38b0d7c98db9103d9e80ba9b2e99fc3d94da0dd11f2fa42615dd2a88ae9f70c6dd0f974bb02a841ec6caecdeda0d0d8086 |
C:\Users\Admin\Documents\GuardFox\hpyyixkRm6Wny8XDpx52VFFK.exe
| MD5 | cf2789f084b7d82bca856a9b006adeb5 |
| SHA1 | 0ea9727890ec129001f01cf952e4dbf0babcae8f |
| SHA256 | c6dccd732c109257f5cb5f0548564228e673db549ca51d839b1181b0273916a2 |
| SHA512 | eaccb9213a6888e0c99521fa77c132ca6881dfe9b3e4b9cf10455b8b9310d96da14b6f10bbdd5d20267075b3253af2ada1d8438ecb4611df91a4c24a1ab7e22f |
C:\Users\Admin\Documents\GuardFox\qAThGLCCM4z3Oq15KdUOVcXo.exe
| MD5 | da29383ae969e70567229635bdca5529 |
| SHA1 | 099afce62950b12235975756dd8f893679bfb6b2 |
| SHA256 | d838dd4febe152794576486605cc986083744e730ff042f5b37b0bb2e9d81d22 |
| SHA512 | e04ac626e86440875d3da679865c797082fc8c08d718020ef0e90259ed81f1f05a79dad4dfb1fc141477c829eb5ebc35d7bfd43ccb3a5e7200953ea6691eeae7 |
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
| MD5 | d54cdd5a771d627d72909336f2bb3aec |
| SHA1 | c829c886c26a65f171d03b769802f2668c0296ab |
| SHA256 | 234d633b54b6ab3f0d24881a2573fb5f96cc41fd0c2d015c819aec942d8dc207 |
| SHA512 | cb3b0f62a0d117398c7e6daa2ea086df329f1b8a451b37ac95eeaef98b5ccb37303b452cafa910539078c87736b6c3faa0e35ed87fbcf681366b2538c37edfa8 |
C:\Users\Admin\Documents\GuardFox\p65tzIrYYt1dXE8eGE1C8a0j.exe
| MD5 | dd34a419c7b3764f6d63ddbc01d7d6e3 |
| SHA1 | 88a529b65cb31870df0e55bce5ba27284df71c2c |
| SHA256 | 2ed7aac091177ce22eeffc91dcb1041ece28368c067c09d7020ed8072b1c3a76 |
| SHA512 | 13f6b3dac7b4024dac46ffad6de1eb7fdb22a6a91fd33c7014dabf8d3584d38a171e7c0a4abbec76107317bc514c0275b5b71c5de3ebf543e31a9c5db9b4e743 |
C:\Users\Admin\Documents\GuardFox\7zHPd52JCRvp6H7EEeZWzeF4.exe
| MD5 | e7040aec13c3d045249066807fccabe1 |
| SHA1 | 3408096e6ddf0413eb59b9893d91c67e0f4fbbad |
| SHA256 | 3576291caa2d88806d03ca2719399f491a54ad4181585f5fe4be91c27fb6d505 |
| SHA512 | 557041e1577f93a395f485ebe1f137174ed0c00fcb6ad15408245489882af2b720287ead1e5eeb77c8086b98bbcd819980e8201c825f48c8e46cf56fb13f4091 |
C:\Users\Admin\Documents\GuardFox\w5Lf1N4ErTFYfCw1MdICIKF3.exe
| MD5 | 8be91868e89189b70dca69c55a1af455 |
| SHA1 | a9ebee5664dee03f3d16c59381e500c48a3a2ad3 |
| SHA256 | 12deb280d6011e9b075fdd8bd6737049ab897218bf05c761f929254b88de8236 |
| SHA512 | a8ae6123ca82a9b28961dd5cb160f5793262af59d57a8cad819dae5a2479b71a3b02883ea9c04f6c99b7382833fedcaa787c426b95e532b7bb9c61990e46bb53 |
memory/880-193-0x00007FF747D60000-0x00007FF748749000-memory.dmp
C:\Users\Admin\Documents\GuardFox\rn57asznEP_ooX3h_4l7PyoD.exe
| MD5 | cd8b2fb8a75f08996490460ae34094ea |
| SHA1 | 4199a92e4b7e7e1a9249d9ee6f07b5a21172f051 |
| SHA256 | 498de2f13f8c93df9cd272fe6ea50d7144931c291d3f8d6b543973aaee2c429d |
| SHA512 | 0b0b0a260d2187a8e5e3644ce70fa92dc9cd80d95038472ab21b7d29b2128bbc3c837802149a69583dd145a8da47746297277a7b8d7a051922911080c7544957 |
memory/880-564-0x00007FFC80010000-0x00007FFC80011000-memory.dmp
C:\Users\Admin\Documents\GuardFox\wGltadLuoDTS0V2cHtWka4dO.exe
| MD5 | b6e00017938684cb20fbbf7fdcb084d7 |
| SHA1 | d45f7eb1f5aad4ba3b48fa7a205ac24dea4aaf21 |
| SHA256 | b45a34b8236168bc75d0648006f1c7234f89dcfb584c475f95902d0a48774f11 |
| SHA512 | 16297eb7f2cb263b82a3163ebe8084db166b68effc9ed573389fb30a6cfcb3fd202956f3db18d7e0dd56535d5dec153ecb74ec289ab460a9cc7f1cb46cd44835 |
C:\Users\Admin\Documents\GuardFox\n8lts3wu3LEK31H_8scS0swh.exe
| MD5 | e5e106993b390a9b37f6145055a64cb5 |
| SHA1 | e9664cda04c0d22384b6b66b0726b48fcab41894 |
| SHA256 | f535df37e99c6f5498e0694b41337205d7d5f69f37e3c00faa1550a514ea0033 |
| SHA512 | cbcbb0f4769d7b0cdac4de57f9ff34142a5b47d58b2b2328ba09bc9a3c7840b7cf06c77461a8f591f934ce10ce4af1f564d195300aab4865ef239830f98c8010 |
C:\Users\Admin\Documents\GuardFox\QQw5SFBO7t77B3jDUdWt8lSr.exe
| MD5 | d046b3bc37c4eb56d44523ac8a8cccc9 |
| SHA1 | 641700933f4a8ff3f2b9ceb7484fecd9cadfb048 |
| SHA256 | 1c8f6c47800a06759c2ef4530d3f55ccf48331931fb468daec66aaa1a578e41d |
| SHA512 | 0aefccfcfbe143c31f8c156454e9d819976dfb0d6ce87a7e256e3af22130acb56cebcba097d1046822d26de0e35e72534a28e12ad4e0a333c54916022db4b607 |
C:\Users\Admin\Documents\GuardFox\QQw5SFBO7t77B3jDUdWt8lSr.exe
| MD5 | fc53f9e176dd4617b4a8663cdcb085e9 |
| SHA1 | bdc02f731fd4643e37c98beab5acc15e1e4b86d5 |
| SHA256 | 177803d54a480a6cd5f50c6e9a091dc2d7ea8c02fcbd80ec5fbd59daf433af92 |
| SHA512 | 5472b1df859310f59fb825d46c67f90951e39cb3354d93918ad5e5b60c7424a94b84a8f4d3f482b4cd64e25f7b2f824f9862679193e9f3a86511c3410f425139 |
C:\Users\Admin\Documents\GuardFox\tutjpA9F7ey1Qilb1V2axRiZ.exe
| MD5 | 642e7ab70a298cdb7f1bbb33eacf8a9f |
| SHA1 | 51b48209eb0c7ab4d1dc8692f4db527616c024fb |
| SHA256 | 4c9f9f48a4774fdbb002ce37a7eecf74244bfc75e73c1e180bf8cff360d84fb2 |
| SHA512 | 8535b1367c1181a53aaac2fcf83e83b20553f2629013b7a7adf4bce998a955b52c17ccc66ce0b2d117dc4a0136705c6e1efd7cb6e9379360e44990275aed3ec8 |
C:\Users\Admin\Documents\GuardFox\SO8uK9Sp2tKWtWgD2eBltM6S.exe
| MD5 | 32b9b3807530419e32202f0937d36bac |
| SHA1 | 7ed753b743b6a00988105ba5daa02dc80d03fa9b |
| SHA256 | a137235b1545efe3c8ce2a5da0dd2c637efe85d1797bfe38bb6813115aae7a5e |
| SHA512 | 34ddd045b12ddf70e4e323513614527681a55d12a9e8b9f2937abf76d29b6907b8dc070090ba90fedfad04ca493c6f63bd703a6a7c55d4a11b075f51553a9b48 |
C:\Users\Admin\Documents\GuardFox\TQQ0xmPBCt_xVf6bm5xuslyp.exe
| MD5 | a1f31b15e51ee0aed8fe02e1e19d8680 |
| SHA1 | c5bd9fc5131df58695c9b32fc18fa37d76136271 |
| SHA256 | 6cc0477465977810ce5a6802cdceac6cddaf88aa02bcb56f7662823ac557292a |
| SHA512 | dc40cb62567a15a49283747480c5e19c05f09da357908fab08051f44bd62e81e285b472e8c67473893bbfdeb572a00dc95a821e01a6d2beb2b057caadaef6a20 |
C:\Users\Admin\Documents\GuardFox\n8lts3wu3LEK31H_8scS0swh.exe
| MD5 | e500f6c97bb74557b6b25df5213ac75b |
| SHA1 | 8449e8d69252755295253fa19cbb4f9c7194561e |
| SHA256 | e232bf5001f16aef3d696e3adac03b09909ada97b26c3207c42e882d9ed344de |
| SHA512 | 7051fc2d612a5249eab32384f5c7a3b3601233655ebcfb6bfa49ebf6ee62974e25a906daaecf897c7afcd4292c339bdbf3c0f788a5e41de1084815c8ae58b607 |
C:\Users\Admin\Documents\GuardFox\GjtKAmOQqOXlDAbTCFnU40uH.exe
| MD5 | 2cc9c6f1c605787672dfdaeef941c3f9 |
| SHA1 | 407155d73688be0c7b7bb98d45e0e170fe90f09f |
| SHA256 | cad383cf1236918a86a4a26d66405037df43422f105a93e25d5d9feb41e5bc8d |
| SHA512 | cdfcfc95641ceb016cc2103ed5d225f70264a1e0ea89785636bcfc8b1b66b22a5fa9a6f4e7bdf32c4449ac1604a6d5bd4cb0fcf08ee19858f6264c123c077f19 |
C:\Users\Admin\Documents\GuardFox\jU7SJ07UicWF7hD0MaZuy4mY.exe
| MD5 | ea7408c8bc1a0f9ce808635c2b9ae3c8 |
| SHA1 | c76f4031ec02455457e4fb8dab96ea6b3858a105 |
| SHA256 | 695ffea0a4715646577587d024422ff7f3c35a3bc75b8fe204d079b754480696 |
| SHA512 | 44a35d124aa0409aabd7631941c6fcb78bdc6f9de9d55eba77d5d04321a6134453185dd031a0265e31f8f2250b2f4c1399efedd3e6b4c77052cfd35318f3a102 |
C:\Users\Admin\Documents\GuardFox\tutjpA9F7ey1Qilb1V2axRiZ.exe
| MD5 | faae2f975e5c835a52d530c890799238 |
| SHA1 | 362dbbeb27e359a3bd6916388d1780c6cd76cf7b |
| SHA256 | ec31f0413987f004fd9e91a0c8cf6ca36b3f0dced54c376cc1a67d8a0e272183 |
| SHA512 | 8435f7213b05ccd412d4300e3ee684691649ceef1a39a9bf3723d3d715d1462274c377c54821b5a690e293430da22f96b0fdd0bca1d4ed5cc189d1f4d9a63ed0 |
C:\Users\Admin\Documents\GuardFox\QWeM4i6raY5Hi6jGEd2QFH85.exe
| MD5 | 8952c868e32acdd7e273b64784b223f9 |
| SHA1 | e1cfb04f49d67ccd6d0701666654be12fa816cd4 |
| SHA256 | ab66ccd9dab011ce1d3153067b68cdb8037cb4dbb505781907c9603ab0aab355 |
| SHA512 | 9a3b17b2b8709ec5555b90a60ad99bdd6d05806bc7b6ae7ab167c9afee2af4d2d2c195b891dcec4b1f4cb653eb265e826611fe516d29601c8fbf516a7f377832 |
C:\Users\Admin\Documents\GuardFox\SO8uK9Sp2tKWtWgD2eBltM6S.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Documents\GuardFox\GjtKAmOQqOXlDAbTCFnU40uH.exe
| MD5 | 636ae26aedbc6c27ef36d83c0cc841ce |
| SHA1 | b4185c8ea1dcb8d1a84acedd9e243f928b6eea73 |
| SHA256 | 24f988a5d06cf7757a6c9d0500185ec750ffa009563efb8b8839131ad4672969 |
| SHA512 | 66841c0252ce5356ab1c777f8ee4ae657cd3e5a08a56bce3e75a5bc9e1efb0fb7b14d6e68e4d7e63fe41059d5d1dbaacc0202deda0879f260d15a7d6bcc98539 |
C:\Users\Admin\Documents\GuardFox\jU7SJ07UicWF7hD0MaZuy4mY.exe
| MD5 | eb395252135592d6eb2dc68840257864 |
| SHA1 | 3fb48750c41c7193134558ecf27c564b3246b0e6 |
| SHA256 | 88228bd340dc912b2b8ddedcfeaa0f7fd2e57275ff9bff71f469abbca240290d |
| SHA512 | a1f086ed4b202e7f5e9fd0805db308878f7a64ac551fcb5734385fc38a4bff0cbcde308330d06da42ddabf0381aa6cc27b822ce1860223067e816b7c615a7c44 |
