Malware Analysis Report

2024-11-30 04:56

Sample ID 240223-felf1abg39
Target 0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297
SHA256 0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297
Tags
glupteba smokeloader stealc pub1 backdoor dropper evasion loader persistence stealer trojan upx dcrat lumma socks5systemz bootkit botnet discovery infostealer rat rootkit spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297

Threat Level: Known bad

The file 0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297 was found to be: Known bad.

Malicious Activity Summary

glupteba smokeloader stealc pub1 backdoor dropper evasion loader persistence stealer trojan upx dcrat lumma socks5systemz bootkit botnet discovery infostealer rat rootkit spyware

Socks5Systemz

SmokeLoader

Lumma Stealer

Glupteba

DcRat

Stealc

Windows security bypass

Glupteba payload

Stops running service(s)

Downloads MZ/PE file

Creates new service(s)

Modifies Windows Firewall

Deletes itself

Loads dropped DLL

Unexpected DNS network traffic destination

UPX packed file

Windows security modification

Reads user/profile data of web browsers

Executes dropped EXE

Reads data files stored by FTP clients

Accesses cryptocurrency files/wallets, possible credential harvesting

Manipulates WinMonFS driver.

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Suspicious use of SetThreadContext

Drops file in System32 directory

Drops file in Windows directory

Checks for VirtualBox DLLs, possible anti-VM trick

Launches sc.exe

Program crash

Enumerates physical storage devices

Unsigned PE

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious behavior: MapViewOfSection

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 04:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 04:47

Reported

2024-02-23 04:52

Platform

win7-20240215-en

Max time kernel

34s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 91.211.247.248 N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2556 set thread context of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1144 wrote to memory of 2556 N/A N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 1144 wrote to memory of 2556 N/A N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 1144 wrote to memory of 2556 N/A N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 1144 wrote to memory of 2556 N/A N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 2556 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6ED9.exe C:\Users\Admin\AppData\Local\Temp\6ED9.exe
PID 1144 wrote to memory of 2564 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1144 wrote to memory of 2564 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1144 wrote to memory of 2564 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1144 wrote to memory of 2564 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1144 wrote to memory of 2564 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2564 wrote to memory of 2660 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2660 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2660 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2660 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2660 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2660 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2660 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1144 wrote to memory of 2568 N/A N/A C:\Users\Admin\AppData\Local\Temp\8519.exe
PID 1144 wrote to memory of 2568 N/A N/A C:\Users\Admin\AppData\Local\Temp\8519.exe
PID 1144 wrote to memory of 2568 N/A N/A C:\Users\Admin\AppData\Local\Temp\8519.exe
PID 1144 wrote to memory of 2568 N/A N/A C:\Users\Admin\AppData\Local\Temp\8519.exe
PID 1144 wrote to memory of 2756 N/A N/A C:\Users\Admin\AppData\Local\Temp\938C.exe
PID 1144 wrote to memory of 2756 N/A N/A C:\Users\Admin\AppData\Local\Temp\938C.exe
PID 1144 wrote to memory of 2756 N/A N/A C:\Users\Admin\AppData\Local\Temp\938C.exe
PID 1144 wrote to memory of 2756 N/A N/A C:\Users\Admin\AppData\Local\Temp\938C.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe

"C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe"

C:\Users\Admin\AppData\Local\Temp\6ED9.exe

C:\Users\Admin\AppData\Local\Temp\6ED9.exe

C:\Users\Admin\AppData\Local\Temp\6ED9.exe

C:\Users\Admin\AppData\Local\Temp\6ED9.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\72A2.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\72A2.dll

C:\Users\Admin\AppData\Local\Temp\8519.exe

C:\Users\Admin\AppData\Local\Temp\8519.exe

C:\Users\Admin\AppData\Local\Temp\938C.exe

C:\Users\Admin\AppData\Local\Temp\938C.exe

C:\Users\Admin\AppData\Local\Temp\C121.exe

C:\Users\Admin\AppData\Local\Temp\C121.exe

C:\Users\Admin\AppData\Local\Temp\DE15.exe

C:\Users\Admin\AppData\Local\Temp\DE15.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\F0FA.exe

C:\Users\Admin\AppData\Local\Temp\F0FA.exe

C:\Users\Admin\AppData\Local\Temp\is-4ONE7.tmp\F0FA.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4ONE7.tmp\F0FA.tmp" /SL5="$90120,4470470,54272,C:\Users\Admin\AppData\Local\Temp\F0FA.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\8BF.exe

C:\Users\Admin\AppData\Local\Temp\8BF.exe

C:\Users\Admin\AppData\Local\Temp\is-40676.tmp\8BF.tmp

"C:\Users\Admin\AppData\Local\Temp\is-40676.tmp\8BF.tmp" /SL5="$2018C,4314505,54272,C:\Users\Admin\AppData\Local\Temp\8BF.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Users\Admin\AppData\Local\Temp\19FE.exe

C:\Users\Admin\AppData\Local\Temp\19FE.exe

C:\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe

"C:\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe" -i

C:\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe

"C:\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe" -s

C:\Users\Admin\AppData\Local\Temp\nsy3390.tmp

C:\Users\Admin\AppData\Local\Temp\nsy3390.tmp

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "UTIXDCVF"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "UTIXDCVF"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\makecab.exe

"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240223044917.log C:\Windows\Logs\CBS\CbsPersist_20240223044917.cab

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\system32\taskeng.exe

taskeng.exe {132E463E-A094-4D80-980E-6955D952F899} S-1-5-21-2248906074-2862704502-246302768-1000:GHPZRGFC\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\rdewbwg

