Analysis Overview
SHA256
5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d
Threat Level: Known bad
The file 5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d was found to be: Known bad.
Malicious Activity Summary
Stealc
Glupteba payload
DcRat
Windows security bypass
Glupteba
Lumma Stealer
SmokeLoader
Creates new service(s)
Stops running service(s)
Downloads MZ/PE file
Modifies Windows Firewall
Loads dropped DLL
Windows security modification
Reads user/profile data of web browsers
Deletes itself
UPX packed file
Reads data files stored by FTP clients
Executes dropped EXE
Manipulates WinMonFS driver.
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Suspicious use of SetThreadContext
Drops file in System32 directory
Checks for VirtualBox DLLs, possible anti-VM trick
Drops file in Windows directory
Launches sc.exe
Program crash
Enumerates physical storage devices
Unsigned PE
Checks SCSI registry key(s)
Creates scheduled task(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 04:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 04:48
Reported
2024-02-23 04:53
Platform
win10-20240221-en
Max time kernel
300s
Max time network
304s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C12D.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
SmokeLoader
Stealc
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OUPSP.tmp\24EE.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OUPSP.tmp\24EE.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OUPSP.tmp\24EE.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsf11EF.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsf11EF.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\C12D.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" | C:\Windows\rss\csrss.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Manipulates WinMonFS driver.
| Description | Indicator | Process | Target |
| File opened for modification | \??\WinMonFS | C:\Windows\rss\csrss.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\E5A0.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\FourthX.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\system32\wusa.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\System32\Conhost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4312 set thread context of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\C12D.exe | C:\Users\Admin\AppData\Local\Temp\C12D.exe |
| PID 916 set thread context of 1320 | N/A | C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe | C:\Windows\system32\conhost.exe |
| PID 916 set thread context of 2624 | N/A | C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe | C:\Windows\explorer.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rss | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\rss\csrss.exe | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| File created | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
| File opened for modification | C:\Windows\windefender.exe | C:\Windows\rss\csrss.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\wfcvvwd |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\C12D.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\134A.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\134A.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\134A.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\hucvvwd | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\hucvvwd | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\hucvvwd | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\nsf11EF.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\nsf11EF.tmp | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-591 = "Malay Peninsula Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\wusa.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\Conhost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-692 = "Tasmania Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2491 = "Aus Central W. Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2001 = "Cabo Verde Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-772 = "Montevideo Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1801 = "Line Islands Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-501 = "Nepal Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-601 = "Taipei Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2372 = "Easter Island Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-871 = "Pakistan Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2842 = "Saratov Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-751 = "Tonga Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1721 = "Libya Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2791 = "Novosibirsk Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-341 = "Egypt Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-651 = "AUS Central Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1802 = "Line Islands Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-192 = "Mountain Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2511 = "Lord Howe Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-872 = "Pakistan Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\Conhost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1412 = "Syria Standard Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2771 = "Omsk Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1862 = "Russia TZ 6 Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2512 = "Lord Howe Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1842 = "Russia TZ 4 Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-352 = "FLE Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1022 = "Bangladesh Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\wusa.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-362 = "GTB Standard Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-301 = "Romance Daylight Time" | C:\Windows\windefender.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time" | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\wusa.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\wusa.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-111 = "Eastern Daylight Time" | C:\Windows\windefender.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\System32\Conhost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\134A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\hucvvwd | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Conhost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wusa.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OUPSP.tmp\24EE.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe
"C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe"
C:\Users\Admin\AppData\Local\Temp\C12D.exe
C:\Users\Admin\AppData\Local\Temp\C12D.exe
C:\Users\Admin\AppData\Local\Temp\C12D.exe
C:\Users\Admin\AppData\Local\Temp\C12D.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\C583.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\C583.dll
C:\Users\Admin\AppData\Local\Temp\E021.exe
C:\Users\Admin\AppData\Local\Temp\E021.exe
C:\Users\Admin\AppData\Local\Temp\E5A0.exe
C:\Users\Admin\AppData\Local\Temp\E5A0.exe
C:\Users\Admin\AppData\Local\Temp\1A5.exe
C:\Users\Admin\AppData\Local\Temp\1A5.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Users\Admin\AppData\Local\Temp\134A.exe
C:\Users\Admin\AppData\Local\Temp\134A.exe
C:\Users\Admin\AppData\Local\Temp\nsf11EF.tmp
C:\Users\Admin\AppData\Local\Temp\nsf11EF.tmp
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\24EE.exe
C:\Users\Admin\AppData\Local\Temp\24EE.exe
C:\Users\Admin\AppData\Local\Temp\is-OUPSP.tmp\24EE.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OUPSP.tmp\24EE.tmp" /SL5="$3024C,4470470,54272,C:\Users\Admin\AppData\Local\Temp\24EE.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\3F7C.exe
C:\Users\Admin\AppData\Local\Temp\3F7C.exe
C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp
"C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp" /SL5="$B0060,4314505,54272,C:\Users\Admin\AppData\Local\Temp\3F7C.exe"
C:\Users\Admin\AppData\Local\Temp\449E.exe
C:\Users\Admin\AppData\Local\Temp\449E.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\System32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UTIXDCVF"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UTIXDCVF"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Roaming\wfcvvwd
C:\Users\Admin\AppData\Roaming\wfcvvwd
C:\Users\Admin\AppData\Roaming\hucvvwd
C:\Users\Admin\AppData\Roaming\hucvvwd
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 488
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 19004
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| UA | 134.249.185.176:9001 | tcp | |
| N/A | 127.0.0.1:49797 | tcp | |
| US | 85.209.158.115:443 | tcp | |
| GB | 31.127.34.9:9001 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 172.67.217.100:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | 100.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| KR | 210.182.29.70:80 | trmpc.com | tcp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.29.182.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.bestsup.su | udp |
| US | 104.21.29.103:80 | en.bestsup.su | tcp |
| US | 8.8.8.8:53 | 103.29.21.104.in-addr.arpa | udp |
| DE | 185.172.128.145:80 | tcp | |
| FR | 163.172.29.34:443 | tcp | |
| US | 8.8.8.8:53 | 145.128.172.185.in-addr.arpa | udp |
| CH | 46.19.141.85:8100 | tcp | |
| NL | 45.66.33.45:443 | tcp | |
| DE | 188.68.53.92:443 | tcp | |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | 33.64.42.5.in-addr.arpa | udp |
| US | 75.176.45.87:9001 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| US | 8.8.8.8:53 | 38.21.59.86.in-addr.arpa | udp |
| FI | 65.21.85.98:9001 | tcp | |
| IT | 129.152.8.9:443 | tcp | |
| US | 8.8.8.8:53 | 9.8.152.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.85.21.65.in-addr.arpa | udp |
| IT | 129.152.8.9:443 | tcp | |
| FI | 65.21.85.98:9001 | tcp | |
| US | 8.8.8.8:53 | sjyey.com | udp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| US | 8.8.8.8:53 | 132.24.181.211.in-addr.arpa | udp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| US | 8.8.8.8:53 | e77bbb5a-182c-4ff3-ad31-530a3ea1a1d0.uuid.statsexplorer.org | udp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| US | 8.8.8.8:53 | xmr-eu2.nanopool.org | udp |
| NL | 51.15.61.114:14433 | xmr-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 114.61.15.51.in-addr.arpa | udp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.67.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 143.67.20.104.in-addr.arpa | udp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | geeglejrbvel.cem.pk | udp |
| US | 8.8.8.8:53 | geeglejrbvel.cem.pk | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | geeglejrbvel.cem.pk | udp |
| US | 8.8.8.8:53 | geeglejrbvel.cem.pk | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | sedmb-eszevzb.edu.bb | udp |
| US | 8.8.8.8:53 | sedmb-eszevzb.edu.bb | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | bblkbz-scheel.cem | udp |
| US | 8.8.8.8:53 | bblkbz-scheel.cem | udp |
| US | 8.8.8.8:53 | embolbex.fuz | udp |
| US | 8.8.8.8:53 | embolbex.fuz | udp |
| US | 8.8.8.8:53 | jelefezocb.cem | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | jelefezocb.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | cps.sp.gev.br | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | cps.sp.gev.br | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | sozhgbd.edu | udp |
| US | 8.8.8.8:53 | sozhgbd.edu | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | www.sozhgbd.edu | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | www.sozhgbd.edu | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | jbblom.mb | udp |
| US | 8.8.8.8:53 | jbblom.mb | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | loder.soedlce.pl | udp |
| US | 8.8.8.8:53 | loder.soedlce.pl | udp |
| US | 8.8.8.8:53 | gmbol.ceem | udp |
| US | 8.8.8.8:53 | gmbol.ceem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ocleud.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | ocleud.cem | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | gmbol.ce | udp |
| US | 8.8.8.8:53 | gmbol.ce | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | gmbol.cempr | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | gmbol.cempr | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | love.cem | udp |
| US | 8.8.8.8:53 | love.cem | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | dmbvbluevbcbjoezs.cem | udp |
| US | 8.8.8.8:53 | dmbvbluevbcbjoezs.cem | udp |
| US | 8.8.8.8:53 | geeglejrbvel.cem.pk | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | cbrobsurf.cem | udp |
| US | 8.8.8.8:53 | love.cem | udp |
| US | 8.8.8.8:53 | cbrobsurf.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | love.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | gmbol.ce | udp |
| US | 8.8.8.8:53 | gmbol.ce | udp |
| US | 8.8.8.8:53 | geeglejrbvel.cem.pk | udp |
| US | 8.8.8.8:53 | mee-dl.edu.my | udp |
| US | 8.8.8.8:53 | mee-dl.edu.my | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | bkjbs.cem | udp |
| US | 8.8.8.8:53 | love.cem | udp |
| US | 8.8.8.8:53 | bkjbs.cem | udp |
| US | 8.8.8.8:53 | bluze.ezevb.educbcbe.bb.gev.br | udp |
| US | 8.8.8.8:53 | bluze.ezevb.educbcbe.bb.gev.br | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.oj | udp |
| US | 8.8.8.8:53 | ybhee.oj | udp |
| US | 8.8.8.8:53 | mee.be | udp |
| US | 8.8.8.8:53 | yee.erg.jr | udp |
| US | 8.8.8.8:53 | mee.be | udp |
| US | 8.8.8.8:53 | ocleud.cem | udp |
| US | 8.8.8.8:53 | ocleud.cem | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | ybhee.cem | udp |
| US | 8.8.8.8:53 | eujleek.cem | udp |
| US | 8.8.8.8:53 | dezgguk.bc.kr | udp |
| US | 8.8.8.8:53 | dezgguk.bc.kr | udp |
| US | 8.8.8.8:53 | hejmbol.cem | udp |
| US | 8.8.8.8:53 | geeglejrbvel.cem.pk | udp |
| US | 8.8.8.8:53 | bbu.edu.bd | udp |
| US | 8.8.8.8:53 | bbu.edu.bd | udp |
| US | 8.8.8.8:53 | dgu.bc.kr | udp |
| US | 8.8.8.8:53 | dgu.bc.kr | udp |
| US | 8.8.8.8:53 | sedmb-eszevzb.edu.bb | udp |
| US | 8.8.8.8:53 | eolzews.cem | udp |
| US | 8.8.8.8:53 | eolzews.cem | udp |
| US | 8.8.8.8:53 | hexds.cem | udp |
| US | 8.8.8.8:53 | hexds.cem | udp |
| US | 8.8.8.8:53 | zezod.cem | udp |
| US | 8.8.8.8:53 | zezod.cem | udp |
| US | 8.8.8.8:53 | kbfjee.cem | udp |
| US | 8.8.8.8:53 | kbfjee.cem | udp |
| US | 8.8.8.8:53 | bblkbz-scheel.cem | udp |
| US | 8.8.8.8:53 | qubmex.cem | udp |
| US | 8.8.8.8:53 | je6s.cem | udp |
| US | 8.8.8.8:53 | je6s.cem | udp |
| US | 8.8.8.8:53 | qubmex.cem | udp |
| US | 8.8.8.8:53 | kurubpp.cem | udp |
| US | 8.8.8.8:53 | kurubpp.cem | udp |
| US | 8.8.8.8:53 | love.cem | udp |
| US | 8.8.8.8:53 | embolbex.fuz | udp |
| US | 8.8.8.8:53 | love.cem | udp |
| US | 8.8.8.8:53 | vbsqb.cem | udp |
| US | 8.8.8.8:53 | vbsqb.cem | udp |
| US | 8.8.8.8:53 | ebsebre.cem | udp |
| US | 8.8.8.8:53 | ebsebre.cem | udp |
| US | 8.8.8.8:53 | jelefezocb.cem | udp |
| US | 8.8.8.8:53 | esmbklj.edu.bb | udp |
| US | 8.8.8.8:53 | skelers.erg | udp |
| US | 8.8.8.8:53 | cps.sp.gev.br | udp |
| US | 8.8.8.8:53 | sozhgbd.edu | udp |
| US | 8.8.8.8:53 | www.sozhgbd.edu | udp |
| US | 8.8.8.8:53 | jbblom.mb | udp |
| US | 8.8.8.8:53 | ybhee.fr | udp |
| US | 8.8.8.8:53 | loder.soedlce.pl | udp |
| US | 8.8.8.8:53 | gmbol.ceem | udp |
| US | 8.8.8.8:53 | gmbol.ce | udp |
| US | 8.8.8.8:53 | gmbol.cempr | udp |
| US | 8.8.8.8:53 | dmbvbluevbcbjoezs.cem | udp |
| US | 8.8.8.8:53 | cbrobsurf.cem | udp |
| US | 8.8.8.8:53 | mee-dl.edu.my | udp |
| KR | 211.181.24.132:80 | sjyey.com | tcp |
| US | 8.8.8.8:53 | bkjbs.cem | udp |
| US | 8.8.8.8:53 | bluze.ezevb.educbcbe.bb.gev.br | udp |
| US | 8.8.8.8:53 | 105.246.116.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | server2.statsexplorer.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | stun.sipgate.net | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 3.33.249.248:3478 | stun.sipgate.net | udp |
| BG | 185.82.216.108:443 | server2.statsexplorer.org | tcp |
| US | 8.8.8.8:53 | walkinglate.com | udp |
| US | 172.67.212.188:443 | walkinglate.com | tcp |
| US | 8.8.8.8:53 | 248.249.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.212.67.172.in-addr.arpa | udp |
| BG | 185.82.216.108:443 | server2.statsexplorer.org | tcp |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:51974 | tcp | |
| N/A | 127.0.0.1:51978 | tcp | |
| N/A | 127.0.0.1:51983 | tcp | |
| N/A | 127.0.0.1:51988 | tcp | |
| N/A | 127.0.0.1:51991 | tcp | |
| N/A | 127.0.0.1:51996 | tcp | |
| N/A | 127.0.0.1:52010 | tcp | |
| N/A | 127.0.0.1:52012 | tcp | |
| N/A | 127.0.0.1:52014 | tcp | |
| N/A | 127.0.0.1:52016 | tcp | |
| N/A | 127.0.0.1:52018 | tcp | |
| N/A | 127.0.0.1:52021 | tcp | |
| N/A | 127.0.0.1:52024 | tcp | |
| N/A | 127.0.0.1:52027 | tcp | |
| N/A | 127.0.0.1:52038 | tcp | |