C:\Users\Admin\Documents\GuardFox\rQXZgMqhos5xuslx24PhY0rG.exe
| MD5 | a2aecbc727b2c5ab287dc2576bdc213b |
| SHA1 | 570f30e8fa4f77b52aae187c6fdb7e149b18bbf4 |
| SHA256 | 280400f074f43ccd1cbf20b8aa1ae6811b1eeb1791057f766e2da3acb8ae100c |
| SHA512 | b3a869e8e50f81f7d3cd2660c40d23e41e56c48e6ea615063102728cb2f14f655cf1b3cb4b722583d2c939dc5a9c8ff8be2177b19bcb3b6ded34d49ba72b6687 |
C:\Users\Admin\Documents\GuardFox\LIt9vu_JfOkv1gObfODgn5vc.exe
| MD5 | 8b667d41d0db6978f5d26ba485f25861 |
| SHA1 | 1833ecb0e5c553bf5d8e1e18ce7f5a61d30c1c56 |
| SHA256 | aff0d8075c5957758bd2f3664d4f0f239c82b2ab3a0483c81768cadd4e8b787e |
| SHA512 | a049c703c55265b206deead7d606a3960e708a98b84ed22a99b064432ae53a67ab5f7ef6830ad718ee4bcde7b51e89a31f0b38d4114c4dcecf5a194b3394e335 |
C:\Users\Admin\Documents\GuardFox\hpyyixkRm6Wny8XDpx52VFFK.exe
| MD5 | 38f50cee9ca3b45c000fcd1232a3bd55 |
| SHA1 | ce6283aa6b04f43e458a96d31f5580811c49126a |
| SHA256 | 1027faecedfebdc3c7c4fbb4c57d0579524548fc26d5d5764e77d610b4bb6323 |
| SHA512 | 855f7833f2b7becefa043ad318f68d740fb36974d34f3d423290a9fad74d96b7628525ee2cd7efc1a63a686bf5f3243bf4e3b09bc428092b5a0da761692c4863 |
C:\Users\Admin\Documents\GuardFox\w5Lf1N4ErTFYfCw1MdICIKF3.exe
| MD5 | 624bfd632322cf6187a53b0852b89522 |
| SHA1 | cea15346c0744c5a45145f3a9a3cd532917227e3 |
| SHA256 | e5cb6daebfd60fbc3875bb30053259d6507515d80a505485cb940a262c60daba |
| SHA512 | c94afb9c7294a4686c92e67adf6d8baba2d3c74d8fdb9a6d6bc16a97202c63ec47abc821bf8fd55947fb9968c637f0cf01c478075d630d394e52c2a7e9c7a13f |
C:\Users\Admin\Documents\GuardFox\yzzuLArvtRtf4YRRZrW8wLXz.exe
| MD5 | ec0cc12fc155faa5f08f2b78cf7e714c |
| SHA1 | 3df06f9fd6cf2c69cc9db66007a29a71da01c6b2 |
| SHA256 | 7d300f9d91cfe83ee53fcf18be17881d3fe760f9f734026771a5d44ff96bce84 |
| SHA512 | 44aed859d034646e1fe4e9ce4efd371e2c362971ffe4a1f5d9ed1b7e55ff30d2652740af4e2d11111e7b00a38734ec884068679f60219f03e82ea383ae5319d9 |
C:\Users\Admin\Documents\GuardFox\p65tzIrYYt1dXE8eGE1C8a0j.exe
| MD5 | 3ab6e04ecca4a1f84ca8c187f851e0ec |
| SHA1 | 4db464234978f8e8c3fc2eb4bccccfff7166a7dd |
| SHA256 | e10f212ac083a89df60c2d9802486a692e48c7e5766c16ff9045bc0301d01909 |
| SHA512 | fc50666af10f5279d6e60ac1f5cb9d35432dc20f1aecefb40a819d2bfcfcb980fd58207810154885f2eed91260d35f4d23a9f567ad2978152a1b421c52297942 |
C:\Users\Admin\Documents\GuardFox\Z_aNIQGQvDICmgvUH1CicY9e.exe
| MD5 | dd67c56e92d2864906dfd2cea26885db |
| SHA1 | 0a310646de1e43c4dbc88adf11c6d3d54f7f2c90 |
| SHA256 | 675681b6efea8549f4365b6e13b2bf274106425de3f7f6814d572a9a6f212f59 |
| SHA512 | f54e68cd020128959006bc67fb3292d4f02f876ef65f041f9bf4ab4d4944914a4c052e3eacaff7f842c998d3017592e7ccc0e44f8d183b3c6aa2364296e20ad4 |
C:\Users\Admin\Documents\GuardFox\v45HMWE4NwLCcmbZT7FlI17g.exe
| MD5 | 0c90a7795b76f66040cc4265ffd10d3f |
| SHA1 | f2ddcf4e098130732b5799b55d48c86ba8f802a5 |
| SHA256 | 5c88fb84a7671c12921a7cea5b722e639665f183a1e36274a28a0ed04884d0c7 |
| SHA512 | 9094db0251feb2035938629228c13685348b65598628e8ec831b35e806c6bee5ef9fd6baf7297a5ffb0200b881547d02e68491e5bb9400d18d2c9c55d9c1488d |
memory/5896-783-0x0000000000400000-0x0000000000459000-memory.dmp
C:\Users\Admin\Documents\GuardFox\JW8JVK3h2UKJp3Mga4JfrDPi.exe
| MD5 | aebe66c88f66f7b77e746584aca4c831 |
| SHA1 | 3ad8f4a261a765b4c435e297a05264b68f9eea87 |
| SHA256 | b554ff6d288661d5294dcc4a3d0273ef04f100abd80fe3ba47568dda9320594f |
| SHA512 | 842db44dca1efcb74f04487ab9f39a8ae7814aa5a911a1b2d2f0c4c9beef95a8589903bbf938dc2a547ae472d5eb1ee059ba229021f495dd2ab29372f017e9a6 |
memory/5888-787-0x0000000000180000-0x0000000000663000-memory.dmp
C:\Users\Admin\Documents\GuardFox\hpyyixkRm6Wny8XDpx52VFFK.exe
| MD5 | 156736cd0f25b19676b79a74d8781457 |
| SHA1 | 5679d6575b848c1c000a6970bd3a0d9451a4b1b6 |
| SHA256 | 3c4aa393f3f7d551ba2165e3fd875a44cbb29b8b1a0afd4dc4a2d99df9ff3981 |
| SHA512 | b9962c86d16b133fa1de38c3d54dd22ba14eaf7b4e71539222f24cd8afeb5f449327107251af43286ce6b4f3a140aaaace9b2f0e7cc6be9a17665868dc987cef |
C:\Users\Admin\Documents\GuardFox\hpyyixkRm6Wny8XDpx52VFFK.exe
| MD5 | 5391ff96684ad545ef1ba9c785c9b754 |
| SHA1 | d93b807d7e0db5dfd8edbc6f9069b1d0e49b91b0 |
| SHA256 | 83f42e606c5a55f6ceae5455903befb24801cdaca026fff9c2ece09865154748 |
| SHA512 | 49151a2cef9316e0a8a78ed2b38abc079b1effcf25529640bd39625643e5d31f323ff8c96cbad605dce17cb31415bb00d7d9c5142f31b66fd151236c92fc4dba |
memory/5924-853-0x0000000000810000-0x0000000000910000-memory.dmp
C:\Users\Admin\Documents\GuardFox\w5Lf1N4ErTFYfCw1MdICIKF3.exe
| MD5 | df9352d7f6f568f14f8ad31b90e8fd6f |
| SHA1 | b7fe2cec7659a5d260f2f1fad15d26df559017cb |
| SHA256 | 55b735c3840b33855421d44b9a5de2a98149eff71885c25b67f3e6d42e80b745 |
| SHA512 | 37cc3539f0fef387ad10d25a774f6fd26fe7bc9e42248dc9f7e72188d05294ebadb5824a5b89d7e1e83f1993097753999faa8b99e8e9940643ae3bbef7b83dcd |
C:\Users\Admin\Documents\GuardFox\w5Lf1N4ErTFYfCw1MdICIKF3.exe
| MD5 | 56ac5a907da8093ec24e80c7a2226b19 |
| SHA1 | f77c210cb8f45b0d8d92c9949b23a184a74478c0 |
| SHA256 | cf280887a93de49aad3e1b00aa9ba57b7f7966b29a688c4de5ed494bccd6dc22 |
| SHA512 | bf4835cf580a8ce64f501b66564f29e788f27bd4572b7f04048e87619dc135e47fd6703f9090289bf78a2853cd087ae855cc1c13b65e6c0203ff38678be43b89 |
C:\Users\Admin\Documents\GuardFox\yzzuLArvtRtf4YRRZrW8wLXz.exe
| MD5 | aaef9694d7ca0763a6435aea25d1ee7c |
| SHA1 | da2064dccbce5ce99087b10558449ed691465309 |
| SHA256 | a18b5a3605ab19c1927aef5c10fc249d23acc5f4b30abbf217a6405affaeb544 |
| SHA512 | daa1f8c174c1ee2cbc65c0029b9f0913ffbdb3c99295ba62dce1ae06a78442345454f8b8ed00ee5f150fb337b4658b6955890aa113eee57c4fcd451b7e36337d |
C:\Users\Admin\Documents\GuardFox\yzzuLArvtRtf4YRRZrW8wLXz.exe
| MD5 | fd9cb11fa10bc210d363d18863d4778d |
| SHA1 | 03c76e188035d97c368b15b090e825b4ebeeeb4e |
| SHA256 | 221da7f529afc1abb11d6d9533f56f9fddc8615af69c95435494c142ed19d6f9 |
| SHA512 | f4aefd5722b067dbc9f675d5cdb44444bb243b5875678d888fa22de204e5b41f65ef038b71d8fe66d6dd8681bb8015a943313f1c117aad8e95f4e185b9d5be46 |
memory/5924-881-0x0000000000400000-0x000000000062E000-memory.dmp
memory/5952-882-0x00000000053A0000-0x0000000005604000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-392NQ.tmp\_isetup\_isdecmp.dll
| MD5 | c20ef190fa9a22fe51b30fbf475461e9 |
| SHA1 | 3313ab6bc7afffb9e4e467c88236e7175d3551d6 |
| SHA256 | 9a93a0f53ba8aeb0a18ed808db8bba647c1f221ff20c68e6613ed9526c802a95 |
| SHA512 | 9b33648afa17d686f5c058ff104aa25a0533f783af47e0d7f8701ac0c94c3ca2a8c6e2aff5240502e13f52da3c25b54ca07a4809de096a198ed289c98c35acb1 |
memory/5240-960-0x00000000001A0000-0x0000000000672000-memory.dmp
memory/3492-979-0x0000000073F90000-0x0000000074740000-memory.dmp
memory/6012-991-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3612-994-0x0000000140000000-0x0000000140876000-memory.dmp
memory/5920-992-0x0000000000400000-0x0000000000645000-memory.dmp
memory/3612-990-0x00007FFC91450000-0x00007FFC91452000-memory.dmp
memory/5820-989-0x00000000005E0000-0x0000000000662000-memory.dmp
memory/5800-986-0x00007FF6ACB40000-0x00007FF6ACE21000-memory.dmp
C:\Users\Admin\Documents\GuardFox\wGltadLuoDTS0V2cHtWka4dO.exe
| MD5 | 918944828603fb16b78577350cbf6d8d |
| SHA1 | a4ac60e0c717f3a890e1a8ace6a29d32c5d949b7 |
| SHA256 | dd53a91daaf5c1ac5df1782183b800abc36269b357e6191d803df58e50f6280b |
| SHA512 | dac282d8eab4082de5e49fd602a56e4777717f3cab219768a4290c57e67956fe8d68c2efb4f06513c942bc57e8cf5671a326e893532484effe159f4b8fb3eeff |
C:\ProgramData\IPTV Channel Browser 6.6\IPTV Channel Browser 6.6.exe
| MD5 | d6b576c5f23c09d857211271c1029c51 |
| SHA1 | 90a442584207c70c7673475b290f6412127e56c3 |
| SHA256 | 5d48c0dd151e5d3ce26c298728e81a9627d8a2c2784bba1bbd639d74c8f667c9 |
| SHA512 | 9f56bae264def4a9e0668491ada7f0d3a080c0e52c9eb63a749e49efb9f29861bd3cd021cfb02431118aafc17431eed4dd96e55763dcd09550cb7e9bef52c715 |
C:\Users\Admin\Documents\GuardFox\rQXZgMqhos5xuslx24PhY0rG.exe
| MD5 | 22e238994b5349c76ba4fb3f68467e9a |
| SHA1 | bd048534109c362ff53203801086cd2b2ad67fa5 |
| SHA256 | 70f63ec8d436395e9fc26ac55d68884cdfea4283dd20e41d8ad9ba7bb550dc81 |
| SHA512 | ae31199dfefcb26f7f71cb8ca19d84c33ed32a6f9ba2dbf3b0b3b87a9c2f825a00669739763c3f08ea9119363d385a6610e98cbac7573b0f8cc1e88f4dba9dc5 |
C:\Users\Admin\Documents\GuardFox\wGltadLuoDTS0V2cHtWka4dO.exe
| MD5 | 4bdd546ea1dae6a3113d08571737a703 |