C:\Users\Admin\AppData\Roaming\rdewbwg

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 trmpc.com udp
KR 123.140.161.243:80 trmpc.com tcp
AU 124.168.18.172:9001 tcp
MD 176.123.3.222:9001 tcp
US 8.8.8.8:53 en.bestsup.su udp
US 104.21.29.103:80 en.bestsup.su tcp
DE 116.203.140.74:9001 tcp
DE 185.172.128.90:80 185.172.128.90 tcp
US 185.198.26.149:9001 tcp
DE 131.188.40.189:443 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
US 209.126.103.140:9001 tcp
NL 158.101.203.38:9001 tcp
AT 5.42.64.33:80 5.42.64.33 tcp
SE 213.113.1.191:6881 tcp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:443 pastebin.com tcp
NL 51.15.89.13:14433 xmr-eu2.nanopool.org tcp
NL 158.101.203.38:9001 tcp
US 8.8.8.8:53 pun.unipune.ac.in udp
US 8.8.8.8:53 reg.usps.com udp
US 8.8.8.8:53 us05web.zoom.us udp
US 8.8.8.8:53 pun.unipune.ac.in udp
US 8.8.8.8:53 pg.taleo.net udp
US 8.8.8.8:53 reg.usps.com udp
US 8.8.8.8:53 myaccount.impactconnect.net udp
US 8.8.8.8:53 reg.usps.com udp
US 8.8.8.8:53 bestmining.top udp
US 8.8.8.8:53 us05web.zoom.us udp
US 8.8.8.8:53 us04web.zoom.us udp
US 8.8.8.8:53 pg.taleo.net udp
US 8.8.8.8:53 888casino.ro udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 mx1.pun.unipune.ac.in udp
US 8.8.8.8:53 myaccount.impactconnect.net udp
US 8.8.8.8:53 mx1.pun.unipune.ac.in udp
US 8.8.8.8:53 bestmining.top udp
US 8.8.8.8:53 bestmining.top udp
US 8.8.8.8:53 us04web.zoom.us udp
US 8.8.8.8:53 888casino.ro udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 login.aliexpress.com udp
US 8.8.8.8:53 miggster.com udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 miggster.com udp
US 8.8.8.8:53 login.aliexpress.com udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 krt-club.ru udp
US 8.8.8.8:53 dash.paragoncheats.com udp
US 8.8.8.8:53 support.vulcanelectronics.com udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 krt-club.ru udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 dash.paragoncheats.com udp
US 8.8.8.8:53 authentification-candidat.pole-emploi.fr udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 new.ppy.sh udp
US 8.8.8.8:53 miniroyale.io udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 authentification-candidat.pole-emploi.fr udp
US 8.8.8.8:53 support.vulcanelectronics.com udp
US 8.8.8.8:53 support.vulcanelectronics.com udp
US 8.8.8.8:53 support.vulcanelectronics.com udp
US 8.8.8.8:53 new.ppy.sh udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 miniroyale.io udp
US 8.8.8.8:53 clangsm.com udp
US 8.8.8.8:53 acapellas4u.co.uk udp
US 8.8.8.8:53 clangsm.com udp
GB 23.48.165.149:443 secure01a.chase.com tcp
US 8.8.8.8:53 work.workplace.com udp
US 69.61.52.194:22 clangsm.com tcp
GB 143.244.38.136:443 miniroyale.io tcp
US 69.61.52.194:21 clangsm.com tcp
US 8.8.8.8:53 acapellas4u.co.uk udp
US 8.8.8.8:53 work.workplace.com udp
US 104.21.93.29:21 acapellas4u.co.uk tcp
GB 23.48.165.149:143 secure01a.chase.com tcp
US 8.8.8.8:53 forum.see-game.com udp
US 8.8.8.8:53 areapersonal.vibbo.com udp
GB 143.244.38.136:143 miniroyale.io tcp
GB 163.70.147.4:22 work.workplace.com tcp
US 69.61.52.194:443 clangsm.com tcp
FR 185.215.64.45:143 authentification-candidat.pole-emploi.fr tcp
US 104.21.93.29:22 acapellas4u.co.uk tcp
US 54.165.158.246:995 support.vulcanelectronics.com tcp
US 104.21.93.29:443 acapellas4u.co.uk tcp
GB 163.70.147.4:21 work.workplace.com tcp
US 8.8.8.8:53 wss.uwinnipeg.ca udp
US 8.8.8.8:53 mx.yandex.net udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 forum.see-game.com udp
US 8.8.8.8:53 areapersonal.vibbo.com udp
US 8.8.8.8:53 correo.clangsm.com udp
US 8.8.8.8:53 forum.vimeworld.ru udp
US 8.8.8.8:53 www1.flightrising.com udp
US 8.8.8.8:53 forum.vimeworld.ru udp
US 8.8.8.8:53 wss.uwinnipeg.ca udp
RU 77.88.21.249:143 mx.yandex.net tcp
FR 185.215.64.45:465 authentification-candidat.pole-emploi.fr tcp
FR 185.215.64.45:80 authentification-candidat.pole-emploi.fr tcp
GB 143.244.38.136:465 miniroyale.io tcp
US 8.8.8.8:53 www.acapellas4u.co.uk udp
US 8.8.8.8:53 www1.flightrising.com udp
US 8.8.8.8:53 mobile.twitter.com udp
US 8.8.8.8:53 mobile.twitter.com udp
GB 108.156.39.97:22 areapersonal.vibbo.com tcp
DE 64.190.63.222:995 bestmining.top tcp
US 104.21.93.29:80 www.acapellas4u.co.uk tcp
HU 37.221.209.181:21 forum.see-game.com tcp
GB 23.48.165.132:80 secure01a.chase.com tcp
US 172.67.203.127:21 www.acapellas4u.co.uk tcp
DE 64.190.63.222:143 bestmining.top tcp
RU 77.88.21.249:995 mx.yandex.net tcp
GB 143.244.38.136:80 miniroyale.io tcp
GB 23.48.165.132:80 secure01a.chase.com tcp
GB 23.48.165.132:465 secure01a.chase.com tcp
HU 37.221.209.181:22 forum.see-game.com tcp
GB 143.244.38.136:995 miniroyale.io tcp
FR 185.215.64.45:995 authentification-candidat.pole-emploi.fr tcp
GB 23.48.165.132:995 secure01a.chase.com tcp
US 75.101.237.214:995 support.vulcanelectronics.com tcp
US 69.61.52.194:80 correo.clangsm.com tcp
US 69.61.52.194:143 correo.clangsm.com tcp
US 172.67.203.127:22 www.acapellas4u.co.uk tcp
GB 143.244.38.136:80 miniroyale.io tcp
HU 37.221.209.181:443 forum.see-game.com tcp
US 172.67.207.241:22 forum.vimeworld.ru tcp
GB 163.70.147.4:143 work.workplace.com tcp
GB 23.48.165.132:143 secure01a.chase.com tcp
US 69.61.52.194:995 correo.clangsm.com tcp
CA 142.132.7.26:22 wss.uwinnipeg.ca tcp
HU 37.221.209.177:2030 tcp
GB 108.156.39.97:21 areapersonal.vibbo.com tcp
RU 77.88.21.249:465 mx.yandex.net tcp
GB 163.70.147.4:443 work.workplace.com tcp
FR 185.215.64.45:80 authentification-candidat.pole-emploi.fr tcp
GB 163.70.147.4:80 work.workplace.com tcp
US 69.61.52.194:465 correo.clangsm.com tcp
CA 142.132.7.26:21 wss.uwinnipeg.ca tcp
US 172.67.203.127:443 www.acapellas4u.co.uk tcp
US 199.58.85.136:22 www1.flightrising.com tcp
US 69.61.52.194:80 correo.clangsm.com tcp
GB 108.156.39.97:443 areapersonal.vibbo.com tcp
US 104.244.42.198:22 mobile.twitter.com tcp
US 199.58.85.136:21 www1.flightrising.com tcp
GB 163.70.147.4:465 work.workplace.com tcp
CA 142.132.7.26:443 wss.uwinnipeg.ca tcp
GB 163.70.147.4:995 work.workplace.com tcp
GB 23.48.165.149:465 secure01a.chase.com tcp
US 8.8.8.8:53 login.wmtransfer.com udp
US 8.8.8.8:53 yggtorrent.is udp
US 8.8.8.8:53 bayi.demirdokum.com.tr udp
US 8.8.8.8:53 login.wmtransfer.com udp
US 8.8.8.8:53 yggtorrent.is udp
US 8.8.8.8:53 secure01a.chase.com udp
GB 23.48.165.149:995 secure01a.chase.com tcp
GB 108.156.39.7:22 areapersonal.vibbo.com tcp
US 104.21.74.244:22 forum.vimeworld.ru tcp
US 172.67.207.241:443 forum.vimeworld.ru tcp
GB 108.156.39.7:21 areapersonal.vibbo.com tcp
GB 143.244.38.136:143 miniroyale.io tcp
HU 37.221.209.181:143 forum.see-game.com tcp
RU 91.227.52.69:22 login.wmtransfer.com tcp
US 172.67.130.149:22 yggtorrent.is tcp
US 104.21.93.29:443 www.acapellas4u.co.uk tcp
CA 142.132.7.26:465 wss.uwinnipeg.ca tcp
CA 142.132.7.26:80 wss.uwinnipeg.ca tcp
GB 108.156.39.97:143 areapersonal.vibbo.com tcp
US 172.67.207.241:21 forum.vimeworld.ru tcp
US 199.58.85.136:443 www1.flightrising.com tcp
HU 37.221.209.181:465 forum.see-game.com tcp
GB 23.48.165.132:80 secure01a.chase.com tcp
US 104.244.42.198:21 mobile.twitter.com tcp
US 104.244.42.198:443 mobile.twitter.com tcp
RU 91.227.52.69:21 login.wmtransfer.com tcp
US 8.8.8.8:53 banaozel.sahibinden.com udp
US 8.8.8.8:53 bayi.demirdokum.com.tr udp
GB 108.156.39.7:143 areapersonal.vibbo.com tcp
GB 143.244.38.136:465 miniroyale.io tcp
RU 91.200.28.69:22 login.wmtransfer.com tcp
US 104.21.3.109:22 yggtorrent.is tcp
RU 91.227.52.69:443 login.wmtransfer.com tcp
HU 37.221.209.181:21 forum.see-game.com tcp
US 104.244.42.198:143 mobile.twitter.com tcp
US 8.8.8.8:53 email.bol.uol.com.br udp
US 8.8.8.8:53 banaozel.sahibinden.com udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 forum.vimeworld.com udp
US 69.61.52.194:21 correo.clangsm.com tcp
GB 23.48.165.132:80 secure01a.chase.com tcp
GB 108.156.39.97:80 areapersonal.vibbo.com tcp
US 104.21.93.29:21 www.acapellas4u.co.uk tcp
GB 163.70.147.4:22 work.workplace.com tcp
US 104.21.93.29:80 www.acapellas4u.co.uk tcp
US 172.67.207.241:465 forum.vimeworld.ru tcp
US 172.67.130.149:443 yggtorrent.is tcp
DE 64.190.63.222:995 bestmining.top tcp
US 104.244.42.198:465 mobile.twitter.com tcp
GB 143.244.38.136:995 miniroyale.io tcp
GB 108.156.39.97:995 areapersonal.vibbo.com tcp
GB 108.156.39.97:80 areapersonal.vibbo.com tcp
US 199.58.85.136:22 www1.flightrising.com tcp
US 172.67.207.241:143 forum.vimeworld.ru tcp
US 69.61.52.194:443 correo.clangsm.com tcp
HU 37.221.209.181:22 forum.see-game.com tcp
US 69.61.52.194:995 correo.clangsm.com tcp
US 199.58.85.136:995 www1.flightrising.com tcp
US 69.61.52.194:22 correo.clangsm.com tcp
TR 213.14.45.170:21 bayi.demirdokum.com.tr tcp
US 54.165.158.246:995 support.vulcanelectronics.com tcp
TR 213.14.45.170:22 bayi.demirdokum.com.tr tcp
FR 185.215.64.45:80 authentification-candidat.pole-emploi.fr tcp
GB 163.70.147.4:443 work.workplace.com tcp
FR 185.215.64.45:143 authentification-candidat.pole-emploi.fr tcp
US 104.244.42.198:80 mobile.twitter.com tcp
US 104.21.93.29:22 www.acapellas4u.co.uk tcp
RU 77.88.21.249:465 mx.yandex.net tcp
GB 23.48.165.132:143 secure01a.chase.com tcp
US 8.8.8.8:53 jwmatch.com udp
US 172.67.203.127:21 www.acapellas4u.co.uk tcp
US 199.58.85.136:80 www1.flightrising.com tcp
HU 37.221.209.181:80 forum.see-game.com tcp
GB 143.244.38.136:443 miniroyale.io tcp
RU 77.88.21.249:143 mx.yandex.net tcp
US 172.64.154.73:21 banaozel.sahibinden.com tcp
GB 108.156.39.97:22 areapersonal.vibbo.com tcp
US 172.67.130.149:143 yggtorrent.is tcp
DE 64.190.63.222:143 bestmining.top tcp
US 172.67.130.149:80 yggtorrent.is tcp
US 69.61.52.194:465 correo.clangsm.com tcp
TR 213.14.45.170:443 bayi.demirdokum.com.tr tcp
US 172.64.154.73:22 banaozel.sahibinden.com tcp
GB 163.70.147.4:21 work.workplace.com tcp
TR 213.14.45.170:143 bayi.demirdokum.com.tr tcp
US 172.67.203.127:443 www.acapellas4u.co.uk tcp
US 69.61.52.194:80 correo.clangsm.com tcp
GB 23.48.165.149:465 secure01a.chase.com tcp
US 104.21.74.244:465 forum.vimeworld.ru tcp
GB 23.48.165.149:80 secure01a.chase.com tcp
US 104.18.33.183:21 banaozel.sahibinden.com tcp
GB 108.156.39.7:22 areapersonal.vibbo.com tcp
US 104.244.42.198:995 mobile.twitter.com tcp
US 104.21.3.109:143 yggtorrent.is tcp
US 8.8.8.8:53 mx.yandex.net udp
FR 185.215.64.45:80 authentification-candidat.pole-emploi.fr tcp
US 8.8.8.8:53 email.bol.uol.com.br udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 email.bol.uol.com.br udp
US 8.8.8.8:53 jwmatch.com udp
US 8.8.8.8:53 exar.cc udp
US 8.8.8.8:53 mx.hsalvador.cl udp
US 8.8.8.8:53 yggtorrent.qa udp
US 8.8.8.8:53 exar.cc udp
US 8.8.8.8:53 mobile.twitter.com udp
US 8.8.8.8:53 mail.pg.taleo.net udp
US 8.8.8.8:53 mobile.twitter.com udp
US 172.67.130.149:22 yggtorrent.is tcp
US 8.8.8.8:53 miniroyale.io udp
US 8.8.8.8:53 mx.hsalvador.cl udp