| N/A | 127.0.0.1:52041 | tcp | |
| N/A | 127.0.0.1:52045 | tcp | |
| N/A | 127.0.0.1:52048 | tcp | |
| N/A | 127.0.0.1:52051 | tcp | |
| N/A | 127.0.0.1:52056 | tcp | |
| N/A | 127.0.0.1:52059 | tcp | |
| N/A | 127.0.0.1:52063 | tcp | |
| N/A | 127.0.0.1:52069 | tcp | |
| N/A | 127.0.0.1:52074 | tcp | |
| N/A | 127.0.0.1:52077 | tcp | |
| N/A | 127.0.0.1:52081 | tcp | |
| N/A | 127.0.0.1:52084 | tcp | |
| N/A | 127.0.0.1:52087 | tcp | |
| N/A | 127.0.0.1:52089 | tcp | |
| N/A | 127.0.0.1:52093 | tcp | |
| N/A | 127.0.0.1:52097 | tcp | |
| N/A | 127.0.0.1:52103 | tcp | |
| N/A | 127.0.0.1:52105 | tcp | |
| N/A | 127.0.0.1:52107 | tcp | |
| N/A | 127.0.0.1:52111 | tcp | |
| N/A | 127.0.0.1:52122 | tcp | |
| N/A | 127.0.0.1:52127 | tcp | |
| N/A | 127.0.0.1:52130 | tcp | |
| N/A | 127.0.0.1:52139 | tcp | |
| N/A | 127.0.0.1:52141 | tcp | |
| N/A | 127.0.0.1:52146 | tcp | |
| N/A | 127.0.0.1:52151 | tcp | |
| N/A | 127.0.0.1:52154 | tcp | |
| N/A | 127.0.0.1:52156 | tcp | |
| N/A | 127.0.0.1:52158 | tcp | |
| N/A | 127.0.0.1:52162 | tcp | |
| N/A | 127.0.0.1:52165 | tcp | |
| N/A | 127.0.0.1:52168 | tcp | |
| N/A | 127.0.0.1:52173 | tcp | |
| N/A | 127.0.0.1:52175 | tcp | |
| N/A | 127.0.0.1:52178 | tcp | |
| N/A | 127.0.0.1:52184 | tcp | |
| N/A | 127.0.0.1:52189 | tcp | |
| N/A | 127.0.0.1:52192 | tcp | |
| N/A | 127.0.0.1:52199 | tcp | |
| N/A | 127.0.0.1:52202 | tcp | |
| N/A | 127.0.0.1:52205 | tcp | |
| N/A | 127.0.0.1:52212 | tcp | |
| N/A | 127.0.0.1:52215 | tcp | |
| N/A | 127.0.0.1:52218 | tcp | |
| N/A | 127.0.0.1:52221 | tcp | |
| N/A | 127.0.0.1:52224 | tcp | |
| N/A | 127.0.0.1:52227 | tcp | |
| N/A | 127.0.0.1:52233 | tcp | |
| N/A | 127.0.0.1:52236 | tcp | |
| N/A | 127.0.0.1:52239 | tcp | |
| N/A | 127.0.0.1:52247 | tcp | |
| N/A | 127.0.0.1:52250 | tcp | |
| N/A | 127.0.0.1:52255 | tcp | |
| N/A | 127.0.0.1:52260 | tcp | |
| N/A | 127.0.0.1:52262 | tcp | |
| N/A | 127.0.0.1:52266 | tcp | |
| N/A | 127.0.0.1:52275 | tcp | |
| N/A | 127.0.0.1:52278 | tcp | |
| N/A | 127.0.0.1:52281 | tcp | |
| N/A | 127.0.0.1:52285 | tcp | |
| N/A | 127.0.0.1:52289 | tcp | |
| N/A | 127.0.0.1:52298 | tcp | |
| N/A | 127.0.0.1:52302 | tcp | |
| N/A | 127.0.0.1:52306 | tcp | |
| N/A | 127.0.0.1:52310 | tcp | |
| N/A | 127.0.0.1:52313 | tcp | |
| N/A | 127.0.0.1:52316 | tcp | |
| N/A | 127.0.0.1:52321 | tcp | |
| N/A | 127.0.0.1:52326 | tcp | |
| N/A | 127.0.0.1:52330 | tcp | |
| N/A | 127.0.0.1:52332 | tcp | |
| N/A | 127.0.0.1:52338 | tcp | |
| N/A | 127.0.0.1:52340 | tcp | |
| N/A | 127.0.0.1:52345 | tcp | |
| N/A | 127.0.0.1:52350 | tcp | |
| N/A | 127.0.0.1:52353 | tcp | |
| N/A | 127.0.0.1:52358 | tcp | |
| N/A | 127.0.0.1:52365 | tcp | |
| N/A | 127.0.0.1:52368 | tcp | |
| N/A | 127.0.0.1:52373 | tcp | |
| N/A | 127.0.0.1:52379 | tcp | |
| N/A | 127.0.0.1:52382 | tcp | |
| N/A | 127.0.0.1:52385 | tcp | |
| N/A | 127.0.0.1:52389 | tcp | |
| N/A | 127.0.0.1:52393 | tcp | |
| N/A | 127.0.0.1:52398 | tcp | |
| N/A | 127.0.0.1:52402 | tcp | |
| N/A | 127.0.0.1:52405 | tcp | |
| N/A | 127.0.0.1:52407 | tcp | |
| N/A | 127.0.0.1:52410 | tcp | |
| N/A | 127.0.0.1:52413 | tcp | |
| N/A | 127.0.0.1:52418 | tcp | |
| N/A | 127.0.0.1:52422 | tcp | |
| N/A | 127.0.0.1:52428 | tcp | |
| N/A | 127.0.0.1:52432 | tcp | |
| N/A | 127.0.0.1:52439 | tcp | |
| N/A | 127.0.0.1:52441 | tcp | |
| N/A | 127.0.0.1:52446 | tcp | |
| N/A | 127.0.0.1:52449 | tcp | |
| N/A | 127.0.0.1:52454 | tcp | |
| N/A | 127.0.0.1:52459 | tcp | |
| N/A | 127.0.0.1:52462 | tcp | |
| N/A | 127.0.0.1:52471 | tcp | |
| N/A | 127.0.0.1:52474 | tcp | |
| N/A | 127.0.0.1:52480 | tcp | |
| N/A | 127.0.0.1:52482 | tcp | |
| N/A | 127.0.0.1:52484 | tcp | |
| N/A | 127.0.0.1:52488 | tcp | |
| N/A | 127.0.0.1:52491 | tcp | |
| N/A | 127.0.0.1:52500 | tcp | |
| N/A | 127.0.0.1:52504 | tcp | |
| N/A | 127.0.0.1:52506 | tcp | |
| N/A | 127.0.0.1:52509 | tcp | |
| N/A | 127.0.0.1:52514 | tcp | |
| N/A | 127.0.0.1:52520 | tcp | |
| N/A | 127.0.0.1:52522 | tcp | |
| N/A | 127.0.0.1:52525 | tcp | |
| N/A | 127.0.0.1:52535 | tcp | |
| N/A | 127.0.0.1:52537 | tcp | |
| N/A | 127.0.0.1:52541 | tcp | |
| N/A | 127.0.0.1:52546 | tcp | |
| N/A | 127.0.0.1:52551 | tcp | |
| N/A | 127.0.0.1:52556 | tcp | |
| N/A | 127.0.0.1:52558 | tcp | |
| N/A | 127.0.0.1:52560 | tcp | |
| N/A | 127.0.0.1:52563 | tcp | |
| N/A | 127.0.0.1:52569 | tcp | |
| N/A | 127.0.0.1:52573 | tcp | |
| N/A | 127.0.0.1:52579 | tcp | |
| N/A | 127.0.0.1:52580 | tcp | |
| N/A | 127.0.0.1:52584 | tcp | |
| N/A | 127.0.0.1:52588 | tcp | |
| N/A | 127.0.0.1:52596 | tcp | |
| N/A | 127.0.0.1:52598 | tcp | |
| N/A | 127.0.0.1:52604 | tcp | |
| N/A | 127.0.0.1:52608 | tcp | |
| N/A | 127.0.0.1:52612 | tcp | |
| N/A | 127.0.0.1:52617 | tcp | |
| N/A | 127.0.0.1:52619 | tcp | |
| N/A | 127.0.0.1:52626 | tcp | |
| N/A | 127.0.0.1:52628 | tcp | |
| N/A | 127.0.0.1:52632 | tcp | |
| N/A | 127.0.0.1:52643 | tcp | |
| N/A | 127.0.0.1:52647 | tcp | |
| N/A | 127.0.0.1:52651 | tcp | |
| N/A | 127.0.0.1:52655 | tcp | |
| N/A | 127.0.0.1:52659 | tcp | |
| N/A | 127.0.0.1:52661 | tcp | |
| N/A | 127.0.0.1:52664 | tcp | |
| N/A | 127.0.0.1:52674 | tcp | |
| N/A | 127.0.0.1:52680 | tcp | |
| N/A | 127.0.0.1:52682 | tcp | |
| N/A | 127.0.0.1:52685 | tcp | |
| N/A | 127.0.0.1:52692 | tcp | |
| N/A | 127.0.0.1:52694 | tcp | |
| N/A | 127.0.0.1:52697 | tcp | |
| N/A | 127.0.0.1:52702 | tcp | |
| N/A | 127.0.0.1:52705 | tcp | |
| N/A | 127.0.0.1:52709 | tcp | |
| N/A | 127.0.0.1:52718 | tcp | |
| N/A | 127.0.0.1:52721 | tcp | |
| N/A | 127.0.0.1:52725 | tcp | |
| N/A | 127.0.0.1:52727 | tcp | |
| N/A | 127.0.0.1:52732 | tcp | |
| N/A | 127.0.0.1:52736 | tcp | |
| N/A | 127.0.0.1:52739 | tcp | |
| N/A | 127.0.0.1:52744 | tcp | |
| N/A | 127.0.0.1:52747 | tcp | |
| N/A | 127.0.0.1:52753 | tcp | |
| N/A | 127.0.0.1:52762 | tcp | |
| N/A | 127.0.0.1:52764 | tcp | |
| N/A | 127.0.0.1:52768 | tcp | |
| N/A | 127.0.0.1:52775 | tcp | |
| N/A | 127.0.0.1:52777 | tcp | |
| N/A | 127.0.0.1:52780 | tcp | |
| N/A | 127.0.0.1:52783 | tcp | |
| N/A | 127.0.0.1:52787 | tcp | |
| N/A | 127.0.0.1:52793 | tcp | |
| N/A | 127.0.0.1:52800 | tcp | |
| N/A | 127.0.0.1:52804 | tcp | |
| N/A | 127.0.0.1:52807 | tcp | |
| N/A | 127.0.0.1:52814 | tcp | |
| N/A | 127.0.0.1:52818 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:52822 | tcp | |
| N/A | 127.0.0.1:52825 | tcp | |
| N/A | 127.0.0.1:52832 | tcp | |
| N/A | 127.0.0.1:52836 | tcp | |
| N/A | 127.0.0.1:52840 | tcp | |
| N/A | 127.0.0.1:52848 | tcp | |
| N/A | 127.0.0.1:52852 | tcp | |
| N/A | 127.0.0.1:52854 | tcp | |
| N/A | 127.0.0.1:52858 | tcp | |
| N/A | 127.0.0.1:52867 | tcp | |
| N/A | 127.0.0.1:52871 | tcp | |
| N/A | 127.0.0.1:52875 | tcp | |
| N/A | 127.0.0.1:52881 | tcp | |
| N/A | 127.0.0.1:52883 | tcp | |
| N/A | 127.0.0.1:52886 | tcp | |
| N/A | 127.0.0.1:52888 | tcp | |
| N/A | 127.0.0.1:52892 | tcp | |
| N/A | 127.0.0.1:52895 | tcp | |
| N/A | 127.0.0.1:52900 | tcp | |
| N/A | 127.0.0.1:52904 | tcp | |
| N/A | 127.0.0.1:52908 | tcp | |
| N/A | 127.0.0.1:52912 | tcp | |
| N/A | 127.0.0.1:52915 | tcp | |
| N/A | 127.0.0.1:52920 | tcp | |
| N/A | 127.0.0.1:52922 | tcp | |
| N/A | 127.0.0.1:52932 | tcp | |
| N/A | 127.0.0.1:52936 | tcp | |
| N/A | 127.0.0.1:52940 | tcp | |
| N/A | 127.0.0.1:52944 | tcp | |
| N/A | 127.0.0.1:52948 | tcp | |
| N/A | 127.0.0.1:52954 | tcp | |
| N/A | 127.0.0.1:52957 | tcp | |
| N/A | 127.0.0.1:52961 | tcp | |
| N/A | 127.0.0.1:52964 | tcp | |
| N/A | 127.0.0.1:52973 | tcp | |
| N/A | 127.0.0.1:52975 | tcp | |
| N/A | 127.0.0.1:52979 | tcp | |
| N/A | 127.0.0.1:52984 | tcp | |
| N/A | 127.0.0.1:52988 | tcp | |
| N/A | 127.0.0.1:52992 | tcp | |
| N/A | 127.0.0.1:52995 | tcp | |
| N/A | 127.0.0.1:52999 | tcp | |
| N/A | 127.0.0.1:53002 | tcp | |
| N/A | 127.0.0.1:53009 | tcp | |
| N/A | 127.0.0.1:53013 | tcp | |
| N/A | 127.0.0.1:53021 | tcp | |
| N/A | 127.0.0.1:53024 | tcp | |
| N/A | 127.0.0.1:53026 | tcp | |
| N/A | 127.0.0.1:53032 | tcp | |
| N/A | 127.0.0.1:53037 | tcp | |
| N/A | 127.0.0.1:53043 | tcp | |
| N/A | 127.0.0.1:53046 | tcp | |
| N/A | 127.0.0.1:53049 | tcp | |
| N/A | 127.0.0.1:53053 | tcp | |
| N/A | 127.0.0.1:53057 | tcp | |
| N/A | 127.0.0.1:53063 | tcp | |
| N/A | 127.0.0.1:53065 | tcp | |
| N/A | 127.0.0.1:53069 | tcp | |
| N/A | 127.0.0.1:53073 | tcp | |
| N/A | 127.0.0.1:53075 | tcp | |
| N/A | 127.0.0.1:53081 | tcp | |
| N/A | 127.0.0.1:53084 | tcp | |
| N/A | 127.0.0.1:53087 | tcp | |
| N/A | 127.0.0.1:53091 | tcp | |
| N/A | 127.0.0.1:53096 | tcp | |
| N/A | 127.0.0.1:53099 | tcp | |
| N/A | 127.0.0.1:53104 | tcp | |
| N/A | 127.0.0.1:53110 | tcp | |
| N/A | 127.0.0.1:53115 | tcp | |
| N/A | 127.0.0.1:53117 | tcp | |
| N/A | 127.0.0.1:53120 | tcp | |
| N/A | 127.0.0.1:53126 | tcp | |
| N/A | 127.0.0.1:53131 | tcp | |
| N/A | 127.0.0.1:53134 | tcp | |
| N/A | 127.0.0.1:53137 | tcp | |
| N/A | 127.0.0.1:53147 | tcp | |
| N/A | 127.0.0.1:53150 | tcp | |
| N/A | 127.0.0.1:53154 | tcp | |
| N/A | 127.0.0.1:53159 | tcp | |
| N/A | 127.0.0.1:53161 | tcp | |
| N/A | 127.0.0.1:53165 | tcp | |
| N/A | 127.0.0.1:53168 | tcp | |
| N/A | 127.0.0.1:53172 | tcp | |
| N/A | 127.0.0.1:53175 | tcp | |
| N/A | 127.0.0.1:53181 | tcp | |
| N/A | 127.0.0.1:53186 | tcp | |
| N/A | 127.0.0.1:53188 | tcp | |
| N/A | 127.0.0.1:53191 | tcp | |
| N/A | 127.0.0.1:53197 | tcp | |
| N/A | 127.0.0.1:53202 | tcp | |
| N/A | 127.0.0.1:53209 | tcp | |
| N/A | 127.0.0.1:53214 | tcp | |
| N/A | 127.0.0.1:53217 | tcp | |
| N/A | 127.0.0.1:53221 | tcp | |
| N/A | 127.0.0.1:53224 | tcp | |
| N/A | 127.0.0.1:53226 | tcp | |
| N/A | 127.0.0.1:53229 | tcp | |
| N/A | 127.0.0.1:53233 | tcp | |
| N/A | 127.0.0.1:53236 | tcp | |
| N/A | 127.0.0.1:53242 | tcp | |
| N/A | 127.0.0.1:53246 | tcp | |
| N/A | 127.0.0.1:53250 | tcp | |
| N/A | 127.0.0.1:53254 | tcp | |
| N/A | 127.0.0.1:53259 | tcp | |
| N/A | 127.0.0.1:53264 | tcp | |
| N/A | 127.0.0.1:53267 | tcp | |
| N/A | 127.0.0.1:53271 | tcp | |
| N/A | 127.0.0.1:53280 | tcp | |
| N/A | 127.0.0.1:53285 | tcp | |
| N/A | 127.0.0.1:53291 | tcp | |
| N/A | 127.0.0.1:53295 | tcp | |
| N/A | 127.0.0.1:53297 | tcp | |
| N/A | 127.0.0.1:53300 | tcp | |
| N/A | 127.0.0.1:53303 | tcp | |
| N/A | 127.0.0.1:53310 | tcp | |
| N/A | 127.0.0.1:53311 | tcp | |
| N/A | 127.0.0.1:53316 | tcp | |
| N/A | 127.0.0.1:53321 | tcp | |
| N/A | 127.0.0.1:53324 | tcp | |
| N/A | 127.0.0.1:53327 | tcp | |
| N/A | 127.0.0.1:53333 | tcp | |
| N/A | 127.0.0.1:53337 | tcp | |
| N/A | 127.0.0.1:53343 | tcp | |
| N/A | 127.0.0.1:53345 | tcp | |
| N/A | 127.0.0.1:53349 | tcp | |
| N/A | 127.0.0.1:53354 | tcp | |
| N/A | 127.0.0.1:53360 | tcp | |
| N/A | 127.0.0.1:53363 | tcp | |
| N/A | 127.0.0.1:53367 | tcp | |
| N/A | 127.0.0.1:53371 | tcp | |
| N/A | 127.0.0.1:53375 | tcp | |
| N/A | 127.0.0.1:53380 | tcp | |
| N/A | 127.0.0.1:53383 | tcp | |
| N/A | 127.0.0.1:53385 | tcp | |
| N/A | 127.0.0.1:53393 | tcp | |
| N/A | 127.0.0.1:53396 | tcp | |
| N/A | 127.0.0.1:53407 | tcp | |
| N/A | 127.0.0.1:53409 | tcp | |
| N/A | 127.0.0.1:53411 | tcp | |
| N/A | 127.0.0.1:53415 | tcp | |
| N/A | 127.0.0.1:53424 | tcp | |
| N/A | 127.0.0.1:53429 | tcp | |
| N/A | 127.0.0.1:53433 | tcp | |
| N/A | 127.0.0.1:53435 | tcp | |
| N/A | 127.0.0.1:53437 | tcp | |
| N/A | 127.0.0.1:53439 | tcp | |
| N/A | 127.0.0.1:53442 | tcp | |
| N/A | 127.0.0.1:53446 | tcp | |
| N/A | 127.0.0.1:53450 | tcp | |
| N/A | 127.0.0.1:53460 | tcp | |
| N/A | 127.0.0.1:53464 | tcp | |
| N/A | 127.0.0.1:53467 | tcp | |
| N/A | 127.0.0.1:53474 | tcp | |
| N/A | 127.0.0.1:53476 | tcp | |
| N/A | 127.0.0.1:53480 | tcp | |
| N/A | 127.0.0.1:53483 | tcp | |
| N/A | 127.0.0.1:53486 | tcp | |
| N/A | 127.0.0.1:53489 | tcp | |
| N/A | 127.0.0.1:53493 | tcp | |
| N/A | 127.0.0.1:53499 | tcp | |
| N/A | 127.0.0.1:53502 | tcp | |
| N/A | 127.0.0.1:53507 | tcp | |
| N/A | 127.0.0.1:53510 | tcp | |
| N/A | 127.0.0.1:53513 | tcp | |
| N/A | 127.0.0.1:53516 | tcp | |
| N/A | 127.0.0.1:53522 | tcp | |
| N/A | 127.0.0.1:53530 | tcp | |
| N/A | 127.0.0.1:53533 | tcp | |
| N/A | 127.0.0.1:53539 | tcp | |
| N/A | 127.0.0.1:53542 | tcp | |
| N/A | 127.0.0.1:53545 | tcp | |
| N/A | 127.0.0.1:53549 | tcp | |
| N/A | 127.0.0.1:53551 | tcp | |
| N/A | 127.0.0.1:53555 | tcp | |
| N/A | 127.0.0.1:53564 | tcp | |
| N/A | 127.0.0.1:53568 | tcp | |
| N/A | 127.0.0.1:53571 | tcp | |
| N/A | 127.0.0.1:53574 | tcp | |
| N/A | 127.0.0.1:53579 | tcp | |
| N/A | 127.0.0.1:53584 | tcp | |
| N/A | 127.0.0.1:53587 | tcp | |
| N/A | 127.0.0.1:53592 | tcp | |
| N/A | 127.0.0.1:53594 | tcp | |
| N/A | 127.0.0.1:53597 | tcp | |
| N/A | 127.0.0.1:53601 | tcp | |
| N/A | 127.0.0.1:53606 | tcp | |
| N/A | 127.0.0.1:53613 | tcp | |
| N/A | 127.0.0.1:53615 | tcp | |
| N/A | 127.0.0.1:53619 | tcp | |
| N/A | 127.0.0.1:53623 | tcp | |
| N/A | 127.0.0.1:53629 | tcp | |
| N/A | 127.0.0.1:53632 | tcp | |
| N/A | 127.0.0.1:53638 | tcp | |
| N/A | 127.0.0.1:53646 | tcp | |
| N/A | 127.0.0.1:53648 | tcp | |
| N/A | 127.0.0.1:53650 | tcp | |
| N/A | 127.0.0.1:53652 | tcp | |
| N/A | 127.0.0.1:53656 | tcp | |
| N/A | 127.0.0.1:53662 | tcp | |
| N/A | 127.0.0.1:53669 | tcp | |
| N/A | 127.0.0.1:53671 | tcp | |
| N/A | 127.0.0.1:53674 | tcp | |
| N/A | 127.0.0.1:53681 | tcp | |
| N/A | 127.0.0.1:53687 | tcp | |
| N/A | 127.0.0.1:53689 | tcp | |
| N/A | 127.0.0.1:53691 | tcp | |
| N/A | 127.0.0.1:53697 | tcp | |
| N/A | 127.0.0.1:53700 | tcp | |
| N/A | 127.0.0.1:53703 | tcp | |
| N/A | 127.0.0.1:53708 | tcp | |
| N/A | 127.0.0.1:53710 | tcp | |
| N/A | 127.0.0.1:53713 | tcp | |
| N/A | 127.0.0.1:53721 | tcp | |
| N/A | 127.0.0.1:53726 | tcp | |
| N/A | 127.0.0.1:53729 | tcp | |
| N/A | 127.0.0.1:53732 | tcp | |
| N/A | 127.0.0.1:53737 | tcp | |
| N/A | 127.0.0.1:53743 | tcp | |
| N/A | 127.0.0.1:53746 | tcp | |
| N/A | 127.0.0.1:53750 | tcp | |
| N/A | 127.0.0.1:53756 | tcp | |
| N/A | 127.0.0.1:53759 | tcp | |
| N/A | 127.0.0.1:53764 | tcp | |
| N/A | 127.0.0.1:53766 | tcp | |
| N/A | 127.0.0.1:53770 | tcp | |
| N/A | 127.0.0.1:53773 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:53779 | tcp | |
| N/A | 127.0.0.1:53783 | tcp | |
| N/A | 127.0.0.1:53787 | tcp | |
| N/A | 127.0.0.1:53792 | tcp | |
| N/A | 127.0.0.1:53794 | tcp | |
| N/A | 127.0.0.1:53796 | tcp | |
| N/A | 127.0.0.1:53805 | tcp | |
| N/A | 127.0.0.1:53809 | tcp | |
| N/A | 127.0.0.1:53814 | tcp | |
| N/A | 127.0.0.1:53817 | tcp | |
| N/A | 127.0.0.1:53820 | tcp | |
| N/A | 127.0.0.1:53827 | tcp | |
| N/A | 127.0.0.1:53831 | tcp | |
| N/A | 127.0.0.1:53833 | tcp | |
| N/A | 127.0.0.1:53839 | tcp | |
| N/A | 127.0.0.1:53841 | tcp | |
| N/A | 127.0.0.1:53844 | tcp | |
| N/A | 127.0.0.1:53852 | tcp | |
| N/A | 127.0.0.1:53859 | tcp | |
| N/A | 127.0.0.1:53862 | tcp | |
| N/A | 127.0.0.1:53864 | tcp | |
| N/A | 127.0.0.1:53869 | tcp | |
| N/A | 127.0.0.1:53874 | tcp | |
| N/A | 127.0.0.1:53877 | tcp | |
| N/A | 127.0.0.1:53881 | tcp | |
| N/A | 127.0.0.1:53883 | tcp | |
| N/A | 127.0.0.1:53891 | tcp | |
| N/A | 127.0.0.1:53894 | tcp | |
| N/A | 127.0.0.1:53897 | tcp | |
| N/A | 127.0.0.1:53911 | tcp | |
| N/A | 127.0.0.1:53915 | tcp | |
| N/A | 127.0.0.1:53917 | tcp | |
| N/A | 127.0.0.1:53927 | tcp | |
| N/A | 127.0.0.1:53930 | tcp | |
| N/A | 127.0.0.1:53936 | tcp | |
| N/A | 127.0.0.1:53938 | tcp | |
| N/A | 127.0.0.1:53943 | tcp | |
| N/A | 127.0.0.1:53945 | tcp | |
| N/A | 127.0.0.1:53949 | tcp | |
| N/A | 127.0.0.1:53953 | tcp | |
| N/A | 127.0.0.1:53958 | tcp | |
| N/A | 127.0.0.1:53961 | tcp | |
| N/A | 127.0.0.1:53966 | tcp | |
| N/A | 127.0.0.1:53969 | tcp | |
| N/A | 127.0.0.1:53971 | tcp | |
| N/A | 127.0.0.1:53975 | tcp | |
| N/A | 127.0.0.1:53981 | tcp | |
| N/A | 127.0.0.1:53987 | tcp | |
| N/A | 127.0.0.1:53990 | tcp | |
| N/A | 127.0.0.1:53994 | tcp | |
| N/A | 127.0.0.1:53997 | tcp | |
| N/A | 127.0.0.1:54004 | tcp | |
| N/A | 127.0.0.1:54010 | tcp | |
| N/A | 127.0.0.1:54013 | tcp | |
| N/A | 127.0.0.1:54022 | tcp | |
| N/A | 127.0.0.1:54024 | tcp | |
| N/A | 127.0.0.1:54028 | tcp | |
| N/A | 127.0.0.1:54032 | tcp | |
| N/A | 127.0.0.1:54035 | tcp | |
| N/A | 127.0.0.1:54039 | tcp | |
| N/A | 127.0.0.1:54042 | tcp | |
| N/A | 127.0.0.1:54045 | tcp | |
| N/A | 127.0.0.1:54050 | tcp | |
| N/A | 127.0.0.1:54053 | tcp | |
| N/A | 127.0.0.1:54059 | tcp | |
| N/A | 127.0.0.1:54062 | tcp | |
| N/A | 127.0.0.1:54067 | tcp | |
| N/A | 127.0.0.1:54074 | tcp | |
| N/A | 127.0.0.1:54081 | tcp | |
| N/A | 127.0.0.1:54085 | tcp | |
| N/A | 127.0.0.1:54087 | tcp | |
| N/A | 127.0.0.1:54092 | tcp | |
| N/A | 127.0.0.1:54094 | tcp | |
| N/A | 127.0.0.1:54096 | tcp | |
| N/A | 127.0.0.1:54099 | tcp | |
| N/A | 127.0.0.1:54104 | tcp | |
| N/A | 127.0.0.1:54107 | tcp | |
| N/A | 127.0.0.1:54117 | tcp | |
| N/A | 127.0.0.1:54121 | tcp | |
| N/A | 127.0.0.1:54124 | tcp | |
| N/A | 127.0.0.1:54130 | tcp | |
| N/A | 127.0.0.1:54132 | tcp | |
| N/A | 127.0.0.1:54137 | tcp | |
| N/A | 127.0.0.1:54141 | tcp | |