| SHA1 | 79190fc1e355c937ae8c45b447e804fa640c1d26 |
| SHA256 | 0e9bd1cdb3d0322c194817d04ccb6cc82b403a8b5c4fad19ac2b752fadab7902 |
| SHA512 | 7254fed793eac0b18863b43721240ea0def50fce5599992069039a58f5911d1654d1882ae3eaccfde6d7c73ea0360a58a263cdb4eba1d7ec2dfa05f9bc1f5681 |
C:\Users\Admin\Documents\GuardFox\TQQ0xmPBCt_xVf6bm5xuslyp.exe
| MD5 | 114274ca48983a090e4abb1345152707 |
| SHA1 | 87456e1bc71f9a8d3f78c123684ab5812cf6f238 |
| SHA256 | bb35f81ad6d6dcebbaeee368e9cc32f454b3bd285024da1c05476fcadb10b609 |
| SHA512 | 12d3cf553fa754961ef891f12a34f40ec626022b8ec6119e76e54ed097e1767725767c4eae1f0906154afeab2ffbaef17f50e5af47700f2b35520621c1800a25 |
C:\Users\Admin\Documents\GuardFox\TQQ0xmPBCt_xVf6bm5xuslyp.exe
| MD5 | 8580bf96c9172c60f3db96c72c323cfc |
| SHA1 | c681ea71ce9f0cdbb7092dc0e54c838e55f11242 |
| SHA256 | 97e8a86a00c0ca9917cd870ec9764f445512886d108df2a5382918f5d680db28 |
| SHA512 | a6e30ca9189e78ff347c8bff4fe83f03b4d252e8967b175068fc307c2525b5f6f21a6342497501b4d25b19a1e5577c503a6869842726e44a9c1cf69ee9fac390 |
memory/5920-982-0x0000000000400000-0x0000000000645000-memory.dmp
memory/5952-977-0x0000000005130000-0x0000000005392000-memory.dmp
C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe
| MD5 | 4db2d4f417fe4fdd43b7b3fe2c83f66d |
| SHA1 | 7e8be5b67ac6d77a7d561fba9cb872024d1c3728 |
| SHA256 | cad6bb5e4677f8eb160b20d3beff14a83aa8f4429a9806ee1d69ff7821a7f5b0 |
| SHA512 | 89e18135d380c6b302c5a122b4cccfc630386e014640d1bfed637e4d667d53475ed6916fcb5c946f5d4aa502d588842253770396d3050dd416053e98584592f6 |
C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe
| MD5 | c39073d3a9a1a1114080920c58d4cf54 |
| SHA1 | 8cf9dc7a6d4f1130956f7b175611e78cc39911eb |
| SHA256 | d97f20897c7683d27da9f075b0df3ef9d3444bbfdd0847ce26e013e9cd833411 |
| SHA512 | da1a5e31f277184e16af04c4125b6b0dd248e27f106b1228e2d8bd6612061a489a6ea4f50309ee7f9b9d24ba94539b8da1a6575b3fbff6dc702fbd23e4e8b2cd |
memory/3492-971-0x0000000004F90000-0x000000000502C000-memory.dmp
memory/5952-958-0x0000000005600000-0x0000000005BA4000-memory.dmp
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
| MD5 | 50b99c19d5e3662ada0fb546e06499ac |
| SHA1 | aa1fe33e0583b32fd1a6a291eb4234b79780dbca |
| SHA256 | 1101bc953be983ffbcd70b4bfda1f862b0ac6da1c6cf81d192a711a724c946f2 |
| SHA512 | 0d17b1c5e44fcb1c2fa2b6b6066369f6817b9380acb6357875e8497e21a09489b457665d26de0b3bde1ae1129e8c6d903d582ce09e60ac40026dac03382a1ed7 |
memory/3492-924-0x00000000001F0000-0x00000000006CA000-memory.dmp
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
| MD5 | 634a94420619a63b261699a40a937d91 |
| SHA1 | 19169fde7a9ce97f5a7e84b4c7c48bd6419fa63f |
| SHA256 | e7b5f15acf5884e41a68ae785dbb76152d9d96a96e05ec3da35ac68d05341758 |
| SHA512 | 0dea2c3d2f0953b13082d7648111b250415ac0535e8faf4a6dbd7b8a29221be6889cb516b595e765037dbc2514c057b4dc8086f7dfb2d00dcac80109b40ad53d |
C:\Users\Admin\AppData\Local\Temp\is-392NQ.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-392NQ.tmp\_isetup\_isdecmp.dll
| MD5 | b6f11a0ab7715f570f45900a1fe84732 |
| SHA1 | 77b1201e535445af5ea94c1b03c0a1c34d67a77b |
| SHA256 | e47dd306a9854599f02bc1b07ca6dfbd5220f8a1352faa9616d1a327de0bbf67 |
| SHA512 | 78a757e67d21eb7cc95954df15e3eeff56113d6b40fb73f0c5f53304265cc52c79125d6f1b3655b64f9a411711b5b70f746080d708d7c222f4e65bad64b1b771 |
memory/5940-923-0x0000000000400000-0x000000000043E000-memory.dmp
memory/5264-896-0x00000000000E0000-0x0000000000162000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Z_aNIQGQvDICmgvUH1CicY9e.exe
| MD5 | 3e47c78a8cb7752e956d46192c9579cc |
| SHA1 | bee043cf78f5d86307bdd1e46ddd6e259204fad8 |
| SHA256 | e3d3055aa2da6b7d6daa9fa4a0fa4000fa7f826d49a137f2027770483760ab35 |
| SHA512 | 1832c07a90cd5fe1ff58bf20ec64ba690456625201c358a712d86061a0808e636aed9f0ce9055cfd32cf8a9322690c30464327334d3e339cf0955d0ce7ddcf94 |
C:\Users\Admin\Documents\GuardFox\Z_aNIQGQvDICmgvUH1CicY9e.exe
| MD5 | 7d33cec1a1c25a7e5b0e57d0cae19734 |
| SHA1 | 973efa84acbda231c75129c32ae853de02985362 |
| SHA256 | a2d23bd832618724c432c0f4a841b53529e886c304ad365713901c0e4690dd9f |
| SHA512 | 579f429cf1db844196f7aee8a37212e28450f6941b5dfb42a043adfb163879fc228050d3302cac3dd8e8771d2d7ad0fb23719d171e76d91131f677682db106fa |
C:\Users\Admin\Documents\GuardFox\rn57asznEP_ooX3h_4l7PyoD.exe
| MD5 | cd44a7b6e3fbc3e28f844bc8cf767d18 |
| SHA1 | 08dfd82cf3dae476777ff04905013373aa5da376 |
| SHA256 | 00b92d17f9f4d708e2f8766d4ec73ae03918c3e6d93c53fb3db1900e7a11e9c7 |
| SHA512 | bf922649e8047c88ca622aea148b198e1eb2ab5df27edee28114fd61c804cfbcee0b4d824045c7b760e60edc5e23d8c2261f8fd4b180ca93e2ad2ced74a74e0e |
C:\Users\Admin\Documents\GuardFox\LIt9vu_JfOkv1gObfODgn5vc.exe
| MD5 | f59e5593dbc28425bb80c1e62639a826 |
| SHA1 | 7a0cf7ded737d0145a76cbb6f1809cef7baa5b27 |
| SHA256 | 9ee5443f6930f5cd056329bbfc08a00318e68d6b401e1a23ab5fda1e0fbb52e6 |
| SHA512 | 63741059488e8c1909e5cbd0be694d68b925d302df6240ae091cc5c75044880ea10a2844ca93607880faa4be9c1eae43a707e888f750eee747f996c89afd5756 |
C:\Users\Admin\Documents\GuardFox\LIt9vu_JfOkv1gObfODgn5vc.exe
| MD5 | ed7f415cb267ce03ad8fbb8f72c45d1a |
| SHA1 | c43957634feaf0673e5b19d6bfdcdac593673f1d |
| SHA256 | 5651c733f376c9ebd8249f0ef5d4fb1a781aca74074ea33441bc2215d7ffb3ba |
| SHA512 | 952096570564000f5d01def5435668805717b78be75c42019a12c809923eb69d7f225965a11647ef64ad6d20bcd2d273ebdc9455f0cb2334c16a3d6a913a5e60 |
memory/5940-897-0x0000000000590000-0x000000000059B000-memory.dmp
memory/5228-1000-0x00000000008E1000-0x0000000000973000-memory.dmp
memory/5256-993-0x0000000005510000-0x0000000005760000-memory.dmp
memory/5952-997-0x0000000005130000-0x000000000538D000-memory.dmp
memory/6012-996-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\bhwt2o5b1SvUwqu3qybySrSo.exe
| MD5 | 67fa4d0af4b3646f484dd4e6c477ddc1 |
| SHA1 | f9d72a7bb196db56f2cf059860144a73080d6d49 |
| SHA256 | b2c7941a1bf6aabba2334ec21f5f547879fb18ca2bf0b07e4bd2e8382dd3bfcc |
| SHA512 | 1c7a80c566c5a4f79c6158ae8f8229c29bf49e4589382b3e60a55150203221d23e40d7140c45fdce112f181fe7db341852be2a893ccc0feddbb81a49ca423aeb |
C:\Users\Admin\Documents\GuardFox\p65tzIrYYt1dXE8eGE1C8a0j.exe
| MD5 | c9fa27941b52d4ad6450a791b3b2fd5e |
| SHA1 | 99d5729c7bf7ef7d7ad0cc8da534eaad2c3dcf11 |
| SHA256 | 448139e07c44fea9ff67f92535f8d870f97ba2af620aef52d5eedbc439108982 |
| SHA512 | 3c29feaa9ad213abb53a49df6045ce9a6f8ba20470415565693804639e8dadc135ba4061e9d4c004912c68741e5138fe9b11f1dbaae67376298d857d8651c08a |
C:\Users\Admin\Documents\GuardFox\p65tzIrYYt1dXE8eGE1C8a0j.exe
| MD5 | ffcefdb9f7237871385f06fe771c0b15 |
| SHA1 | 08db883b33682be06481819c8b9f3f09745ab538 |
| SHA256 | a2a6e228c6cee8bb16d027b0cce69c0d68de1447be5195d7c86551243f248b7f |
| SHA512 | 24f13d23dafb18a530b2acd0c93af9db77a1de28cd9366949fe48e21645cc6f4982b283199ef7498fdaa711c27674f0fcedd033e62b0dd502b45dbe1484fa1ba |
C:\Users\Admin\Documents\GuardFox\rn57asznEP_ooX3h_4l7PyoD.exe
| MD5 | 0cf4d215e9fcac8c9fcbba7cffe4b6ee |
| SHA1 | afbf927b08f5b34fd68ffd4a8d79d840ebb924bd |
| SHA256 | d99a75e923e50602eb7465d96d78c8b7f5da4021fa8975d7adc2c783045beaf1 |
| SHA512 | 0c08917184f0b7426faf72e20dc1e0982b87601f1192d5c6ed3b593541bbff498477f7bea88886ff6e4721c568650d1e66ed006adc67302fd50e876a6c8cff0f |
memory/5924-871-0x0000000000790000-0x00000000007AC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-L6FK0.tmp\QQw5SFBO7t77B3jDUdWt8lSr.tmp
| MD5 | 92eabf02553cbb50124b11bd761beff7 |
| SHA1 | 92afef4eb369de6ee36d38915704d26cb841b5c1 |
| SHA256 | 4acf95f9813009971a7ad94905b7b3cc6cc413fe2cc498a4354d0b725640e914 |
| SHA512 | 6773dd5dceac50df4ac43732fc14306cc89d5209f1eb320bd2718e685e659e1c7882d75d4ad21dfd8106c22e71c1d22fafc88df66a7f86c5cfc2c17d03aaaead |
C:\Users\Admin\AppData\Local\Temp\is-L6FK0.tmp\QQw5SFBO7t77B3jDUdWt8lSr.tmp
| MD5 | ffe4b0e5afccd963535d3e484ede3172 |
| SHA1 | e9b4c287516eb5ee57f8ecbf6b28b58334ad7c08 |
| SHA256 | d5107248339c616ffb5ebec7a8309e66d14fcc01e8a83314ce343f51ed2de168 |
| SHA512 | ca765eff044a70db97f38f33a342c060285244d1045cd2daf68d7e06089dafc39bd31c09523daa53bb6f0929b410540c195f422c852cff8e994b0d91d14500be |
C:\Users\Admin\Documents\GuardFox\v45HMWE4NwLCcmbZT7FlI17g.exe
| MD5 | 9c6b7baa0853d8075b03a6d653fb58ec |
| SHA1 | ae6c6350f32687908dccdc0e1c4fa1cffb413d47 |
| SHA256 | 4a779d0bec2a8ba2ba43778cf6d72fba865217c074e6f56dba9b5807d1ee7902 |