TR 213.14.45.170:80 bayi.demirdokum.com.tr tcp
US 172.67.207.241:80 forum.vimeworld.ru tcp
US 104.26.2.20:443 yggtorrent.qa tcp
US 199.58.85.136:443 www1.flightrising.com tcp
US 104.21.93.29:990 www.acapellas4u.co.uk tcp
GB 163.70.147.4:80 work.workplace.com tcp
US 104.26.2.20:443 yggtorrent.qa tcp
NL 108.177.119.84:80 accounts.google.com tcp
GB 163.70.147.4:222 work.workplace.com tcp
US 104.244.42.198:465 mobile.twitter.com tcp
DE 64.190.63.222:110 bestmining.top tcp
RU 91.227.52.69:80 login.wmtransfer.com tcp
GB 108.156.39.97:80 areapersonal.vibbo.com tcp
US 199.58.85.136:80 www1.flightrising.com tcp
CA 142.132.7.26:80 wss.uwinnipeg.ca tcp
GB 23.48.165.132:80 secure01a.chase.com tcp
US 8.8.8.8:53 ftp.pg.taleo.net udp
US 8.8.8.8:53 pt.worldofwarships.ru udp
US 8.8.8.8:53 krb-xjobs.brassring.com udp
GB 143.244.38.136:80 miniroyale.io tcp
US 8.8.8.8:53 my.account.sony.com udp
US 8.8.8.8:53 backyardchickens.com udp
US 8.8.8.8:53 pwnwin.com udp
US 8.8.8.8:53 pt.worldofwarships.ru udp
US 8.8.8.8:53 krb-xjobs.brassring.com udp
US 104.21.93.29:80 www.acapellas4u.co.uk tcp
US 69.61.52.194:80 correo.clangsm.com tcp
US 8.8.8.8:53 secure01a.chase.com udp
US 104.244.42.198:443 mobile.twitter.com tcp
BR 200.147.4.73:80 email.bol.uol.com.br tcp
BR 200.147.4.73:80 email.bol.uol.com.br tcp
FR 185.215.64.45:80 authentification-candidat.pole-emploi.fr tcp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 op.mx.datingbuzz.com udp
US 8.8.8.8:53 op.mx.datingbuzz.com udp
US 8.8.8.8:53 my.account.sony.com udp
US 8.8.8.8:53 backyardchickens.com udp
US 8.8.8.8:53 pwnwin.com udp
US 8.8.8.8:53 en.tera.gameforge.com udp
US 8.8.8.8:53 idm.east.cox.net udp
US 8.8.8.8:53 ead.ufrgs.br udp
US 8.8.8.8:53 vadana43.iauec.ac.ir udp
US 8.8.8.8:53 survey.caneup.in udp
NL 212.32.224.181:80 jwmatch.com tcp
US 172.67.130.149:80 yggtorrent.is tcp
NL 108.177.119.84:443 accounts.google.com tcp
US 199.58.85.136:80 www1.flightrising.com tcp
CL 216.241.12.147:80 mx.hsalvador.cl tcp
TR 213.14.45.170:80 bayi.demirdokum.com.tr tcp
RU 91.227.52.69:80 login.wmtransfer.com tcp
GB 163.70.147.4:443 work.workplace.com tcp
US 8.8.8.8:53 signin.ebay.es udp
US 172.67.221.88:80 exar.cc tcp
TR 213.14.45.170:443 bayi.demirdokum.com.tr tcp
US 8.8.8.8:53 evoice.com udp
US 8.8.8.8:53 efisend.efidem.com udp
GB 108.156.39.97:80 areapersonal.vibbo.com tcp
GB 23.48.165.132:80 secure01a.chase.com tcp
RU 91.227.52.69:443 login.wmtransfer.com tcp
US 8.8.8.8:53 mol.mapfre.com.br udp
US 8.8.8.8:53 capretraite-entreprises.fr udp
US 8.8.8.8:53 xenupload.com udp
US 8.8.8.8:53 en.tera.gameforge.com udp
US 8.8.8.8:53 idm.east.cox.net udp
US 8.8.8.8:53 survey.caneup.in udp
US 8.8.8.8:53 survey.caneup.in udp
US 8.8.8.8:53 chinashipshop.com udp
US 8.8.8.8:53 krb-xjobs.brassring.com udp
US 8.8.8.8:53 miniroyale.io udp
US 8.8.8.8:53 ead.ufrgs.br udp
US 69.61.52.194:80 correo.clangsm.com tcp
US 8.8.8.8:53 mx0.pwnwin.com udp
US 8.8.8.8:53 areapersonal.vibbo.com udp
US 8.8.8.8:53 my.account.sony.com udp
GB 23.213.249.160:80 krb-xjobs.brassring.com tcp
GB 23.48.165.151:80 my.account.sony.com tcp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 foro-ciudad.com udp
US 40.112.58.135:80 pwnwin.com tcp
US 8.8.8.8:53 vadana43.iauec.ac.ir udp
US 8.8.8.8:53 auth.supercanal-arlink.com.ar udp
US 8.8.8.8:53 vadana43.iauec.ac.ir udp
US 8.8.8.8:53 efisend.efidem.com udp
US 8.8.8.8:53 evoice.com udp
US 8.8.8.8:53 mobile.twitter.com udp
US 8.8.8.8:53 signin.ebay.es udp
US 8.8.8.8:53 signin.ebay.es udp
US 8.8.8.8:53 vadana43.iauec.ac.ir udp
US 8.8.8.8:53 mol.mapfre.com.br udp
US 8.8.8.8:53 g91.tcsion.com udp
US 8.8.8.8:53 g6.menofia.education udp
US 8.8.8.8:53 capretraite-entreprises.fr udp
US 8.8.8.8:53 capretraite-entreprises.fr udp
US 8.8.8.8:53 mol.mapfre.com.br udp
US 8.8.8.8:53 mol.mapfre.com.br udp
US 8.8.8.8:53 capitalwitness.cyou udp
US 8.8.8.8:53 login.blockchain.com udp
US 8.8.8.8:53 kikuu.co.tz udp
US 8.8.8.8:53 online.fortunebetng.com udp
US 8.8.8.8:53 eca.ir udp
US 8.8.8.8:53 xenupload.com udp
US 8.8.8.8:53 xenupload.com udp
US 8.8.8.8:53 chinashipshop.com udp
US 8.8.8.8:53 xenupload.com udp
US 8.8.8.8:53 foro-ciudad.com udp
US 8.8.8.8:53 chinashipshop.com udp
US 8.8.8.8:53 ftp.acapellas4u.co.uk udp
US 8.8.8.8:53 foro-ciudad.com udp
US 8.8.8.8:53 auth.supercanal-arlink.com.ar udp
US 8.8.8.8:53 g91.tcsion.com udp
US 8.8.8.8:53 work.workplace.com udp
US 8.8.8.8:53 foro-ciudad.com udp
US 8.8.8.8:53 ftp.forum.see-game.com udp
US 8.8.8.8:53 mail.bestmining.top udp
US 8.8.8.8:53 ftp.new.ppy.sh udp
US 8.8.8.8:53 ftp.work.workplace.com udp
US 8.8.8.8:53 kikuu.co.tz udp
US 8.8.8.8:53 capitalwitness.cyou udp
US 8.8.8.8:53 auth.supercanal-arlink.com.ar udp
US 8.8.8.8:53 g6.menofia.education udp
US 8.8.8.8:53 mail.support.vulcanelectronics.com udp
US 8.8.8.8:53 g6.menofia.education udp
US 8.8.8.8:53 online.fortunebetng.com udp
US 8.8.8.8:53 mail-relay.capretraite-entreprises.fr udp
US 8.8.8.8:53 mx.zoho.com udp
US 8.8.8.8:53 mail.new.ppy.sh udp
US 8.8.8.8:53 mail.miniroyale.io udp
US 8.8.8.8:53 mx1.privateemail.com udp
LT 91.211.247.248:53 ezczohx.ua udp
US 8.8.8.8:53 login.blockchain.com udp
US 8.8.8.8:53 login.blockchain.com udp
US 8.8.8.8:53 login.blockchain.com udp
US 8.8.8.8:53 eca.ir udp
US 8.8.8.8:53 eca.ir udp
US 8.8.8.8:53 eca.ir udp
US 104.26.4.105:80 backyardchickens.com tcp
US 40.112.58.135:80 pwnwin.com tcp
BR 200.147.4.73:80 email.bol.uol.com.br tcp
US 199.58.85.136:80 www1.flightrising.com tcp
US 45.60.47.167:80 idm.east.cox.net tcp
NL 212.32.224.181:80 jwmatch.com tcp
TR 213.14.45.170:80 bayi.demirdokum.com.tr tcp
GB 108.156.39.89:80 areapersonal.vibbo.com tcp
RU 91.227.52.69:80 login.wmtransfer.com tcp
FR 185.215.64.45:80 authentification-candidat.pole-emploi.fr tcp
GB 23.48.165.132:80 secure01a.chase.com tcp
NL 108.177.119.84:80 accounts.google.com tcp
US 69.61.52.194:443 correo.clangsm.com tcp
BR 143.54.1.84:80 ead.ufrgs.br tcp
DE 144.36.172.96:80 capretraite-entreprises.fr tcp
BR 177.11.240.156:80 mol.mapfre.com.br tcp
GB 143.244.38.136:443 miniroyale.io tcp
FR 92.222.136.4:80 efisend.efidem.com tcp
US 172.67.207.241:443 forum.vimeworld.ru tcp
US 172.67.221.88:80 exar.cc tcp
US 8.8.8.8:53 my.account.sony.com udp
US 8.8.8.8:53 my.account.sony.com udp
US 8.8.8.8:53 mail.foro-ciudad.com udp
CA 142.132.7.26:80 wss.uwinnipeg.ca tcp
GB 163.70.147.4:80 ftp.work.workplace.com tcp
DE 79.110.87.192:80 en.tera.gameforge.com tcp
BH 157.241.27.231:80 chinashipshop.com tcp
GB 104.84.81.174:80 signin.ebay.es tcp
US 104.21.20.49:80 xenupload.com tcp
US 172.67.221.88:80 exar.cc tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 email.bol.uol.com.br udp
CL 216.241.12.147:80 mx.hsalvador.cl tcp
US 8.8.8.8:53 signin.ebay.es udp
US 8.8.8.8:53 mail.forum.see-game.com udp
BR 143.54.1.84:80 ead.ufrgs.br tcp
US 8.8.8.8:53 idm.east.cox.net udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 krb-xjobs.brassring.com udp
US 8.8.8.8:53 ftp.www1.flightrising.com udp
US 8.8.8.8:53 mobile.twitter.com udp
US 8.8.8.8:53 mobile.twitter.com udp
US 8.8.8.8:53 g91.tcsion.com udp
US 8.8.8.8:53 g91.tcsion.com udp
US 45.60.47.167:80 idm.east.cox.net tcp
US 104.26.4.105:443 backyardchickens.com tcp
US 8.8.8.8:53 mail.eca.ir udp
US 8.8.8.8:53 srdelperdon.sieweb.com.pe udp
US 8.8.8.8:53 miniroyale.io udp
US 8.8.8.8:53 ftp.banaozel.sahibinden.com udp
US 8.8.8.8:53 ftp.wss.uwinnipeg.ca udp
US 8.8.8.8:53 ftp.areapersonal.vibbo.com udp
US 8.8.8.8:53 ssh.pg.taleo.net udp
US 8.8.8.8:53 ftp.yggtorrent.is udp
US 8.8.8.8:53 mail.wss.uwinnipeg.ca udp
US 8.8.8.8:53 mail.work.workplace.com udp
US 8.8.8.8:53 ftp.mobile.twitter.com udp
US 8.8.8.8:53 ftp.bayi.demirdokum.com.tr udp
US 8.8.8.8:53 mail.areapersonal.vibbo.com udp
US 8.8.8.8:53 my.account.sony.com udp
US 8.8.8.8:53 reg.usps.com udp
US 8.8.8.8:53 us05web.zoom.us udp
US 8.8.8.8:53 us05web.zoom.us udp
US 8.8.8.8:53 www.gameforge.com udp
US 8.8.8.8:53 888casino.ro udp
US 8.8.8.8:53 login.aliexpress.com udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 support.vulcanelectronics.com udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
GB 23.48.165.153:80 g91.tcsion.com tcp
US 8.8.8.8:53 srdelperdon.sieweb.com.pe udp
US 8.8.8.8:53 mail.www1.flightrising.com udp
IR 94.74.145.24:80 mail.eca.ir tcp
US 8.8.8.8:53 ftp.forum.vimeworld.ru udp
US 8.8.8.8:53 mail.secure01a.chase.com udp
US 8.8.8.8:53 ftp.login.wmtransfer.com udp
DE 47.254.149.8:80 kikuu.co.tz tcp
GB 108.156.39.89:80 mail.areapersonal.vibbo.com tcp
DE 144.36.172.96:80 capretraite-entreprises.fr tcp
US 8.8.8.8:53 mail.authentification-candidat.pole-emploi.fr udp
US 8.8.8.8:53 signin.ebay.es udp
US 8.8.8.8:53 us04web.zoom.us udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 www.chinashipshop.com udp
NL 212.32.224.181:443 jwmatch.com tcp
US 8.8.8.8:53 collection.bajajfinserv.in udp
US 8.8.8.8:53 mail.bayi.demirdokum.com.tr udp
US 8.8.8.8:53 ftp.mx.hsalvador.cl udp
US 69.61.52.194:80 correo.clangsm.com tcp
US 104.26.2.20:443 yggtorrent.qa tcp
AR 190.113.128.133:80 auth.supercanal-arlink.com.ar tcp
US 34.69.199.94:80 g6.menofia.education tcp
FR 92.222.136.4:80 efisend.efidem.com tcp
GB 143.244.38.136:80 miniroyale.io tcp
GB 23.48.165.151:443 collection.bajajfinserv.in tcp
DE 79.110.87.192:80 www.gameforge.com tcp
CL 216.241.12.147:443 mx.hsalvador.cl tcp
FR 185.215.64.45:80 authentification-candidat.pole-emploi.fr tcp
GB 18.244.179.106:80 888casino.ro tcp
DE 64.190.63.222:80 mail.bestmining.top tcp
US 104.21.20.70:80 dash.paragoncheats.com tcp
ZA 160.119.234.38:80 online.fortunebetng.com tcp
GB 159.8.144.76:80 mail.foro-ciudad.com tcp
TR 213.14.45.170:80 bayi.demirdokum.com.tr tcp
US 8.8.8.8:53 pop.pg.taleo.net udp
AR 190.113.128.133:80 auth.supercanal-arlink.com.ar tcp
US 8.8.8.8:53 mail.mobile.twitter.com udp
US 8.8.8.8:53 secure01a.chase.com udp
US 8.8.8.8:53 mail.banaozel.sahibinden.com udp
US 34.69.199.94:80 g6.menofia.education tcp
US 8.8.8.8:53 ftp.jwmatch.com udp
US 8.8.8.8:53 ftp.email.bol.uol.com.br udp
US 8.8.8.8:53 g91.tcsion.com udp
US 8.8.8.8:53 krb-xjobs.brassring.com udp
US 8.8.8.8:53 www.backyardchickens.com udp
US 8.8.8.8:53 alt1.gmr-smtp-in.l.google.com udp
US 8.8.8.8:53 my.account.sony.com udp
IN 115.111.110.183:80 pun.unipune.ac.in tcp
RU 91.227.52.69:80 login.wmtransfer.com tcp
GB 104.82.235.52:80 login.aliexpress.com tcp
US 34.192.116.162:80 support.vulcanelectronics.com tcp
US 104.16.30.98:80 login.blockchain.com tcp
ZA 160.119.234.38:80 online.fortunebetng.com tcp
US 192.229.221.165:80 reg.usps.com tcp
US 170.114.52.4:80 us04web.zoom.us tcp
US 170.114.52.5:80 us05web.zoom.us tcp
US 172.67.148.104:80 krt-club.ru tcp
US 104.244.42.198:80 mobile.twitter.com tcp
BH 157.241.27.231:80 www.chinashipshop.com tcp
NL 108.177.119.84:80 accounts.google.com tcp
GB 23.48.165.161:80 collection.bajajfinserv.in tcp