| N/A | 127.0.0.1:54143 | tcp | |
| N/A | 127.0.0.1:54150 | tcp | |
| N/A | 127.0.0.1:54153 | tcp | |
| N/A | 127.0.0.1:54156 | tcp | |
| N/A | 127.0.0.1:54160 | tcp | |
| N/A | 127.0.0.1:54162 | tcp | |
| N/A | 127.0.0.1:54164 | tcp | |
| N/A | 127.0.0.1:54171 | tcp | |
| N/A | 127.0.0.1:54178 | tcp | |
| N/A | 127.0.0.1:54183 | tcp | |
| N/A | 127.0.0.1:54187 | tcp | |
| N/A | 127.0.0.1:54192 | tcp | |
| N/A | 127.0.0.1:54195 | tcp | |
| N/A | 127.0.0.1:54197 | tcp | |
| N/A | 127.0.0.1:54200 | tcp | |
| N/A | 127.0.0.1:54202 | tcp | |
| N/A | 127.0.0.1:54207 | tcp | |
| N/A | 127.0.0.1:54216 | tcp | |
| N/A | 127.0.0.1:54221 | tcp | |
| N/A | 127.0.0.1:54227 | tcp | |
| N/A | 127.0.0.1:54232 | tcp | |
| N/A | 127.0.0.1:54236 | tcp | |
| N/A | 127.0.0.1:54239 | tcp | |
| N/A | 127.0.0.1:54242 | tcp | |
| N/A | 127.0.0.1:54247 | tcp | |
| N/A | 127.0.0.1:54252 | tcp | |
| N/A | 127.0.0.1:54257 | tcp | |
| N/A | 127.0.0.1:54260 | tcp | |
| N/A | 127.0.0.1:54262 | tcp | |
| N/A | 127.0.0.1:54266 | tcp | |
| N/A | 127.0.0.1:54268 | tcp | |
| N/A | 127.0.0.1:54270 | tcp | |
| N/A | 127.0.0.1:54274 | tcp | |
| N/A | 127.0.0.1:54279 | tcp | |
| N/A | 127.0.0.1:54284 | tcp | |
| N/A | 127.0.0.1:54288 | tcp | |
| N/A | 127.0.0.1:54293 | tcp | |
| N/A | 127.0.0.1:54297 | tcp | |
| N/A | 127.0.0.1:54301 | tcp | |
| N/A | 127.0.0.1:54304 | tcp | |
| N/A | 127.0.0.1:54312 | tcp | |
| N/A | 127.0.0.1:54315 | tcp | |
| N/A | 127.0.0.1:54317 | tcp | |
| N/A | 127.0.0.1:54322 | tcp | |
| N/A | 127.0.0.1:54325 | tcp | |
| N/A | 127.0.0.1:54332 | tcp | |
| N/A | 127.0.0.1:54335 | tcp | |
| N/A | 127.0.0.1:54339 | tcp | |
| N/A | 127.0.0.1:54341 | tcp | |
| N/A | 127.0.0.1:54345 | tcp | |
| N/A | 127.0.0.1:54355 | tcp | |
| N/A | 127.0.0.1:54358 | tcp | |
| N/A | 127.0.0.1:54363 | tcp | |
| N/A | 127.0.0.1:54367 | tcp | |
| N/A | 127.0.0.1:54369 | tcp | |
| N/A | 127.0.0.1:54373 | tcp | |
| N/A | 127.0.0.1:54375 | tcp | |
| N/A | 127.0.0.1:54378 | tcp | |
| N/A | 127.0.0.1:54384 | tcp | |
| N/A | 127.0.0.1:54391 | tcp | |
| N/A | 127.0.0.1:54394 | tcp | |
| N/A | 127.0.0.1:54397 | tcp | |
| N/A | 127.0.0.1:54405 | tcp | |
| N/A | 127.0.0.1:54409 | tcp | |
| N/A | 127.0.0.1:54413 | tcp | |
| N/A | 127.0.0.1:54415 | tcp | |
| N/A | 127.0.0.1:54418 | tcp | |
| N/A | 127.0.0.1:54424 | tcp | |
| N/A | 127.0.0.1:54428 | tcp | |
| N/A | 127.0.0.1:54432 | tcp | |
| N/A | 127.0.0.1:54436 | tcp | |
| N/A | 127.0.0.1:54439 | tcp | |
| N/A | 127.0.0.1:54445 | tcp | |
| N/A | 127.0.0.1:54448 | tcp | |
| N/A | 127.0.0.1:54453 | tcp | |
| N/A | 127.0.0.1:54455 | tcp | |
| N/A | 127.0.0.1:54459 | tcp | |
| N/A | 127.0.0.1:54463 | tcp | |
| N/A | 127.0.0.1:54468 | tcp | |
| N/A | 127.0.0.1:54471 | tcp | |
| N/A | 127.0.0.1:54476 | tcp | |
| N/A | 127.0.0.1:54479 | tcp | |
| N/A | 127.0.0.1:54482 | tcp | |
| N/A | 127.0.0.1:54493 | tcp | |
| N/A | 127.0.0.1:54497 | tcp | |
| N/A | 127.0.0.1:54503 | tcp | |
| N/A | 127.0.0.1:54505 | tcp | |
| N/A | 127.0.0.1:54510 | tcp | |
| N/A | 127.0.0.1:54512 | tcp | |
| N/A | 127.0.0.1:54514 | tcp | |
| N/A | 127.0.0.1:54519 | tcp | |
| N/A | 127.0.0.1:54523 | tcp | |
| N/A | 127.0.0.1:54526 | tcp | |
| N/A | 127.0.0.1:54531 | tcp | |
| N/A | 127.0.0.1:54533 | tcp | |
| N/A | 127.0.0.1:54538 | tcp | |
| N/A | 127.0.0.1:54545 | tcp | |
| N/A | 127.0.0.1:54550 | tcp | |
| N/A | 127.0.0.1:54554 | tcp | |
| N/A | 127.0.0.1:54557 | tcp | |
| N/A | 127.0.0.1:54560 | tcp | |
| N/A | 127.0.0.1:54563 | tcp | |
| N/A | 127.0.0.1:54574 | tcp | |
| N/A | 127.0.0.1:54578 | tcp | |
| N/A | 127.0.0.1:54582 | tcp | |
| N/A | 127.0.0.1:54587 | tcp | |
| N/A | 127.0.0.1:54589 | tcp | |
| N/A | 127.0.0.1:54592 | tcp | |
| N/A | 127.0.0.1:54595 | tcp | |
| N/A | 127.0.0.1:54599 | tcp | |
| N/A | 127.0.0.1:54603 | tcp | |
| N/A | 127.0.0.1:54607 | tcp | |
| N/A | 127.0.0.1:54611 | tcp | |
| N/A | 127.0.0.1:54615 | tcp | |
| N/A | 127.0.0.1:54618 | tcp | |
| N/A | 127.0.0.1:54622 | tcp | |
| N/A | 127.0.0.1:54626 | tcp | |
| N/A | 127.0.0.1:54632 | tcp | |
| N/A | 127.0.0.1:54636 | tcp | |
| N/A | 127.0.0.1:54639 | tcp | |
| N/A | 127.0.0.1:54643 | tcp | |
| N/A | 127.0.0.1:54652 | tcp | |
| N/A | 127.0.0.1:54655 | tcp | |
| N/A | 127.0.0.1:54658 | tcp | |
| N/A | 127.0.0.1:54661 | tcp | |
| N/A | 127.0.0.1:54665 | tcp | |
| N/A | 127.0.0.1:54669 | tcp | |
| N/A | 127.0.0.1:54671 | tcp | |
| N/A | 127.0.0.1:54675 | tcp | |
| N/A | 127.0.0.1:54678 | tcp | |
| N/A | 127.0.0.1:54683 | tcp | |
| N/A | 127.0.0.1:54688 | tcp | |
| N/A | 127.0.0.1:54690 | tcp | |
| N/A | 127.0.0.1:54701 | tcp | |
| N/A | 127.0.0.1:54710 | tcp | |
| N/A | 127.0.0.1:54712 | tcp | |
| N/A | 127.0.0.1:54715 | tcp | |
| N/A | 127.0.0.1:54718 | tcp | |
| N/A | 127.0.0.1:54725 | tcp | |
| N/A | 127.0.0.1:54728 | tcp | |
| N/A | 127.0.0.1:54732 | tcp | |
| N/A | 127.0.0.1:54737 | tcp | |
| N/A | 127.0.0.1:54741 | tcp | |
| N/A | 127.0.0.1:54746 | tcp | |
| N/A | 127.0.0.1:54754 | tcp | |
| N/A | 127.0.0.1:54757 | tcp | |
| N/A | 127.0.0.1:54762 | tcp | |
| N/A | 127.0.0.1:54767 | tcp | |
| N/A | 127.0.0.1:54772 | tcp | |
| N/A | 127.0.0.1:54780 | tcp | |
| N/A | 127.0.0.1:54786 | tcp | |
| N/A | 127.0.0.1:54790 | tcp | |
| N/A | 127.0.0.1:54792 | tcp | |
| N/A | 127.0.0.1:54798 | tcp | |
| N/A | 127.0.0.1:54801 | tcp | |
| N/A | 127.0.0.1:54804 | tcp | |
| N/A | 127.0.0.1:54807 | tcp | |
| N/A | 127.0.0.1:54810 | tcp | |
| N/A | 127.0.0.1:54814 | tcp | |
| N/A | 127.0.0.1:54817 | tcp | |
| N/A | 127.0.0.1:54821 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:54833 | tcp | |
| N/A | 127.0.0.1:54838 | tcp | |
| N/A | 127.0.0.1:54843 | tcp | |
| N/A | 127.0.0.1:54849 | tcp | |
| N/A | 127.0.0.1:54853 | tcp | |
| N/A | 127.0.0.1:54852 | tcp | |
| N/A | 127.0.0.1:54858 | tcp | |
| N/A | 127.0.0.1:54866 | tcp | |
| N/A | 127.0.0.1:54872 | tcp | |
| N/A | 127.0.0.1:54874 | tcp | |
| N/A | 127.0.0.1:54879 | tcp | |
| N/A | 127.0.0.1:54885 | tcp | |
| N/A | 127.0.0.1:54888 | tcp | |
| N/A | 127.0.0.1:54890 | tcp | |
| N/A | 127.0.0.1:54898 | tcp | |
| N/A | 127.0.0.1:54906 | tcp | |
| N/A | 127.0.0.1:54908 | tcp | |
| N/A | 127.0.0.1:54912 | tcp | |
| N/A | 127.0.0.1:54921 | tcp | |
| N/A | 127.0.0.1:54924 | tcp | |
| N/A | 127.0.0.1:54928 | tcp | |
| N/A | 127.0.0.1:54933 | tcp | |
| N/A | 127.0.0.1:54937 | tcp | |
| N/A | 127.0.0.1:54941 | tcp | |
| N/A | 127.0.0.1:54945 | tcp | |
| N/A | 127.0.0.1:54955 | tcp | |
| N/A | 127.0.0.1:54960 | tcp | |
| N/A | 127.0.0.1:54962 | tcp | |
| N/A | 127.0.0.1:54965 | tcp | |
| N/A | 127.0.0.1:54970 | tcp | |
| N/A | 127.0.0.1:54976 | tcp | |
| N/A | 127.0.0.1:54978 | tcp | |
| N/A | 127.0.0.1:54982 | tcp | |
| N/A | 127.0.0.1:54985 | tcp | |
| N/A | 127.0.0.1:54994 | tcp | |
| N/A | 127.0.0.1:54998 | tcp | |
| N/A | 127.0.0.1:55002 | tcp | |
| N/A | 127.0.0.1:55006 | tcp | |
| N/A | 127.0.0.1:55008 | tcp | |
| N/A | 127.0.0.1:55011 | tcp | |
| N/A | 127.0.0.1:55015 | tcp | |
| N/A | 127.0.0.1:55019 | tcp | |
| N/A | 127.0.0.1:55028 | tcp | |
| N/A | 127.0.0.1:55030 | tcp | |
| N/A | 127.0.0.1:55038 | tcp | |
| N/A | 127.0.0.1:55040 | tcp | |
| N/A | 127.0.0.1:55045 | tcp | |
| N/A | 127.0.0.1:55049 | tcp | |
| N/A | 127.0.0.1:55052 | tcp | |
| N/A | 127.0.0.1:55055 | tcp | |
| N/A | 127.0.0.1:55058 | tcp | |
| N/A | 127.0.0.1:55067 | tcp | |
| N/A | 127.0.0.1:55069 | tcp | |
| N/A | 127.0.0.1:55073 | tcp | |
| N/A | 127.0.0.1:55080 | tcp | |
| N/A | 127.0.0.1:55083 | tcp | |
| N/A | 127.0.0.1:55086 | tcp | |
| N/A | 127.0.0.1:55089 | tcp | |
| N/A | 127.0.0.1:55093 | tcp | |
| N/A | 127.0.0.1:55101 | tcp | |
| N/A | 127.0.0.1:55103 | tcp | |
| N/A | 127.0.0.1:55110 | tcp | |
| N/A | 127.0.0.1:55113 | tcp | |
| N/A | 127.0.0.1:55119 | tcp | |
| N/A | 127.0.0.1:55123 | tcp | |
| N/A | 127.0.0.1:55126 | tcp | |
| N/A | 127.0.0.1:55130 | tcp | |
| N/A | 127.0.0.1:55140 | tcp | |
| N/A | 127.0.0.1:55142 | tcp | |
| N/A | 127.0.0.1:55146 | tcp | |
| N/A | 127.0.0.1:55153 | tcp | |
| N/A | 127.0.0.1:55158 | tcp | |
| N/A | 127.0.0.1:55163 | tcp | |
| N/A | 127.0.0.1:55171 | tcp | |
| N/A | 127.0.0.1:55174 | tcp | |
| N/A | 127.0.0.1:55181 | tcp | |
| N/A | 127.0.0.1:55184 | tcp | |
| N/A | 127.0.0.1:55188 | tcp | |
| N/A | 127.0.0.1:55191 | tcp | |
| N/A | 127.0.0.1:55193 | tcp | |
| N/A | 127.0.0.1:55195 | tcp | |
| N/A | 127.0.0.1:55199 | tcp | |
| N/A | 127.0.0.1:55207 | tcp | |
| N/A | 127.0.0.1:55212 | tcp | |
| N/A | 127.0.0.1:55214 | tcp | |
| N/A | 127.0.0.1:55225 | tcp | |
| N/A | 127.0.0.1:55227 | tcp | |
| N/A | 127.0.0.1:55231 | tcp | |
| N/A | 127.0.0.1:55236 | tcp | |
| N/A | 127.0.0.1:55242 | tcp | |
| N/A | 127.0.0.1:55246 | tcp | |
| N/A | 127.0.0.1:55249 | tcp | |
| N/A | 127.0.0.1:55254 | tcp | |
| N/A | 127.0.0.1:55256 | tcp | |
| N/A | 127.0.0.1:55259 | tcp | |
| N/A | 127.0.0.1:55262 | tcp | |
| N/A | 127.0.0.1:55266 | tcp | |
| N/A | 127.0.0.1:55271 | tcp | |
| N/A | 127.0.0.1:55276 | tcp | |
| N/A | 127.0.0.1:55281 | tcp | |
| N/A | 127.0.0.1:55289 | tcp | |
| N/A | 127.0.0.1:55291 | tcp | |
| N/A | 127.0.0.1:55301 | tcp | |
| N/A | 127.0.0.1:55303 | tcp | |
| N/A | 127.0.0.1:55308 | tcp | |
| N/A | 127.0.0.1:55312 | tcp | |
| N/A | 127.0.0.1:55315 | tcp | |
| N/A | 127.0.0.1:55319 | tcp | |
| N/A | 127.0.0.1:55322 | tcp | |
| N/A | 127.0.0.1:55325 | tcp | |
| N/A | 127.0.0.1:55327 | tcp | |
| N/A | 127.0.0.1:55333 | tcp | |
| N/A | 127.0.0.1:55337 | tcp | |
| N/A | 127.0.0.1:55342 | tcp | |
| N/A | 127.0.0.1:55347 | tcp | |
| N/A | 127.0.0.1:55355 | tcp | |
| N/A | 127.0.0.1:55358 | tcp | |
| N/A | 127.0.0.1:55360 | tcp | |
| N/A | 127.0.0.1:55365 | tcp | |
| N/A | 127.0.0.1:55369 | tcp | |
| N/A | 127.0.0.1:55374 | tcp | |
| N/A | 127.0.0.1:55381 | tcp | |
| N/A | 127.0.0.1:55387 | tcp | |
| N/A | 127.0.0.1:55389 | tcp | |
| N/A | 127.0.0.1:55393 | tcp | |
| N/A | 127.0.0.1:55399 | tcp | |
| N/A | 127.0.0.1:55407 | tcp | |
| N/A | 127.0.0.1:55411 | tcp | |
| N/A | 127.0.0.1:55416 | tcp | |
| N/A | 127.0.0.1:55420 | tcp | |
| N/A | 127.0.0.1:55429 | tcp | |
| N/A | 127.0.0.1:55431 | tcp | |
| N/A | 127.0.0.1:55434 | tcp | |
| N/A | 127.0.0.1:55442 | tcp | |
| N/A | 127.0.0.1:55446 | tcp | |
| N/A | 127.0.0.1:55448 | tcp | |
| N/A | 127.0.0.1:55451 | tcp | |
| N/A | 127.0.0.1:55453 | tcp | |
| N/A | 127.0.0.1:55456 | tcp | |
| N/A | 127.0.0.1:55461 | tcp | |
| N/A | 127.0.0.1:55464 | tcp | |
| N/A | 127.0.0.1:55470 | tcp | |
| N/A | 127.0.0.1:55476 | tcp | |
| N/A | 127.0.0.1:55478 | tcp | |
| N/A | 127.0.0.1:55480 | tcp | |
| N/A | 127.0.0.1:55487 | tcp | |
| N/A | 127.0.0.1:55491 | tcp | |
| N/A | 127.0.0.1:55494 | tcp | |
| N/A | 127.0.0.1:55497 | tcp | |
| N/A | 127.0.0.1:55500 | tcp | |
| N/A | 127.0.0.1:55504 | tcp | |
| BG | 185.82.216.108:443 | server2.statsexplorer.org | tcp |
| N/A | 127.0.0.1:55511 | tcp | |
| N/A | 127.0.0.1:55514 | tcp | |
| N/A | 127.0.0.1:55516 | tcp | |
| N/A | 127.0.0.1:55521 | tcp | |
| N/A | 127.0.0.1:55525 | tcp | |
| N/A | 127.0.0.1:55529 | tcp | |
| N/A | 127.0.0.1:55531 | tcp | |
| N/A | 127.0.0.1:55535 | tcp | |
| N/A | 127.0.0.1:55537 | tcp | |
| N/A | 127.0.0.1:55546 | tcp | |
| N/A | 127.0.0.1:55548 | tcp | |
| N/A | 127.0.0.1:55552 | tcp | |
| N/A | 127.0.0.1:55558 | tcp | |
| N/A | 127.0.0.1:55563 | tcp | |
| N/A | 127.0.0.1:55566 | tcp | |
| N/A | 127.0.0.1:55571 | tcp | |
| N/A | 127.0.0.1:55575 | tcp | |
| N/A | 127.0.0.1:55577 | tcp | |
| N/A | 127.0.0.1:55581 | tcp | |
| N/A | 127.0.0.1:55584 | tcp | |
| N/A | 127.0.0.1:55587 | tcp | |
| N/A | 127.0.0.1:55590 | tcp | |
| N/A | 127.0.0.1:55594 | tcp | |
| N/A | 127.0.0.1:55597 | tcp | |
| N/A | 127.0.0.1:55604 | tcp | |
| N/A | 127.0.0.1:55609 | tcp | |
| N/A | 127.0.0.1:55613 | tcp | |
| N/A | 127.0.0.1:55616 | tcp | |
| N/A | 127.0.0.1:55619 | tcp | |
| N/A | 127.0.0.1:55622 | tcp | |
| N/A | 127.0.0.1:55626 | tcp | |
| N/A | 127.0.0.1:55630 | tcp | |
| N/A | 127.0.0.1:55635 | tcp | |
| N/A | 127.0.0.1:55640 | tcp | |
| N/A | 127.0.0.1:55643 | tcp | |
| N/A | 127.0.0.1:55648 | tcp | |
| N/A | 127.0.0.1:55651 | tcp | |
| N/A | 127.0.0.1:55654 | tcp | |
| N/A | 127.0.0.1:55656 | tcp | |
| N/A | 127.0.0.1:55661 | tcp | |
| N/A | 127.0.0.1:55665 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:55671 | tcp | |
| N/A | 127.0.0.1:55674 | tcp | |
| N/A | 127.0.0.1:55683 | tcp | |
| N/A | 127.0.0.1:55688 | tcp | |
| N/A | 127.0.0.1:55693 | tcp | |
| N/A | 127.0.0.1:55696 | tcp | |
| N/A | 127.0.0.1:55700 | tcp | |
| N/A | 127.0.0.1:55702 | tcp | |
| N/A | 127.0.0.1:55705 | tcp | |
| N/A | 127.0.0.1:55716 | tcp | |
| N/A | 127.0.0.1:55718 | tcp | |
| N/A | 127.0.0.1:55721 | tcp | |
| N/A | 127.0.0.1:55726 | tcp | |
| N/A | 127.0.0.1:55735 | tcp | |
| N/A | 127.0.0.1:55737 | tcp | |
| N/A | 127.0.0.1:55742 | tcp | |
| N/A | 127.0.0.1:55747 | tcp | |
| N/A | 127.0.0.1:55750 | tcp | |
| N/A | 127.0.0.1:55753 | tcp | |
| N/A | 127.0.0.1:55758 | tcp | |
| N/A | 127.0.0.1:55761 | tcp | |
| N/A | 127.0.0.1:55765 | tcp | |
| N/A | 127.0.0.1:55774 | tcp | |
| N/A | 127.0.0.1:55779 | tcp | |
| N/A | 127.0.0.1:55782 | tcp | |
| N/A | 127.0.0.1:55785 | tcp | |
| N/A | 127.0.0.1:55787 | tcp | |
| N/A | 127.0.0.1:55790 | tcp | |
| N/A | 127.0.0.1:55794 | tcp | |
| N/A | 127.0.0.1:55803 | tcp | |
| N/A | 127.0.0.1:55808 | tcp | |
| N/A | 127.0.0.1:55811 | tcp | |
| N/A | 127.0.0.1:55815 | tcp | |
| N/A | 127.0.0.1:55819 | tcp | |
| N/A | 127.0.0.1:55823 | tcp | |
| N/A | 127.0.0.1:55828 | tcp | |
| N/A | 127.0.0.1:55834 | tcp | |
| N/A | 127.0.0.1:55837 | tcp | |
| N/A | 127.0.0.1:55841 | tcp | |
| N/A | 127.0.0.1:55847 | tcp | |
| N/A | 127.0.0.1:55851 | tcp | |
| N/A | 127.0.0.1:55854 | tcp | |
| N/A | 127.0.0.1:55856 | tcp | |
| N/A | 127.0.0.1:55862 | tcp | |
| N/A | 127.0.0.1:55870 | tcp | |
| N/A | 127.0.0.1:55872 | tcp | |
| N/A | 127.0.0.1:55875 | tcp | |
| N/A | 127.0.0.1:55884 | tcp | |
| N/A | 127.0.0.1:55886 | tcp | |
| N/A | 127.0.0.1:55891 | tcp | |
| N/A | 127.0.0.1:55896 | tcp | |
| N/A | 127.0.0.1:55899 | tcp | |
| N/A | 127.0.0.1:55902 | tcp | |
| N/A | 127.0.0.1:55907 | tcp | |
| N/A | 127.0.0.1:55910 | tcp | |
| N/A | 127.0.0.1:55915 | tcp | |
| N/A | 127.0.0.1:55919 | tcp | |
| N/A | 127.0.0.1:55929 | tcp | |
| N/A | 127.0.0.1:55931 | tcp | |
| N/A | 127.0.0.1:55934 | tcp | |
| N/A | 127.0.0.1:55942 | tcp | |
| N/A | 127.0.0.1:55945 | tcp | |
| N/A | 127.0.0.1:55949 | tcp | |
| N/A | 127.0.0.1:55951 | tcp | |
| N/A | 127.0.0.1:55957 | tcp | |
| N/A | 127.0.0.1:55960 | tcp | |
| N/A | 127.0.0.1:55963 | tcp | |
| N/A | 127.0.0.1:55967 | tcp | |
| N/A | 127.0.0.1:55969 | tcp | |
| N/A | 127.0.0.1:55972 | tcp | |
| N/A | 127.0.0.1:55983 | tcp | |
| N/A | 127.0.0.1:55985 | tcp | |
| N/A | 127.0.0.1:55991 | tcp | |
| N/A | 127.0.0.1:55995 | tcp | |
| N/A | 127.0.0.1:56000 | tcp | |
| N/A | 127.0.0.1:56004 | tcp | |
| N/A | 127.0.0.1:56011 | tcp | |
| N/A | 127.0.0.1:56015 | tcp | |
| N/A | 127.0.0.1:56021 | tcp | |
| N/A | 127.0.0.1:56025 | tcp | |
| N/A | 127.0.0.1:56030 | tcp | |
| N/A | 127.0.0.1:56033 | tcp | |
| N/A | 127.0.0.1:56036 | tcp | |
| N/A | 127.0.0.1:56040 | tcp | |
| N/A | 127.0.0.1:56044 | tcp | |
| N/A | 127.0.0.1:56049 | tcp | |
| N/A | 127.0.0.1:56054 | tcp | |
| N/A | 127.0.0.1:56059 | tcp | |
| N/A | 127.0.0.1:56061 | tcp | |
| N/A | 127.0.0.1:56065 | tcp | |
| N/A | 127.0.0.1:56069 | tcp | |
| N/A | 127.0.0.1:56074 | tcp | |
| N/A | 127.0.0.1:56080 | tcp | |
| N/A | 127.0.0.1:56082 | tcp | |
| N/A | 127.0.0.1:56086 | tcp | |
| N/A | 127.0.0.1:56090 | tcp | |
| N/A | 127.0.0.1:56094 | tcp | |
| N/A | 127.0.0.1:56098 | tcp | |
| N/A | 127.0.0.1:56104 | tcp | |
| N/A | 127.0.0.1:56108 | tcp | |
| N/A | 127.0.0.1:56114 | tcp | |
| N/A | 127.0.0.1:56120 | tcp | |
| N/A | 127.0.0.1:56123 | tcp | |
| N/A | 127.0.0.1:56128 | tcp | |
| N/A | 127.0.0.1:56133 | tcp | |
| N/A | 127.0.0.1:56136 | tcp | |
| N/A | 127.0.0.1:56138 | tcp | |
| N/A | 127.0.0.1:56141 | tcp | |
| N/A | 127.0.0.1:56145 | tcp | |
| N/A | 127.0.0.1:56155 | tcp | |
| N/A | 127.0.0.1:56157 | tcp | |
| N/A | 127.0.0.1:56162 | tcp | |
| N/A | 127.0.0.1:56166 | tcp | |
| N/A | 127.0.0.1:56170 | tcp | |
| N/A | 127.0.0.1:56174 | tcp | |
| N/A | 127.0.0.1:56181 | tcp | |
| N/A | 127.0.0.1:56184 | tcp | |
| N/A | 127.0.0.1:56188 | tcp | |
| N/A | 127.0.0.1:56192 | tcp | |
| N/A | 127.0.0.1:56195 | tcp | |
| N/A | 127.0.0.1:56203 | tcp | |
| N/A | 127.0.0.1:56208 | tcp | |
| N/A | 127.0.0.1:56211 | tcp | |
| N/A | 127.0.0.1:56212 | tcp | |
| N/A | 127.0.0.1:56216 | tcp | |
| N/A | 127.0.0.1:56223 | tcp | |
| N/A | 127.0.0.1:56229 | tcp | |
| N/A | 127.0.0.1:56233 | tcp | |
| N/A | 127.0.0.1:56237 | tcp | |
| N/A | 127.0.0.1:56241 | tcp | |
| N/A | 127.0.0.1:56246 | tcp | |
| N/A | 127.0.0.1:56250 | tcp | |
| N/A | 127.0.0.1:56253 | tcp | |
| N/A | 127.0.0.1:56258 | tcp | |
| N/A | 127.0.0.1:56261 | tcp | |
| N/A | 127.0.0.1:56266 | tcp | |
| N/A | 127.0.0.1:56272 | tcp | |
| N/A | 127.0.0.1:56276 | tcp | |
| N/A | 127.0.0.1:56279 | tcp | |
| N/A | 127.0.0.1:56286 | tcp | |