| SHA512 | 1ddf2e3c9566e58c75ff604eff9e8d4c1bb09e188cf9155b2c8b4b65502022b1b1fdf9131976611b86e41dc2cf9bfb4ddcf08b5aa31b4462bb59e98975bfb756 |
C:\Users\Admin\Documents\GuardFox\v45HMWE4NwLCcmbZT7FlI17g.exe
| MD5 | 9bee472d73049377911ac788a0e51ad5 |
| SHA1 | 9cb3dd565892192628479731345d4bce29c5b728 |
| SHA256 | c6f139c375647c6bff7f51836a3244753c0a9025e1f6f8ef948090736c15ebb1 |
| SHA512 | 3471c7db784cbaf98d87c6fa1a90b2808f06a45dba2254b47bf05892801838b12e9a5ef21a967bbaf1edb08889bb0844a28c0ad905743a6e8316cb08a389510d |
memory/5904-830-0x0000000000400000-0x000000000043E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\QWeM4i6raY5Hi6jGEd2QFH85.exe
| MD5 | 7a0bdf2d46c54598f51b913f6f0f36ca |
| SHA1 | b5cf2ee99cf519f05e8779f9978f05e54ee933f8 |
| SHA256 | 023ffa9810cf0884b97f053896627b8a86ba8ffb02850016cae52f0ccc585d15 |
| SHA512 | 9d92c39d2dc4bc179c58de2da52aed160ccf19d13444346041679d9d3440cc8ec658ec3c440e9f0ffcd0c2ec131242cd74aefff71f97cda677900ae2f88c733d |
memory/5904-808-0x00000000005A0000-0x00000000005AB000-memory.dmp
memory/4052-793-0x00007FF733340000-0x00007FF733392000-memory.dmp
memory/5228-1009-0x0000000002590000-0x00000000026AB000-memory.dmp
memory/5256-1007-0x00000000052B0000-0x00000000054FE000-memory.dmp
memory/4224-1013-0x0000000000EA0000-0x0000000000EA1000-memory.dmp
memory/5820-1020-0x0000000005630000-0x0000000005C48000-memory.dmp
memory/5264-1026-0x0000000073F90000-0x0000000074740000-memory.dmp
memory/5896-1039-0x0000000000400000-0x0000000000459000-memory.dmp
memory/3524-1036-0x0000000010000000-0x000000001026E000-memory.dmp
memory/5952-1040-0x0000000005130000-0x000000000538D000-memory.dmp
memory/5952-1060-0x0000000005130000-0x000000000538D000-memory.dmp
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/2212-1065-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/880-1067-0x00007FFC91250000-0x00007FFC91445000-memory.dmp
memory/5952-1070-0x0000000005130000-0x000000000538D000-memory.dmp
memory/2332-1072-0x0000000005700000-0x000000000570A000-memory.dmp
memory/5844-1077-0x0000000000EC0000-0x0000000001708000-memory.dmp
memory/5256-1088-0x00000000052A0000-0x00000000052B0000-memory.dmp
memory/5820-1096-0x0000000073F90000-0x0000000074740000-memory.dmp
C:\Users\Admin\Documents\GuardFox\rQXZgMqhos5xuslx24PhY0rG.exe
| MD5 | dc16c938b2e2d1df8e05242cd6e61368 |
| SHA1 | 5a91ddb3ea682daf8f3e2d5cb8b6c1b76961d529 |
| SHA256 | c11c2c81b67a0e87f6a9a5c74090844339a334970d3c20b703f72112a07ad380 |
| SHA512 | aa27453244aa64744c83df3a2d8f3ccc4bbc21c92c3e51920127915dd11a76ed88b8186c8c97a3f9dc723a24793a643adc6f4c7a6cef677825e3225517956f63 |
memory/3612-1107-0x0000000140000000-0x0000000140876000-memory.dmp
memory/3612-1120-0x0000000140000000-0x0000000140876000-memory.dmp
memory/5844-1127-0x0000000075ED0000-0x0000000075FC0000-memory.dmp
memory/5844-1129-0x0000000075ED0000-0x0000000075FC0000-memory.dmp
memory/5844-1133-0x0000000075ED0000-0x0000000075FC0000-memory.dmp
memory/5820-1140-0x0000000005000000-0x0000000005010000-memory.dmp
memory/5844-1143-0x0000000075ED0000-0x0000000075FC0000-memory.dmp
memory/5844-1146-0x0000000075ED0000-0x0000000075FC0000-memory.dmp
memory/4224-1151-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | f3637453a17847ef24e4ae21fb6a0d2a |
| SHA1 | dcbae9bb1ca93db3a33344f7c6e536204bf0cf9a |
| SHA256 | 1561f1a6d2bcc86ff7c121f3873722d34f5342c8e9dd81e9912caca1a34c2866 |
| SHA512 | 8d647156936c0aed2c7611ea442ba541b7c8749a1b283620ed1461499c34aa40775a6b6ba521355c92d8d7f45eec7af74fc316511651530419d26a8716b4f201 |
memory/6012-1174-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | edd998b235563b633e5fa1a05656c86d |
| SHA1 | 4dcc6f2e2dc4f76d32fbb242195d06d8392cc90e |
| SHA256 | 6b2d5fbc40bcd093f27d4b367898fa97f6fa0c698a75678b0c40e1a237d6634c |
| SHA512 | f89161115c4932166be10cb99885e30aa5cdd81f7cb4290e3579a561482f8b3e71e0b1db6da6e55518d7582927a4153065656b17034677f332dc6bb48f0495cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 468993c7baff4012c2df10042882dbe3 |
| SHA1 | 34e9a238ea8c11ea1fa6ac0777713409c7f4debf |
| SHA256 | 2d3929b3ebd2ab3d60764a7468811ee28e1de7a6570b237e004a45821e1b2a2f |
| SHA512 | 5c4b02f04af04e6e0c2a2ff92220db28d6b0273bbf1b5ae98b2cdcebad5498d1254700546d490a6ad082153389ce13ffe694a31ef709df5357ceb54db7eb3704 |
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
| MD5 | cfaba2795a558199b132a48ddab18210 |
| SHA1 | 6c5d17b741cbcc15794f6166f1919d1f847f9055 |
| SHA256 | 63e288fc49a14b8c0e5be41c92beb899659931ddee2ae1bc01a63290eacea410 |
| SHA512 | 52b3750d4a495a72857c31e75cfd50b9b5bf806cfc848b7f7aac26b08ff296df517643cc2c3d8f2f1d2a348aa4f3336fae1815cd07e6b08aa4d1866c83c6a869 |
C:\Users\Admin\Documents\GuardFox\OQJdtCu704hBxV_IzEG4wJPR.exe
| MD5 | 554d4f97023123cb68f48a35825ee840 |
| SHA1 | 1760239c1253bbcc77a661b2147fcc807de510a6 |
| SHA256 | 6bb42e0c4e9fdb633f0cf9bb2ac093502380df4cddd02ada91e9951afa5190c2 |
| SHA512 | 0d0543c89790c27160b6ce6608ff48c8b0a5c18c4281ea6cb67ece2f24a16575d507ed550fa21bba7d2aa1c127a5a214650b381c774eef6d5bf908d8a2ebc69e |
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
| MD5 | 44924f458b27df74ce9f4d3c76e4a018 |
| SHA1 | 2c21f367b6365683c25bdc1679857f2c8b925e00 |
| SHA256 | 98e3f4acb7cb783305b6cec437ac62fc805b911b422a53ddb91c807e70d56e7a |
| SHA512 | e438fc51575a432270bbcc55f5265562eb5a158ea02a6821503e5670f176dc0f1aa42c43fe8c55ba3faaa9502ece9f0b8aac791767a337723e9d302f0e3b83a0 |
C:\Users\Admin\Documents\GuardFox\tpoyBHopaqQxso0Btt4FF7fE.exe
| MD5 | 5fd8aee5d7a1ee5f2aa42e397448a9f3 |
| SHA1 | cbb610a4e23f605b00530d150777edce67496e36 |
| SHA256 | 66655d0a771142018bc9e0d67233abcc10af2a78a96efc2733a36e5e83d74714 |
| SHA512 | 6fe104568aa3b86710abd2455b8e4be3db6a90e65e58bf55b4dfee8576457c4fe9b1640daed17d488904c67093954d8353b7191b426b51e888a88216da712097 |
memory/5952-1125-0x00000000023E0000-0x00000000023F0000-memory.dmp
memory/5820-1109-0x0000000005330000-0x0000000005396000-memory.dmp
memory/5940-1105-0x0000000000789000-0x0000000000797000-memory.dmp
memory/5256-1098-0x0000000073F90000-0x0000000074740000-memory.dmp
memory/5844-1081-0x0000000000EC0000-0x0000000001708000-memory.dmp
memory/5080-1074-0x0000000002EB0000-0x0000000002EB1000-memory.dmp
memory/3696-1071-0x0000000000CD0000-0x0000000001C83000-memory.dmp
memory/5952-1069-0x00000000023E0000-0x00000000023F0000-memory.dmp
memory/1404-1068-0x0000000000400000-0x0000000000830000-memory.dmp
memory/5264-1064-0x0000000073F90000-0x0000000074740000-memory.dmp
memory/5820-1063-0x0000000004FB0000-0x0000000004FFC000-memory.dmp
memory/880-1061-0x00007FFC8EA70000-0x00007FFC8ED39000-memory.dmp
memory/2332-1058-0x0000000005540000-0x00000000055D2000-memory.dmp
memory/5820-1043-0x0000000004F50000-0x0000000004F8C000-memory.dmp
memory/880-1055-0x00007FFC90590000-0x00007FFC9064E000-memory.dmp
memory/5924-1053-0x0000000000400000-0x000000000062E000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
memory/880-1035-0x00007FF747D60000-0x00007FF748749000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KvE~767O.Kg
| MD5 | 7b1b2f76dfb4722b7ed64ef787fb5f3e |
| SHA1 | e8dc8579446fd105eeb3db1afffd930821721cf4 |
| SHA256 | 692aed0517799d55671e58ce626c55da0f07c4c7f8c4c41909b22fec7a1a944b |
| SHA512 | 9baadf35336d2116c83ca38a258512c54c3c2272545f167c9c7a55793b2681c480058740074311cf078416c3ef83f70574bea9f999d168b122966a9e77af3ada |
C:\Users\Admin\AppData\Local\Temp\KVE~767O.KG
| MD5 | 5c45edc29cabdc1104b905737bd2cee1 |
| SHA1 | 5e0fcf2ff8c1c7bb75cb8d7d9cce08b9e75e70c4 |
| SHA256 | 502cb119c2adb3c2c1a566ef3825bde7defc597bb894d8a20860aec6233ccb3a |
| SHA512 | edad4b1b619d1269efcec848bcbaebfa3e277f63ecca8296c4cfab1b9814e9900ed778e9c0ecf065754a37b65b871366b3d8d8680ffd7949680cfc666de0a44b |
memory/5888-1033-0x0000000000180000-0x0000000000663000-memory.dmp
memory/2332-1032-0x0000000000400000-0x0000000000454000-memory.dmp
memory/5820-1031-0x0000000005120000-0x000000000522A000-memory.dmp
memory/5904-1024-0x00000000005D9000-0x00000000005E7000-memory.dmp
memory/5952-1027-0x0000000005130000-0x000000000538D000-memory.dmp
memory/5820-1025-0x0000000004EF0000-0x0000000004F02000-memory.dmp
memory/4224-1019-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/5904-1018-0x0000000000400000-0x000000000043E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
memory/880-1010-0x00007FF747D60000-0x00007FF748749000-memory.dmp