Files

memory/1516-2-0x00000000003A0000-0x00000000003AB000-memory.dmp

memory/1516-1-0x0000000000230000-0x0000000000330000-memory.dmp

memory/1516-3-0x0000000000400000-0x0000000000816000-memory.dmp

memory/1516-5-0x0000000000400000-0x0000000000816000-memory.dmp

memory/1144-4-0x0000000002100000-0x0000000002116000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6ED9.exe

MD5 147f5f5bbc80b2ad753993e15f3f32c2
SHA1 16d73b4abeef12cf76414338901eb7bbef46775f
SHA256 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990
SHA512 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6

memory/2556-17-0x00000000047D0000-0x0000000004988000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6ED9.exe

MD5 1ee45bed38e979e72454a504d63948f2
SHA1 539333d30ea6aaeb29664ed4fff595bf369fc8c4
SHA256 ddb984750cbebcb92c19186c65b622d11b44753855af3864222bfba8b8419da1
SHA512 b20a38a306aa75cef5be1956cb014ffb4637a43025fc0e74fc8c574302a2cf51f4ec4dcaa4ddee25483f79ffca5a01ea4b3165d421986511ba6989078d38b888

memory/2556-21-0x00000000047D0000-0x0000000004988000-memory.dmp

memory/3068-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2556-23-0x0000000004990000-0x0000000004B47000-memory.dmp

memory/3068-24-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3068-27-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3068-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3068-29-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3068-30-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3068-31-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\72A2.dll

MD5 096b59d76eb04bcebd8358732264a13c
SHA1 ca4988ce7f1e2a40bd24c8cffd5c56cf9f7790da
SHA256 64cbe129c5e029be7f2b32b8080c17634f2ff2e6f08fc2afff8690c1931f0bd0
SHA512 1f0556c7e167e7fc7894398fe3af9ff0869021d469d99cb6be2b329a7ad4b83d6f52b847f88f88a8b73583fc41c8dee70874e92a34003db26037536d222cfa50

\Users\Admin\AppData\Local\Temp\72A2.dll

MD5 6797b5ce4697becd585efa3db8a40041
SHA1 c26ebc7d911f1f5ed5d163b0f2005001c10b25e4
SHA256 ced1f0dae2bac5eae88dfb40818b16144f4e5c3a801f63aa6f5268fb0c987d15
SHA512 015f4182f622690a84e4bdde83949c19ee325f15a51bbeca11abf6c51898c6289397424187590d66d6d1d7aff037c7a8491b0dd36f78893b342ebee54a11bb96

memory/3068-36-0x0000000000240000-0x0000000000246000-memory.dmp

\Users\Admin\AppData\Local\Temp\72A2.dll

MD5 61460855fac38f1d8a00863c955baede
SHA1 d31faa7a0464145d4e6bfe83258126beac452a39
SHA256 e1e606bf8016fdecef5b3a6abf69718dfbb45018eafea1dfc554a5eff007c12e
SHA512 9eb06ab7c202e76944463149bc6e9ed489f64720f11b1bc61c56d139bc8a9727b797e1664d1eeb4219c138a197c9d517d76c046f34a66b3729eefb6b6f358b40

memory/2660-40-0x00000000001B0000-0x00000000001B6000-memory.dmp

memory/3068-35-0x0000000010000000-0x00000000101A3000-memory.dmp

memory/3068-42-0x0000000002830000-0x0000000002956000-memory.dmp

memory/3068-43-0x0000000002960000-0x0000000002A6B000-memory.dmp

memory/3068-46-0x0000000002960000-0x0000000002A6B000-memory.dmp

memory/2660-47-0x0000000002570000-0x0000000002696000-memory.dmp

memory/2660-48-0x00000000026A0000-0x00000000027AB000-memory.dmp

memory/2660-52-0x00000000026A0000-0x00000000027AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\8519.exe

MD5 10c552ce732bd03358c0513b2cd1f319
SHA1 3ca2c43e4206dc6b3c10b9affd97b110ddf88e85
SHA256 3189ee82c5d575584a21f169dc81e3e8c4992fd2052175e29849118e3da65bda
SHA512 5000548bb2b9f246eda2639eea603a424ca41d59f696a41c3b2c4463ae1aaf92f28c1bf6efe35f91f50c92532225c97481b79d2619a5aeb5adac90016a8fb55a

memory/2568-56-0x00000000000F0000-0x00000000000F1000-memory.dmp

memory/2568-59-0x00000000000F0000-0x00000000000F1000-memory.dmp

memory/2568-58-0x0000000000330000-0x0000000000F34000-memory.dmp

memory/2568-61-0x00000000000F0000-0x00000000000F1000-memory.dmp

memory/2568-62-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2568-64-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2568-66-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2568-69-0x0000000000250000-0x0000000000251000-memory.dmp

memory/2568-72-0x0000000000250000-0x0000000000251000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\938C.exe

MD5 1996a23c7c764a77ccacf5808fec23b0
SHA1 5a7141b167056bf8f01c067ebe12ed4ccc608dc7
SHA256 e40c8e14e8cb8a0667026a35e6e281c7a8a02bdf7bc39b53cfe0605e29372888
SHA512 430c8b43c2cbb937d2528fa79c754be1a1b80c95c45c49dba323e3fe6097a7505fc437ddafab54b21d00fba9300b5fa36555535a6fa2eb656b5aa45ccf942e23

memory/2568-78-0x0000000000260000-0x0000000000261000-memory.dmp

memory/2568-80-0x0000000000260000-0x0000000000261000-memory.dmp

memory/2568-83-0x0000000000270000-0x0000000000271000-memory.dmp

memory/2568-85-0x0000000000270000-0x0000000000271000-memory.dmp

memory/2568-88-0x0000000000280000-0x0000000000281000-memory.dmp

memory/2568-90-0x0000000000280000-0x0000000000281000-memory.dmp

memory/2568-96-0x0000000000290000-0x0000000000291000-memory.dmp

memory/2568-105-0x000000007798F000-0x0000000077990000-memory.dmp

memory/2568-103-0x0000000000330000-0x0000000000F34000-memory.dmp

memory/2568-116-0x0000000077990000-0x0000000077991000-memory.dmp

memory/2568-122-0x000000007798F000-0x0000000077990000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C121.exe

MD5 3259d0e8fafc7839ed8e6664b083dc4a
SHA1 d8e3cf75bb8065abadf9be640f7e5e83c52c3008
SHA256 b7d5d6765cf8a6685ecf21cbaa296ee9bc3ebb38be68a7b5a8541e65ad798216
SHA512 f0e783d7ae96d6489de02520ccaba2e64a7612b198b36bf7dde98a7ad4039d61ba40445980e8cdd90f5e0dcb9918ec63a3558655e0218953bd22714fc3d711c0

C:\Users\Admin\AppData\Local\Temp\C121.exe

MD5 7c5f93e3cf0ca3a525d38ad61c6d023f
SHA1 3c0fe7c9b9a50286723bda634ce40cde46a42faf
SHA256 67764b62e9fe7546fa12b8f8af95f5258cb7af8d172ea89b6f52e0d5ab269179
SHA512 612bdf50be463a6dc55632b6079d46fc39cd6859377442767426c48af6da076e777d07ee49daa327fa797823e68b87f3782ff8c85d1b7719a7bb87160d8bca7c

memory/2916-129-0x0000000000B50000-0x0000000001406000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DE15.exe

MD5 48c81c86a68569b6c585da608b77de24
SHA1 01ce4382b2717f637d97b94e8e6f9ae81a62ad63
SHA256 4ab028d9b30bc568d572a7fc0f59c53c09fb86d5a8a73ec5e89c0c029d652310
SHA512 3e7a52aba31e1e3ec38eda9624a51a9a1e814aedd4385aca3f60b744173d094f9a5d1fa71de94d4d5e0951dd0f7116ff1765dc0cd6f5b772ed859dd82e568aea

memory/2916-145-0x0000000074330000-0x0000000074A1E000-memory.dmp

memory/2056-155-0x0000000000220000-0x000000000022B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 fc38310973cf92ef5d0eaf23758c5420
SHA1 f67e38d66151d77eb528dd37e9c492dfeb913011
SHA256 b2ae25d2170d4ddc0ca6f24766a5a11a82d92c48b33e3f7ddc39f5252cf7f73b
SHA512 a041e229870805a1128582fd32fa83b1fccb8c750535ff29a903a1adf8962a412b0719f260033d9bf5b9e9c389a28b148837687441919f226b324ff69d98c77a

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 c7fe878e6fc3be20c84b5e85b97efe17
SHA1 51ebfabdef927465e68c5843ae4f2a930b82a24b
SHA256 a4a662c0c92c27d74fc00f6f5e24b1b4116da7d582607161f0570cdfcc0a6040
SHA512 24f2fd40425ce1a1585157255b0dbb856635fa2fb08f00419693ebf8e0c774d47890aad7b69adee08b315607b0bc68375421737f4785b577110894028a013289

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 a8c70b8503cf28727a8ab611f388ac76
SHA1 a841b20bb496d1f052fc4d479ab90b73e988fa0d
SHA256 fe5a07e1f54145e52034c341c79c66de11c8ea1e8ba9a0f1c27a82211a225a2e
SHA512 a7cf09cd58029d7f035672921c968ba485626263daac008b777a9291f4f51f170593a4919240c57867304fa2be8db2db7b7c62d8ed44c35b6dbc8f30601438b9

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d378fd2b15848b7a718dcbcf69fa0766
SHA1 fc5cd16b156ebebe3b98b97c2af85ffbf5ef10f0
SHA256 cce58fe749530e81feff898986569fa1ce4d02a9dc4d189a7e1659c0736bc102
SHA512 2f7b7b39fc610742bf00a4eb78cdd3fa35f39eef9ca6689a4059c5929bc0b439748e8af0c2796a1bcd9f9cb096939a65736de390ee9fe956db46b1efdc5eb1c2

memory/2056-158-0x0000000000400000-0x00000000022D1000-memory.dmp

memory/2056-160-0x00000000023F0000-0x00000000024F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F0FA.exe

MD5 66116a1ca2aa0d96a644b0e9b2523e53
SHA1 1e7b886d269fab3b777f695d9208b99b2e6220e9
SHA256 023a2023bc54ec4abe45ec7fdba3de03948f9598e9e0d470d4a95db6fbb46b3c
SHA512 48ce788ad9d8462295a7b951b260a3273f136c0f09c1e66bdba9c9d9f937b03a30a628da03c9cbe89d54c3aa6cf028b8b6f57e29921a8632fae23ce7047fc57e

memory/3068-165-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F0FA.exe

MD5 f76037a587690e458b87cbbe8334063c
SHA1 11a72ef4c9345677f4d0152c62e5db146b28c880
SHA256 0178edb86b934f91659e1309b19ca7ef12a92f76c8c5e3e71b494e70f1ae6387
SHA512 acd0b6b1030cd0b04bb17a93ae7a267cfafa4c63e68bc95f273e967440c12790be8a40544d671d2b9023d0207e4199c8622f1a157dc925fbb1720c527462c219

memory/1728-167-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1048-171-0x00000000027F0000-0x0000000002BE8000-memory.dmp

memory/1048-172-0x0000000002BF0000-0x00000000034DB000-memory.dmp

memory/1048-174-0x0000000000400000-0x0000000000D1C000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-4ONE7.tmp\F0FA.tmp

MD5 8fe7736caca3d3b55bd9123f7d5cd780
SHA1 68158e0909fced212d9076cc891953624e2b401d
SHA256 27821f0047bd4f5f8bfc4939bcb22c110e9de3a852f9589fb253b26b3ec25d94
SHA512 32c20f6f8a0c333dc1aff88bebdf5e46a93711e0e481af92c13156900874b7dfef584633e13761110031d0d52cbc062ba3749b0541a2adf98e1c80f0da264553

\Users\Admin\AppData\Local\Temp\is-7HNV4.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

\Users\Admin\AppData\Local\Temp\is-7HNV4.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

\Users\Admin\AppData\Local\Temp\is-7HNV4.tmp\_isetup\_isdecmp.dll

MD5 a813d18268affd4763dde940246dc7e5
SHA1 c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256 e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
SHA512 b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

memory/2088-180-0x00000000001D0000-0x00000000001D1000-memory.dmp

\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 1f198a0e192f334f8d3197bbb0bc7eed
SHA1 a174e3d808eb8214fa9984ac5d357b449772c6b6
SHA256 ef16866adc5290e024ffdcdedb14ea8c124eff2a2d59bb13184a54df3edd029a
SHA512 423e46396a4877fda92828915e06812f24dea21556c21e0a73e349156c9a88b0b1b5f8cb4e6057bc2ab3b553affa570429c3fd1767552f9e7db9359442a66e1e

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 ffd3a79fbade7aed628f253202565bb0
SHA1 dcccf899a1d061e878d1c610b578966af8bf1517
SHA256 59061043417927ef9887d4d6c2f8ca2fdea216c23798390a1eb0be583331f82f
SHA512 78352d185a0a5f36e61a179845e65263abc7f7b07520712b305e8d1a78753527d9667a439f764f364a6fe10231b2e4d7febbeca936c9579f9eec11c001f7a0b9

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 fea9c8c717d93c6dc7775a7ba76ad147
SHA1 5b2193a16299f0eb48f6f294fe74fa7638afbd08
SHA256 cc7d7efb36539348eae2c6f09d101a353fb3e12f8504e217c8687aad036c35e3
SHA512 85222cbe8a5aa1f8b3213d41792c8634800a3e34ae586a85cda78f3123a11eb3522da0eff80a50df8bb2a9b18550f1c90fe159a8aee789c25f9c4f852a10f9cb