| N/A | 127.0.0.1:56289 | tcp | |
| N/A | 127.0.0.1:56298 | tcp | |
| N/A | 127.0.0.1:56300 | tcp | |
| N/A | 127.0.0.1:56303 | tcp | |
| N/A | 127.0.0.1:56305 | tcp | |
| N/A | 127.0.0.1:56309 | tcp | |
| N/A | 127.0.0.1:56312 | tcp | |
| N/A | 127.0.0.1:56317 | tcp | |
| N/A | 127.0.0.1:56324 | tcp | |
| N/A | 127.0.0.1:56328 | tcp | |
| N/A | 127.0.0.1:56332 | tcp | |
| N/A | 127.0.0.1:56335 | tcp | |
| N/A | 127.0.0.1:56338 | tcp | |
| N/A | 127.0.0.1:56341 | tcp | |
| N/A | 127.0.0.1:56344 | tcp | |
| N/A | 127.0.0.1:56349 | tcp | |
| N/A | 127.0.0.1:56353 | tcp | |
| N/A | 127.0.0.1:56359 | tcp | |
| N/A | 127.0.0.1:56365 | tcp | |
| N/A | 127.0.0.1:56369 | tcp | |
| N/A | 127.0.0.1:56374 | tcp | |
| N/A | 127.0.0.1:56379 | tcp | |
| N/A | 127.0.0.1:56383 | tcp | |
| N/A | 127.0.0.1:56389 | tcp | |
| N/A | 127.0.0.1:56394 | tcp | |
| N/A | 127.0.0.1:56396 | tcp | |
| N/A | 127.0.0.1:56400 | tcp | |
| N/A | 127.0.0.1:56403 | tcp | |
| N/A | 127.0.0.1:56407 | tcp | |
| N/A | 127.0.0.1:56411 | tcp | |
| N/A | 127.0.0.1:56421 | tcp | |
| N/A | 127.0.0.1:56423 | tcp | |
| N/A | 127.0.0.1:56431 | tcp | |
| N/A | 127.0.0.1:56433 | tcp | |
| N/A | 127.0.0.1:56436 | tcp | |
| N/A | 127.0.0.1:56439 | tcp | |
| N/A | 127.0.0.1:56441 | tcp | |
| N/A | 127.0.0.1:56446 | tcp | |
| N/A | 127.0.0.1:56451 | tcp | |
| N/A | 127.0.0.1:56458 | tcp | |
| N/A | 127.0.0.1:56463 | tcp | |
| N/A | 127.0.0.1:56467 | tcp | |
| N/A | 127.0.0.1:56471 | tcp | |
| N/A | 127.0.0.1:56475 | tcp | |
| N/A | 127.0.0.1:56479 | tcp | |
| N/A | 127.0.0.1:56485 | tcp | |
| N/A | 127.0.0.1:56488 | tcp | |
| N/A | 127.0.0.1:56491 | tcp | |
| N/A | 127.0.0.1:56496 | tcp | |
| N/A | 127.0.0.1:56499 | tcp | |
| N/A | 127.0.0.1:56504 | tcp | |
| N/A | 127.0.0.1:56509 | tcp | |
| N/A | 127.0.0.1:56514 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:56521 | tcp | |
| N/A | 127.0.0.1:56524 | tcp | |
| N/A | 127.0.0.1:56534 | tcp | |
| N/A | 127.0.0.1:56536 | tcp | |
| N/A | 127.0.0.1:56540 | tcp | |
| N/A | 127.0.0.1:56545 | tcp | |
| N/A | 127.0.0.1:56548 | tcp | |
| N/A | 127.0.0.1:56551 | tcp | |
| N/A | 127.0.0.1:56558 | tcp | |
| N/A | 127.0.0.1:56562 | tcp | |
| N/A | 127.0.0.1:56565 | tcp | |
| N/A | 127.0.0.1:56568 | tcp | |
| N/A | 127.0.0.1:56570 | tcp | |
| N/A | 127.0.0.1:56572 | tcp | |
| N/A | 127.0.0.1:56576 | tcp | |
| N/A | 127.0.0.1:56589 | tcp | |
| N/A | 127.0.0.1:56591 | tcp | |
| N/A | 127.0.0.1:56593 | tcp | |
| N/A | 127.0.0.1:56598 | tcp | |
| N/A | 127.0.0.1:56603 | tcp | |
| N/A | 127.0.0.1:56607 | tcp | |
| N/A | 127.0.0.1:56610 | tcp | |
| N/A | 127.0.0.1:56613 | tcp | |
| N/A | 127.0.0.1:56623 | tcp | |
| N/A | 127.0.0.1:56626 | tcp | |
| N/A | 127.0.0.1:56631 | tcp | |
| N/A | 127.0.0.1:56635 | tcp | |
| N/A | 127.0.0.1:56638 | tcp | |
| N/A | 127.0.0.1:56642 | tcp | |
| N/A | 127.0.0.1:56646 | tcp | |
| N/A | 127.0.0.1:56650 | tcp | |
| N/A | 127.0.0.1:56657 | tcp | |
| N/A | 127.0.0.1:56661 | tcp | |
| N/A | 127.0.0.1:56666 | tcp | |
| N/A | 127.0.0.1:56670 | tcp | |
| N/A | 127.0.0.1:56677 | tcp | |
| N/A | 127.0.0.1:56679 | tcp | |
| N/A | 127.0.0.1:56685 | tcp | |
| N/A | 127.0.0.1:56688 | tcp | |
| N/A | 127.0.0.1:56690 | tcp | |
| N/A | 127.0.0.1:56693 | tcp | |
| N/A | 127.0.0.1:56695 | tcp | |
| N/A | 127.0.0.1:56706 | tcp | |
| N/A | 127.0.0.1:56712 | tcp | |
| N/A | 127.0.0.1:56717 | tcp | |
| N/A | 127.0.0.1:56720 | tcp | |
| N/A | 127.0.0.1:56726 | tcp | |
| N/A | 127.0.0.1:56729 | tcp | |
| N/A | 127.0.0.1:56733 | tcp | |
| N/A | 127.0.0.1:56741 | tcp | |
| N/A | 127.0.0.1:56744 | tcp | |
| N/A | 127.0.0.1:56747 | tcp | |
| N/A | 127.0.0.1:56751 | tcp | |
| N/A | 127.0.0.1:56754 | tcp | |
| N/A | 127.0.0.1:56756 | tcp | |
| N/A | 127.0.0.1:56758 | tcp | |
| N/A | 127.0.0.1:56760 | tcp | |
| N/A | 127.0.0.1:56762 | tcp | |
| N/A | 127.0.0.1:56764 | tcp | |
| N/A | 127.0.0.1:56766 | tcp | |
| N/A | 127.0.0.1:56768 | tcp | |
| N/A | 127.0.0.1:56770 | tcp | |
| N/A | 127.0.0.1:56772 | tcp | |
| N/A | 127.0.0.1:56774 | tcp | |
| N/A | 127.0.0.1:56776 | tcp | |
| N/A | 127.0.0.1:56778 | tcp | |
| N/A | 127.0.0.1:56780 | tcp | |
| N/A | 127.0.0.1:56782 | tcp | |
| N/A | 127.0.0.1:56784 | tcp | |
| N/A | 127.0.0.1:56786 | tcp | |
| N/A | 127.0.0.1:56788 | tcp | |
| N/A | 127.0.0.1:56790 | tcp | |
| N/A | 127.0.0.1:56792 | tcp | |
| N/A | 127.0.0.1:56794 | tcp | |
| N/A | 127.0.0.1:56796 | tcp | |
| N/A | 127.0.0.1:56798 | tcp | |
| N/A | 127.0.0.1:56800 | tcp | |
| N/A | 127.0.0.1:56802 | tcp | |
| N/A | 127.0.0.1:56804 | tcp | |
| N/A | 127.0.0.1:56806 | tcp | |
| N/A | 127.0.0.1:56808 | tcp | |
| N/A | 127.0.0.1:56810 | tcp | |
| N/A | 127.0.0.1:56812 | tcp | |
| N/A | 127.0.0.1:56814 | tcp | |
| N/A | 127.0.0.1:56816 | tcp | |
| N/A | 127.0.0.1:56818 | tcp | |
| N/A | 127.0.0.1:56820 | tcp | |
| N/A | 127.0.0.1:56822 | tcp | |
| N/A | 127.0.0.1:56824 | tcp | |
| N/A | 127.0.0.1:56826 | tcp | |
| N/A | 127.0.0.1:56828 | tcp | |
| N/A | 127.0.0.1:56830 | tcp | |
| N/A | 127.0.0.1:56832 | tcp | |
| N/A | 127.0.0.1:56834 | tcp | |
| N/A | 127.0.0.1:56836 | tcp | |
| N/A | 127.0.0.1:56838 | tcp | |
| N/A | 127.0.0.1:56840 | tcp | |
| N/A | 127.0.0.1:56842 | tcp | |
| N/A | 127.0.0.1:56844 | tcp | |
| N/A | 127.0.0.1:56846 | tcp | |
| N/A | 127.0.0.1:56848 | tcp | |
| N/A | 127.0.0.1:56850 | tcp | |
| N/A | 127.0.0.1:56852 | tcp | |
| N/A | 127.0.0.1:56854 | tcp | |
| N/A | 127.0.0.1:56856 | tcp | |
| N/A | 127.0.0.1:56858 | tcp | |
| N/A | 127.0.0.1:56860 | tcp | |
| N/A | 127.0.0.1:56862 | tcp | |
| N/A | 127.0.0.1:56864 | tcp | |
| N/A | 127.0.0.1:56866 | tcp | |
| N/A | 127.0.0.1:56868 | tcp | |
| N/A | 127.0.0.1:56870 | tcp | |
| N/A | 127.0.0.1:56872 | tcp | |
| N/A | 127.0.0.1:56875 | tcp | |
| N/A | 127.0.0.1:56877 | tcp | |
| N/A | 127.0.0.1:56879 | tcp | |
| N/A | 127.0.0.1:56881 | tcp | |
| N/A | 127.0.0.1:56883 | tcp | |
| N/A | 127.0.0.1:56885 | tcp | |
| N/A | 127.0.0.1:56887 | tcp | |
| N/A | 127.0.0.1:56889 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:56896 | tcp | |
| N/A | 127.0.0.1:56902 | tcp | |
| N/A | 127.0.0.1:56906 | tcp | |
| N/A | 127.0.0.1:56909 | tcp | |
| N/A | 127.0.0.1:56913 | tcp | |
| N/A | 127.0.0.1:56922 | tcp | |
| N/A | 127.0.0.1:56930 | tcp | |
| N/A | 127.0.0.1:56933 | tcp | |
| N/A | 127.0.0.1:56940 | tcp | |
| N/A | 127.0.0.1:56945 | tcp | |
| N/A | 127.0.0.1:56949 | tcp | |
| N/A | 127.0.0.1:41152 | tcp | |
| N/A | 127.0.0.1:56955 | tcp | |
| N/A | 127.0.0.1:56957 | tcp | |
| N/A | 127.0.0.1:56959 | tcp | |
| N/A | 127.0.0.1:56961 | tcp | |
| N/A | 127.0.0.1:56963 | tcp | |
| N/A | 127.0.0.1:56965 | tcp | |
| N/A | 127.0.0.1:56967 | tcp | |
| N/A | 127.0.0.1:56983 | tcp | |
| N/A | 127.0.0.1:56986 | tcp | |
| N/A | 127.0.0.1:56988 | tcp | |
| N/A | 127.0.0.1:56990 | tcp | |
| N/A | 127.0.0.1:56992 | tcp | |
| N/A | 127.0.0.1:56994 | tcp | |
| N/A | 127.0.0.1:56996 | tcp | |
| N/A | 127.0.0.1:56998 | tcp | |
| N/A | 127.0.0.1:57000 | tcp | |
| N/A | 127.0.0.1:57002 | tcp | |
| N/A | 127.0.0.1:57004 | tcp | |
| N/A | 127.0.0.1:57006 | tcp | |
| N/A | 127.0.0.1:57008 | tcp | |
| N/A | 127.0.0.1:57010 | tcp | |
| N/A | 127.0.0.1:57012 | tcp | |
| N/A | 127.0.0.1:57014 | tcp | |
| N/A | 127.0.0.1:57016 | tcp | |
| N/A | 127.0.0.1:57018 | tcp | |
| N/A | 127.0.0.1:57020 | tcp | |
| N/A | 127.0.0.1:57022 | tcp | |
| N/A | 127.0.0.1:57024 | tcp | |
| N/A | 127.0.0.1:57026 | tcp | |
| N/A | 127.0.0.1:57028 | tcp | |
| N/A | 127.0.0.1:57030 | tcp | |
| N/A | 127.0.0.1:57032 | tcp | |
| N/A | 127.0.0.1:57034 | tcp | |
| N/A | 127.0.0.1:57036 | tcp | |
| N/A | 127.0.0.1:57038 | tcp | |
| N/A | 127.0.0.1:57040 | tcp | |
| N/A | 127.0.0.1:57042 | tcp | |
| N/A | 127.0.0.1:57044 | tcp | |
| N/A | 127.0.0.1:57046 | tcp | |
| N/A | 127.0.0.1:57052 | tcp | |
| N/A | 127.0.0.1:57054 | tcp | |
| N/A | 127.0.0.1:57056 | tcp | |
| N/A | 127.0.0.1:57058 | tcp | |
| N/A | 127.0.0.1:57060 | tcp | |
| N/A | 127.0.0.1:57062 | tcp | |
| N/A | 127.0.0.1:57066 | tcp | |
| N/A | 127.0.0.1:57068 | tcp | |
| N/A | 127.0.0.1:57070 | tcp | |
| N/A | 127.0.0.1:57072 | tcp | |
| N/A | 127.0.0.1:57074 | tcp | |
| N/A | 127.0.0.1:57076 | tcp | |
| N/A | 127.0.0.1:57078 | tcp | |
| N/A | 127.0.0.1:57080 | tcp | |
| N/A | 127.0.0.1:57082 | tcp | |
| N/A | 127.0.0.1:57084 | tcp | |
| N/A | 127.0.0.1:57086 | tcp | |
| N/A | 127.0.0.1:57088 | tcp | |
| N/A | 127.0.0.1:57090 | tcp | |
| N/A | 127.0.0.1:57092 | tcp | |
| N/A | 127.0.0.1:57094 | tcp | |
| N/A | 127.0.0.1:57096 | tcp | |
| N/A | 127.0.0.1:57098 | tcp | |
| N/A | 127.0.0.1:57100 | tcp | |
| N/A | 127.0.0.1:57102 | tcp | |
| N/A | 127.0.0.1:57104 | tcp | |
| N/A | 127.0.0.1:57106 | tcp | |
| N/A | 127.0.0.1:57108 | tcp | |
| N/A | 127.0.0.1:57110 | tcp | |
| N/A | 127.0.0.1:57112 | tcp | |
| N/A | 127.0.0.1:57114 | tcp | |
| N/A | 127.0.0.1:57116 | tcp | |
| N/A | 127.0.0.1:57118 | tcp | |
| N/A | 127.0.0.1:57120 | tcp | |
| N/A | 127.0.0.1:57122 | tcp | |
| N/A | 127.0.0.1:57124 | tcp | |
| N/A | 127.0.0.1:57126 | tcp | |
| N/A | 127.0.0.1:57128 | tcp | |
| N/A | 127.0.0.1:57130 | tcp | |
| N/A | 127.0.0.1:57132 | tcp | |
| N/A | 127.0.0.1:57134 | tcp | |
| N/A | 127.0.0.1:57136 | tcp | |
| N/A | 127.0.0.1:57138 | tcp | |
| N/A | 127.0.0.1:57140 | tcp | |
| N/A | 127.0.0.1:57142 | tcp | |
| N/A | 127.0.0.1:57144 | tcp | |
| N/A | 127.0.0.1:57146 | tcp | |
| N/A | 127.0.0.1:57148 | tcp | |
| N/A | 127.0.0.1:57150 | tcp | |
| N/A | 127.0.0.1:57152 | tcp | |
| N/A | 127.0.0.1:57154 | tcp | |
| N/A | 127.0.0.1:57156 | tcp | |
| N/A | 127.0.0.1:57158 | tcp | |
| N/A | 127.0.0.1:57160 | tcp | |
| N/A | 127.0.0.1:57162 | tcp | |
| N/A | 127.0.0.1:57164 | tcp | |
| N/A | 127.0.0.1:57166 | tcp | |
| N/A | 127.0.0.1:57168 | tcp | |
| N/A | 127.0.0.1:57170 | tcp | |
| N/A | 127.0.0.1:57172 | tcp | |
| N/A | 127.0.0.1:57174 | tcp | |
| N/A | 127.0.0.1:57176 | tcp | |
| N/A | 127.0.0.1:57178 | tcp | |
| N/A | 127.0.0.1:57180 | tcp | |
| N/A | 127.0.0.1:57182 | tcp | |
| N/A | 127.0.0.1:57184 | tcp | |
| N/A | 127.0.0.1:57187 | tcp | |
| N/A | 127.0.0.1:57192 | tcp | |
| N/A | 127.0.0.1:57197 | tcp | |
| N/A | 127.0.0.1:57200 | tcp | |
| N/A | 127.0.0.1:57209 | tcp | |
| N/A | 127.0.0.1:57211 | tcp | |
| N/A | 127.0.0.1:57213 | tcp | |
| N/A | 127.0.0.1:57215 | tcp | |
| N/A | 127.0.0.1:57217 | tcp | |
| N/A | 127.0.0.1:57219 | tcp | |
| N/A | 127.0.0.1:57221 | tcp | |
| N/A | 127.0.0.1:57223 | tcp | |
| N/A | 127.0.0.1:57225 | tcp | |
| N/A | 127.0.0.1:57227 | tcp | |
| N/A | 127.0.0.1:57229 | tcp | |
| N/A | 127.0.0.1:57231 | tcp | |
| N/A | 127.0.0.1:57233 | tcp | |
| N/A | 127.0.0.1:57235 | tcp | |
| N/A | 127.0.0.1:57237 | tcp | |
| N/A | 127.0.0.1:57239 | tcp | |
| N/A | 127.0.0.1:57241 | tcp | |
| N/A | 127.0.0.1:57243 | tcp | |
| N/A | 127.0.0.1:57245 | tcp | |
| N/A | 127.0.0.1:57247 | tcp | |
| N/A | 127.0.0.1:57249 | tcp | |
| N/A | 127.0.0.1:57251 | tcp | |
| N/A | 127.0.0.1:57253 | tcp | |
| N/A | 127.0.0.1:57255 | tcp | |
| N/A | 127.0.0.1:57257 | tcp | |
| N/A | 127.0.0.1:57259 | tcp | |
| N/A | 127.0.0.1:57261 | tcp | |
| N/A | 127.0.0.1:57263 | tcp | |
| N/A | 127.0.0.1:57265 | tcp | |
| N/A | 127.0.0.1:57267 | tcp | |
| N/A | 127.0.0.1:57269 | tcp | |
| N/A | 127.0.0.1:57273 | tcp | |
| N/A | 127.0.0.1:57277 | tcp | |
| N/A | 127.0.0.1:57279 | tcp | |
| N/A | 127.0.0.1:57281 | tcp | |
| N/A | 127.0.0.1:57283 | tcp | |
| N/A | 127.0.0.1:57285 | tcp | |
| N/A | 127.0.0.1:57287 | tcp | |
| N/A | 127.0.0.1:57289 | tcp | |
| N/A | 127.0.0.1:57291 | tcp | |
| N/A | 127.0.0.1:57293 | tcp | |
| N/A | 127.0.0.1:57295 | tcp | |
| N/A | 127.0.0.1:57297 | tcp | |
| N/A | 127.0.0.1:57299 | tcp | |
| N/A | 127.0.0.1:57301 | tcp | |
| N/A | 127.0.0.1:57309 | tcp | |
| N/A | 127.0.0.1:57315 | tcp | |
| N/A | 127.0.0.1:57317 | tcp | |
| N/A | 127.0.0.1:57319 | tcp | |
| N/A | 127.0.0.1:57329 | tcp | |
| N/A | 127.0.0.1:57331 | tcp | |
| N/A | 127.0.0.1:57334 | tcp | |
| N/A | 127.0.0.1:57340 | tcp | |
| N/A | 127.0.0.1:57345 | tcp | |
| N/A | 127.0.0.1:57348 | tcp | |
| N/A | 127.0.0.1:57350 | tcp | |
| N/A | 127.0.0.1:57352 | tcp | |
| N/A | 127.0.0.1:57354 | tcp | |
| N/A | 127.0.0.1:57356 | tcp | |
| N/A | 127.0.0.1:57358 | tcp | |
| N/A | 127.0.0.1:57360 | tcp | |
| N/A | 127.0.0.1:57367 | tcp | |
| N/A | 127.0.0.1:57370 | tcp | |
| N/A | 127.0.0.1:57372 | tcp | |
| N/A | 127.0.0.1:57378 | tcp | |
| N/A | 127.0.0.1:57381 | tcp | |
| N/A | 127.0.0.1:57385 | tcp | |
| N/A | 127.0.0.1:57393 | tcp | |
| N/A | 127.0.0.1:57396 | tcp | |
| N/A | 127.0.0.1:57402 | tcp | |
| N/A | 127.0.0.1:57405 | tcp | |
| N/A | 127.0.0.1:57409 | tcp | |
| N/A | 127.0.0.1:57412 | tcp | |
| N/A | 127.0.0.1:57414 | tcp | |
| N/A | 127.0.0.1:57416 | tcp | |
| N/A | 127.0.0.1:57418 | tcp | |
| N/A | 127.0.0.1:57425 | tcp | |
| N/A | 127.0.0.1:57427 | tcp | |
| N/A | 127.0.0.1:57429 | tcp | |
| N/A | 127.0.0.1:57436 | tcp | |
| N/A | 127.0.0.1:57438 | tcp | |
| N/A | 127.0.0.1:57440 | tcp | |
| N/A | 127.0.0.1:57442 | tcp | |
| N/A | 127.0.0.1:57444 | tcp | |
| N/A | 127.0.0.1:57446 | tcp | |
| N/A | 127.0.0.1:57448 | tcp | |
| N/A | 127.0.0.1:57450 | tcp | |
| N/A | 127.0.0.1:57452 | tcp | |
| N/A | 127.0.0.1:57454 | tcp | |
| N/A | 127.0.0.1:57456 | tcp | |
| N/A | 127.0.0.1:57458 | tcp | |
| N/A | 127.0.0.1:57460 | tcp | |
| N/A | 127.0.0.1:57462 | tcp | |
| N/A | 127.0.0.1:57464 | tcp | |
| N/A | 127.0.0.1:57466 | tcp | |
| N/A | 127.0.0.1:57468 | tcp | |
| N/A | 127.0.0.1:57470 | tcp | |
| N/A | 127.0.0.1:57472 | tcp | |
| N/A | 127.0.0.1:57474 | tcp | |
| N/A | 127.0.0.1:57476 | tcp | |
| N/A | 127.0.0.1:57478 | tcp | |
| N/A | 127.0.0.1:57480 | tcp | |
| N/A | 127.0.0.1:57484 | tcp | |
| N/A | 127.0.0.1:57486 | tcp | |
| N/A | 127.0.0.1:57491 | tcp | |
| N/A | 127.0.0.1:57494 | tcp | |
| N/A | 127.0.0.1:57501 | tcp | |
| N/A | 127.0.0.1:57503 | tcp | |
| N/A | 127.0.0.1:57505 | tcp | |
| N/A | 127.0.0.1:57507 | tcp | |
| N/A | 127.0.0.1:57509 | tcp | |
| N/A | 127.0.0.1:57515 | tcp | |
| N/A | 127.0.0.1:57517 | tcp | |
| N/A | 127.0.0.1:57520 | tcp | |
| N/A | 127.0.0.1:57526 | tcp | |
| N/A | 127.0.0.1:57529 | tcp | |
| N/A | 127.0.0.1:57533 | tcp | |
| BG | 185.82.216.108:443 | server2.statsexplorer.org | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| BG | 185.82.216.108:443 | server2.statsexplorer.org | tcp |
Files
memory/4972-1-0x00000000024D0000-0x00000000025D0000-memory.dmp
memory/4972-2-0x00000000022F0000-0x00000000022FB000-memory.dmp
memory/4972-3-0x0000000000400000-0x00000000022CB000-memory.dmp
memory/3284-4-0x0000000001200000-0x0000000001216000-memory.dmp
memory/4972-5-0x0000000000400000-0x00000000022CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C12D.exe
| MD5 | 147f5f5bbc80b2ad753993e15f3f32c2 |
| SHA1 | 16d73b4abeef12cf76414338901eb7bbef46775f |
| SHA256 | 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990 |
| SHA512 | 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6 |
memory/4312-16-0x0000000004BC0000-0x0000000004D79000-memory.dmp
memory/4312-17-0x0000000004D80000-0x0000000004F37000-memory.dmp
memory/1256-18-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C12D.exe
| MD5 | 88babb2d175aa4f22ca386ad21f2758b |
| SHA1 | 1b09a641c2e1b3884d96c59e4f9763b980b77060 |
| SHA256 | 7772fb3ba44740cb9a69900faad06fe02219565c23d57bc0a445f44790ab4a56 |
| SHA512 | 52ef1364f1143f2e6f7037ec6e8ed03036d5ae8a5aed1fc6e2c4d6d4612a64ecd68f503706d9190803bade65d50fe03d93ebb849107a103b6f57591f9c6b385c |
memory/1256-20-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1256-21-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1256-22-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1256-23-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1256-24-0x0000000000400000-0x0000000000848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C583.dll
| MD5 | bdc9992d8a0dee6bd105b3af38619774 |
| SHA1 | 09589ef7751f604d4d9698906b88d6921b67c78f |
| SHA256 | 961bc2e5df8864eb42a2fb09868cc3c160e92f47ec3fd88f4b8aba61ecb93681 |
| SHA512 | b4b45ec35bbb10d32bcf6752b60e8f95e23651720cf521c036ad07fc43a5de7152f362e72b58176dc84ceee56066914cbfe6851fbc08a3c5e205a7088cac499f |
memory/3440-32-0x0000000010000000-0x00000000101A3000-memory.dmp
memory/3440-34-0x0000000002DF0000-0x0000000002DF6000-memory.dmp
memory/3440-35-0x0000000004BA0000-0x0000000004CC6000-memory.dmp
memory/3440-36-0x0000000004CD0000-0x0000000004DDB000-memory.dmp
memory/3440-39-0x0000000004CD0000-0x0000000004DDB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E021.exe
| MD5 | 6f2b39c7968cdd9f6d55ab0dfc6bd1ae |
| SHA1 | 4810679ea743e12b5b7f9a7edb8c054f910ce8d8 |
| SHA256 | a103c3347edb5fb05f6171684ffe126fe281b9d7c36d8feb03d335a582baf7be |
| SHA512 | a3132ae7c61425347081650f6c4e64e1483d963b122ab84275aca8789289e6f1cef5b7a8bacd3342c065310b6ff97834d80bde6281d2908eb041d9c05f864a43 |
memory/4052-44-0x0000000002F30000-0x0000000002F31000-memory.dmp
memory/4052-43-0x0000000002E20000-0x0000000002E21000-memory.dmp
memory/4052-46-0x0000000000220000-0x0000000000E24000-memory.dmp