C:\Users\Admin\AppData\Local\Betasoft Sound Booster\SoundBooster.exe
| MD5 | 0e06f64fba3a5ab95a32304a88dd09b6 |
| SHA1 | 3a3d8a0ae0ac0b310a07092400a204f98e121046 |
| SHA256 | d3605c3908c1a379802a1129468a10d6735d8d1e5d0e85cacb23df5dc3578762 |
| SHA512 | c077332b449098904d8c428880434a4b9092c1c5b22e1d7a8b1c7d30d01805a574727717fdce4fa92747d403d6601adde5dd4ddf9180aabc87fb3f73e87e53ab |
memory/5952-1015-0x0000000005130000-0x000000000538D000-memory.dmp
memory/3500-1006-0x00000000027B0000-0x00000000027C6000-memory.dmp
memory/5952-1005-0x0000000005130000-0x000000000538D000-memory.dmp
memory/6012-1004-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3696-1003-0x0000000000CD0000-0x0000000001C83000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 3f8fe957e7d13246643079988538f001 |
| SHA1 | f9b444811bcb3cb50f6a7ce1deb8749dbb79f8fd |
| SHA256 | ba12e23900b53be9a044905f960dc14771f17ba6e694a9ac9aca60a2fa46554f |
| SHA512 | d66dfca58d2666766eebec57799afadb53a2d807300ba3e9c926ac94a87874600c7dd05c43b5030151244770ee01a5123b6d64dc9eb0d8f7f0b7bc17568e0f97 |
memory/880-790-0x00007FFC80000000-0x00007FFC80002000-memory.dmp
memory/880-782-0x00007FFC90590000-0x00007FFC9064E000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | b291a658a8a2d11ac664a1be5b7a4806 |
| SHA1 | 0015f9465bd73756adece1e35c20a8b8ecc2720a |
| SHA256 | 25da7816f260dff3a5f29342489763f2a31dc98dbcb1839d2b245975f4586cd1 |
| SHA512 | 9328dd7d982a75ef9dd3d918f9d695fe697e0d6e55b6c20e5ba63a8a33d9a7eabdc6bea52ac7f1d7ac874b24440431efcd63835997d06e36baa3c6d46dfd9d83 |
C:\ProgramData\nss3.dll
| MD5 | 1fcc619a0778f57df761c7adb0039efe |
| SHA1 | a180890ca5e67d4868755d2a2accb09830213684 |
| SHA256 | 879475c28129a49bff40bd2084f75335bd8bf1a291e86d928c4e6d28c429f018 |
| SHA512 | 27fc0d20ea4dce4604c644f9dd98d12f5a7afdf8163779b7eb8d75e48777fdc8ee4d8e4c772edb745cb9200a63306460d9526396b89ef46b3eb76d324c333057 |
C:\Users\Admin\AppData\Local\Temp\jobA4ibKu1QDnYuv_3\oOPEmFmu_xsJCookies
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\jobA4ibKu1QDnYuv_3\D87fZN3R3jFeWeb Data
| MD5 | 2c3e1541fd4d602bbed17d67505780e4 |
| SHA1 | b9a986cb6e934c11ba24f99c9274f4f8d0cef948 |
| SHA256 | 2dcf4454bcb3ea7b5697b3c33bfdc93c7dcc3303f49cbc445169624409333e68 |
| SHA512 | 35a70d69308784c20280ca9ab7405043de95cf7878ba6c30fb7e470a0b851afd76c7ac1ff30583d4eca869c5cffe32af500109236948611fa1760c6866cb92fe |
C:\Users\Admin\AppData\Local\Temp\jobA4ibKu1QDnYuv_3\8ghN89CsjOW1Login Data For Account
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\jobA4ibKu1QDnYuv_3\UPG2LoPXwc7OWeb Data
| MD5 | a3545088c55f94b4af8033b7a971b81c |
| SHA1 | 72a0ff33519792a3778974c180c52f7b51d14d57 |
| SHA256 | 10a521330fd5c6d2fbe9262721aa37820e10dc41efc57f394bbad203498c285c |
| SHA512 | 47ee1ac5653d0d886d11ead6563b8bdfdafced08ba56941aeccbc0632de20da371747a0811a52fbe259401a4287ed53db63ffb1dcdc3dbd1ae8f0b5078dc357b |
C:\Users\Admin\AppData\Local\Temp\jobA4ibKu1QDnYuv_3\3b6N2Xdh3CYwplaces.sqlite
| MD5 | 1c53ed9cb6da47df9a04adc1a8ca7bcc |
| SHA1 | a7769e035b9a7b938e05e5243290fc9787b10298 |
| SHA256 | 2a10d1c23f5b5da56596679b0ad05dd326ff4f0253ffcbb14ce1e3a52fae9750 |
| SHA512 | 0c25b15e5cf40a0426494bc56b32990143d155c8d7cff06f13fdb3adf71177d3f8456c2b11638a31afa1ed01cf54b0a292fe029ce9716e319aab0acd7006f4b7 |
C:\Users\Admin\AppData\Local\Temp\jobA3ibKu1QDnYuv_3\information.txt
| MD5 | 8db17433c0046fa4a26d863fb8c2b63e |
| SHA1 | d07da939e1ad4bcaca1f48b36fcc50c00a5513d0 |
| SHA256 | c2b836eb1679df9f2a6d0556e86ac480a859cb328f33823b172b8c96846eda78 |
| SHA512 | 490dfd0cca7f9012c4428cdf01b713b8ce7523be0ea8371553a5eae31c95d24cdb29149c26dd9ef12cccc7d5cf40cda880fe676df49fe013194cfd6f15a54cf4 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\02zdBXl47cvzcookies.sqlite
| MD5 | 886ea491d36b71da904ebc9b13a397b3 |
| SHA1 | bb10e92ea75cd145d1930fc53b6bdcf7863efa40 |
| SHA256 | b9d44c40bfb3feba632d254963e0ec5e3a4c61200024129d6873e76d8e899dc2 |
| SHA512 | 4f82794dfffc17f07242ab5e9543020b5bfdd105ad238d008c913598979b7a4549f00cb614eb67ace6ec5d55e296706a0ab081d7f3caec895492b297520e9c14 |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\02zdBXl47cvzHistory
| MD5 | ce27456ae7abe6a77469561e8adbb4dd |
| SHA1 | 811cfc03c5e4e0c1de982458b0f5af4468c31768 |
| SHA256 | a67f68e70e8c07419e6723c10c02533c394d0f58542a4b51dcb240ed3d8221d1 |
| SHA512 | ff7844c2fcc95287cc5c7fd1eb0b1a9f7bf5f749a1c12a55687e8000f9acfaefd323842e1d3929362fd82ec5fbd31e6bee2f9a064dc48269d489a52958819541 |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\l6w3NVXsgpmDCookies
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\o0qT3dWYBP7ZHistory
| MD5 | 22f5cdbd61397b79bdd39ad389d79902 |
| SHA1 | c2490687257ad219574cc41891e00f4cbb1335d9 |
| SHA256 | c225711599a8c9b8a4577f4ec3ee58831920bb33e0fd815cd59e95ac9ebee322 |
| SHA512 | e1ac135da401ba49cd8c7a4d01adf26940847e83d9c8c394d02b0ed499aa6315ffae5bd9a2c69ecfe909f293fc11620ad387f5933cf3b7eb1d6dd37aaea0daad |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | eb23296d965ce7ace0ff27c3d81e83b3 |
| SHA1 | 6532c06785915f4cfdca589606313d70f09eabe2 |
| SHA256 | 9f8b8fcb982462a75d78d909b8548bbb73a370030b17dc61aff60add5700b0ba |
| SHA512 | 4bfe81a050cf54e06d3a461ee3fe42fb92b0a382d9ae69c23a3b81cf688a767636890bc8f228e7b54ace52992525eaebe56eee7f851a3a8a4c682873e2ce63c0 |
C:\Users\Admin\AppData\Local\Temp\jobA3ziPtO5hAClfMZ\passwords.txt
| MD5 | cb415a199ac4c0a1c769510adcbade19 |
| SHA1 | 6820fbc138ddae7291e529ab29d7050eaa9a91d9 |
| SHA256 | bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee |
| SHA512 | a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4 |
C:\Users\Admin\AppData\Local\Temp\jobA3ziPtO5hAClfMZ\information.txt
| MD5 | 130ed9ec692c4c81625945d9a842f75b |
| SHA1 | 8594f08789747b46b5aacafa9187668a0c8796c9 |
| SHA256 | a1ce5835cc62ec0da4f5546d7f41c4543953cd3cb036b051abd9ee7b7ec35776 |
| SHA512 | 806f1cabd47fae3b1aac0489e50b1e8d99a93018c000d33c683becc89ae51b05e3afa72f851ebddbbad4dc353ca60f786d9b053922968dfe889079455e7e12c9 |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\h8JVvbxopEQSIIcJxn_r.exe
| MD5 | 3665d7a159448107cfd7d055c04cf909 |
| SHA1 | de7b7443195de3ec8b53a539a3e396d96fae947f |
| SHA256 | c6c9a9895b847f479037a5ac3ff9de04bdeddfcd78d8b691db717a87816fcd14 |
| SHA512 | 4e7b9dddce705822984ea96e5c66886b52ab6cea95da0839e2a635e6ff340ad2d29056bac6253c051b214962720e2cebb6d3a5fea37ffff663a34313cd54fb4c |
C:\Users\Admin\AppData\Local\Temp\jobA3ibKu1QDnYuv_3\screenshot.png
| MD5 | d544a076b58ac5c364c4ceb46ee8ba92 |
| SHA1 | 247f905fc7b34020fc93168e0dab6f7532d7980b |
| SHA256 | 124134b4c7ff96cbf02fc4c321bdb9b282dad7c45f06a65a8c7d8b85c226aaed |
| SHA512 | cd08fddf9bbf2d1f3241c3d619c86119a413b3da1dbc7a2293b10c8ea937a819b19e1c75f0d2d9171dd27f886d6db1d85f23a95798de4d7db0a2016c2efbf1fe |
C:\Users\Admin\AppData\Local\Temp\jobA3ibKu1QDnYuv_3\information.txt
| MD5 | c8233c692731d939911071304b0d6af2 |
| SHA1 | 11f25a3d55a2fcbd072de21ce5fad964f976053d |
| SHA256 | 1f4114d5bb8e7cb2417e75e130bc8ed325b075db21c48204afed74ab7aa6394d |
| SHA512 | 6eed823d783829b4e1a54031579092a0643af13d60e276c45a748afff63d46e1752ab1c891725e38fe9584b2c2f9b60c1afa6209103e0042286aded497db2ba9 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | c4938767b58035aa1e5f654be2b99b89 |
| SHA1 | 1441227044ab605bb2cb9db135ca7a4d49ff96e4 |
| SHA256 | c88669c2bdbc30c9f84ec273f2ca76ac3df6eb53e0b4eaae5acc95b0e3cd3fd5 |
| SHA512 | 25dbc407525b3b5780527069de2dc16422ea3422f2f6d7ba3879865fdf93dd868c69461bea6d672fc0d0a9c947060c2603d6f8e7fbd146a555694469c0c3d185 |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\4U5oN8ynaIMYFPuZ8Xpz.exe
| MD5 | 4d07706ed6d94b871cf4a2d27e217c66 |
| SHA1 | d4535c8137d3c45c8c9a0c0f1fd8181e325f1b50 |
| SHA256 | d1d266f558e708afbf8fc891936bc3c35a69b409c6b5f628327f46ff1f963227 |
| SHA512 | f47914506fdd11c279fdacec352e52ebbe3884ffdd19f39b55d830dd5936d358815c5b5d0f2258c1c2a748451d8b06fabedfc602cfceee94457e649a2ed93e16 |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\_mq5QkEoHyRX1Tz9EBfc.exe
| MD5 | 6bbb6b4d6b7613ef8110fbbda2c160ed |
| SHA1 | 99dd805fc3a810b86f6eafc8abd5ba4ae1448cf1 |
| SHA256 | e57e4693f7acafb666cd990ee0d33ab5b81caf3eb870427643d26247e8e54f07 |