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 02df76a7b45d874395b4274c2e5b7b1f
SHA1 1b8d7060e9fa5204fa74efeb4192a168b778e9ca
SHA256 2f84a4b95126d6047929174a1d44106d9d4f62ba23c77e10218f79eca126d7a9
SHA512 5675e3895878a8b558aa4a31e06ea9858ece0dde7eca67d7e80033a96571786790ddaa0a53859f84222eb87e6eaa451245e41b31b8b66ab946a50072d6ab249e

\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 58c7043511ed8a16767ebc74401c4783
SHA1 350db4eb503f57c99dc4435c81824fbadd7219f1
SHA256 97f731221f45601793d9ded763219d315652e6a3e7d78e726bfb32bd77de4edb
SHA512 4be8aca193ec3f7a57c6c6ea90fdeea52d16f400a4fed9fb12508378ddb71322ba809479a989359956a00c06b8c3823581f969d216d6b1068aac2b945f3de8b8

\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 47bd11c4ca54e653df8072e66150f63e
SHA1 e825c61f642083c5cd69d3252269e8cde76a97bc
SHA256 9b803e7bdeb61c437d39b3dafd70a1205bda43bfb073ebf6a090ec1dfba6e06c
SHA512 7c9ca0e87f554881a02cf1b204d51166f6400a81d09a75213f0a05400233916518bd4e733f4b8097bff0d6dd8fe3a408deb7ff04c2dcafc9e1d03c1199945639

\Users\Admin\AppData\Local\Temp\BroomSetup.exe

MD5 bd29941d02e5945870812c9b88084c2a
SHA1 3bd1a439ee687dbdc3ca2a88a0f3f475344fd4b5
SHA256 de8c90d7e2a65e4fae7549dcff4ed57b75d437e73deb6159678153bf7393d635
SHA512 e22c27f54597fed8599aafad074e0fad38fdfe155699a966d62168bd156f43903264c7330d03f415cd38a5e7e0e8b18763e37d342e855e45b4bd065cc9362770

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

MD5 e5e26d58a98b7a1be3cb218be3d92687
SHA1 d8128f0c1fdbad1693c4e51a0e614f5b5472917b
SHA256 75f4ca4c988e342ca0a381d103410df4eeb524c1e48f02c0f68db7736dd4245c
SHA512 0b837179ac3d80a4c9e0762c12642ec27b5f3f220060accca00a4add9293efbdc379cfa9bb85b58a5fc671ef559aadd4c0f51c761fa75159cde50b5d406a641b

\Users\Admin\AppData\Local\Temp\nsyFF75.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

memory/2916-218-0x0000000074330000-0x0000000074A1E000-memory.dmp

memory/1592-230-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\8BF.exe

MD5 fabee0f9fe19eb0b36f858f6e50a3e5a
SHA1 5141fc64dcf23d7fd5df87c916dd1ab467ccaac3
SHA256 3834aa27fbe9a85008659a31f5309391f801c3d33ef59a8a77b8fc78b28b88e2
SHA512 32a1affa2f0a70aec97bf10b4e6f7c593d4e19fccd4804b18e0f01fe5899e52e3ba163392ac5f30ddadfac8d0f9cca043ecee98acf13d1b138aec3afb91292b7

C:\Users\Admin\AppData\Local\Temp\8BF.exe

MD5 28db5a3a807ed78b5894f6ff296dd68a
SHA1 58d630059469d9c943b9d2849f2f6813345eb30f
SHA256 e082405be9aaf49fa14dbaf56fa79a21e5d1681a732a221280076acd74626d91
SHA512 52a15428c34f1ad4d485550002b396ad2dc87c0d71524fe1bba2dd6713d7f89bcd302a928b71c7de4751f8234a95b4c5995322c11d1c15e59c49ef311b1667c6

C:\Users\Admin\AppData\Local\Temp\8BF.exe

MD5 3b1121b3e2cd7140392652e7283a2afe
SHA1 eb12e52a4623e6eed2c60b33716823cdd1cfc9bc
SHA256 2523de842f01902bb162705bb87eeaccbed547f6a9b4f0bd3e7c3b211edec76b
SHA512 4b0ff1b6a66bd2f54f2b81ae5d85ec1ebf59d8becf57462d83259253ab69fb943c048dd151730f279bfbe63e22f1cbb97606a354562a349429448f67737e8730

memory/1420-242-0x0000000000400000-0x0000000000414000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-40676.tmp\8BF.tmp

MD5 d5709c2171e58c1106a886c080be01f8
SHA1 1f7ae64452f9ba78d65c0d4e6a4d0167f26d04d1
SHA256 4f80b4906439bec266cc9f4552f7cfd82bdeac0d7bf29da0040a673cd6576561
SHA512 965d1eca832cbc354717170a42833212da56117485219203758aff248ceb95139ac0a208fe5eb998467307c13e0be3dd6a1b196ef141bd462cc7642c2cdb5ccd

memory/1620-259-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\VSO Inspector\is-ULDTR.tmp

MD5 6231b452e676ade27ca0ceb3a3cf874a
SHA1 f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1
SHA256 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf
SHA512 f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c

C:\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe

MD5 4946347eab868074a77120b398697529
SHA1 51aa8ea670c04ad1f4eaa96a3f02a4b87f5f7aae
SHA256 a3749dec3aaf9f2e9693242d60e4e61a2300b6fbd389d695fd203b4085d831f3
SHA512 9f7635944721e9579b9faa80bf420efe49e7739e781cca0ad0ba5559bdba53e126597beacd010cdeda86d546069a14209f6ea3e406b987676aea699c9bce4c82

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/2056-308-0x0000000000400000-0x00000000022D1000-memory.dmp

memory/1620-309-0x00000000034F0000-0x000000000385E000-memory.dmp

memory/2400-311-0x0000000000400000-0x000000000076E000-memory.dmp

memory/2056-310-0x00000000023F0000-0x00000000024F0000-memory.dmp

\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe

MD5 97f998f8c37a9412a1d021e06b1b35bf
SHA1 a006836875c85d2abc2b2867b556b28474ac6395
SHA256 ee78b8dff427f5515dcf1a451cb63e39f02d9b495991e821c3fbb194e89ec8d1
SHA512 852d6abe971ceef6e90373096806e1c0992931094d49f1ba8e001efef128d8445ab48a2e73f98e44023d87e82a299abf8743e5a7da3eb40e4819b797b6dfdbaf

C:\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe

MD5 ab8726e4c1d3e34290f51d0b98d95904
SHA1 5798c9c7ad60b84eec84a516f9a08bffd02b007e
SHA256 92d31ca0b3b591fffaf7594a2c0f05e8b05f949b7e105cae3362d8f094724359
SHA512 cc90465977eb60e9c6023ff9e90e69ed5b57d1920712335a1a5a925a4d1fbbbf84bc458f7cc14d7eac3d19d4e6b21737afafed1da316433841ecc5d250496f0a

memory/2400-323-0x0000000000400000-0x000000000076E000-memory.dmp

C:\Users\Admin\AppData\Local\VSO Inspector\vsoinspector.exe

MD5 c2341b89865c9868b0353796f272179a
SHA1 0dffea7f5624a79c9ef9368c63aa982e50098c23
SHA256 cccd715bc054e754ce13038f6d511e27e8c7fff10a641c66b34880da11e885a4
SHA512 467aeac781cc20cd0d36520a663b40685fc3c6e059846ba288683157a90c8bb3eafe9620ad320eff4b8ba0c9fa9d2eb6b263742898e519742b26650ca557081a

memory/1728-327-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2828-328-0x0000000000400000-0x000000000076E000-memory.dmp

memory/1048-329-0x00000000027F0000-0x0000000002BE8000-memory.dmp

\Users\Admin\AppData\Local\Temp\nsyFF75.tmp\INetC.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\nsy3390.tmp

MD5 98f75ae139d548677e3c0ff45c24ed08
SHA1 9052843267fd24e8d4dd700d121506a6ccd6935b
SHA256 83764623a1b1038a7b28ac61a156ca7cdeed91f38c0e3ceb211a3e9380cbdfbe
SHA512 a2efd41d8285b4d506058c0d2e7a01a5a053e0e48932835997778b563c47b6762e3f36c2c49c327513f845735132fa4be5ea2a4609a56352c44f181f2a0d8bbb

memory/1048-352-0x0000000002BF0000-0x00000000034DB000-memory.dmp

memory/1944-353-0x00000000002B0000-0x00000000003B0000-memory.dmp

memory/1944-354-0x00000000001B0000-0x00000000001E4000-memory.dmp

memory/1944-355-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/1048-365-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/2828-367-0x0000000000400000-0x000000000076E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 6faeafc563d9d8d5431538b3cd29c2a0
SHA1 ca8cb7afa8ebee3aa6c043c60127490fbb495e7a
SHA256 aaa2ea8e0ace3dba4cac7034284ad170b547743a69496525204874bf50d21635
SHA512 9d2f9b5b44cc36974ba22b4785675891428e3630b779b77f94c3c2e1564ad2f490114a7dbd2979a9f8296048d8012df72b990c9a129d6acecbadf2f56b27040d

memory/2088-425-0x00000000001D0000-0x00000000001D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 7633edfa34707f37303e49d8841d7641
SHA1 e36cb33401d00967b1efbf0d814778cbefe3e769
SHA256 df40816abdefb2a46b710ef837a5f9a8755b6b9870f50936e8b21de9effe30cd
SHA512 07c12618aff10af0cd0e3abfbef3cd94715cca677232ade572b549f94eb7cb76aec03deb4289ce2c606bd1c6bf361738d5c7d5d201c692f5ad037842e4bacd5c

\ProgramData\nss3.dll

MD5 eb335c567613806902e65e3d6934d6b9
SHA1 6c11ba841c86b3002b4b3c2a31ebab74649ed56e
SHA256 4c57c52bb021ddbf70d5b7c71dc734f10120682cb77fe2bae0062ceba16a95a5
SHA512 fd6cb2b418ee03fe4735b636a71aaa91ff975011920ac9106784b791a576a2629da4981ebe77d1c20e9f6b4f767be9605c0ebced70ddb5647d2c1af405f006dc

\ProgramData\mozglue.dll

MD5 a47c9a22d04f7a89ffb338ec0d9163f2
SHA1 c779b4e0bd380889d053a5a2e64fac7e5c9f0d85
SHA256 c67b8f01d1b007cf0abea4f89d1272a146116b398d97c0873889e4f3bc1aa2a5
SHA512 64ebbee2f2f0884096e5b0996b30adae289549ba24f19fb3858f638148f358cd9a6f2fb370c0b2a44e821cb00b5a49468f849c97e9aa8ee413bbae11b57d72f4

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 69d8541afe9eb5d47b8a4ec080212d19
SHA1 2bd9cda3c37de1569edc024935374ef90a8d186b
SHA256 5731567f5316e5c8535d8b9aa0ec8c2c839b89dbba2dd9aacbc76e46b26080b7
SHA512 56aa8cc13b79695bf1c0e1ce51302d569411d22072dbfca1943e97a3d5fe5e6f7c66ce341f8f065de73a85c9d29c820570202aa6977d89e3e5a979ccceec0c95

memory/1944-462-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/1592-475-0x0000000000240000-0x0000000000241000-memory.dmp

memory/1420-481-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1260-482-0x000000001B430000-0x000000001B712000-memory.dmp

memory/1260-484-0x0000000001EB0000-0x0000000001EB8000-memory.dmp

memory/1260-485-0x000007FEF5A40000-0x000007FEF63DD000-memory.dmp

memory/1260-486-0x0000000002B20000-0x0000000002BA0000-memory.dmp

memory/1260-487-0x000007FEF5A40000-0x000007FEF63DD000-memory.dmp

memory/1260-488-0x0000000002B20000-0x0000000002BA0000-memory.dmp

memory/1260-490-0x0000000002B20000-0x0000000002BA0000-memory.dmp

memory/1620-491-0x00000000034F0000-0x000000000385E000-memory.dmp

memory/1260-492-0x0000000002B20000-0x0000000002BA0000-memory.dmp

memory/1260-493-0x000007FEF5A40000-0x000007FEF63DD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 fabe58a3b5913e67d05e658e26364b8d
SHA1 88e90ef4a3003b00c4b3af1a723af31e3ab33b9a
SHA256 298ec1da13a2a9295e02b3889d53d558a173965ed1fce91ae60badd9f11857e6
SHA512 ba19a4f93ae9b5892a55ec523e3db9b9cc3c997b27834484e39e0f7aec0e96c93b0ce4f1559abaa8351e3bb7754ef211a929ed48f9817b519c4ab648773a50b2