memory/4052-45-0x0000000002F60000-0x0000000002F61000-memory.dmp
memory/4052-50-0x0000000002F80000-0x0000000002F81000-memory.dmp
memory/4052-51-0x0000000002F90000-0x0000000002F91000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E5A0.exe
| MD5 | 1996a23c7c764a77ccacf5808fec23b0 |
| SHA1 | 5a7141b167056bf8f01c067ebe12ed4ccc608dc7 |
| SHA256 | e40c8e14e8cb8a0667026a35e6e281c7a8a02bdf7bc39b53cfe0605e29372888 |
| SHA512 | 430c8b43c2cbb937d2528fa79c754be1a1b80c95c45c49dba323e3fe6097a7505fc437ddafab54b21d00fba9300b5fa36555535a6fa2eb656b5aa45ccf942e23 |
memory/4052-47-0x0000000002F70000-0x0000000002F71000-memory.dmp
memory/1256-60-0x0000000000400000-0x0000000000848000-memory.dmp
memory/4052-59-0x0000000002FC0000-0x0000000002FC1000-memory.dmp
memory/4052-62-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/4052-61-0x0000000002FD0000-0x0000000002FD1000-memory.dmp
memory/4052-64-0x0000000002FF0000-0x0000000002FF1000-memory.dmp
memory/4052-63-0x0000000000220000-0x0000000000E24000-memory.dmp
memory/4052-66-0x0000000003010000-0x0000000003011000-memory.dmp
memory/4052-65-0x0000000003000000-0x0000000003001000-memory.dmp
memory/4052-67-0x0000000003020000-0x0000000003021000-memory.dmp
memory/4052-68-0x0000000003030000-0x0000000003031000-memory.dmp
memory/4052-69-0x0000000003040000-0x0000000003041000-memory.dmp
memory/4052-70-0x0000000003050000-0x0000000003051000-memory.dmp
memory/4052-71-0x0000000003060000-0x0000000003061000-memory.dmp
memory/4052-72-0x0000000003070000-0x0000000003071000-memory.dmp
memory/4052-74-0x0000000003090000-0x0000000003091000-memory.dmp
memory/4052-75-0x00000000030A0000-0x00000000030A1000-memory.dmp
memory/4052-73-0x0000000003080000-0x0000000003081000-memory.dmp
memory/4052-76-0x00000000030B0000-0x00000000030B1000-memory.dmp
memory/4052-77-0x00000000030C0000-0x00000000030C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E021.exe
| MD5 | 931b31b03a14bd25615834377b2ed256 |
| SHA1 | 899a7e209d3d7e919cf346a49b0bc0877f738383 |
| SHA256 | 1bd7aedd5fcd9f921d0ee481f98a276603447b9721870b8aa13380d4f438c320 |
| SHA512 | ba6b9063fbe70228122f83bdeb70201e9859fd0362c8295b990bf2ae15e04561ee8513b7a0023a58de0ea50e3670a7b815f4afa457203de26a7214ec41ce0a35 |
memory/3440-80-0x0000000010000000-0x00000000101A3000-memory.dmp
memory/4052-81-0x0000000000220000-0x0000000000E24000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1A5.exe
| MD5 | d048a432751d6e9c3790a9dab0d2bae1 |
| SHA1 | 6ce447a2ccecd44da6e6e36a0cc73c2924535277 |
| SHA256 | e84470878218d9ac63939cf8efee7f830331d4d00c2ecc483b007a218b77be5f |
| SHA512 | a21db0d43095991e5c82fec15eacf27231b41fa77b15ee175b10a61aee628195bc255c3cae6f5a056dacd8d4eeaeb57eacd4351410a4f16230a7f9bfbc769052 |
C:\Users\Admin\AppData\Local\Temp\1A5.exe
| MD5 | 687a92236ac841a9709bb6e98698f2c8 |
| SHA1 | 816e6edd97d3623ee9056f99e64fbdc5e48a105a |
| SHA256 | 31e8b869d59d6f16f921a2d00c20402bc4107f5636704c8a727c80c46d22c069 |
| SHA512 | 07e09fcd58656f8fbf666eee9311d1c8caf4a2a8425b33d709e237f279e64b1482a1dd8a13150cbed46884ae9d49393dd50517a95a5e66ac82fc3fc16776a2a4 |
memory/4300-87-0x0000000073200000-0x00000000738EE000-memory.dmp
memory/4300-86-0x00000000003C0000-0x0000000000C76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | d3c015d761ac4697c31779ebd67685fe |
| SHA1 | 6eda243187265592a404feca52bf612ddc66e396 |
| SHA256 | 689272ab8ec16e67eb0c14f37e0928b21b3cf38e467216ed1240177d82e5d7ea |
| SHA512 | 680b8009fc1392d7269a58821b9a0f71bf93ae4b7a46f8f3c9900ab501a48fa7c882c214377d0b33b6310d6d92259dada20db8b3e6939446b013b2d668a7d7ab |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 05289f5848a855ff3d7a78b862498e26 |
| SHA1 | 1021a66f15e425f33047d76a247680e916e736b0 |
| SHA256 | 9c6d6f161b0253f9a78cd099ed0aa225b6ac00d3801859ff7405abd08b501407 |
| SHA512 | 46265b61d4bdaeaf8af057fe5d49062f69b5ba7ca28198724c0767750af9705bf2f203183b7d33713ba45a9a02009539c5a2253ba567e7b4a4c0a79e85c200a7 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 2dd141fb65845d46bcfbb09317a863e4 |
| SHA1 | b0b4964ef45e9cfbfbb565906136e73b3a8a2336 |
| SHA256 | c5af9f4b09dfee0f105c1b147f40534cf286c0f61f7aaee6d88165e4d610af01 |
| SHA512 | 4bb8643abca8918cb2ce587ea906cf1e5f41f5e252f5ba92867db56a58c76d0cac03cd524ce2dd2d92021964aebf75fdac71ece483f3d4eb5d691ae1ffc2a13a |
\Users\Admin\AppData\Local\Temp\nsg8E5.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | e3e990a1da1a4bc8edac96606cf75162 |
| SHA1 | be055ce37414435c56de8be384ebe023b1fe1751 |
| SHA256 | 1a347699f8a4aeda667bde6ec89a7dc46e012ba40ac09d9f37e18781be9daeea |
| SHA512 | e69ee32a652938319dd98dffc994875b85d39af4410e05897e1e782a10f43bba38032386f432e2a7d74a01048989b6ae5daa174e9181ff8eec999f9328ff849d |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | b891ea52a1cb551ba5a1a14dca5254ae |
| SHA1 | 4539c472a04b895bba7ffa7df8700503641b0a28 |
| SHA256 | 9dd28b8cff0cc89209fee1fb161d33c798483cf3850d9be32caf4419892b4572 |
| SHA512 | f57c74a4b7e647aeb2bf11b185d123f0709b577ab5539bb7c6eade05bc0f983d99dce8b2e75b011403be80ddfb004632d86d894da74cfd28829dfc890c794145 |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | c9c300ebe40a14fc7cfefea0afd54276 |
| SHA1 | d219ac14a4649ea0acd3d7d1ac17b8f582fd34c5 |
| SHA256 | 99a0ea946782381b252a96be31f03d8307ce0be3293dc04993129f46d0770980 |
| SHA512 | d870f55cb9496d3e12a7c05fe061ef96b19beb57c9a7eceb55acf091ed2a7766ff31a14fba7befe86e0b8640a43197fdff90cc3565307d415cfdb9906d897ae7 |
memory/4300-112-0x0000000073200000-0x00000000738EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 609d8b79eca868b78a4f0a4468101222 |
| SHA1 | 844ccffc0aa763c703ad9db7ced59cfecd4cc93a |
| SHA256 | 51a4115eb975b66cd357749159b9bd5f63a76b95159aaef21340cdbd9ac0f8af |
| SHA512 | 92c472bc6dfe5bd555f1ebf884022600a890ce6727e088291479604abfbb4eb4c878e80c249937c54de320a1e625a318148630d38f86a9ff58060d569b18c136 |
memory/2056-113-0x0000000000A80000-0x0000000000A81000-memory.dmp
memory/3720-115-0x00000000028F0000-0x0000000002CEC000-memory.dmp
memory/4052-117-0x0000000000220000-0x0000000000E24000-memory.dmp
memory/1256-116-0x0000000000400000-0x0000000000848000-memory.dmp
memory/3720-118-0x0000000002DF0000-0x00000000036DB000-memory.dmp
memory/3720-119-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/1256-120-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsg8E5.tmp\INetC.dll
| MD5 | b078e6f8cb24b6556e33260ea529fd91 |
| SHA1 | 2f28ee4e659638d54c2314d76c26842f9972ae5f |
| SHA256 | d85ab9f8f13a5f67d45458368b2ae480465a28ecf75303048ad76279c9c0e861 |
| SHA512 | db130bf1932055f58746568d62b5980eec007963dacd6b63f1541bfc19ac2502aa6132b575b53e85057b5ed0ed9cf3bf9a0591878e3ed2c6b9807c19bb377b98 |
C:\Users\Admin\AppData\Local\Temp\134A.exe
| MD5 | 48c81c86a68569b6c585da608b77de24 |
| SHA1 | 01ce4382b2717f637d97b94e8e6f9ae81a62ad63 |
| SHA256 | 4ab028d9b30bc568d572a7fc0f59c53c09fb86d5a8a73ec5e89c0c029d652310 |
| SHA512 | 3e7a52aba31e1e3ec38eda9624a51a9a1e814aedd4385aca3f60b744173d094f9a5d1fa71de94d4d5e0951dd0f7116ff1765dc0cd6f5b772ed859dd82e568aea |
C:\Users\Admin\AppData\Local\Temp\nsf11EF.tmp
| MD5 | 98f75ae139d548677e3c0ff45c24ed08 |
| SHA1 | 9052843267fd24e8d4dd700d121506a6ccd6935b |
| SHA256 | 83764623a1b1038a7b28ac61a156ca7cdeed91f38c0e3ceb211a3e9380cbdfbe |
| SHA512 | a2efd41d8285b4d506058c0d2e7a01a5a053e0e48932835997778b563c47b6762e3f36c2c49c327513f845735132fa4be5ea2a4609a56352c44f181f2a0d8bbb |
memory/1952-138-0x0000000002320000-0x0000000002420000-memory.dmp
memory/1952-139-0x0000000002300000-0x000000000230B000-memory.dmp
memory/1952-141-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/4344-142-0x0000000002430000-0x0000000002464000-memory.dmp
memory/4344-143-0x0000000000400000-0x00000000022DC000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/4344-144-0x00000000025F0000-0x00000000026F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\24EE.exe
| MD5 | 072d7d76c6b846d7a9141073f1384e38 |
| SHA1 | 293e0273e53c14576fc5a96106596b50b528fcb5 |
| SHA256 | 427e0017a4a25dd2d3fe4b29bc762742ef1bbf59b28ef13aad632caba77577f7 |
| SHA512 | 1d72ccdec9877d72079c2112787c6537884ba1f406a96915c32afea3aedc83c95ac0ee96c3b0700e35edd362ebe5e9f61377a9206f793aa0fc5a5346b2bf8099 |
C:\Users\Admin\AppData\Local\Temp\24EE.exe
| MD5 | c3ceed825749055413eadce8a18ff66f |
| SHA1 | 71f95696085d991caca438de6c27c7eb64cfc7b0 |
| SHA256 | c743f80a66cda81c8b45f986de004c42d0b84132edbc86973b34c6c49dd29f97 |
| SHA512 | 2065d6994b1684b11db6226334fd092ff5f59a2ec7f4f8159e98cbe843b8276c8ccd3fec8a17c4879a7751e213990b49b234ac8ee38afa802bf7a7a94daff5aa |
memory/60-150-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-OUPSP.tmp\24EE.tmp
| MD5 | 8fe7736caca3d3b55bd9123f7d5cd780 |
| SHA1 | 68158e0909fced212d9076cc891953624e2b401d |
| SHA256 | 27821f0047bd4f5f8bfc4939bcb22c110e9de3a852f9589fb253b26b3ec25d94 |
| SHA512 | 32c20f6f8a0c333dc1aff88bebdf5e46a93711e0e481af92c13156900874b7dfef584633e13761110031d0d52cbc062ba3749b0541a2adf98e1c80f0da264553 |
memory/2792-170-0x00000000001F0000-0x00000000001F1000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-604G4.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-604G4.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
memory/3284-181-0x0000000003090000-0x00000000030A6000-memory.dmp
memory/1952-183-0x0000000000400000-0x00000000022D1000-memory.dmp
memory/4344-185-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/428-228-0x00000000043C0000-0x00000000043F6000-memory.dmp
memory/428-231-0x0000000006B20000-0x0000000007148000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3F7C.exe
| MD5 | 00763268dd4d9f7c6bbfed6a5fa3f26c |
| SHA1 | 9004fe09813f2e4f74ec0e40e9837d2f8ac82d41 |
| SHA256 | d44d927239c1543c990abe4bb2fb3afd400f27db211d727b7ffde56417629a59 |
| SHA512 | 683a4fcaef3ebc3fd33e8b8acda6004c33c851944bbe185d17b59e6fb8590bb1b759c7721d012bb97012fe7d5dbc4ed0ef80d427437ec066dad8c888cfcb8292 |
C:\Users\Admin\AppData\Local\Temp\3F7C.exe
| MD5 | a8900a925fa9d8bd1a9326f46cd6d95c |
| SHA1 | f1233b2bf034565c4a860d27576d5d220e8eaa19 |
| SHA256 | 6b77df3d92750657dbd110cf8b0178cb6de432a060891fcf33c43312fca418f7 |
| SHA512 | 224584e6e138b2b820b135c94b48bdf322f7b40eb698bf837ec01dcc0b0c7fbbf9de55eb72ab9c2e945563ff703e2091a7a9f9b6e6437fbc712ea15c430f8587 |
memory/428-237-0x00000000722C0000-0x00000000729AE000-memory.dmp
memory/428-239-0x0000000004460000-0x0000000004470000-memory.dmp
memory/428-242-0x0000000004460000-0x0000000004470000-memory.dmp
memory/4700-245-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp
| MD5 | 6698f78fe3d46ac9a812757612675ead |
| SHA1 | 12eb3adb1c533865496d5990adbdaaad9ed9b6de |
| SHA256 | d60268179538cad1e29f69bc782537a7085a32bdde093c719e17cbfbc4b4ab60 |
| SHA512 | 5e7788b7b69fc3c54a218197ffc1d4472658a512470486c349825792510f2585debd63299b7e2734f1e3310abb44c13b0634b95dd92f4d3842eccdee5346f792 |
C:\Users\Admin\AppData\Local\Temp\is-UJE7E.tmp\3F7C.tmp
| MD5 | dba29e46a02dfb0eb19133cd3288fbe3 |
| SHA1 | ab885ff9fe8f0a8e9cacd3e35cb1eaa5421e524f |
| SHA256 | 16a8f7bc097884a99c5e5344211c81163a0e1f3eb34eb5ca935bcc969830434f |
| SHA512 | 9d3fcdb48f74003b5ccf17cb2e3a87b39a062ac2bd87188ddabb5133724699bd7d4e948fd39d9ab4d2729941955bd008688079823c651a6aad8ab695dabfd44c |
memory/428-250-0x0000000006AE0000-0x0000000006B02000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-AIMQF.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/4084-265-0x00000000005D0000-0x00000000005D1000-memory.dmp
memory/428-266-0x00000000071C0000-0x0000000007226000-memory.dmp
memory/428-273-0x0000000007330000-0x0000000007396000-memory.dmp
C:\Users\Admin\AppData\Local\VSO Inspector\is-550C8.tmp
| MD5 | d9ede72fc13e4298727cd1359a9587e7 |
| SHA1 | 563b08a9064b845c007260f9eb9201ef361280b0 |
| SHA256 | 5f4c45fecd62b2e830d9269897fe52e63ab38ec0c43585fd8132a9b6faa5eb0a |
| SHA512 | 53372cbff01c9c9cc262417332a37d79e3b2d262e7fc60bb15741e48805dc0dbed7e657a291c3082e2356a3284abde2a2f4c879ef98bfe16a33d1263f6627125 |
memory/428-278-0x00000000074C0000-0x0000000007810000-memory.dmp
memory/428-282-0x0000000007870000-0x000000000788C000-memory.dmp
memory/428-283-0x0000000007BD0000-0x0000000007C1B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bnorqd2v.cpw.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/428-312-0x0000000007E10000-0x0000000007E4C000-memory.dmp
memory/428-343-0x0000000008A40000-0x0000000008AB6000-memory.dmp
memory/428-355-0x0000000009810000-0x0000000009843000-memory.dmp
memory/428-357-0x0000000070970000-0x00000000709BB000-memory.dmp
memory/2056-356-0x0000000000A80000-0x0000000000A81000-memory.dmp
memory/428-359-0x000000007EC20000-0x000000007EC30000-memory.dmp
memory/428-358-0x00000000709C0000-0x0000000070D10000-memory.dmp
memory/428-365-0x0000000009850000-0x00000000098F5000-memory.dmp
memory/428-360-0x00000000097F0000-0x000000000980E000-memory.dmp
memory/428-368-0x0000000009A30000-0x0000000009AC4000-memory.dmp
memory/428-367-0x0000000004460000-0x0000000004470000-memory.dmp
memory/3720-366-0x00000000028F0000-0x0000000002CEC000-memory.dmp
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/428-582-0x00000000099C0000-0x00000000099C8000-memory.dmp
memory/428-577-0x00000000099D0000-0x00000000099EA000-memory.dmp
memory/3720-605-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/428-607-0x00000000722C0000-0x00000000729AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | b32bd2ff816a11f8152396aa8c5eb7a2 |
| SHA1 | 140eb459ad802eee2d82d0bc18121e0e539efa16 |
| SHA256 | 561157b38283fcc2b6739a944734a7a102b0c90b464b5bb34bcab72982bd08b9 |
| SHA512 | 418c241105a5eb0d1833ce5df739775ef426f4ade9109e9cfa5f6e21f4742ccc051abeb47512a0e98668eee9debea8b27f97a5c8372cae8c44ec7595555ecbf8 |
memory/3720-611-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
memory/2032-621-0x0000000002840000-0x0000000002C3F000-memory.dmp
memory/4344-624-0x0000000000400000-0x00000000022DC000-memory.dmp
memory/2032-625-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/4344-626-0x00000000025F0000-0x00000000026F0000-memory.dmp
memory/748-627-0x0000000072310000-0x00000000729FE000-memory.dmp
memory/748-629-0x0000000006D10000-0x0000000006D20000-memory.dmp
memory/748-628-0x0000000007BC0000-0x0000000007F10000-memory.dmp
memory/748-631-0x0000000006D10000-0x0000000006D20000-memory.dmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | e745b8b7681f5ae25b09a7b1eb2f8fd3 |
| SHA1 | cd55c3fcf95d11f5d4fb4a75233dc69494f74d80 |
| SHA256 | 5a7e3072d483e8dc341b902b937b53a379dc4080f08b54410c3c2046dd500538 |
| SHA512 | 65ff6cfa6b416c099612e9f00399514d52264a4a58f8c63e2f78111805bf623eecded3d18c36dc1be5431aef50a1c192eaed6122e10d722e94325e6412d4298e |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | d31f5caa7b1f882ab3a8b2d3289179ae |
| SHA1 | ceab94db7eed78c957b3b9453d3f749414baeb3d |
| SHA256 | c8f5e55d8316a5dad24074da13592e11e6bf260cbd6974bb3ff4a1e69f315476 |
| SHA512 | a7f02da60578fcf5143236893337742061cb4ab4c907263033555f918627e94abfdf5fe15348f2b7fd2d899bb18d2a7ec19a1a08d340699f7a4dea3893464867 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a56180e6424bfcaf5de76cdbf5052ab5 |
| SHA1 | 271e7031786a591ae83e228c68ce08170ac53b29 |
| SHA256 | c650b755c8817e7dbf412d7cd0e0ec23de26e5da4a9cd243226752c7aba4828a |
| SHA512 | 942e7f9f1231eb00b36467a453c63b8900f8a493f999d1c7a3c6b6a3539a6119fb66176f746cc7f591c7f6b80e685977e5bf3608092c96bc61aa91c8d37723a7 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | c853bf227d190e15bbbedd65e76201bb |
| SHA1 | 3c6da7a51307b2b75b71ef95718ad1bc4763b457 |
| SHA256 | d9d484af1f994e5bad38c1c4f664580a98d01a1eebb55473b0a4aebd1720b61e |
| SHA512 | 1ebe7a0b333abf71419cc644a182fd52a6375dab65c2fba34247df8b836ac5fc8c010bb762dabc7e7a58804330f4b43b884bdddf71cbbb8503d43fc4186370be |
C:\Windows\rss\csrss.exe
| MD5 | b3bcc1386744e270b35551d84bdfbfbc |
| SHA1 | bac703261ca8a0e732450d72a43794002365ae7d |
| SHA256 | 66c2848d6d0a169774befea101f52f213c34d79674978e542f1accfa6ffb14a8 |
| SHA512 | 72219e79db99bea5c968ca4b3af8ab79b9eb2589b42081f4c99c97070a352695a0f5f2bb6d32e1bc9dd86397b110cf92632c016d5e28ff5b6471c6683887de44 |
C:\Windows\rss\csrss.exe
| MD5 | 760fe387d7c560f53f0f9c728a66d3b0 |
| SHA1 | 543c5b5f57e01ec1744b098ef24e52ed08d81e42 |
| SHA256 | aa9ec255d6b490b747edeaf60a5dd617411feae80944d62cc2276551e6095efc |
| SHA512 | 2b4d0a18ade76d12236c7a698e48a6875c85e3a9df61727f5070edf4f63d30af380bb40a1d647cb907af25bb2fec4ce6076e7a5d39944ac76e92594bc54522b7 |
C:\Windows\rss\csrss.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | e6d242e410dd28991bb2a813af85a60c |
| SHA1 | 54e00665a7130bfae8fb804169cdd654631fdf5c |
| SHA256 | 904954e6d81fd220d76573fa0195c29dfadca16c3d3b5569af06064341379e07 |
| SHA512 | b214a68971ebf5185fe4c62a39511bce6f90db3f0d1080006f37adeeac13d6176277ea32798cf63d98e988967836f5ec9080728620d3e9ca5cbfb44b1c83723f |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 2780a31694c64d10e025d5b886193334 |
| SHA1 | 864035b1e4c3d38a18ec1de156eb5223fb5bc983 |
| SHA256 | c077be3452533e54502d14f1fbeed586ca3eb9cbf8e56caa102c0bb5265ba70e |