| SHA512 | d39857ba24c8107525ceb60c035a4cfd189c7364bb1b01b95e31b08fbb231bdc01d730bc677adb24a45005c5f557f533723171d963797a7e8c4ab8faeb6c7267 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 84381d71cf667d9a138ea03b3283aea5 |
| SHA1 | 33dfc8a32806beaaafaec25850b217c856ce6c7b |
| SHA256 | 32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424 |
| SHA512 | 469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3 |
C:\Users\Admin\AppData\Local\Temp\jobA4ziPtO5hAClfMZ\ENVq517tiOWBsKOTmr8V.exe
| MD5 | f3b845fb92cce9a4ee0d43455ea00fbe |
| SHA1 | b2b2b84096991c7930039c9446f23c50977cc446 |
| SHA256 | 4b72b8e0d0b532805f75e3c04e7175a32311eab14fcb95eb5fa9c8270ce7ead3 |
| SHA512 | 4e70914bb44c948c146a3cb8c3271121070fd1217e43f80ed5def9997125a8a3b4db89c1145c64ae908cc0aac5d4eee1fb893c15c968b742d2023b9c73bf3c07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 073cdc4f35da2dfe9637d13791446d5a |
| SHA1 | d61e1d93e80934ea4960325fc502d81e3e98c066 |
| SHA256 | 276c515b54000cb64c178a57ca17a3bdd139e1e343a3c20f5bdbeb7bcfeb3f7d |
| SHA512 | bef95b79bd906457b89c1fb5a745fcbf8b3e797b09f8b54072c77ae73309c9100722cc7e32fbc23a21843bcd9a4ab22d173b3d9e418b54c3868b2591ab737baf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49a0cdcab1c542e4ceb8fa93296e20fa |
| SHA1 | 8200a04a37de5ada5e97cc5b83f91cbc5b7e2384 |
| SHA256 | 2f0862b47006efcadcddf85cdea3935de98f04144ad4bb3ffb128c0743a040df |
| SHA512 | 63944cc4426fe30615730641850dbb8f71e12be9cfaaca6deead4f405d7026cf4fad9a6220a397aeb5f533c31f657e20df8a067ac48c8138e6659d90c2bb8783 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9a6161d76a57c20d622cfa4000b6c9c8 |
| SHA1 | bf3816e4995a833c874cca0c5302c00ce51eca42 |
| SHA256 | 7e205b3b7852f7c9f92a830a43322a207b60edc0a9d06ca31deff0f99f912625 |
| SHA512 | ee7b2b0dcdb0541e5e92a5d5df852f4a0451ee198125c210a98cfbc4ea86a69fe57da6f4e9aa4fa94ed687a972dbf3d7e6cdf3d0ab17be1b831ce027399e2312 |
C:\Users\Admin\AppData\Local\Temp\is-IHMN8.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\1000583001\store.exe
| MD5 | acf1248b5e1606cdc13ef0f1c5cebb0f |
| SHA1 | 70830278928361ff0b2fcf661fc4e6281c8a0f11 |
| SHA256 | ef3515efb4a2de81a5c3f7cd15892ad5bf594ac05fbd531ec2b06d6e9b1c2dc7 |
| SHA512 | 2c017d4facf921c5edbd4379fc7ed00231bf381dfdae89363936ebc780a69ab0991441ef339e96b4bb0c12519a0a15c046058675f3047516c396b22a954f9c95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\pending_pings\c4658451-f050-44f5-b027-40c648831589
| MD5 | 4dc0494f6b5c6a4b2c5e90599980eb50 |
| SHA1 | 6719eddb0af4e773fd44c70860e0b63418528cc5 |
| SHA256 | b0a4aa4c44453969430f5181d8dc455cb49dbf5ec58638cb3f2527fd5d6507df |
| SHA512 | a4f49ac133cc002b8b16d29da9bfc927adf35927b64e0e962d9acc00073ff43b6bebc855754a581e6e9ddcbfcf03920d83b20a56a26efc144675fdaf2c7d83fe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\pending_pings\34bd89f7-4cd3-4fec-bcc3-4990b314131f
| MD5 | 46f9b8d29cbbf66998e9fe755604739e |
| SHA1 | 473c09673b34f35c24a718934dff47dd7aab29aa |
| SHA256 | 62b3aafd967cc266fea3c626fa413a58ab420363fbda7212a85160201c83dd9d |
| SHA512 | 285f114f00bcc93825e0cad8bab6daac7e7b5764a4aa15e1e59e811010c2a77557cc76530dd76041be952b91915bdce7ea26c7e5d11027711a6dd414b8bcce42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3a557d8ace96f7b52b58571ccc5ad3f5 |
| SHA1 | a337ac1690812e04cc961d5af2a9f704e51cb61b |
| SHA256 | cbe2a9f08d7cffef4bff006c1ee47ca4a54035e89ca722ff9c92f2c951ea61b7 |
| SHA512 | f45bfefff1b017a99db136164e5d0f23d471c791d17d84bc11500c8be8cc63eeb9b810e4107420163d823fcde02a09028a771b094c4722627d32c79b068c52c7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs.js
| MD5 | 4831a71192d5ae1572f24cfd7bf5a67b |
| SHA1 | 261a417a7391906463233804debdb6e6d0e2c9c9 |
| SHA256 | 3ec32362eed0f4b6ded471e12d231d6eeb8ed1335b9ac902b84cbfb75996aab2 |
| SHA512 | b3e431a0211f67d961d5d6ba926543ac3ce69a736d1a249f4934e4755dc58f961e50ee54cf8e4592d1df48bb169a814cbcb633561318050c663acc2e93475251 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b9e8274419e04b7b069fa7f3277b5afa |
| SHA1 | a891eecff0f7cce18cc2c82ddd508645f85fd468 |
| SHA256 | ed298d70fed581e94eb773c564c170e993614976241fb9a49d7bce34519c6ee3 |
| SHA512 | b6fa66d5664a48b9098a31c1bfb7cc945255ac853f242967bc889df05d19c4c2a54b7d19fded5bc80ef6c709b71f537118331b35e65dae777ff11df632a3b199 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | e1e06f1bc2ea8efe486919db850c7c4e |
| SHA1 | 879c89d09ffdd29a18d65540f5caa2454795a89d |
| SHA256 | d0446be9d39a2d354b4b305057a249a8c639b7c1cca804e380d4c71e56815b7d |
| SHA512 | bc5c8d6ed0484f7f1814927a562c0eda12b856f97082be04d8ef99700a99dacb361bf83ca6db5ad4531bc9b1bbc20cf97e943b500f24e13784b6a4e375b73c45 |
C:\Users\Admin\AppData\Local\Temp\1000609001\stan.exe
| MD5 | ee5e927a703a50db6e6f9e366b64a91b |
| SHA1 | 592bfa39454bfd94484047d624f2ff739b941bb9 |
| SHA256 | 333b052db3d5bad0cd2eb06f58b21edc006f91a7edec0f1fa0b281a4cb1b16b4 |
| SHA512 | cc951e37c2287080bdba5cfd80ed13676f486c652d693e379415f781126960dc1bb4ad82a0f1a2de99958824a623fb01a2088f10769d977995acc4732d485deb |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 1b7c22a214949975556626d7217e9a39 |
| SHA1 | d01c97e2944166ed23e47e4a62ff471ab8fa031f |
| SHA256 | 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87 |
| SHA512 | ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 27e5c8dad74ecc8fc612c78e5cfad48c |
| SHA1 | 66f46c106181d236760a4a4cb429f2139648daf6 |
| SHA256 | 6c9f90909a12c8f4e258ca1d0fa553b2813c75e86ae81e5da613c27c9af1a487 |
| SHA512 | 040189d9bc1fb3fc78c17b980564f9e681480f4471e22e100800a8b4fb87e45c4c113b897915bc58f011cb8e265e56594392855af37d5083cf9dd778ac7c52bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 53132225e0b0fa081e7cdb97fbbb8233 |
| SHA1 | 0666c971e3d71795ee3627659e570d9dd4893b3f |
| SHA256 | 862fe64cc68e2366fed73c45ac51b1fc95bce231488dc12a78166423f6ef1648 |
| SHA512 | a48415e51b4fb7193360f7ca8fdae09d9d958d159d501028174f5768aa7c93c086b8f9d36a647be94eed2a85d8c9b822e8177075bb96d3f58e154adf40205bbc |
C:\Users\Admin\AppData\Local\Temp\F59E91F8
| MD5 | f69c58fccf7f1ef9513990da11b43d74 |
| SHA1 | e1ae0390fe3fcb46f59115a58ba6a66a1bbdfdfd |
| SHA256 | 37f223546cc6632dd8a42b6e9f74468bc188fa6735e14bf802257430b9ab9ee2 |
| SHA512 | aab8b3a4bcb73ec304b54e7ec9412513d28045a98e4714403345eada50876fa0d7005a222271c5d91eecb2e2c63c1b5c9c7ef7efb41e0d642ff5bb46100863c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0a935e9c7c19c1976d4fbcc8def3f5f2 |
| SHA1 | 5fe5ce46deadda059c9a5b7669bb67da3cbc120d |
| SHA256 | 475b025ad8bdf069cc2bbb5acc497f6f8b87bec59ba1db217ccb6d0c6e851585 |
| SHA512 | 1cc83946764f3f7f9b6e82e21336512faa1b976a2e3a48594442b871bd110dbe3e095f5a2cf248e198fc76735ebcb749c6510c272fd64442c82c6177f1a93b9a |
C:\Users\Admin\AppData\Local\Temp\1000612001\TrueCrypt_NyNIUi.exe
| MD5 | 12276198b96642c050fcd1eca981308b |
| SHA1 | bc8a2bad8f7f0b110dc892175b7923be66ab0576 |
| SHA256 | 805f4a5e271f171db4580329b2a723f263e8de1ac3a6dd2e3fd94378d795d7a3 |
| SHA512 | 15f6f6128127b27b975acc6d14b639fe457b28118c78ca9733648f4b7b154fe1e1c265ef913b7d1999a9bc29ee780586f7f5d5ee3053fcac1f28d65fb60a1ad3 |
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | b42bdb97baf2704cc6ba394d69eb57f6 |
| SHA1 | f63f3d9cb39b457657575741b8cfc3d01b96b8eb |
| SHA256 | f39c360d6f89a70c6dc4cd9a622f407f031037c51f27c407a4dc9db02f3df90e |
| SHA512 | 348cd275f327f2a850bf10b801770ae772bbc12f556531ac879a11794721d48126b8efe31f1c1211a806fc351fee8b8bdb2002fdcd15125025fe4fd0a467898d |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 3b6013927a9e9769b0c40af72a46cf49 |
| SHA1 | 9ad984462f8e35388cdb397270df95de6ae25822 |
| SHA256 | ecdfe0bbd92c287556fe81e48762dc1fb36ff3554f3f837d2313eb82a69f7994 |
| SHA512 | 40d41bdd938e877b77089c0e81cb991460e7ac0f033c6961d946bd251d78e50584e7968e8e5f2d41a76d24ac807923b37133460dc92d73dcad2810cd52d88f08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 6927fee7eaeeea3d8db83010ebca607f |
| SHA1 | 557cfa21ec9547ed76f260ba4981ceaafcb86e00 |
| SHA256 | bd00a43eedf9d8753b983cfc852d44575cb44b52a5cab52622e74618e971615b |
| SHA512 | 409630ba690bd85c321b16d1e0ee0e3ce336036bb940bdd64fc739d6923683bed5bcbee904166112152208e38a0b0a45d1e869c1e9938c15394a8c7b86ba3daf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59143a.TMP
| MD5 | c90b48d4401a22a3d28f3cb6f5c7d5e8 |
| SHA1 | 8515a3a9ef2c63cad7a77dc8593c0515ef6a461f |
| SHA256 | 440d0b54a55e8a99840569ee4970bb6939ee3e22097d93cbb181f98a7d3d5426 |