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 76fea50e87334c9bd1688042885094dd
SHA1 7339821d372becf0e7fb16431ca2f9c468a53320
SHA256 0306bbca2aaee204f0937211aa5667bf1a8a174bbb10e758cab65cc92cd65a6c
SHA512 1a18bffcef1190e4b2a3bd1994557f460b5912b21dc2847f99514a7c838aba176c0b44bcfddbb1f77a878e94b153741391d170b588b4946f99ef426431cb499d

\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 361e3588f3a36f468cb193a3fe81716f
SHA1 e14c4082cb9b103262db16cad16bcb987533610b
SHA256 deb79d0a4a4ed61a04471bef47f085a84002e3c64979b3d9f7e5e2b2e74eb775
SHA512 553dcd9bcd76ddaba16dba635abe3bd33d49c242846dadab0272b7616c63905bd2ad3674306ce2236965f7810041a4afe707ce73bff149535eef3f7f156862c4

memory/2120-499-0x0000000019E80000-0x000000001A162000-memory.dmp

memory/2120-502-0x0000000000A20000-0x0000000000A28000-memory.dmp

memory/2120-503-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

memory/2120-505-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

memory/2120-506-0x0000000001440000-0x00000000014C0000-memory.dmp

memory/2120-507-0x0000000001440000-0x00000000014C0000-memory.dmp

memory/2120-504-0x0000000001440000-0x00000000014C0000-memory.dmp

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 dc301e7b410b4824b071332b3fbfe2f1
SHA1 a9deda9c23931439801ee28e848d5be2582046fa
SHA256 74c128080dda13dc7847c4d1e9681dbac8ed2754c6178d2d66312b72431cf429
SHA512 a394de8c9414d89ae9b48cb491d6c07a9bde679665581d81a66e49897d30f38f149f9e1d8c2e542c2e356b3e6a002b81f757875e6c8be24f3651c11b90365fd3

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 16be2fa376fb55e287a325a2d4e62ed6
SHA1 92fd23ab86cc174272ad97788ed6f80b0eb9d5d0
SHA256 5f40b34b635bb651a7944c455d44f1a015488843682fe5423abdca44938b94b9
SHA512 e86f8b02d92d327aa7a11e886e72c78a08153381b4f5e8d968ec874c200ca75dd7e14c77905dedc57de414ad3621c0a8d00b780396738f83bd3359f8229666b3

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 04:47

Reported

2024-02-23 04:52

Platform

win10-20240221-en

Max time kernel

300s

Max time network

303s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe"

Signatures

DcRat

rat infostealer dcrat
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\BB9F.exe N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

SmokeLoader

trojan backdoor smokeloader

Socks5Systemz

botnet socks5systemz

Stealc

stealer stealc

Windows security bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Creates new service(s)

persistence

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D1C9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\D610.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FourthX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\715.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1BB7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\301B.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EH6O8.tmp\301B.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\34AF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
N/A N/A C:\Windows\rss\csrss.exe N/A
N/A N/A C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\gbawthj N/A
N/A N/A C:\Users\Admin\AppData\Roaming\agawthj N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe N/A
N/A N/A C:\Windows\windefender.exe N/A
N/A N/A C:\Windows\windefender.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 45.155.250.90 N/A N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\288c47bbc1871b439df19ff4df68f076.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\BB9F.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\"" C:\Windows\rss\csrss.exe N/A

Checks installed software on the system

discovery

Manipulates WinMonFS driver.

rootkit evasion
Description Indicator Process Target
File opened for modification \??\WinMonFS C:\Windows\rss\csrss.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\D610.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\MRT.exe C:\Users\Admin\AppData\Local\Temp\FourthX.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2064 set thread context of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rss C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
File created C:\Windows\rss\csrss.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
File created C:\Windows\windefender.exe C:\Windows\rss\csrss.exe N/A
File opened for modification C:\Windows\windefender.exe C:\Windows\rss\csrss.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\gbawthj N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\715.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\715.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\715.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\gbawthj N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Roaming\gbawthj N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2001 = "Cabo Verde Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-742 = "New Zealand Standard Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2391 = "Aleutian Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2612 = "Bougainville Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2431 = "Cuba Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2322 = "Sakhalin Standard Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-151 = "Central America Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1472 = "Magadan Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-451 = "Caucasus Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2571 = "Turks and Caicos Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-292 = "Central European Standard Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-111 = "Eastern Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-871 = "Pakistan Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2182 = "Astrakhan Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-385 = "Namibia Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-541 = "Myanmar Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-631 = "Tokyo Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-215 = "Pacific Standard Time (Mexico)" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-302 = "Romance Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-832 = "SA Eastern Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2321 = "Sakhalin Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1862 = "Russia TZ 6 Standard Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-281 = "Central Europe Daylight Time" C:\Windows\windefender.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2492 = "Aus Central W. Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-401 = "Arabic Daylight Time" C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-511 = "Central Asia Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-362 = "GTB Standard Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2511 = "Lord Howe Daylight Time" C:\Windows\windefender.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" C:\Windows\windefender.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\cmd.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EH6O8.tmp\301B.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3316 wrote to memory of 2064 N/A N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 3316 wrote to memory of 2064 N/A N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 3316 wrote to memory of 2064 N/A N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 2064 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\BB9F.exe C:\Users\Admin\AppData\Local\Temp\BB9F.exe
PID 3316 wrote to memory of 2696 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3316 wrote to memory of 2696 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2696 wrote to memory of 1128 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2696 wrote to memory of 1128 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2696 wrote to memory of 1128 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3316 wrote to memory of 2964 N/A N/A C:\Users\Admin\AppData\Local\Temp\D1C9.exe
PID 3316 wrote to memory of 2964 N/A N/A C:\Users\Admin\AppData\Local\Temp\D1C9.exe
PID 3316 wrote to memory of 2964 N/A N/A C:\Users\Admin\AppData\Local\Temp\D1C9.exe
PID 3316 wrote to memory of 316 N/A N/A C:\Users\Admin\AppData\Local\Temp\D610.exe
PID 3316 wrote to memory of 316 N/A N/A C:\Users\Admin\AppData\Local\Temp\D610.exe
PID 3316 wrote to memory of 316 N/A N/A C:\Users\Admin\AppData\Local\Temp\D610.exe
PID 3316 wrote to memory of 936 N/A N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe
PID 3316 wrote to memory of 936 N/A N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe
PID 3316 wrote to memory of 936 N/A N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe
PID 936 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 936 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 936 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
PID 936 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
PID 936 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
PID 936 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
PID 936 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\FourthX.exe
PID 936 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\F5FD.exe C:\Users\Admin\AppData\Local\Temp\FourthX.exe
PID 3868 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
PID 3868 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
PID 3868 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
PID 4968 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe C:\Windows\SysWOW64\cmd.exe
PID 4968 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe C:\Windows\SysWOW64\cmd.exe
PID 4968 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe C:\Windows\SysWOW64\cmd.exe
PID 3868 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp
PID 3868 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp
PID 3868 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp
PID 3316 wrote to memory of 4564 N/A N/A C:\Users\Admin\AppData\Local\Temp\715.exe
PID 3316 wrote to memory of 4564 N/A N/A C:\Users\Admin\AppData\Local\Temp\715.exe
PID 3316 wrote to memory of 4564 N/A N/A C:\Users\Admin\AppData\Local\Temp\715.exe
PID 3828 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3828 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3828 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 3316 wrote to memory of 2680 N/A N/A C:\Users\Admin\AppData\Local\Temp\1BB7.exe
PID 3316 wrote to memory of 2680 N/A N/A C:\Users\Admin\AppData\Local\Temp\1BB7.exe
PID 3316 wrote to memory of 2680 N/A N/A C:\Users\Admin\AppData\Local\Temp\1BB7.exe
PID 2680 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\1BB7.exe C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp
PID 2680 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\1BB7.exe C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp
PID 2680 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\1BB7.exe C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp
PID 3828 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3828 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3828 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4224 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
PID 4224 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
PID 4224 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
PID 4224 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
PID 4224 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
PID 4224 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
PID 528 wrote to memory of 1132 N/A C:\Windows\System32\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe

"C:\Users\Admin\AppData\Local\Temp\0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297.exe"

C:\Users\Admin\AppData\Local\Temp\BB9F.exe

C:\Users\Admin\AppData\Local\Temp\BB9F.exe

C:\Users\Admin\AppData\Local\Temp\BB9F.exe

C:\Users\Admin\AppData\Local\Temp\BB9F.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\C0C1.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\C0C1.dll

C:\Users\Admin\AppData\Local\Temp\D1C9.exe

C:\Users\Admin\AppData\Local\Temp\D1C9.exe

C:\Users\Admin\AppData\Local\Temp\D610.exe

C:\Users\Admin\AppData\Local\Temp\D610.exe

C:\Users\Admin\AppData\Local\Temp\F5FD.exe

C:\Users\Admin\AppData\Local\Temp\F5FD.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp

C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp

C:\Users\Admin\AppData\Local\Temp\715.exe

C:\Users\Admin\AppData\Local\Temp\715.exe

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Users\Admin\AppData\Local\Temp\1BB7.exe

C:\Users\Admin\AppData\Local\Temp\1BB7.exe

C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp" /SL5="$9023E,4470470,54272,C:\Users\Admin\AppData\Local\Temp\1BB7.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe

"C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe" -i

C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe

"C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe" -s

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\301B.exe

C:\Users\Admin\AppData\Local\Temp\301B.exe

C:\Users\Admin\AppData\Local\Temp\is-EH6O8.tmp\301B.tmp

"C:\Users\Admin\AppData\Local\Temp\is-EH6O8.tmp\301B.tmp" /SL5="$702D8,4314505,54272,C:\Users\Admin\AppData\Local\Temp\301B.exe"

C:\Users\Admin\AppData\Local\Temp\34AF.exe

C:\Users\Admin\AppData\Local\Temp\34AF.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "UTIXDCVF"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "UTIXDCVF"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\agawthj

C:\Users\Admin\AppData\Roaming\agawthj

C:\Users\Admin\AppData\Roaming\gbawthj

C:\Users\Admin\AppData\Roaming\gbawthj

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 14376

C:\Windows\system32\WerFault.exe

"C:\Windows\system32\WerFault.exe" -k -lc PoW32kWatchdog PoW32kWatchdog-20240223-0450.dm

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 492

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\windefender.exe

"C:\Windows\windefender.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\windefender.exe