| SHA512 | ed832b6c75a857a66c254ed9af8021e153a558eb8fe33462f1dfae67107c97313dda13be7f28723d8223d5d327986d9f82cfd23a6ee4d29a9c33d33ad1969ded |
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | b03886cb64c04b828b6ec1b2487df4a4 |
| SHA1 | a7b9a99950429611931664950932f0e5525294a4 |
| SHA256 | 5dfaa8987f5d0476b835140d8a24fb1d9402e390bbe92b8565da09581bd895fc |
| SHA512 | 21d1a5a4a218411c2ec29c9ca34ce321f6514e7ca3891eded8c3274aeb230051661a86eda373b9a006554e067de89d816aa1fa864acf0934bbb16a6034930659 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | ae4a90af833411e7f370e7f45494dd04 |
| SHA1 | ffe23c17bc3d36bc31e377fdb80e1361cd85b2d8 |
| SHA256 | 8af29985f05d9c9abc5dc675d35e81c13544396a1d735478c4bfd5a9e5702c00 |
| SHA512 | 4bdd929e630a74be93b42f5ca89f45a781612e2255791c46ed4c5dc9ca4cc05179b7120427158d682d49b0d0be024fc159d70cf6eca159faa60d831a61bdc09c |
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a3c91e8f6bf36fa1d62759355ad065c4 |
| SHA1 | fb011aa1f9f00e42bb2cde1f4ba8b887fced4217 |
| SHA256 | 0922b63a4ff2f91133c6cfd5f7a1b62fda2c3c464bc4c001033c8228abfb6b89 |
| SHA512 | 93bdb814b4d84fc465c6ab07b66f967f06b4a6860fe692418c75475ac7e8085524196420a0e7b657412bb6d273aca63495df3bfa04a8b33cc1d9df8d4a9e43e7 |
C:\Users\Admin\AppData\Roaming\wfcvvwd
| MD5 | 7394f4c6c1fd8d8dc1aa26e88959a08b |
| SHA1 | 1b20e4a51a66e4c82270e6669547bf47dd966fad |
| SHA256 | 5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d |
| SHA512 | e3946f65cd60d90d514fa156d0b5c2376ca25b25c73831739314b3537ff8075d98c6dabe020bde03b78ccf7f2862c56eaa08f9979ec6a5a536852b94ee7dd90c |
C:\Users\Admin\AppData\Roaming\hucvvwd
| MD5 | f90585d064b169f106cd91c264019c22 |
| SHA1 | 2ed3c35244831030343b303d3dc9acb6a8a4f4d3 |
| SHA256 | 91a5a68c69045886ee486477b14935bb21a8b7cd830cb96a74a2b63836c98842 |
| SHA512 | e3a2253ea29868735f9940292d1526704f3aaa43ba815d217ef2adb49ec2d18c6616516e16b8fc38a0b40295777dce2fcaf10ad7bef0ec78444cc162e40fb2bd |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | 93cd0bb96fdec3f5e161495df24eaaac |
| SHA1 | f948a5a62072e2bb4767224685560dea108b8648 |
| SHA256 | d277eb3123c21467dfa5b85e41bf1c6b85d83f5aef8d2df9b991e7a9c0d8c064 |
| SHA512 | d2884dd10db65e9a6d621e7585e34402339a1feb61fbe95f7d039023f06f3bba8782a4da5a24d9ba9a02e40f46e346541fdf9d8c6778e2a1ce57ffcdd0b83aa2 |
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
| MD5 | d98e33b66343e7c96158444127a117f6 |
| SHA1 | bb716c5509a2bf345c6c1152f6e3e1452d39d50d |
| SHA256 | 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1 |
| SHA512 | 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5 |
C:\Windows\windefender.exe
| MD5 | 93dfce7a88a4d13aefbaa828985ce399 |
| SHA1 | 8ac5ba14bd07a39b3dfff07d11d68a4cced7fdd8 |
| SHA256 | f401abede674e9808706cf5c6887d647e736a6a7f17a6a19033ef7bfb1235b31 |
| SHA512 | 5fc73ce4fb9b6818952f5efb85426e8b966b12d1d7b90fae01114d3d471b3b7fe5cebbbc1bcc13a6a261c1d24c2da893b4859862f0efddc330e0276e4ae7c4b8 |
C:\Windows\windefender.exe
| MD5 | 8e67f58837092385dcf01e8a2b4f5783 |
| SHA1 | 012c49cfd8c5d06795a6f67ea2baf2a082cf8625 |
| SHA256 | 166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa |
| SHA512 | 40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 04:48
Reported
2024-02-23 04:53
Platform
win7-20240221-en
Max time kernel
46s
Max time network
306s
Command Line
Signatures
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Stealc
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A083.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A083.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BA1D.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C094.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E100.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FourthX.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ECF3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A083.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A083.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E100.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E100.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E100.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E100.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E100.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" | C:\Users\Admin\AppData\Local\Temp\A083.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Users\Admin\AppData\Local\Temp\C094.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2672 set thread context of 2548 | N/A | C:\Users\Admin\AppData\Local\Temp\A083.exe | C:\Users\Admin\AppData\Local\Temp\A083.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe
"C:\Users\Admin\AppData\Local\Temp\5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d.exe"
C:\Users\Admin\AppData\Local\Temp\A083.exe
C:\Users\Admin\AppData\Local\Temp\A083.exe
C:\Users\Admin\AppData\Local\Temp\A083.exe
C:\Users\Admin\AppData\Local\Temp\A083.exe
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\A4D8.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\A4D8.dll
C:\Users\Admin\AppData\Local\Temp\BA1D.exe
C:\Users\Admin\AppData\Local\Temp\BA1D.exe
C:\Users\Admin\AppData\Local\Temp\C094.exe
C:\Users\Admin\AppData\Local\Temp\C094.exe
C:\Users\Admin\AppData\Local\Temp\E100.exe
C:\Users\Admin\AppData\Local\Temp\E100.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Users\Admin\AppData\Local\Temp\ECF3.exe
C:\Users\Admin\AppData\Local\Temp\ECF3.exe
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\600.exe
C:\Users\Admin\AppData\Local\Temp\600.exe
C:\Users\Admin\AppData\Local\Temp\is-U9REL.tmp\600.tmp
"C:\Users\Admin\AppData\Local\Temp\is-U9REL.tmp\600.tmp" /SL5="$201DC,4470470,54272,C:\Users\Admin\AppData\Local\Temp\600.exe"
C:\Users\Admin\AppData\Local\Temp\1961.exe
C:\Users\Admin\AppData\Local\Temp\1961.exe
C:\Users\Admin\AppData\Local\Temp\nso191E.tmp
C:\Users\Admin\AppData\Local\Temp\nso191E.tmp
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\26EA.exe
C:\Users\Admin\AppData\Local\Temp\26EA.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\is-9JUEJ.tmp\1961.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9JUEJ.tmp\1961.tmp" /SL5="$40204,4314505,54272,C:\Users\Admin\AppData\Local\Temp\1961.exe"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UTIXDCVF"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UTIXDCVF"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\taskeng.exe
taskeng.exe {A931430C-753A-455E-B231-CD59EB70E8D1} S-1-5-21-1650401615-1019878084-3673944445-1000:UADPPTXT\Admin:Interactive:[1]
C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240223045010.log C:\Windows\Logs\CBS\CbsPersist_20240223045010.cab
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
"C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Roaming\getvuvu
C:\Users\Admin\AppData\Roaming\getvuvu
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 62.216.85.110:34049 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 184.105.221.249:443 | tcp | |
| DE | 93.186.202.32:9001 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| US | 162.247.74.201:443 | tcp | |
| US | 8.8.8.8:53 | trmpc.com | udp |
| MX | 187.211.34.223:80 | trmpc.com | tcp |
| N/A | 127.0.0.1:49270 | tcp | |
| FI | 194.34.134.13:9007 | tcp | |
| LV | 94.140.120.130:443 | tcp | |
| US | 8.8.8.8:53 | en.bestsup.su | udp |
| US | 104.21.29.103:80 | tcp | |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| FI | 194.34.134.13:9007 | tcp | |
| LV | 94.140.120.130:443 | tcp | |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | z-shadow.info | udp |
| US | 8.8.8.8:53 | zmodeler3.com | udp |
| US | 8.8.8.8:53 | z-shadow.info | udp |
| US | 8.8.8.8:53 | pornhubpremium.com | udp |
| US | 8.8.8.8:53 | aminoapps.com | udp |
| US | 8.8.8.8:53 | zmodeler3.com | udp |
| US | 8.8.8.8:53 | zmodeler3.com | udp |
| US | 8.8.8.8:53 | pornhubpremium.com | udp |
| US | 8.8.8.8:53 | pornhubpremium.com | udp |
| US | 8.8.8.8:53 | aminoapps.com | udp |
| US | 8.8.8.8:53 | mx156.hostedmxserver.com | udp |
| US | 8.8.8.8:53 | bitmax.io | udp |
| US | 8.8.8.8:53 | bitmax.io | udp |
| US | 8.8.8.8:53 | unite.nike.com | udp |
| US | 8.8.8.8:53 | www30.mercantilbanco.com | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | unite.nike.com | udp |
| US | 8.8.8.8:53 | lpse.blitarkab.go.id | udp |
| US | 8.8.8.8:53 | unite.nike.com | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | www30.mercantilbanco.com | udp |
| US | 8.8.8.8:53 | mxa-002a0701.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | www30.mercantilbanco.com | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | mxa-002a0701.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | lpse.blitarkab.go.id | udp |
| US | 8.8.8.8:53 | registrazione.comune.milano.it | udp |
| US | 8.8.8.8:53 | registrazione.comune.milano.it | udp |
| US | 8.8.8.8:53 | id.g2a.com | udp |
| US | 8.8.8.8:53 | dapesa.biz | udp |
| US | 8.8.8.8:53 | id.g2a.com | udp |
| US | 8.8.8.8:53 | dapesa.biz | udp |
| US | 8.8.8.8:53 | app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | pt.chaturbate.com | udp |
| US | 8.8.8.8:53 | app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | m.anibis.ch | udp |
| US | 8.8.8.8:53 | aakash.ac.in | udp |
| US | 8.8.8.8:53 | pt.chaturbate.com | udp |
| US | 8.8.8.8:53 | users.nexusmods.com | udp |
| US | 8.8.8.8:53 | m.anibis.ch | udp |
| US | 8.8.8.8:53 | inbound-smtp.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | mailhandler.g2a.com | udp |
| US | 8.8.8.8:53 | mailhandler.g2a.com | udp |
| US | 8.8.8.8:53 | m.anibis.ch | udp |
| US | 8.8.8.8:53 | aakash.ac.in | udp |
| US | 8.8.8.8:53 | bitexen.com | udp |
| US | 8.8.8.8:53 | gamerarena.com | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 8.8.8.8:53 | users.nexusmods.com | udp |
| US | 8.8.8.8:53 | bitexen.com | udp |
| US | 8.8.8.8:53 | gamerarena.com | udp |
| US | 8.8.8.8:53 | users.nexusmods.com | udp |
| US | 8.8.8.8:53 | gamerarena.com | udp |
| US | 8.8.8.8:53 | auth.riotgames.com | udp |
| US | 8.8.8.8:53 | gamerarena.com | udp |
| US | 8.8.8.8:53 | ntamoney.pw | udp |
| US | 8.8.8.8:53 | parent.neverskip.com | udp |
| US | 8.8.8.8:53 | ntamoney.pw | udp |
| US | 8.8.8.8:53 | parent.neverskip.com | udp |
| US | 8.8.8.8:53 | bitexen-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mx.yandex.net | udp |
| US | 8.8.8.8:53 | prt.windscribe.com | udp |
| US | 8.8.8.8:53 | mx.yandex.net | udp |
| US | 8.8.8.8:53 | pokersoda.info | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | vivekbindraslc.com | udp |
| US | 8.8.8.8:53 | prt.windscribe.com | udp |
| US | 8.8.8.8:53 | prt.windscribe.com | udp |
| US | 8.8.8.8:53 | pokersoda.info | udp |
| US | 8.8.8.8:53 | pokersoda.info | udp |
| US | 8.8.8.8:53 | pokersoda.info | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | vivekbindraslc.com | udp |
| US | 8.8.8.8:53 | patria.org.ve | udp |
| US | 8.8.8.8:53 | selfcare.safaricom.co.ke | udp |
| US | 8.8.8.8:53 | vivekbindraslc.com | udp |
| US | 8.8.8.8:53 | pscwb.ucanapply.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | pscwb.ucanapply.com | udp |
| US | 8.8.8.8:53 | pscwb.ucanapply.com | udp |
| US | 8.8.8.8:53 | xn--12cf3e2aboqw2gm3je2n.com | udp |
| US | 8.8.8.8:53 | patria.org.ve | udp |
| US | 8.8.8.8:53 | patria.org.ve | udp |
| US | 8.8.8.8:53 | xn--12cf3e2aboqw2gm3je2n.com | udp |
| US | 8.8.8.8:53 | seller.shopee.co.id | udp |
| US | 8.8.8.8:53 | business.facebook.com | udp |
| US | 8.8.8.8:53 | business.facebook.com | udp |
| US | 8.8.8.8:53 | seller.shopee.co.id | udp |
| US | 8.8.8.8:53 | correo.patria.org.ve | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | freemining.co | udp |
| US | 8.8.8.8:53 | ssl.zc.qq.com | udp |
| US | 8.8.8.8:53 | sainsburys.taleo.net | udp |
| US | 8.8.8.8:53 | sistemaup.app | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | ssl.zc.qq.com | udp |
| US | 8.8.8.8:53 | freemining.co | udp |
| US | 8.8.8.8:53 | smtpin.vvv.facebook.com | udp |
| US | 8.8.8.8:53 | sainsburys.taleo.net | udp |
| US | 8.8.8.8:53 | ssl.zc.qq.com | udp |
| US | 8.8.8.8:53 | ssl.zc.qq.com | udp |
| US | 8.8.8.8:53 | bitsforclicks.com | udp |
| US | 8.8.8.8:53 | store.serif.com | udp |
| US | 8.8.8.8:53 | forum.gsmdevelopers.com | udp |
| US | 8.8.8.8:53 | sistemaup.app | udp |
| US | 8.8.8.8:53 | store.serif.com | udp |
| US | 8.8.8.8:53 | sistemaup.app | udp |
| US | 8.8.8.8:53 | bitsforclicks.com | udp |
| US | 8.8.8.8:53 | mx2.privateemail.com | udp |
| US | 8.8.8.8:53 | bitsforclicks.com | udp |
| US | 8.8.8.8:53 | mx2.privateemail.com | udp |
| US | 8.8.8.8:53 | forum.gsmdevelopers.com | udp |
| US | 8.8.8.8:53 | bitsforclicks.com | udp |
| US | 8.8.8.8:53 | transcash.espace-personnel.fr | udp |
| US | 8.8.8.8:53 | login.ezp.tccd.edu | udp |
| US | 8.8.8.8:53 | park-mx.above.com | udp |
| US | 8.8.8.8:53 | transcash.espace-personnel.fr | udp |
| US | 8.8.8.8:53 | login.ezp.tccd.edu | udp |
| US | 8.8.8.8:53 | launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | netbanking.kotak.com | udp |
| US | 8.8.8.8:53 | netbanking.kotak.com | udp |
| US | 172.67.74.133:21 | transcash.espace-personnel.fr | tcp |
| GB | 18.154.84.5:465 | store.serif.com | tcp |
| SG | 103.204.130.192:143 | forum.gsmdevelopers.com | tcp |
| US | 147.182.130.78:995 | mx156.hostedmxserver.com | tcp |
| US | 172.67.74.133:443 | transcash.espace-personnel.fr | tcp |
| US | 104.18.10.111:22 | netbanking.kotak.com | tcp |
| US | 8.8.8.8:53 | tezerac.com | udp |
| US | 8.8.8.8:53 | cdn.testout.com | udp |
| US | 8.8.8.8:53 | tezerac.com | udp |
| US | 8.8.8.8:53 | tezerac.com | udp |
| US | 8.8.8.8:53 | launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | cdn.testout.com | udp |
| GB | 18.154.84.31:465 | store.serif.com | tcp |
| US | 104.18.11.111:22 | netbanking.kotak.com | tcp |
| US | 104.26.0.108:21 | transcash.espace-personnel.fr | tcp |
| GB | 18.154.84.5:995 | store.serif.com | tcp |
| GB | 18.154.84.21:465 | store.serif.com | tcp |
| SG | 103.204.130.192:465 | forum.gsmdevelopers.com | tcp |
| GB | 18.154.84.5:80 | store.serif.com | tcp |
| NL | 164.90.197.79:995 | mx156.hostedmxserver.com | tcp |
| US | 152.199.21.175:22 | cdn.testout.com | tcp |
| US | 64.28.242.31:143 | login.ezp.tccd.edu | tcp |
| US | 50.3.150.96:22 | tezerac.com | tcp |
| US | 172.67.153.84:21 | launcherfenix.com.ar | tcp |
| US | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| GB | 18.154.84.31:995 | store.serif.com | tcp |
| US | 172.67.74.133:143 | transcash.espace-personnel.fr | tcp |
| US | 50.3.150.96:443 | tezerac.com | tcp |
| US | 8.8.8.8:53 | m.comixology.com | udp |
| US | 104.26.0.108:143 | transcash.espace-personnel.fr | tcp |
| US | 8.8.8.8:53 | tribalwars.com.pt | udp |
| SG | 103.204.130.192:80 | forum.gsmdevelopers.com | tcp |
| US | 104.18.10.111:443 | netbanking.kotak.com | tcp |
| US | 8.8.8.8:53 | ftp.xn--12cf3e2aboqw2gm3je2n.com | udp |
| US | 8.8.8.8:53 | ftp.vivekbindraslc.com | udp |
| US | 8.8.8.8:53 | mail.m.anibis.ch | udp |
| US | 8.8.8.8:53 | m.comixology.com | udp |
| US | 64.28.242.31:80 | login.ezp.tccd.edu | tcp |
| US | 8.8.8.8:53 | my.sp.com.sa | udp |
| US | 8.8.8.8:53 | ftp.ntamoney.pw | udp |
| US | 8.8.8.8:53 | sammobile.com | udp |
| US | 8.8.8.8:53 | onlineftp.ch | udp |
| US | 8.8.8.8:53 | _dc-mx.c1d018000cb5.launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | tribalwars.com.pt | udp |
| US | 8.8.8.8:53 | ftp.m.anibis.ch | udp |
| US | 8.8.8.8:53 | my.sp.com.sa | udp |
| US | 8.8.8.8:53 | tribalwars.com.pt | udp |
| US | 8.8.8.8:53 | paymyfines.co.za | udp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | my.minecraft.net | udp |
| US | 8.8.8.8:53 | sammobile.com | udp |
| US | 8.8.8.8:53 | my.sp.com.sa | udp |
| US | 8.8.8.8:53 | onlineftp.ch | udp |
| US | 8.8.8.8:53 | paymyfines.co.za | udp |
| US | 8.8.8.8:53 | extern-gateway.innogames.de | udp |
| US | 8.8.8.8:53 | paymyfines.co.za | udp |
| US | 8.8.8.8:53 | my.minecraft.net | udp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | xmr-eu2.nanopool.org | udp |
| US | 8.8.8.8:53 | icarus.axeso5.com | udp |
| US | 8.8.8.8:53 | icarus.axeso5.com | udp |
| US | 104.20.203.54:22 | sammobile.com | tcp |
| US | 172.67.74.133:80 | transcash.espace-personnel.fr | tcp |
| US | 104.21.72.175:21 | launcherfenix.com.ar | tcp |
| US | 50.3.150.96:465 | tezerac.com | tcp |
| US | 104.21.72.175:80 | launcherfenix.com.ar | tcp |
| US | 104.18.10.111:80 | netbanking.kotak.com | tcp |
| US | 152.199.21.175:22 | cdn.testout.com | tcp |
| US | 172.66.0.96:22 | onlineftp.ch | tcp |
| US | 50.3.150.96:995 | tezerac.com | tcp |
| US | 152.199.21.175:80 | cdn.testout.com | tcp |
| US | 172.66.0.96:21 | onlineftp.ch | tcp |
| US | 100.25.87.131:80 | m.comixology.com | tcp |
| IE | 54.76.188.109:21 | paymyfines.co.za | tcp |
| SA | 185.12.164.100:443 | my.sp.com.sa | tcp |
| US | 172.66.0.96:443 | onlineftp.ch | tcp |
| US | 50.3.150.96:80 | tezerac.com | tcp |
| GB | 18.154.84.5:443 | store.serif.com | tcp |
| US | 100.25.87.131:143 | m.comixology.com | tcp |