| SHA512 | d6aaf8959dc6aa0c81380ed13af5c7ad9ea70a61b93531192293ebecf9621c5546587704bb3ae9c97c1728090b00c8d17c8fda53737cfded896e575ce273001e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f33bbd665714cce0b8b73279f5c48763 |
| SHA1 | 2e04c91624db4d525435958c557ec395dfb50586 |
| SHA256 | c867576ba8c7cbed5b28c3612518ea8c138761b6a04db9958f54cabe502dc4e1 |
| SHA512 | 611e546959b989266e4946a0fcf72721ec389ea54c9fce39a50623d0edeb569c0236eaf6c188f15ef7c6e05fd8a91f766e8a2dae60073cbbd26086c8fa02247b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3acdfaf8c7aa8b1951a2ba3b309c80d8 |
| SHA1 | 9873e9517198ac607bf4002431bd19c1642efb1a |
| SHA256 | b38a623c910b926d760624b1b7963e0e5936db9c24e6c0204ac8d49733cbee47 |
| SHA512 | 7ac75caed3fb3e7fcbd65cc4b1ce5a859f5ce9aa41c96ae9e564d573133eb0e6b0c85472284b70730499fada201ac04f5c0589e4ac57a870b9fd687da6a49644 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs.js
| MD5 | f59126d381dce5beae79c5b9a8ce8837 |
| SHA1 | 6733a4744b0b3f6f8449dca8b8e6ac624935817b |
| SHA256 | 8a143ac6cfbb2d47146342ec6d6988fbed3b75fff8408ce8119d0bf198c322b9 |
| SHA512 | d3e633a0f22bafd412671cd90485212bc5b8e8c40bc67573fcf4ecc465e6be33a7ec9acfe2ad8f3d4fa6bd119d24a6189db2d1953bbb065830903aebe3de5599 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 981e0bac9caf85e7fa56c9691345e7fc |
| SHA1 | 80310a344f485cf0dc3344caf9dea9e315ea8f14 |
| SHA256 | f6e68fd822f2ba1adaffb9a7b6db5a442850a01762dc8c7d8a5c2740443f1895 |
| SHA512 | 790c04a61e157ccbbfff23cb243d65b778d1b68910970c30c45e3ed6af8f2efa1279a955de0185d29e7210fa719329b3a76f9910906273f140d109715e3925ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1021a50b26a945da717061f5eef956b8 |
| SHA1 | b7deec12ad34f667f88dc5d549b905632707cc17 |
| SHA256 | 9d9e326ac4dd6585cd564f5ca540a90d45e8cfd2c7129b2ed544c4c74ea401bb |
| SHA512 | 380ca4f3cfca74cfb40a4f6dfa47cd4f1f003d96e0525e2c887390cd88fcb01b912f8c7ddcfb7dc5dcc72e806ee7e5c7e252c4f5261fd5e06e33ed180bd1c01a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\979f08d1-bcb6-4b07-81f3-3bb3570e0bd1\index-dir\the-real-index~RFe5937c0.TMP
| MD5 | 77f8c85824d2f59df48c2d86893d29de |
| SHA1 | bdf8946894ae53634e9327d6960aa8a7ea55df3a |
| SHA256 | 9ff5b29943a51fb84237ba88a6a91cc43a3d04dc58dc5f54b921975be1cc2993 |
| SHA512 | a7aa396b55a7301ef0c00731bcf3fb8fd2cdacf6090420a980847dcf9d8a227612f708e2673aad126613bd11a0e405a23f2da72f97c20c00b979a3c819fde340 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\979f08d1-bcb6-4b07-81f3-3bb3570e0bd1\index-dir\the-real-index
| MD5 | f44bbd87c9c6718801a01cd3f59c8bdf |
| SHA1 | fc458f9ff406bccae8d1ee2641f881cdb1478c1c |
| SHA256 | 731ae975de384e72479ad354fc497eb816811d9c499623caa5daf5409bf1e4bd |
| SHA512 | ba6db6a1bf525f4b91d3db3205a8b1e9c03327104eabba2486bdd74f39ab67fe2a6de890e53673e5d19460189ce02c11ebb7f5a3d9215a194909fd29b7242e2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e1f047058e0deef7d754838c2654dd7c |
| SHA1 | fda7d55f7a62c078cf6f1577837722781864a6fb |
| SHA256 | 3491fcd81fe608f480ff912f41d4eead48003eec9c13148a25964c5d4b59b7f2 |
| SHA512 | 65014dbf5bc49c31f81b50fac5fb26efc173be4fbfc1611e5b1835bc3f4b7ad5cd5ae487fea5525e4417c57876f70bd2b22165addf22ce4f2220a9ae0f3a4296 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 03aa4a658d230d86dd5bca5b798acc01 |
| SHA1 | 10ebaf559b8f1a3253679b2d737f94227d9a1d04 |
| SHA256 | 62338712567b350662c81f4dee65a46a68417d5776a8d8a0ad6422e2fdf6b918 |
| SHA512 | bd6dd1a503ee17e3ee01319a0d8838feab32fae260bb5350da8ecde7d640154b19f204b8d288a58840970f83ba6cb1e6f4fb7bdea23e5544bd228a1bc3211cee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c13d11622b61c9b10e41a92482f70287 |
| SHA1 | 9679588eebd2e2476d9b92664018ad1db468caa1 |
| SHA256 | b76c90f7896d78c17e749d060532233d835a24f1d203f0c915595a32f6c18957 |
| SHA512 | dae1a186e97a6932962b6f918c889ae21ddc06bcda08a98e0b94af55348d890408994be6b032b80028d5c2a9ee34878964a2aabbe8999fd531dbb4c9755d154f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6634de4eb15070843078f467660dc27b |
| SHA1 | c8a8d90154307dfebf3270e49a9e81d51f9de06f |
| SHA256 | 899991e5a4b981fb72ba37afd7fea7d91f2bb9b797f3510231a1a65f520c71f9 |
| SHA512 | 5b3a49ebe4ba6a944d51a5ed2ae26f320c3c26a8c82c8ac715d4eee5498021b1b695502e45e1a863431dd066b2e5bbb8101f78e7cd9838823d06ea78639255d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e93a5866a33817a532dd1d47ce581213 |
| SHA1 | 0f2602a431d00908ea3e54fd63505c1bcb414ffc |
| SHA256 | f46e2be54d6beabe50c664aded103ef3ddd0ef3f7f973f71f8565657796036bf |
| SHA512 | c2d67ef6ad6cf45591f88e3194e555a866059979fd078796579add980ef2307dd5761522932f7cea75eb76e99dc0f0bec7995e4be84bea2e16a34c75634eb7d0 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | 55be8e66d0eb5746e48e0e5012c90532 |
| SHA1 | 7e43ce00ea5524f9495b47320c7d25c79b1df16f |
| SHA256 | 867006e2adc157a9e3e93ce702769c08366b866e5912a1de0b753e5d9cfb15d9 |
| SHA512 | e67105588cad51d8e1ce47912a91e8c17788ac3c821ef9ca8f72074ecffeb127f2824a8dc35ca28c6adf9eb78f01fc02829b7b93a367ce39ea34aaec1022df22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5930e912efba4f80574f5c8cc92717e9 |
| SHA1 | 0c1db049978aecd8bbf67f05d1b0f7880f896894 |
| SHA256 | 895825e3b6bd90814a40fd2b719d9f52c8634a15f8e56005aca6b6ca6078a932 |
| SHA512 | 6d322559addd5b04eabd486be9f49786047ed15c39020d9623a5d6fcdc3a7321314e85ae345f23a138fcdd7507679f0ad4bfaba8e3915f7e368f57849d1e44bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593791.TMP
| MD5 | 448f52085b79b95db4736be2bbf1dbcb |
| SHA1 | 2fd3f77b7018fb9ff530dedc3bd9bbb6a1e8faea |
| SHA256 | 4515e1ab864f36c4cddacd48ca283d90d0a0af62386aff7db573bf046123e82a |
| SHA512 | 5c474ac12825ebc53b7dcc6ee93e6eeefe8be6468ddc06528781c7dae1514f2100fc69a136e7eb0badbb0a956625b6a9d679d7e81ca8a67e27736b4cda313d46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Temp\1000622001\leg221.exe
| MD5 | d177caf6762f5eb7e63e33d19c854089 |
| SHA1 | f25cf817e3272302c2b319cedf075cb69e8c1670 |
| SHA256 | 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0 |
| SHA512 | 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js
| MD5 | 0b01deb1e2c9eba6eafcc2837b055433 |
| SHA1 | 2118947156b0617926c63a6e1570d57980849fa5 |
| SHA256 | 00016b141356e10e9ee5bab80773a042d3fdf84d6020783c145e5e4d34d1327f |
| SHA512 | c092e385c5eacbc9dfe6c57c075266ebf3bceb0b40fea832e76af1f257118f91d99b5493fbb80274455876bc660aff19f8616c20a2d0b60f8874b9a1b26aa2b4 |
C:\Users\Admin\AppData\Local\Temp\nsc47FE.tmp\INetC.dll
| MD5 | c7ae096c02849c7eeb07623b18de8a59 |
| SHA1 | 9f57c75aa9f96121413a793d356d876a09f564ca |
| SHA256 | 711ce1b5b08d30470c7cb844d2dd9345ffb6c2add9392f56a86e8c515ba89ed0 |
| SHA512 | 2a070a13ed45b3cc289f8174eb313d244daf10c1ae36c837f305b450bf2f1b839850eed70f672bb94c75117fe232341b01a868824e42d4d01ddd754fa9b5670c |
C:\Users\Admin\AppData\Local\Temp\1000623001\latestrocki.exe
| MD5 | b42b486e8e55035076114f5b8da97c63 |
| SHA1 | 98aecc3c7bfc55dff0f718769310eac122ae35e5 |
| SHA256 | 48701fb4c814e8f3e50efb83ad11bf30d8bf09dce0b990a5aa36f7b6603130c6 |
| SHA512 | 422de2a874389a44b1c92a07b7b5b8d8b1a7006ff919e4b513d5def827966a9ff698d9655315caa9eee1fc59d39fd69d799092c578ec7b06ec4228435879d77c |
C:\Users\Admin\AppData\Local\Temp\1000624001\crypted.exe
| MD5 | f63251c810e1a5992c399ba7769a2da1 |
| SHA1 | f046e77156c6f5d213a407c694e1cca6e42224b4 |
| SHA256 | 3625cc7ac8f9bd0cdb6c43b2b623db6cb4ee59304af15c80acf22643ba07680c |
| SHA512 | f115123ded35a36695c92b767e48fb8f1626219675bb4df1808a7d8b3ce656640aa8c54c280d10a80e88ee0b54d9f6d385451732dbe3c712c3496a3fc4bf4708 |
C:\Users\Admin\AppData\Local\Temp\1000625001\2024.exe
| MD5 | 739252bf65e989153a1c24706f75297b |
| SHA1 | 0f163bbfca0b412360dfaa20dd4bcf7e3c63615d |
| SHA256 | 7044b1e533f36b650981e4c5ad98cdb883f7b425056d120e11258c5e62e31e99 |
| SHA512 | aa4ab57109ecd52098453e66924aee67826f4757b89b801834c58ab24e24bd967967847aca9fb60c4029d6b2207e5b3dc7eed4c18f46d6de90911a9ce93178f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4c4f11861041d7fb603fcb59348947c9 |
| SHA1 | f73a90fcedfd0ecb8b0eac7245c275e9c51f8ab9 |
| SHA256 | 064ddef8afd8124776f469721552a8c6699a723ed7c69f200e14e8adc09deab2 |
| SHA512 | aed5089d203eea9d3384b05852a0234c90fcf53265ad02f875877c5700dcb434553684dfc09c91699851ecafb8cc535d921d499688d65631f8b570e611b0f3bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionCheckpoints.json.tmp