C:\Windows\windefender.exe

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
N/A 127.0.0.1:49801 tcp
NL 185.142.239.49:4444 tcp
SG 116.12.180.237:7443 tcp
UA 193.218.118.100:9001 tcp
IL 80.66.135.13:9001 tcp
DE 194.140.117.58:993 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 172.67.217.100:443 resergvearyinitiani.shop tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 100.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 trmpc.com udp
US 8.8.8.8:53 associationokeo.shop udp
KR 211.181.24.132:80 trmpc.com tcp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 132.24.181.211.in-addr.arpa udp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 en.bestsup.su udp
US 104.21.29.103:80 en.bestsup.su tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 103.29.21.104.in-addr.arpa udp
GB 109.150.12.235:443 tcp
DE 131.188.40.189:443 tcp
US 8.8.8.8:53 189.40.188.131.in-addr.arpa udp
FI 95.217.36.40:9993 tcp
LT 217.117.29.93:443 tcp
US 8.8.8.8:53 93.29.117.217.in-addr.arpa udp
US 8.8.8.8:53 40.36.217.95.in-addr.arpa udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 8.8.8.8:53 33.64.42.5.in-addr.arpa udp
LT 217.117.29.93:443 tcp
FI 95.217.36.40:9993 tcp
CA 68.67.32.31:9001 tcp
US 8.8.8.8:53 31.32.67.68.in-addr.arpa udp
US 8.8.8.8:53 sjyey.com udp
AR 186.13.17.220:80 sjyey.com tcp
US 8.8.8.8:53 220.17.13.186.in-addr.arpa udp
AR 186.13.17.220:80 sjyey.com tcp
US 8.8.8.8:53 blog.insideafrika.store udp
US 8.8.8.8:53 blog.insideafrika.store udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 tplinkrepeater.net udp
US 104.21.56.52:22 blog.insideafrika.store tcp
US 8.8.8.8:53 tplinkrepeater.net udp
US 104.21.56.52:443 blog.insideafrika.store tcp
US 3.224.42.34:22 tplinkrepeater.net tcp
US 8.8.8.8:53 esinav.istanbul.edu.tr udp
US 104.21.56.52:21 blog.insideafrika.store tcp
US 8.8.8.8:53 accounts.google.com udp
US 104.21.56.52:143 blog.insideafrika.store tcp
US 3.224.42.34:21 tplinkrepeater.net tcp
US 8.8.8.8:53 esinav.istanbul.edu.tr udp
US 172.67.177.254:22 blog.insideafrika.store tcp
US 3.224.42.34:443 tplinkrepeater.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 104.21.56.52:465 blog.insideafrika.store tcp
TR 194.27.136.247:22 esinav.istanbul.edu.tr tcp
US 8.8.8.8:53 miaula.seguelrobotics.com udp
US 8.8.8.8:53 mail1.falabella.cl.cmrfalabella.com udp
US 104.21.56.52:80 blog.insideafrika.store tcp
NL 108.177.119.84:22 accounts.google.com tcp
N/A 127.0.0.1:15078 tcp
US 172.67.177.254:21 blog.insideafrika.store tcp
NL 108.177.119.84:21 accounts.google.com tcp
TR 194.27.136.247:21 esinav.istanbul.edu.tr tcp
US 8.8.8.8:53 miaula.seguelrobotics.com udp
US 172.67.177.254:143 blog.insideafrika.store tcp
US 8.8.8.8:53 xim4.com udp
US 104.21.56.52:995 blog.insideafrika.store tcp
US 8.8.8.8:53 cmrfalabella.com udp
US 3.227.55.118:22 miaula.seguelrobotics.com tcp
US 172.67.177.254:465 blog.insideafrika.store tcp
TR 194.27.136.247:443 esinav.istanbul.edu.tr tcp
US 3.224.42.34:143 tplinkrepeater.net tcp
US 172.67.177.254:995 blog.insideafrika.store tcp
US 8.8.8.8:53 xim4.com udp
US 3.227.55.118:21 miaula.seguelrobotics.com tcp
NL 108.177.119.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.alipay.com udp
US 104.21.24.113:22 xim4.com tcp
US 172.67.218.91:22 xim4.com tcp
US 3.224.42.34:465 tplinkrepeater.net tcp
US 3.224.42.34:80 tplinkrepeater.net tcp
US 8.8.8.8:53 accounts.alipay.com udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 bdvenlinea.banvenez.com udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 bdvenlinea.banvenez.com udp
US 8.8.8.8:53 vrchat.com udp
US 8.8.8.8:53 52.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 vrchat.com udp
US 8.8.8.8:53 meualelo.com.br udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 meualelo.com.br udp
US 8.8.8.8:53 hrkgame.com udp
US 8.8.8.8:53 hrkgame.com udp
US 8.8.8.8:53 users.nexusmods.com udp
US 8.8.8.8:53 alt1.gmr-smtp-in.l.google.com udp
TR 194.27.136.247:80 esinav.istanbul.edu.tr tcp
US 8.8.8.8:53 users.nexusmods.com udp
US 8.8.8.8:53 ver.zapitv.com udp
NL 108.177.119.84:80 accounts.google.com tcp
US 8.8.8.8:53 smartr.me udp
US 8.8.8.8:53 smartr.me udp
US 8.8.8.8:53 certifiedfieldassociate.com udp
US 8.8.8.8:53 certifiedfieldassociate.com udp
US 8.8.8.8:53 mascotapuntos.com udp
US 8.8.8.8:53 mascotapuntos.com udp
US 8.8.8.8:53 ver.zapitv.com udp
US 8.8.8.8:53 34.42.224.3.in-addr.arpa udp
US 8.8.8.8:53 web.roblox.com udp
US 8.8.8.8:53 badlion.net udp
US 8.8.8.8:53 web.roblox.com udp
US 104.21.56.52:443 blog.insideafrika.store tcp
US 8.8.8.8:53 badlion.net udp
US 8.8.8.8:53 login3.id.hp.com udp
US 8.8.8.8:53 mail1.falabella.cl.cmrfalabella.com udp
US 8.8.8.8:53 login3.id.hp.com udp
US 3.227.55.118:80 miaula.seguelrobotics.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 3.227.55.118:80 miaula.seguelrobotics.com tcp
US 8.8.8.8:53 jobs.partneragencies.net udp
US 8.8.8.8:53 hb.redlink.com.ar udp
US 8.8.8.8:53 hb.redlink.com.ar udp
US 8.8.8.8:53 jobs.partneragencies.net udp
US 104.21.24.113:80 xim4.com tcp
US 8.8.8.8:53 118.55.227.3.in-addr.arpa udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 lpse.sultengprov.go.id udp
US 8.8.8.8:53 lpse.sultengprov.go.id udp
US 8.8.8.8:53 diverhotel.tk udp
US 8.8.8.8:53 diverhotel.tk udp
US 8.8.8.8:53 247.136.27.194.in-addr.arpa udp
US 8.8.8.8:53 support.edubrite.com udp
US 8.8.8.8:53 support.edubrite.com udp
US 8.8.8.8:53 account.envato.com udp
US 8.8.8.8:53 account.envato.com udp
US 104.21.24.113:80 xim4.com tcp
US 8.8.8.8:53 ajg.tjsc.jus.br udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 84.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 ajg.tjsc.jus.br udp
US 8.8.8.8:53 mail1.falabella.cl.cmrfalabella.com udp
US 8.8.8.8:53 en.aion.gameforge.com udp
US 8.8.8.8:53 en.aion.gameforge.com udp
US 8.8.8.8:53 metin2eth.ro udp
US 8.8.8.8:53 metin2eth.ro udp
US 8.8.8.8:53 transsolucoes.com.br udp
US 3.224.42.34:80 tplinkrepeater.net tcp
CN 110.75.129.2:80 accounts.alipay.com tcp
US 8.8.8.8:53 transsolucoes.com.br udp
US 8.8.8.8:53 platform.mangahigh.com udp
CN 110.76.30.76:80 accounts.alipay.com tcp
US 3.224.42.34:80 tplinkrepeater.net tcp
CN 110.75.129.2:80 accounts.alipay.com tcp
US 8.8.8.8:53 tutormathphysics.com udp
US 8.8.8.8:53 tutormathphysics.com udp
US 8.8.8.8:53 login.caixa.gov.br udp
US 8.8.8.8:53 login.caixa.gov.br udp
US 8.8.8.8:53 tinhte.vn udp
US 8.8.8.8:53 tinhte.vn udp
US 8.8.8.8:53 gra105.truehost.cloud udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 gra105.truehost.cloud udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 clientes.vidasecurity.cl udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 almaany.com udp
US 8.8.8.8:53 clientes.vidasecurity.cl udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 almaany.com udp
US 8.8.8.8:53 airworld.site udp
US 8.8.8.8:53 airworld.site udp
US 8.8.8.8:53 kissanime.ac udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 kissanime.ac udp
US 8.8.8.8:53 scener.com udp
US 8.8.8.8:53 scener.com udp
US 8.8.8.8:53 gunbound.ca udp
AR 186.13.17.220:80 sjyey.com tcp
US 8.8.8.8:53 gunbound.ca udp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 eservice.incometax.gov.eg udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 eservice.incometax.gov.eg udp
US 8.8.8.8:53 acsunity.honeywell.com udp
US 8.8.8.8:53 acsunity.honeywell.com udp
US 8.8.8.8:53 dd.samsunglife.co.th udp
US 8.8.8.8:53 krunker.io udp
US 8.8.8.8:53 krunker.io udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 dd.samsunglife.co.th udp
US 8.8.8.8:53 valu.com.eg udp
US 8.8.8.8:53 valu.com.eg udp
US 8.8.8.8:53 join.secondlife.com udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 join.secondlife.com udp
US 8.8.8.8:53 accountscenter.facebook.com udp
US 8.8.8.8:53 accountscenter.facebook.com udp
US 8.8.8.8:53 concurso.institutoconsulplan.org.br udp
US 8.8.8.8:53 concurso.institutoconsulplan.org.br udp
US 8.8.8.8:53 id.cisco.com udp
US 8.8.8.8:53 id.cisco.com udp
US 8.8.8.8:53 99offsale.com udp
US 8.8.8.8:53 mx.zoho.com udp
US 8.8.8.8:53 99offsale.com udp
US 8.8.8.8:53 sv.gamebank.vn udp
US 8.8.8.8:53 sv.gamebank.vn udp
US 8.8.8.8:53 myaccount.infotelconnect.com udp
US 8.8.8.8:53 myaccount.infotelconnect.com udp
US 8.8.8.8:53 sso.acesso.gov.br udp
US 8.8.8.8:53 thulasi.psc.kerala.gov.in udp
US 8.8.8.8:53 sso.acesso.gov.br udp
US 8.8.8.8:53 thulasi.psc.kerala.gov.in udp
US 8.8.8.8:53 giris.turkiye.gov.tr udp
US 8.8.8.8:53 giris.turkiye.gov.tr udp
US 8.8.8.8:53 ufabett.online udp
US 8.8.8.8:53 ufabett.online udp
US 8.8.8.8:53 mercado-brasileiro.com udp
TR 194.27.136.247:80 esinav.istanbul.edu.tr tcp
US 8.8.8.8:53 mercado-brasileiro.com udp
US 8.8.8.8:53 serwer.mx udp
US 8.8.8.8:53 agcareersolutions.com udp
US 8.8.8.8:53 serwer.mx udp
US 8.8.8.8:53 agcareersolutions.com udp
CN 110.76.30.76:80 accounts.alipay.com tcp
US 8.8.8.8:53 sipd.kemendagri.go.id udp
US 8.8.8.8:53 sipd.kemendagri.go.id udp
US 8.8.8.8:53 riso.com.tw udp
US 8.8.8.8:53 riso.com.tw udp
US 8.8.8.8:53 crowdsourcera.xyz udp
US 8.8.8.8:53 crowdsourcera.xyz udp
US 8.8.8.8:53 everskies.com udp
US 8.8.8.8:53 everskies.com udp
US 8.8.8.8:53 app.proworkflow.com udp
US 8.8.8.8:53 app.proworkflow.com udp
US 8.8.8.8:53 chess24.com udp
US 8.8.8.8:53 chess24.com udp
US 8.8.8.8:53 diaadiaeducacao.pr.gov.br udp
US 8.8.8.8:53 eu-smtp-inbound-1.mimecast.com udp
US 8.8.8.8:53 diaadiaeducacao.pr.gov.br udp
US 8.8.8.8:53 studijos.liemsis.lt udp
US 8.8.8.8:53 studijos.liemsis.lt udp
US 8.8.8.8:53 mascotapuntos-com.mail.protection.outlook.com udp