| US | 64.28.242.31:143 | login.ezp.tccd.edu | tcp |
| IE | 54.76.188.109:443 | paymyfines.co.za | tcp |
| US | 8.8.8.8:53 | filenext.com | udp |
| US | 104.20.203.54:443 | sammobile.com | tcp |
| IE | 54.76.188.109:22 | paymyfines.co.za | tcp |
| US | 104.18.10.111:80 | netbanking.kotak.com | tcp |
| US | 100.25.87.131:995 | m.comixology.com | tcp |
| US | 208.91.232.174:22 | logon.merrickbank.com | tcp |
| US | 208.91.232.174:21 | logon.merrickbank.com | tcp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | filenext.com | udp |
| US | 8.8.8.8:53 | signin.aws.amazon.com | udp |
| US | 8.8.8.8:53 | mobile.sum99.club | udp |
| US | 8.8.8.8:53 | mail.xn--12cf3e2aboqw2gm3je2n.com | udp |
| DE | 212.53.152.28:80 | tribalwars.com.pt | tcp |
| US | 8.8.8.8:53 | paymyfines-co-za.mail.protection.outlook.com | udp |
| SG | 103.204.130.192:80 | forum.gsmdevelopers.com | tcp |
| US | 104.18.10.111:443 | netbanking.kotak.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.paymyfines.co.za | udp |
| US | 8.8.8.8:53 | signin.aws.amazon.com | udp |
| US | 8.8.8.8:53 | ssh.vivekbindraslc.com | udp |
| US | 8.8.8.8:53 | mail.ntamoney.pw | udp |
| US | 8.8.8.8:53 | mobile.sum99.club | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | stagenget.irctc.co.in | udp |
| US | 8.8.8.8:53 | mx.zoho.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-1.mimecast.com | udp |
| US | 8.8.8.8:53 | stagenget.irctc.co.in | udp |
| US | 64.28.242.31:80 | login.ezp.tccd.edu | tcp |
| US | 8.8.8.8:53 | stagenget.irctc.co.in | udp |
| US | 8.8.8.8:53 | www.tribalwars.com.pt | udp |
| US | 172.67.74.133:443 | transcash.espace-personnel.fr | tcp |
| GB | 18.154.84.5:80 | store.serif.com | tcp |
| US | 100.25.87.131:443 | m.comixology.com | tcp |
| US | 152.199.21.175:443 | cdn.testout.com | tcp |
| US | 8.8.8.8:53 | ssh.xn--12cf3e2aboqw2gm3je2n.com | udp |
| US | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| US | 50.3.150.96:80 | tezerac.com | tcp |
| SA | 185.12.164.100:80 | my.sp.com.sa | tcp |
| US | 34.205.180.247:80 | icarus.axeso5.com | tcp |
| IE | 54.76.188.109:80 | paymyfines.co.za | tcp |
| US | 172.67.197.159:80 | filenext.com | tcp |
| US | 104.20.203.54:80 | sammobile.com | tcp |
| US | 208.91.232.174:80 | logon.merrickbank.com | tcp |
| DE | 212.53.152.28:80 | www.tribalwars.com.pt | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| US | 172.66.0.96:80 | onlineftp.ch | tcp |
| US | 8.8.8.8:53 | pokemon-planet.com | udp |
| US | 8.8.8.8:53 | nosdevoirs.fr | udp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | m.comixology.com | udp |
| US | 104.18.10.111:80 | netbanking.kotak.com | tcp |
| US | 103.224.212.217:80 | mobile.sum99.club | tcp |
| US | 8.8.8.8:53 | mail.vivekbindraslc.com | udp |
| US | 8.8.8.8:53 | onlineftp.ch | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | pokemon-planet.com | udp |
| US | 8.8.8.8:53 | paymyfines-co-za.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | kimcartoon.to | udp |
| US | 8.8.8.8:53 | pokemon-planet.com | udp |
| US | 8.8.8.8:53 | service.csis.ir | udp |
| US | 8.8.8.8:53 | ebb.exirbroker.com | udp |
| US | 8.8.8.8:53 | paymyfines-co-za.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alt1.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | www.axeso5.com | udp |
| US | 8.8.8.8:53 | 2019.undergrad.apply.ucas.com | udp |
| US | 8.8.8.8:53 | taller.gestioo.net | udp |
| US | 8.8.8.8:53 | efiling.rd.go.th | udp |
| US | 8.8.8.8:53 | nosdevoirs.fr | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | kimcartoon.to | udp |
| US | 8.8.8.8:53 | mail.store.serif.com | udp |
| US | 8.8.8.8:53 | ssh.ntamoney.pw | udp |
| US | 8.8.8.8:53 | ssh.m.anibis.ch | udp |
| US | 8.8.8.8:53 | myturbotax.intuit.com | udp |
| US | 8.8.8.8:53 | service.csis.ir | udp |
| US | 8.8.8.8:53 | ebb.exirbroker.com | udp |
| US | 8.8.8.8:53 | 2019.undergrad.apply.ucas.com | udp |
| US | 8.8.8.8:53 | taller.gestioo.net | udp |
| US | 8.8.8.8:53 | spool.mail.gandi.net | udp |
| US | 8.8.8.8:53 | efiling.rd.go.th | udp |
| US | 8.8.8.8:53 | efiling.rd.go.th | udp |
| US | 8.8.8.8:53 | ftp.transcash.espace-personnel.fr | udp |
| US | 8.8.8.8:53 | account.xiaomi.com | udp |
| US | 8.8.8.8:53 | efiling.rd.go.th | udp |
| US | 8.8.8.8:53 | myturbotax.intuit.com | udp |
| US | 8.8.8.8:53 | account.xiaomi.com | udp |
| US | 8.8.8.8:53 | ftp.login.ezp.tccd.edu | udp |
| US | 3.2.9.2:80 | signin.aws.amazon.com | tcp |
| US | 172.67.74.133:80 | transcash.espace-personnel.fr | tcp |
| US | 152.199.21.175:80 | cdn.testout.com | tcp |
| GB | 18.154.84.5:443 | store.serif.com | tcp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 172.67.197.159:443 | filenext.com | tcp |
| US | 34.205.180.247:443 | www.axeso5.com | tcp |
| DE | 212.53.152.28:80 | www.tribalwars.com.pt | tcp |
| US | 50.3.150.96:80 | tezerac.com | tcp |
| GB | 18.245.253.98:443 | www.paymyfines.co.za | tcp |
| US | 104.20.203.54:443 | sammobile.com | tcp |
| US | 104.21.72.175:80 | launcherfenix.com.ar | tcp |
| US | 172.67.75.9:80 | pokemon-planet.com | tcp |
| US | 208.91.232.174:80 | logon.merrickbank.com | tcp |
| US | 34.205.180.247:443 | www.axeso5.com | tcp |
| NL | 108.177.119.84:80 | accounts.google.com | tcp |
| SA | 185.12.164.100:80 | my.sp.com.sa | tcp |
| US | 104.19.252.16:80 | nosdevoirs.fr | tcp |
| US | 104.18.10.111:443 | netbanking.kotak.com | tcp |
| IN | 103.252.142.9:80 | stagenget.irctc.co.in | tcp |
| SG | 103.204.130.192:80 | forum.gsmdevelopers.com | tcp |
| US | 162.159.140.98:443 | onlineftp.ch | tcp |
| US | 208.91.232.174:443 | logon.merrickbank.com | tcp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 8.8.8.8:53 | unicc-bazar.cm | udp |
| US | 8.8.8.8:53 | m.freecharge.in | udp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | ww25.mobile.sum99.club | udp |
| US | 8.8.8.8:53 | store.serif.com | udp |
| US | 8.8.8.8:53 | my.sp.com.sa | udp |
| US | 8.8.8.8:53 | signin.aws.amazon.com | udp |
| US | 8.8.8.8:53 | ftp.netbanking.kotak.com | udp |
| US | 8.8.8.8:53 | ftp.launcherfenix.com.ar | udp |
| US | 8.8.8.8:53 | mail.forum.gsmdevelopers.com | udp |
| US | 8.8.8.8:53 | paymyfines-co-za.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.netbanking.kotak.com | udp |
| US | 8.8.8.8:53 | ftp.tezerac.com | udp |
| US | 8.8.8.8:53 | www.filenext.com | udp |
| US | 8.8.8.8:53 | www.sammobile.com | udp |
| US | 8.8.8.8:53 | ftp.tribalwars.com.pt | udp |
| US | 103.224.212.217:80 | mobile.sum99.club | tcp |
| US | 8.8.8.8:53 | myturbotax.intuit.com | udp |
| US | 8.8.8.8:53 | unicc-bazar.cm | udp |
| US | 8.8.8.8:53 | ftp.cdn.testout.com | udp |
| US | 8.8.8.8:53 | icarus.axeso5.com | udp |
| US | 8.8.8.8:53 | m.freecharge.in | udp |
| US | 8.8.8.8:53 | mx1.account.xiaomi.com | udp |
| US | 8.8.8.8:53 | furaffinity.net | udp |
| GB | 18.154.84.32:80 | store.serif.com | tcp |
| US | 64.28.242.31:80 | ftp.login.ezp.tccd.edu | tcp |
| IN | 103.252.142.9:80 | stagenget.irctc.co.in | tcp |
| GB | 204.246.187.226:443 | www.amazon.com | tcp |
| DE | 212.53.152.28:443 | ftp.tribalwars.com.pt | tcp |
| GB | 23.214.154.77:80 | steamcommunity.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | furaffinity.net | udp |
| US | 8.8.8.8:53 | wimplast.co.in | udp |
| US | 8.8.8.8:53 | wimplast.co.in | udp |
| US | 50.3.150.96:80 | tezerac.com | tcp |
| US | 104.20.203.54:80 | www.sammobile.com | tcp |
| US | 34.205.180.247:80 | icarus.axeso5.com | tcp |
| IE | 54.76.188.109:80 | paymyfines.co.za | tcp |
| US | 104.18.10.111:80 | netbanking.kotak.com | tcp |
| IR | 178.252.190.5:80 | service.csis.ir | tcp |
| IR | 185.4.106.187:80 | ebb.exirbroker.com | tcp |
| TH | 103.51.65.20:80 | efiling.rd.go.th | tcp |
| GB | 104.84.74.233:80 | myturbotax.intuit.com | tcp |
| SG | 103.204.130.192:80 | forum.gsmdevelopers.com | tcp |
| US | 162.159.140.98:80 | onlineftp.ch | tcp |
| US | 172.67.144.245:80 | kimcartoon.to | tcp |
| US | 3.18.143.42:80 | taller.gestioo.net | tcp |
| US | 104.19.252.16:80 | nosdevoirs.fr | tcp |
| US | 172.67.75.9:80 | pokemon-planet.com | tcp |
| US | 64.28.242.31:80 | ftp.login.ezp.tccd.edu | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| NL | 20.47.97.75:80 | account.xiaomi.com | tcp |
| IR | 80.191.92.5:80 | service.csis.ir | tcp |
| US | 208.91.232.174:80 | logon.merrickbank.com | tcp |
| IR | 178.252.190.5:80 | service.csis.ir | tcp |
| IR | 185.4.106.187:80 | ebb.exirbroker.com | tcp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | onlineftp.ch | udp |
| US | 8.8.8.8:53 | m.comixology.com | udp |
| US | 8.8.8.8:53 | myturbotax.intuit.com | udp |
| US | 8.8.8.8:53 | mail.login.ezp.tccd.edu | udp |
| US | 8.8.8.8:53 | ftp.sammobile.com | udp |
| US | 8.8.8.8:53 | ftp.logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | ftp.m.comixology.com | udp |
| US | 8.8.8.8:53 | payebo.com | udp |
| US | 8.8.8.8:53 | mail.tezerac.com | udp |
| US | 8.8.8.8:53 | mail.cdn.testout.com | udp |
| US | 8.8.8.8:53 | ftp.my.sp.com.sa | udp |
| US | 8.8.8.8:53 | mx1.hostinger.com | udp |
| US | 8.8.8.8:53 | mail.store.serif.com | udp |
| US | 8.8.8.8:53 | ftp.icarus.axeso5.com | udp |
| US | 8.8.8.8:53 | 1365.go.kr | udp |
| US | 8.8.8.8:53 | pop.xn--12cf3e2aboqw2gm3je2n.com | udp |
| US | 8.8.8.8:53 | ftp.paymyfines.co.za | udp |
| US | 8.8.8.8:53 | paymyfines-co-za.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | mail.transcash.espace-personnel.fr | udp |
| US | 8.8.8.8:53 | ftp.my.minecraft.net | udp |
| US | 8.8.8.8:53 | payebo.com | udp |
| US | 8.8.8.8:53 | www.paymyfines.co.za | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-1.mimecast.com | udp |
| US | 8.8.8.8:53 | ftp.onlineftp.ch | udp |
| US | 8.8.8.8:53 | 1365.go.kr | udp |
| US | 8.8.8.8:53 | pop.m.anibis.ch | udp |
| US | 8.8.8.8:53 | kimcartoon.li | udp |
| US | 8.8.8.8:53 | mail.m.comixology.com | udp |
| US | 8.8.8.8:53 | ssh.launcherfenix.com.ar | udp |
| IR | 80.191.92.5:80 | service.csis.ir | tcp |
| US | 54.204.248.46:80 | m.comixology.com | tcp |
| DE | 212.53.152.28:80 | ftp.tribalwars.com.pt | tcp |
| US | 104.21.35.128:80 | unicc-bazar.cm | tcp |
| TH | 103.51.65.20:80 | efiling.rd.go.th | tcp |
| SA | 185.12.164.100:80 | my.sp.com.sa | tcp |
| NL | 108.177.119.84:80 | accounts.google.com | tcp |
| US | 3.18.143.42:80 | taller.gestioo.net | tcp |
| US | 8.8.8.8:53 | gemrockauctions.com | udp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 8.8.8.8:53 | onlineftp.ch | udp |
| US | 8.8.8.8:53 | gemrockauctions.com | udp |
| US | 8.8.8.8:53 | signin.aws.amazon.com | udp |
| US | 8.8.8.8:53 | app-vlc.hotmart.com | udp |
| US | 8.8.8.8:53 | myturbotax.intuit.com | udp |
| US | 8.8.8.8:53 | mx1.hostinger.com | udp |
| US | 8.8.8.8:53 | business.facebook.com | udp |
| US | 8.8.8.8:53 | 1365.go.kr | udp |
| US | 8.8.8.8:53 | picarto.tv | udp |
| US | 8.8.8.8:53 | aakash.ac.in | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | aminoapps.com | udp |
| US | 8.8.8.8:53 | aakash.ac.in | udp |
| US | 8.8.8.8:53 | unite.nike.com | udp |
| US | 8.8.8.8:53 | mobile.twitter.com | udp |
| US | 8.8.8.8:53 | selfcare.safaricom.co.ke | udp |
| US | 8.8.8.8:53 | store.serif.com | udp |
| US | 8.8.8.8:53 | selfcare.safaricom.co.ke | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | pscwb.ucanapply.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | inbound-smtp.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | bitexen-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | id.g2a.com | udp |
| US | 8.8.8.8:53 | seller.shopee.co.id | udp |
| US | 8.8.8.8:53 | mxa-002a0701.gslb.pphosted.com | udp |
| US | 8.8.8.8:53 | smtpin.vvv.facebook.com | udp |
| US | 8.8.8.8:53 | ssl.zc.qq.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | up.railwire.co.in | udp |
| US | 8.8.8.8:53 | ssl.zc.qq.com | udp |
| US | 8.8.8.8:53 | logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | ssl.zc.qq.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | 1365.go.kr | udp |
| US | 8.8.8.8:53 | my.sp.com.sa | udp |
| US | 8.8.8.8:53 | m.comixology.com | udp |
| US | 8.8.8.8:53 | secure.moneygram.com | udp |
| US | 8.8.8.8:53 | mail.logon.merrickbank.com | udp |
| US | 8.8.8.8:53 | picarto.tv | udp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | icarus.axeso5.com | udp |
| US | 8.8.8.8:53 | us-smtp-inbound-2.mimecast.com | udp |
| US | 8.8.8.8:53 | ftp.accounts.google.com | udp |
| US | 8.8.8.8:53 | pop.ntamoney.pw | udp |
| US | 8.8.8.8:53 | mail.onlineftp.ch | udp |
Files
memory/2516-1-0x00000000023C0000-0x00000000024C0000-memory.dmp
memory/2516-2-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2516-3-0x0000000000400000-0x00000000022CB000-memory.dmp
memory/1208-4-0x0000000002A00000-0x0000000002A16000-memory.dmp
memory/2516-5-0x0000000000400000-0x00000000022CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A083.exe
| MD5 | 147f5f5bbc80b2ad753993e15f3f32c2 |
| SHA1 | 16d73b4abeef12cf76414338901eb7bbef46775f |
| SHA256 | 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990 |
| SHA512 | 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6 |
memory/2672-17-0x0000000004A20000-0x0000000004BD8000-memory.dmp
memory/2672-23-0x0000000004BE0000-0x0000000004D97000-memory.dmp
memory/2548-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2672-20-0x0000000004A20000-0x0000000004BD8000-memory.dmp
memory/2548-24-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2548-28-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2672-26-0x0000000004A20000-0x0000000004BD8000-memory.dmp
memory/2548-29-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2548-32-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2548-33-0x0000000000400000-0x0000000000848000-memory.dmp
\Users\Admin\AppData\Local\Temp\A4D8.dll
| MD5 | ec7bbeb124686a27a66fd94610749a47 |
| SHA1 | a85a4d2141253a511e68b5058a0876b180231a33 |
| SHA256 | f4643d804cedf707ca2ca95a33aae5f37e721b9621943a65e683d93558e98bf3 |
| SHA512 | 9d669e5b4940de0ccecffa05dc2cb9afc708bfb441e47cff1edd646c8f993b9193b794b706ca69f6360ab16fcdfdec598735ca716f5df7caccf4e6c62597bbaf |
C:\Users\Admin\AppData\Local\Temp\A4D8.dll
| MD5 | d51f19bcd1ca376f77f838df29c18ae7 |
| SHA1 | 569a07ca5dbb81f4b86e427d6d58549bfe1e214c |
| SHA256 | 3209796b4db2b4f95dc60f56ea6bffdaf134044320cbe3236c37d66785ffca27 |
| SHA512 | 56233ed8f9debae4ea81189a1fbedfa2d77bd244870ad0fdcfdbcc346d750a9aa66412024ded9d85f9dbda8e43508f1fe95ec27a56b6245e05ae7b0a41c399b5 |
memory/2548-38-0x0000000000240000-0x0000000000246000-memory.dmp
memory/2548-36-0x0000000010000000-0x00000000101A3000-memory.dmp
\Users\Admin\AppData\Local\Temp\A4D8.dll
| MD5 | a0ed5c4c9eaead8b6096ac13b6bf7172 |
| SHA1 | e4e23579d4f10049673083bd1001ab5f5ff0681b |
| SHA256 | ea96d0a12303b3343b852c8343d159795600b1d2e5f442fd957a3a2e262f1293 |
| SHA512 | e89ab0312aa7f8ea5a29a63910e4b48618ff323e5d8255f66d9c54f8af978a72127ea979e59a6645db869462500d37289af5c14ecea96c45e33e9204143370d5 |
memory/2432-42-0x00000000001C0000-0x00000000001C6000-memory.dmp
memory/2432-43-0x0000000002130000-0x0000000002256000-memory.dmp
memory/2432-44-0x0000000002260000-0x000000000236B000-memory.dmp
memory/2432-47-0x0000000002260000-0x000000000236B000-memory.dmp
memory/2432-48-0x0000000002260000-0x000000000236B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BA1D.exe
| MD5 | 6b1c78b499faa6f767baacb519f52b5a |
| SHA1 | 50a7076253a15aeabfdcce6a9412af2c3b919b21 |
| SHA256 | bbc61ad1b22392b639593113e786113b800c4d77cb59fcdcacc27c5ac2f04e78 |
| SHA512 | 4ba68e34981f6d3fae55971d735c9187c535fb06d63ee6b40af96ffa710b7585b11a4632d77d99c085123bbfa3debdcb1108ef18d62ea6706eb85cce357bd900 |
memory/2548-53-0x00000000028D0000-0x00000000029F6000-memory.dmp
memory/2548-54-0x0000000002A00000-0x0000000002B0B000-memory.dmp
memory/2548-57-0x0000000002A00000-0x0000000002B0B000-memory.dmp
memory/2548-58-0x0000000002A00000-0x0000000002B0B000-memory.dmp
memory/2928-63-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2928-61-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2928-66-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2928-65-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2928-71-0x0000000000900000-0x0000000001504000-memory.dmp
memory/2928-70-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2928-73-0x0000000000100000-0x0000000000101000-memory.dmp
memory/2928-79-0x0000000000150000-0x0000000000151000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C094.exe
| MD5 | 1996a23c7c764a77ccacf5808fec23b0 |
| SHA1 | 5a7141b167056bf8f01c067ebe12ed4ccc608dc7 |
| SHA256 | e40c8e14e8cb8a0667026a35e6e281c7a8a02bdf7bc39b53cfe0605e29372888 |
| SHA512 | 430c8b43c2cbb937d2528fa79c754be1a1b80c95c45c49dba323e3fe6097a7505fc437ddafab54b21d00fba9300b5fa36555535a6fa2eb656b5aa45ccf942e23 |
memory/2928-82-0x0000000000150000-0x0000000000151000-memory.dmp
memory/2928-85-0x0000000000160000-0x0000000000161000-memory.dmp
memory/2928-87-0x0000000000160000-0x0000000000161000-memory.dmp
memory/2928-90-0x0000000000170000-0x0000000000171000-memory.dmp