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 66ff19c6484e1744676d2e3c804fd0e4 |
| SHA1 | f7c5ab73881ef0296c97b088935df9010607cd38 |
| SHA256 | 1a665949a9dc6c830431c3ac563a0b2bfd8f3e5ba789d83036e67aa78ddeb620 |
| SHA512 | e7e5f7b79235a4f17187d4f786fd7b8372b76d6a2f5df0b6dd2e08abd78ce871391716e2806b735bbf72a418dedea5bb9be8972a1e04c195e05b5f113fb2fefa |
C:\Users\Admin\AppData\Local\Temp\1000626001\alex.exe
| MD5 | 9819ab7e538ad0fe6fdf373b14f99364 |
| SHA1 | 12a3e656495b1e5864536f328fe91a2e6ce6999f |
| SHA256 | 92de58871cdba1fcb696264e6ee34a3111100750f6324577fe5c40f7e0e744f1 |
| SHA512 | 878e2c82ea6f9ba065693901d2688ae6d0390bfb0a730a883df02c064b9e19eb84dd431f8697fba572d95cac02118b5a1114af7e593de9c55442626fa0d81c5b |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | 2bd79367946584e0c4210e1e80755af8 |
| SHA1 | 35a35fb5e4350c5a3685146f0f1963cb9e4769b8 |
| SHA256 | 3f08ce66e7038dca595d55d914fe8915b63daac7b11bbc5852329a7c4b66a6b9 |
| SHA512 | 3e530862bb5f8accaa6c0acaaa6eb7558e7a95607f1fa70c8d0774dc45ac10ce87fcbce58a27f58b2fa28a0b659d3b84f7b773bfe4f08dfd7bdf7b660d2d6d42 |
C:\Users\Admin\AppData\Local\Temp\rty25.exe
| MD5 | 36d80c30641cf229f55459b591c80d9c |
| SHA1 | 4153dc4db8bc7006df1cc09a245b8050a2ea99a3 |
| SHA256 | b78e25a9f4aa8bd43b0de74811e8a17e843b293b394e660d3b07e32627c57f88 |
| SHA512 | ba2c708d4483ffa7266e8cc7f3f7c5ba13fc344a284e00a657d3e1887eee8407d8dff304319fe4a3919d863eab70a201161920436ea013aacfdc5f5a5067aa28 |
C:\Users\Admin\AppData\Local\Temp\FirstZ.exe
| MD5 | 27fd92a15da2d6b9bb6f93a6dbc9a3dd |
| SHA1 | 7dfb9880c2720571e859ca2295607a27cfebccaa |
| SHA256 | c72dae3390bb342058e0b25077bd061cd36cba92120fc43d6e5205e5b114f3cf |
| SHA512 | d0ba823b6644a599e2c3e1ef1f36f8d1427ab421570318d5ded0499b93f8397af3766209ecdfe4c43cca00f71752eaa92b554f515c07cd4497c4e1bde9985aa3 |
C:\Users\Admin\AppData\Local\Temp\1000628001\gold1201001.exe
| MD5 | 1618111e6e5b5bbad38814cd8dd3719a |
| SHA1 | e32287a92c93354ab61b71856b6520696852078a |
| SHA256 | 4d7d4d3688c65f534272d60a7ed5157dbc3368a4d01d10e67084a72e04ec5f28 |
| SHA512 | 18380c21e65cd7b3417e3fd9f95af4360007dd24b881c05530e7cd1a9b2673620b4b28d3ef3a82d5722fd741f6dba2fabdc006e63cbc18e97460890cad805465 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore.jsonlz4
| MD5 | 3101ef8b092bef7d737e47777ace301f |
| SHA1 | 9e37925d1d79cdd40126ff5e9df68d5e0e705e29 |
| SHA256 | c959015cd58fb3ddabbcff6c8e21b5bdaa254d1ab273e3f9bef590d5565724dd |
| SHA512 | f4f9d8c32e80b5e7f6fb6f93a0a507c110392816a2251d7222e0c65c886b529ca2bceab6e92d6cefded746a7d9b38e6fd5e53f6940af12d41fc49697845b28c1 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
| MD5 | 6e23201d2e4560010928ada16d5e4ae9 |
| SHA1 | 3d684081fd4da729269098f485ea9d3e13664d8e |
| SHA256 | 2e3d25b6b55a04346fcc1fa8f587dd08f27f2cf8878ad354a695e50c74956efc |
| SHA512 | 1ae277806c5817d59fee22caa28dd8b555027f43a7297360db856d1b1609526b1cb40181c53e5f4cfa8ea188299186a0af81be1ff1e79ee350530a9a97ad01f2 |
C:\Users\Admin\AppData\Local\Temp\1000629001\installs.exe
| MD5 | b06f744a11be581f709e224e7e8d0a67 |
| SHA1 | 9d8960d758bbc0cd5bafb820b70f1a811873fbde |
| SHA256 | 6b2edd72da51a4b9587cc449b386c8368ab0a06de1d9bd4802f8898c418f19ba |
| SHA512 | 72a62bc7d1ae35360a6721e4f85fe185984e61c24c25d1b955c3a7233c40831fc7f354656da84e3fa3d80bc9b0525a100eb51ab7a48ab1fed2aa8d0dd0bb5813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1787341fc8c7e0f3b6ff771c627be1fe
| MD5 | dee06b3ce882a94e37c2651c46cb6bd2 |
| SHA1 | 5cfe82f729d4ed28ef5f49431c06892cb73a381b |
| SHA256 | 365bff607786ffafd851fe128ccf4571a83cf68a813a83bae9c5c2b0c9cd7ab1 |
| SHA512 | 4b2fa0d89d587f54725b125da6b2d4aa41da04eeae436eba9abb2aa14c6f5cb92a36e9af033366ea8876be67c619f8dde6254a13afe812e8b1cc6eee37b77d14 |
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
| MD5 | 3058f10b2fe431d9f8a487a35cd89ba3 |
| SHA1 | adf31cfada940e96a02305177bea754d4ee41861 |
| SHA256 | 73e5d1b5c0d2134f08a76a09b913efa9076bd492e509cd0346794db436c54d30 |
| SHA512 | 4f59602a4f557a9947d15a1ed13d8e1b09d0ba3660130fa7e029219b21062a3dba55f7da6db0efa9f2f5ac5053dda51ed4e183ae171789374e239c4d7609eae5 |
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
| MD5 | 5ea776e43112b097b024104d6319b6dc |
| SHA1 | abd48a2ec2163a85fc71be96914b73f3abef994c |
| SHA256 | cf650d13eea100a691f7f8f64674189a9c13d7948e31468963e10a23726dc341 |
| SHA512 | 83667045b7da8596fad90320880d8d7c83f71a1f043d73f7b68a0ad948ae2e530a753d5c7943a096a307e696f8d9fa433025b30078af6d4530d1a2f2a4b12ed2 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2yosvbjp.0qa.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\edb38fa2-1802-4ed0-8c51-711a81fed4f4.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9e0c7c29d1e5a50350f99008ab4001af |
| SHA1 | dfea85ec959ff7b4c2df0961b4c462e935eaf97c |
| SHA256 | 70b5a996a889c3eaed1dfda7f416f7b0bba4b1a2e0e58b69f2575733dfd724a5 |
| SHA512 | b6204e4fbfe0f1cd61733b8f79e2a911caa59b0cad26fd6d370409c0ae68018dd2a99929d07e7486219f64da4f9b93be63c4882bcfcfc6b16bdb1f289ce8d4cc |
C:\Users\Admin\iOUPAPdUxmKbUpq.pdf
| MD5 | 8de1dc4c4c5b350416faca87c866e09e |
| SHA1 | 50b6b139f06119873f18d2ad82cf2786d9c41658 |
| SHA256 | 8ce69d54ded635b980f9d277a4c7e868d75d0acdf8b7e977c4e993fe9243a4c2 |
| SHA512 | 208dfe4782ce131d0031dec7d221cadd227265d209826df0831adb8df755237266295cbcded02581d9a7c26c5844ab1d2ac98ce1f3d3776f424001c36351fdcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7b35858a71c7d9a592108967ae3284b2 |
| SHA1 | d00dcb5564d4d488ebc26fca108239d576ad390e |
| SHA256 | 9a608501b6b014a7e767ab30eb0b7492fe7de89927c3cfedf43b39d1ceceaea2 |
| SHA512 | e57f8a40bd5458b654d8ae606c44b9f8675deb41a734850998a9262dc4978dfaf6df66b95fca5c4f648ac0f811cfc0d9b383da59faa6a24ea78a3d03d8784b00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5db9dad97ebe9646761f8e3747e6ed43 |
| SHA1 | 9693772f010d12461fbd72cf33a6e1f6afa04564 |
| SHA256 | f68293400bd96712408ba6e421525d33cbca84001ee04da15983c59027afeffd |
| SHA512 | 904cb418a4d27b54cc3636c946f7d3427c092059fd02e7b379970d1666fbf215a85b3e6e14dd87e0cebf17b6736a3216718d83b37de0e949683b1175af5028df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9894fe1eba68ed9e9fd52d53e4c8835 |
| SHA1 | 0e1dc8e973096c0bc9cdcf6f389697dae5dca1d5 |
| SHA256 | 5a67c8f270ee962c69bc7f334605ecbb801d644ca46119384ffa00d87e517537 |
| SHA512 | fef2390ec8d302b56851ddf82018e3e2a48a39e6921505499ddb98b1f0d311b5c7c1e98cd10211df609654708c64e19cc2b7a98de3c086566f80e0f04e00fa00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b79a1.TMP
| MD5 | c7bc5714fe7efbf595740a92d67f9acd |
| SHA1 | a466ec0b9a4086566b6b067a4b527b02fa93697c |
| SHA256 | 7e5d1df39cacb2a9246c84e65e10648dc9efd51f5d6243282053802ed007e300 |
| SHA512 | ea7ebc5348ecea8eee3563208ba2bcad29ad555fa5f5ef18823a704edf2097b71eb71753812307390129e30c4998b5880b4a65f9634c5ed5d75a376d390e616e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3dd84ff1045678278f06d4791ead720b |
| SHA1 | 4022d014c5a2d37d528cada48ce847758d40119e |
| SHA256 | 1e32f3116652b5505d090bab17ba45113e46a08d61887ecd7fa84aec9cb0a252 |
| SHA512 | fd7ab72fa15479097eab7eaaada6fc6d9a3567422a9b7ac9bc45379b1128d8b7e90f0cb8cf853caf5179d2033cbe5b2645f348321e3b37169825721e95086390 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 435a7f53b1e37cb97d96a29c899536fc |
| SHA1 | e0187fe50e9b11b08e3472d73522d0ad88fbb2ac |
| SHA256 | 85563d70a19e0e7b2391a5a61e158fb34314b02031dc4cd21005d7ac0293ae2d |
| SHA512 | 306a03fcb22c4f5982982fcc79bff926c8bc6460f9644811f80dd4147520ad75bbea528b0db90cb7ac56838d055acb745b01eee3ec5d363c8171ddebed7fefff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 748d158c8c589e663630a6cd28cf4637 |
| SHA1 | beb924040b2e67e99f24c3e30c6a87d184ff469c |
| SHA256 | 553d95f0c82bfceb016f810ceec8d6c221989e3290fa693b71cc2809a80ffc13 |
| SHA512 | 9ae087ca92b21a5f47741288fb2fae3111df93ab64b5f49b6f98976ac75a5c93d485233de572d8c8825bb7a94419f59fd8f423af8ee1fe6dc7d136a1d87081d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 47eac6267c3af6c18b2124f60f773b60 |
| SHA1 | c90118e8282e2f46a09cd8e51827b33934a702c1 |
| SHA256 | d40580af7a6f1b5cafcaa9889e634c42d5995c03d7b002dbe5a0572e8c62999b |
| SHA512 | bf5ae3535bd71d65491212189613a98da2804b1d32ab5b6bbda85bdc7f603fec563627b61d5aed4c40c7eeb61b8d7d88fed975e06f463196a64d394751d9a4b7 |