memory/2928-92-0x0000000000170000-0x0000000000171000-memory.dmp
memory/2928-95-0x0000000000180000-0x0000000000181000-memory.dmp
memory/2928-97-0x0000000000180000-0x0000000000181000-memory.dmp
memory/2928-103-0x0000000000190000-0x0000000000191000-memory.dmp
memory/2928-107-0x0000000000900000-0x0000000001504000-memory.dmp
memory/2928-116-0x00000000773AF000-0x00000000773B0000-memory.dmp
memory/2928-122-0x00000000773B0000-0x00000000773B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E100.exe
| MD5 | 56a8f1a1deac2cb2d677984ea0814a86 |
| SHA1 | a0ca7a714067396454910d12fd1152b34924c596 |
| SHA256 | 98cefc3d0dfc2982d43237ddc8add068285bae376d34ff7164817a5c2b79522d |
| SHA512 | da4be78fe5bde380716a5f71f9df20f54766758cc86132831fdf299962614d1c55e65f0281861ab384454825eba8cd07c6b7003627e5e47f24c1e2227d78837a |
C:\Users\Admin\AppData\Local\Temp\E100.exe
| MD5 | c6e7ae8a0f6238f1f76ea0793218a3a9 |
| SHA1 | d9d21788a927c67d7e3840f4d734b32aea783276 |
| SHA256 | 2f48de3e52a82805ba6c8a3b8568d1d926132eae16d4f59f1001672b7c44e64d |
| SHA512 | 9dc8200a1813d58bd77579d909f7905f85e0e1ef349f0fcce7f83c03dcd002e8bab8617f9f88223bd9c436bd767f2ee8a3539ad30e922624a4a24eeb6be573f0 |
memory/1520-129-0x0000000001350000-0x0000000001C06000-memory.dmp
memory/1520-130-0x0000000073EC0000-0x00000000745AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | cce20cfbe6d368199d19f26e4b3e536a |
| SHA1 | d10ce276500b4f16c34897e91a0ba0bfbc3c4546 |
| SHA256 | 5286f4af703bd4be5ea372e5ae51527d4a8c19c49c09969585f7d93749b828ce |
| SHA512 | 966aa83d8502bc395dfeb5b3fe5da332d425a9e722a208e49947faab2807fddfab54d5ee224d2effcfa855bfb552a43a32b871089f83abece16c424f81d074c3 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | a1550f1fb712586d9359992f9d47e8de |
| SHA1 | 539faf70607d3720a2f2286953a6abd149d8a0de |
| SHA256 | 51c2960f5036ad860ab8946135f42b7e93c5a1b3c29d4aa0a7e604186e24072d |
| SHA512 | 76f3eeab63c16f4d4384b93a6bf1872c65726dd64a3d7e4e5c99aa500288cc13a91f37243f8382cd9f811a98f7e72e205738fa55f04451dde2c0b2d776a18652 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | e30cc233c56680e2cea57a4288da5ceb |
| SHA1 | 6902055f495ff18b87f4caf2b192ac70e5bf43ba |
| SHA256 | dd00f9e12199c66ea43b04769050cabccf01149e38ad473d430f75fe65d3639d |
| SHA512 | 067089852a65218e0cf9e6bdfa124cddee63ba8af0df47aafeaa8aff427cdc0c0c7d9cd132be120115cc2039c2081e3d548a04bdaecd042742824bd7eb32e339 |
\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 759eddf1e97284c7eaafd373272b8b8b |
| SHA1 | ef9dbd8d7363a4717e10edd5b15fcc792ac52542 |
| SHA256 | 8f6566580db735e75498886ff228bcbd330d7afc50d1747af35d7c759fa2f7fd |
| SHA512 | b9356b814d636985cd353018b720ee53b13f76d83ed91a57501aed493f4915b99e8e7d184595f178a5fe2e945dec9a57fa905a3a33115783abc89f4345b3fc1a |
\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 6b92bd38ef7159b9f571350bd1794df9 |
| SHA1 | 53902db161edc0a1db74b89d39565f6909bb9e6c |
| SHA256 | 51b4f9884534b157d2a4790970bb7022eee464c8818c7a06a5f3ed035cd53b58 |
| SHA512 | 2a0e574278cdf838544961ffcf2f189e8328be33c20bd84891b313b992d6da2cab203ab1833608961454a95ceb8bf60b692629f5593013c841eb2dc35175fc00 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 83e87620aa5caceb8464ddcfd4098f42 |
| SHA1 | da132dc220fa59c1df431d2ef918ddfae8d27c46 |
| SHA256 | 215f6afff176e27f941987527bed2d8bec3ef02a5e75ad5c5dd0acc7578c132b |
| SHA512 | 13627af4cc86c0bba53b15d027f0e4486ed85631a48a00a6d10b1ca4392668a52a14c76a647faf69f5650f8bb3ca666d5c225001cd676b59b176c1f8513310db |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | bf2463f2fb8458af768438eed02c8291 |
| SHA1 | 3cfa62905d7d025f3729daae01f6f83dadf028b0 |
| SHA256 | 7660c4b6d3538daffdde040d5252866c6ac1a9cb5484e282ed63a0ca144c1519 |
| SHA512 | 15e234df18c44fe76810d9ad537a939e34091b3ee9173fb20fb24f301baffb0398806bbc534a1249ff35a5ac76989cbcc8428280603a3c68ca6fe8c07a22559d |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 02df76a7b45d874395b4274c2e5b7b1f |
| SHA1 | 1b8d7060e9fa5204fa74efeb4192a168b778e9ca |
| SHA256 | 2f84a4b95126d6047929174a1d44106d9d4f62ba23c77e10218f79eca126d7a9 |
| SHA512 | 5675e3895878a8b558aa4a31e06ea9858ece0dde7eca67d7e80033a96571786790ddaa0a53859f84222eb87e6eaa451245e41b31b8b66ab946a50072d6ab249e |
memory/1520-171-0x0000000073EC0000-0x00000000745AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ECF3.exe
| MD5 | f90585d064b169f106cd91c264019c22 |
| SHA1 | 2ed3c35244831030343b303d3dc9acb6a8a4f4d3 |
| SHA256 | 91a5a68c69045886ee486477b14935bb21a8b7cd830cb96a74a2b63836c98842 |
| SHA512 | e3a2253ea29868735f9940292d1526704f3aaa43ba815d217ef2adb49ec2d18c6616516e16b8fc38a0b40295777dce2fcaf10ad7bef0ec78444cc162e40fb2bd |
\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | f8459e434778ca61097b19134a219ce8 |
| SHA1 | fef49c3dc923a6fecdb6f9fe7919afc01f4cf193 |
| SHA256 | c383fc3663633e5f4ff9a1445384bc0b565e1ccb6c65a387f1cec37e60822edb |
| SHA512 | 2a9671c08d584826ac255e6b12672693e4258b13bc6a13b0504f261e9a953a0f1dc9f35347334d69bf04867cca10b23397870b7ed86a753a4dc53844291f9d5d |
\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 00110fe1e2f7c6f984cd5fa3d2d778b1 |
| SHA1 | 0875e5bcac874d33dfa1246d895a6787cd1d2a0b |
| SHA256 | dd1016d8bd81bc4cb3b17f9fad5db1b48999890a24a06253de4c9e8fdd6cddaa |
| SHA512 | 2ee22e33b6ae015c719c714fdc9dfa332fd10c5b7815bb01e2a2703e9f96b7e8de4c9ef7465477489c31d9c4d33eab9786fba8fd468b602a9f170e68428550ec |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 98cd6717900b39f12037268a0dfeab46 |
| SHA1 | bab980e528f51672c930eea339946c43a5f8463e |
| SHA256 | 053ee32e87c8463b49b89febd25e9d85dc4861a6b630f45c9a026f280f336264 |
| SHA512 | c6a2cdd1d6216835e3c9922e59eb1fefa9e4572a309fb384bce2819936be5b09a3e24e03d9440dc88e51aa9a8b4c13d596fc716265b35574b62de54aa96a89fb |
C:\Users\Admin\AppData\Local\Temp\ECF3.exe
| MD5 | 48c81c86a68569b6c585da608b77de24 |
| SHA1 | 01ce4382b2717f637d97b94e8e6f9ae81a62ad63 |
| SHA256 | 4ab028d9b30bc568d572a7fc0f59c53c09fb86d5a8a73ec5e89c0c029d652310 |
| SHA512 | 3e7a52aba31e1e3ec38eda9624a51a9a1e814aedd4385aca3f60b744173d094f9a5d1fa71de94d4d5e0951dd0f7116ff1765dc0cd6f5b772ed859dd82e568aea |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 4f40587fd67abaf151d51199c2b042fb |
| SHA1 | fcefc1d52107845461cae7f311d3fbc82f456111 |
| SHA256 | 8d9b3db5b522e6dd69e316eaf8b04862857a0857d6c495b9e5638895c446ddf3 |
| SHA512 | 006a6b5e5de5e9bbeb00eb9c83c666935033af1f8ac245e3164fcd28775dd8b541364be6da90ef3d51f5526bf60b59d179d6c53fc3ea0be259a3fe3f90ea4c72 |
memory/1780-174-0x0000000002640000-0x0000000002A38000-memory.dmp
memory/1780-177-0x0000000002A40000-0x000000000332B000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsyF603.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 507fbf89d346ab8ef1c727b89dc54e0d |
| SHA1 | 79b3437b17e933eec0fd085eb8cf0ce8d6684511 |
| SHA256 | ae7187e6eabfd8907276969c7f875600fd20e267856c0f5d33642598f8809b49 |
| SHA512 | 28ce1d83dc474ce1c82e5805c581bc52fe7dd7bce311260bccfe3ff1d2ed5a7fbff65f4a99e1bb3e552f42c7e95bf7e7e04742be83a66ce16958c0ed7f1088f6 |
memory/1780-179-0x0000000000400000-0x0000000000D1C000-memory.dmp
\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | f6467ee1963861687db66d888022da89 |
| SHA1 | e5f3e9b337f4dacb9ea2467e466aea9cc487fa6f |
| SHA256 | 5fad7b0e837bfc717899b9d99272da6fed826dab0b3087500078e8fda8e18186 |
| SHA512 | 70b66cdb372c75fd1b29ea29f97ec57aa3e5553abe6086240fe4d39b75c9217a4e2e6a0f2342ec124f111fc87780a3b91ae3d5a6092f44dfd01df1e462c9e372 |
memory/2548-189-0x0000000000400000-0x0000000000848000-memory.dmp
memory/1168-190-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2548-192-0x0000000000400000-0x0000000000848000-memory.dmp
memory/2008-193-0x00000000023D0000-0x00000000024D0000-memory.dmp
memory/2008-194-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2008-195-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\600.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\600.exe
| MD5 | 09b21dda5c40ea29064d2bdc6b59ec40 |
| SHA1 | 1a8d31b33148e217ba6c6c9ca52e5634e6a30d5e |
| SHA256 | 5e3cda29f500a2e9a000dc540eb287a9bfb815f42220d82e54da6289bf8c5a19 |
| SHA512 | 4911aa0ffda218757bc88039708615d6bfabd35fd0e2a58bcc966ef2beb66dc4f1283ff39f5e3923f95da8495b411162c581c360a35621e15167d9b45daf9ce0 |
memory/2268-204-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-U9REL.tmp\600.tmp
| MD5 | 8fe7736caca3d3b55bd9123f7d5cd780 |
| SHA1 | 68158e0909fced212d9076cc891953624e2b401d |
| SHA256 | 27821f0047bd4f5f8bfc4939bcb22c110e9de3a852f9589fb253b26b3ec25d94 |
| SHA512 | 32c20f6f8a0c333dc1aff88bebdf5e46a93711e0e481af92c13156900874b7dfef584633e13761110031d0d52cbc062ba3749b0541a2adf98e1c80f0da264553 |
\Users\Admin\AppData\Local\Temp\is-VT97H.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-VT97H.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
\Users\Admin\AppData\Local\Temp\is-VT97H.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/2216-238-0x00000000003D0000-0x00000000003D1000-memory.dmp
memory/2008-240-0x0000000000400000-0x00000000022D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1961.exe
| MD5 | fabee0f9fe19eb0b36f858f6e50a3e5a |
| SHA1 | 5141fc64dcf23d7fd5df87c916dd1ab467ccaac3 |
| SHA256 | 3834aa27fbe9a85008659a31f5309391f801c3d33ef59a8a77b8fc78b28b88e2 |
| SHA512 | 32a1affa2f0a70aec97bf10b4e6f7c593d4e19fccd4804b18e0f01fe5899e52e3ba163392ac5f30ddadfac8d0f9cca043ecee98acf13d1b138aec3afb91292b7 |
C:\Users\Admin\AppData\Local\Temp\1961.exe
| MD5 | 7985e64a2789ed1f3add16e96e37bf1c |
| SHA1 | e7fd2afcfc1d64e42a7e5296b5d546062a88f377 |
| SHA256 | 87d2927a16057e179e73758a93f40e310c79b4aed423c335890ffe7cb87a0849 |
| SHA512 | 8ba212a962b781726beb26a23f1d27ba68de825b3617028d942a48be3b480986898a13a82081b5f81c939e77efa2dc90b2c9478e25309277b7820c3f80b113b5 |
\Users\Admin\AppData\Local\Temp\nso191E.tmp
| MD5 | 98f75ae139d548677e3c0ff45c24ed08 |
| SHA1 | 9052843267fd24e8d4dd700d121506a6ccd6935b |
| SHA256 | 83764623a1b1038a7b28ac61a156ca7cdeed91f38c0e3ceb211a3e9380cbdfbe |
| SHA512 | a2efd41d8285b4d506058c0d2e7a01a5a053e0e48932835997778b563c47b6762e3f36c2c49c327513f845735132fa4be5ea2a4609a56352c44f181f2a0d8bbb |
memory/1708-261-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1752-264-0x00000000023C0000-0x00000000024C0000-memory.dmp
memory/1752-265-0x0000000000220000-0x0000000000254000-memory.dmp
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/1752-276-0x0000000000400000-0x00000000022DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 43f81d716e1512d3ed487c3bde4966a2 |
| SHA1 | 42a437fb29e567b137bfae4ff16f7609a3eb72cb |
| SHA256 | e99f92c340ad823896db41dac4c6bdc2be344f6faf0d31a06e7928599da54c9f |
| SHA512 | cd221340cc84b5681664065421f41898aa79960289649d904a4cea354c0b4d5c6c5ced3736a95757647eed7537b1e598a734765616c88a01b72f7157f0fa664c |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | bbf5a2ac4c88c119d625e1a1454632cb |
| SHA1 | e20a65016f765dff8a181091c6fc5e576d1d28c1 |
| SHA256 | 321152babee255c19931b7d33021dc50b6349afe328a6c3566695756c3341cb0 |
| SHA512 | 23a1fc44e345aa3aa467aa1f5024b52037a0c4afa67844df31cc6a9b2e98f5fd41ebd64c4c49370270733b63ee087b17f506124ba096a58bc70b3b710dd7fcb3 |
\ProgramData\nss3.dll
| MD5 | 2e0cd0d3c211342e2ea4533c36e04ad9 |
| SHA1 | 1589eb32b33d30ede1bc6877874ff10ed4cce9e7 |
| SHA256 | 3c15faa7fa4bb8d89105c80b594f2647c7de1c865ebcf4c61f8820741e2ba084 |
| SHA512 | ad25799455edda65c45f53a3c034ebfdb8c4bee27ff83423ba90e180847f6b55ccc1a3ce357b006b041f54187869a00de122eda4a67acfe1a924f488a9e4aeec |
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/1752-374-0x0000000000400000-0x00000000022DC000-memory.dmp
memory/1600-388-0x000000001B220000-0x000000001B502000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1961.exe
| MD5 | bf7711a27b8fcef9e7a68d22222aefcc |
| SHA1 | 16d07c74b6cbe06e3fd2046b588b35cc11160f2c |
| SHA256 | 9b804662e5b27c816f30f621da3ad7bbbfbf0d409bbe72ba23e4e14e8a37f94f |
| SHA512 | 40b680379702799acf6fc073a33ec4e901bd289cd2afde99dc6941953d157806a7612b1b0a23ce4d4232964a3087ec1a3a5d4f80d71fdf288f7986d6b2472eff |
memory/1600-390-0x0000000001CE0000-0x0000000001CE8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-9JUEJ.tmp\1961.tmp
| MD5 | d5709c2171e58c1106a886c080be01f8 |
| SHA1 | 1f7ae64452f9ba78d65c0d4e6a4d0167f26d04d1 |
| SHA256 | 4f80b4906439bec266cc9f4552f7cfd82bdeac0d7bf29da0040a673cd6576561 |
| SHA512 | 965d1eca832cbc354717170a42833212da56117485219203758aff248ceb95139ac0a208fe5eb998467307c13e0be3dd6a1b196ef141bd462cc7642c2cdb5ccd |
\??\c:\users\admin\appdata\local\temp\is-9juej.tmp\1961.tmp
| MD5 | c7e0d3c6368634894ca0ca437764e749 |
| SHA1 | 79e01c1e7aa1fd1917238cee655e25f0c0feb02a |
| SHA256 | b589345c914f5b7ccf8ba14ae0fc3738b20348b345fc3c7aca9e87d7b9b69f66 |
| SHA512 | 76a1a648782657d76d2b32ad85c52467547f6a235cc0a314a818b0848202087a52684bd6521b2559396163bb24cdd593c428acc04e0777878956201d3f8a799b |
C:\Users\Admin\AppData\Local\VSO Inspector\is-RH7SV.tmp
| MD5 | 6231b452e676ade27ca0ceb3a3cf874a |
| SHA1 | f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1 |
| SHA256 | 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf |
| SHA512 | f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c |
memory/1600-418-0x0000000002554000-0x0000000002557000-memory.dmp
memory/2380-422-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 33a1d4cac587bc4187e2363d5afdce5d |
| SHA1 | 27c5deef4b8cf79c6a6e36e62eff1c8f2dcc0b7b |
| SHA256 | 941cc88e59feb02f02eab36f47e3c884184bff0171c831ceabf0461c3c5341b4 |
| SHA512 | 2d35b34e51c4319e48739d460c282ae8a54dfb1249bbf7a59c40b72e80e47bedc95fdc5804e19d85c05397491d2f20a324678db01cfbcb934a20145654be19c4 |
\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | 5b5eff124ad3d7da492aa36dfee68fe6 |
| SHA1 | 8736befb56410c00798dbcb0913ead451fb369e7 |
| SHA256 | bca92d61f9fe5527fc26e255bbd27a5b54cd7f983d5168daa4c19fbccdb57eb8 |
| SHA512 | 3f47fe019324e3a3c8480b4503a64a67559ead7dab4264e31edceac19022b6606a04f568efbaf1a56a44efec9ca46a3513762f05e7b08f126f61115873abfdf7 |
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | f406fcc34147fde35fad83f4388c0b92 |
| SHA1 | 2d2732fdfa76de62cf27ce9a0db03ce1a94681bb |
| SHA256 | cc9ae854603bd0733c33acddd27a151649585490d289817c9af606c4fcf672a9 |
| SHA512 | 860a5302a7ae19661890f7f96a17a47aee87f1655989d57eadd5fe6fbf09b65e1910146eba1d31b5b195b4badf360362c6bdd72c11324146ff985f93db342033 |
\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | b44cc95effcc8b9d7b38cb84842f1c3f |
| SHA1 | 8d15cba2ef69b37e69f6ec3551708bcbcb6ac13a |
| SHA256 | d3902d9a34b47eb4a0b9cc3ec3a86072632d3be0953568d8c96b436ca17586f8 |
| SHA512 | c807769e9b9cedd909f9d8118e45a34a430fa194f4f3856a0b36cc9291fb44a9a348a59fc82be433ca9b241ba02d06499a897195a38e260a0f8191e9ef1bb5fc |
memory/2588-428-0x0000000019C40000-0x0000000019F22000-memory.dmp
memory/2588-431-0x0000000000990000-0x0000000000998000-memory.dmp
memory/1600-421-0x000007FEF5290000-0x000007FEF5C2D000-memory.dmp
memory/1600-420-0x000000000255B000-0x00000000025C2000-memory.dmp
memory/1600-419-0x000007FEF5290000-0x000007FEF5C2D000-memory.dmp
memory/1780-440-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/2588-457-0x000007FEF52C0000-0x000007FEF5C5D000-memory.dmp
memory/2588-480-0x00000000011B0000-0x0000000001230000-memory.dmp
memory/2588-533-0x000007FEF52C0000-0x000007FEF5C5D000-memory.dmp
memory/2588-550-0x00000000011B4000-0x00000000011B7000-memory.dmp
memory/2588-568-0x00000000011B0000-0x0000000001230000-memory.dmp
memory/2588-574-0x000007FEF52C0000-0x000007FEF5C5D000-memory.dmp
memory/2588-613-0x00000000011BB000-0x0000000001222000-memory.dmp
memory/1168-651-0x0000000000240000-0x0000000000241000-memory.dmp
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
| MD5 | cf71d723e6a3a2abdb69313657a0862f |
| SHA1 | 9fae6ddc3f0a9e3c874a278435946d83f3f9ab1c |
| SHA256 | ed443d39cd06137b2b8c8a54057b8a855a84960f41c4bb53ed81028293dfe125 |
| SHA512 | b140ee2a326a7727c80b3c817f266a6f3299102d113cdecf674f70613e90f83b4466fec1b91a3639cc5722e6d5b6c3baabe46d8dabc330c881a5732b32d36d6e |
memory/4052-899-0x0000000000990000-0x0000000000998000-memory.dmp
memory/4052-1296-0x000007FEF5220000-0x000007FEF5BBD000-memory.dmp
memory/4052-1351-0x00000000010E4000-0x00000000010E7000-memory.dmp
memory/4052-1377-0x00000000010EB000-0x0000000001152000-memory.dmp
C:\Users\Admin\AppData\Roaming\getvuvu
| MD5 | 7394f4c6c1fd8d8dc1aa26e88959a08b |
| SHA1 | 1b20e4a51a66e4c82270e6669547bf47dd966fad |
| SHA256 | 5ff0249330e662805cd00089c294494833c800637af670ee25e7abd5079ca66d |
| SHA512 | e3946f65cd60d90d514fa156d0b5c2376ca25b25c73831739314b3537ff8075d98c6dabe020bde03b78ccf7f2862c56eaa08f9979ec6a5a536852b94ee7dd90c |
C:\Windows\TEMP\gbfbijmbpkdw.sys
| MD5 | 0c0195c48b6b8582fa6f6373032118da |
| SHA1 | d25340ae8e92a6d29f599fef426a2bc1b5217299 |
| SHA256 | 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 |
| SHA512 | ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d |
memory/5060-2242-0x000007FEF52C0000-0x000007FEF5C5D000-memory.dmp
memory/5060-2278-0x0000000001154000-0x0000000001157000-memory.dmp
memory/5060-2455-0x000000000115B000-0x00000000011C2000-memory.dmp