US 8.8.8.8:53 enabiz.gov.tr udp
US 8.8.8.8:53 clientes.totalenergies.es udp
US 8.8.8.8:53 djponline.pajak.go.id udp
US 8.8.8.8:53 enabiz.gov.tr udp
US 8.8.8.8:53 djponline.pajak.go.id udp
US 8.8.8.8:53 nfqf-haylage.co.uk udp
US 8.8.8.8:53 cloud1.hosting-europa.eu udp
US 8.8.8.8:53 nfqf-haylage.co.uk udp
US 8.8.8.8:53 vsl.co.at udp
US 8.8.8.8:53 tplinkrepeater.net udp
US 8.8.8.8:53 vsl.co.at udp
US 8.8.8.8:53 magico.one udp
US 8.8.8.8:53 baji999.com udp
US 8.8.8.8:53 magico.one udp
US 8.8.8.8:53 baji999.com udp
US 8.8.8.8:53 challonge.com udp
US 8.8.8.8:53 epicslot88.com udp
US 8.8.8.8:53 challonge.com udp
US 8.8.8.8:53 epicslot88.com udp
US 8.8.8.8:53 api.splitscreenstudios.com udp
US 8.8.8.8:53 api.splitscreenstudios.com udp
US 8.8.8.8:53 sadad.shaparak.ir udp
US 8.8.8.8:53 sadad.shaparak.ir udp
US 8.8.8.8:53 jobs.lidl.com udp
US 8.8.8.8:53 jobs.lidl.com udp
US 8.8.8.8:53 idp.impots.gouv.fr udp
US 8.8.8.8:53 simonrodriguez.com.bo udp
US 8.8.8.8:53 simonrodriguez.com.bo udp
US 8.8.8.8:53 idp.impots.gouv.fr udp
US 8.8.8.8:53 bigo.tv udp
US 8.8.8.8:53 bigo.tv udp
US 8.8.8.8:53 login.paysafecard.com udp
US 8.8.8.8:53 vahan.nic.in udp
US 8.8.8.8:53 zerochan.net udp
US 8.8.8.8:53 zerochan.net udp
US 8.8.8.8:53 vahan.nic.in udp
US 8.8.8.8:53 login.paysafecard.com udp
US 8.8.8.8:53 smkn1binjai.ujiandaring.id udp
US 8.8.8.8:53 smkn1binjai.ujiandaring.id udp
US 8.8.8.8:53 bloqueio.procon.sp.gov.br udp
US 8.8.8.8:53 mail1.falabella.cl.cmrfalabella.com udp
US 8.8.8.8:53 bloqueio.procon.sp.gov.br udp
US 8.8.8.8:53 premium184.web-hosting.com udp
US 8.8.8.8:53 premium184.web-hosting.com udp
US 8.8.8.8:53 roobet.com udp
US 8.8.8.8:53 roobet.com udp
US 8.8.8.8:53 es-es.facebook.com udp
US 8.8.8.8:53 thongtinhoso.hutech.edu.vn udp
US 8.8.8.8:53 es-es.facebook.com udp
US 8.8.8.8:53 thongtinhoso.hutech.edu.vn udp
US 8.8.8.8:53 combatsiege.com udp
US 8.8.8.8:53 combatsiege.com udp
US 8.8.8.8:53 monespaceprive.msa.fr udp
US 8.8.8.8:53 monespaceprive.msa.fr udp
US 8.8.8.8:53 bizbazar.com.np udp
US 8.8.8.8:53 bizbazar.com.np udp
US 8.8.8.8:53 norwellschools.okta.com udp
US 8.8.8.8:53 norwellschools.okta.com udp
US 8.8.8.8:53 ggsipu.wheebox.com udp
US 8.8.8.8:53 ggsipu.wheebox.com udp
US 8.8.8.8:53 daominhha.net udp
US 8.8.8.8:53 daominhha.net udp
US 8.8.8.8:53 klase.eduka.lt udp
US 8.8.8.8:53 klase.eduka.lt udp
US 8.8.8.8:53 sso.acesso.gov.br udp
US 8.8.8.8:53 embudasartesportal.sissonline.com.br udp
US 8.8.8.8:53 embudasartesportal.sissonline.com.br udp
US 8.8.8.8:53 mfo3.pl udp
US 8.8.8.8:53 k12online.vn udp
US 8.8.8.8:53 k12online.vn udp
US 8.8.8.8:53 alfonsougarte.cubicol.pe udp
US 8.8.8.8:53 alfonsougarte.cubicol.pe udp
US 8.8.8.8:53 ltvnsplsk28.hostex.lt udp
US 8.8.8.8:53 ltvnsplsk28.hostex.lt udp
US 8.8.8.8:53 hyundai.naviextras.com udp
US 8.8.8.8:53 hyundai.naviextras.com udp
US 8.8.8.8:53 pulsoregional5.milaulas.com udp
US 8.8.8.8:53 pulsoregional5.milaulas.com udp
US 8.8.8.8:53 vosmms.com udp
US 8.8.8.8:53 113.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 vosmms.com udp
US 8.8.8.8:53 auth.discogs.com udp
US 8.8.8.8:53 performancemanager8.successfactors.com udp
US 8.8.8.8:53 auth.discogs.com udp
US 8.8.8.8:53 performancemanager8.successfactors.com udp
US 8.8.8.8:53 cmrfalabella.com udp
US 8.8.8.8:53 croquis.cafe udp
US 8.8.8.8:53 croquis.cafe udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 abbonamentiunicocampania.it udp
US 8.8.8.8:53 conta.nubank.com.br udp
US 8.8.8.8:53 abbonamentiunicocampania.it udp
US 8.8.8.8:53 conta.nubank.com.br udp
US 8.8.8.8:53 sitara.tapera.go.id udp
US 8.8.8.8:53 sitara.tapera.go.id udp
US 8.8.8.8:53 th-th.facebook.com udp
US 8.8.8.8:53 net2ftp.cluster028.hosting.ovh.net udp
US 8.8.8.8:53 th-th.facebook.com udp
US 8.8.8.8:53 ovidsp.dc1.ovid.com udp
US 8.8.8.8:53 net2ftp.cluster028.hosting.ovh.net udp
US 8.8.8.8:53 ovidsp.dc1.ovid.com udp
US 8.8.8.8:53 auth.esfera.com.vc udp
US 8.8.8.8:53 diverhotel.tk udp
US 8.8.8.8:53 auth.esfera.com.vc udp
US 8.8.8.8:53 auth.riotgames.com udp
US 8.8.8.8:53 auth.riotgames.com udp
US 8.8.8.8:53 lp.bigfarm.goodgamestudios.com udp
US 8.8.8.8:53 lp.bigfarm.goodgamestudios.com udp
US 8.8.8.8:53 metin2eth.ro udp
US 8.8.8.8:53 accounts.alipay.com udp
US 8.8.8.8:53 mx.core.locaweb.com.br udp
US 8.8.8.8:53 login.caixa.gov.br udp
US 8.8.8.8:53 webbanking.bancopan.com.br udp
US 8.8.8.8:53 mail.tutormathphysics.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 airworld.site udp
US 8.8.8.8:53 park-mx.above.com udp
US 8.8.8.8:53 aspmx3.googlemail.com udp
US 8.8.8.8:53 us-smtp-inbound-1.mimecast.com udp
US 8.8.8.8:53 honeywell-com.mail.protection.outlook.com udp
US 8.8.8.8:53 acsunity.honeywell.com udp
US 8.8.8.8:53 mx1.privateemail.com udp
US 8.8.8.8:53 mx9.valu.com.eg udp
US 8.8.8.8:53 valu.com.eg udp
US 8.8.8.8:53 join.secondlife.com udp
US 104.18.193.54:80 account.envato.com tcp
US 104.22.34.185:80 platform.mangahigh.com tcp
VN 171.244.37.50:80 tinhte.vn tcp
US 104.25.113.15:80 almaany.com tcp
US 172.67.173.178:80 gunbound.ca tcp
BR 200.9.164.12:80 ajg.tjsc.jus.br tcp
FR 51.75.130.83:80 gra105.truehost.cloud tcp
CA 174.142.187.169:80 support.edubrite.com tcp
TH 43.249.35.149:80 mail.tutormathphysics.com tcp
BR 186.202.150.241:80 transsolucoes.com.br tcp
US 103.224.182.253:80 kissanime.ac tcp
CL 179.0.2.124:80 clientes.vidasecurity.cl tcp
US 76.76.21.21:80 scener.com tcp
DE 79.110.87.192:80 en.aion.gameforge.com tcp
US 104.18.8.28:80 krunker.io tcp
EG 102.212.67.40:80 valu.com.eg tcp
US 8.8.8.8:53 join.secondlife.com udp
US 8.8.8.8:53 id.cisco.com udp
US 8.8.8.8:53 99offsale.com udp
US 8.8.8.8:53 mx.zoho.com udp
US 8.8.8.8:53 sso.acesso.gov.br udp
US 8.8.8.8:53 pop.thulasi.psc.kerala.gov.in udp
US 8.8.8.8:53 ufabett.online udp
US 8.8.8.8:53 agcareersolutions.com udp
US 8.8.8.8:53 riso.com.tw udp
US 8.8.8.8:53 smartr.me udp
US 8.8.8.8:53 mail.chess24.com udp
US 8.8.8.8:53 diaadiaeducacao.pr.gov.br udp
US 8.8.8.8:53 mascotapuntos-com.mail.protection.outlook.com udp
US 8.8.8.8:53 mail.nfqf-haylage.co.uk udp
US 8.8.8.8:53 mail-proxy.massresponse.com udp
US 172.67.173.178:80 gunbound.ca tcp
EG 102.212.67.40:80 valu.com.eg tcp
GB 92.123.241.50:80 store.steampowered.com tcp
GB 23.214.154.77:80 steamcommunity.com tcp
TH 58.137.124.236:80 dd.samsunglife.co.th tcp
US 8.8.8.8:53 sjyey.com udp
KR 211.181.24.132:80 sjyey.com tcp
SE 45.155.250.90:53 bwvdnbh.com udp
IN 13.233.54.93:80 baji999.com tcp
US 8.8.8.8:53 web.roblox.com udp
IN 103.251.43.179:80 pop.thulasi.psc.kerala.gov.in tcp
US 104.18.8.28:80 krunker.io tcp
EG 196.46.22.227:80 eservice.incometax.gov.eg tcp
AT 62.240.131.80:80 vsl.co.at tcp
ZA 156.38.230.159:80 mail.nfqf-haylage.co.uk tcp
US 104.21.24.113:80 xim4.com tcp
IN 13.233.54.93:80 baji999.com tcp
ID 103.28.106.147:80 djponline.pajak.go.id tcp
PT 85.88.141.236:80 clientes.totalenergies.es tcp
TR 212.175.172.9:80 enabiz.gov.tr tcp
LT 193.219.156.215:80 studijos.liemsis.lt tcp
US 8.8.8.8:53 mx.bigo.tv udp
US 8.8.8.8:53 login3.id.hp.com udp
US 8.8.8.8:53 54.193.18.104.in-addr.arpa udp
US 8.8.8.8:53 185.34.22.104.in-addr.arpa udp
US 8.8.8.8:53 15.113.25.104.in-addr.arpa udp
US 8.8.8.8:53 178.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 12.164.9.200.in-addr.arpa udp
US 8.8.8.8:53 169.187.142.174.in-addr.arpa udp
US 8.8.8.8:53 21.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 192.87.110.79.in-addr.arpa udp
US 8.8.8.8:53 149.35.249.43.in-addr.arpa udp
US 8.8.8.8:53 253.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 28.8.18.104.in-addr.arpa udp
US 8.8.8.8:53 124.2.0.179.in-addr.arpa udp
US 8.8.8.8:53 241.150.202.186.in-addr.arpa udp
US 8.8.8.8:53 sso.acesso.gov.br udp
US 8.8.8.8:53 77.154.214.23.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.5.a.f.b.9.d.2.ip6.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 93.54.233.13.in-addr.arpa udp
US 8.8.8.8:53 80.131.240.62.in-addr.arpa udp
US 8.8.8.8:53 227.22.46.196.in-addr.arpa udp
US 8.8.8.8:53 236.141.88.85.in-addr.arpa udp
US 8.8.8.8:53 9.172.175.212.in-addr.arpa udp
US 8.8.8.8:53 147.106.28.103.in-addr.arpa udp
KR 211.181.24.132:80 sjyey.com tcp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
KR 211.181.24.132:80 sjyey.com tcp
IT 185.196.8.22:80 bwvdnbh.com tcp
NL 45.155.249.96:2023 tcp
US 8.8.8.8:53 62ae8793-07e8-42fb-8fa2-402cbb5c0e77.uuid.statsexplorer.org udp
US 8.8.8.8:53 22.8.196.185.in-addr.arpa udp
US 8.8.8.8:53 96.249.155.45.in-addr.arpa udp
KR 211.181.24.132:80 sjyey.com tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
KR 211.181.24.132:80 sjyey.com tcp
KR 211.181.24.132:80 sjyey.com tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:51427 tcp
N/A 127.0.0.1:51435 tcp
N/A 127.0.0.1:51438 tcp
N/A 127.0.0.1:51447 tcp
N/A 127.0.0.1:51450 tcp
N/A 127.0.0.1:51452 tcp
N/A 127.0.0.1:51460 tcp
N/A 127.0.0.1:51465 tcp
N/A 127.0.0.1:51473 tcp
N/A 127.0.0.1:51476 tcp
N/A 127.0.0.1:51479 tcp
N/A 127.0.0.1:51482 tcp
N/A 127.0.0.1:51485 tcp
N/A 127.0.0.1:51487 tcp
N/A 127.0.0.1:51495 tcp
N/A 127.0.0.1:51500 tcp
N/A 127.0.0.1:51506 tcp
N/A 127.0.0.1:51509 tcp
N/A 127.0.0.1:51512 tcp
N/A 127.0.0.1:51519 tcp
N/A 127.0.0.1:51522 tcp
N/A 127.0.0.1:51525 tcp
N/A 127.0.0.1:51528 tcp
N/A 127.0.0.1:51532 tcp
N/A 127.0.0.1:51535 tcp
N/A 127.0.0.1:51540 tcp
N/A 127.0.0.1:51544 tcp
N/A 127.0.0.1:51548 tcp
N/A 127.0.0.1:51551 tcp
N/A 127.0.0.1:51555 tcp
N/A 127.0.0.1:51560 tcp
N/A 127.0.0.1:51564 tcp
N/A 127.0.0.1:51568 tcp
N/A 127.0.0.1:51575 tcp
N/A 127.0.0.1:51583 tcp
N/A 127.0.0.1:51586 tcp
N/A 127.0.0.1:51589 tcp
N/A 127.0.0.1:51596 tcp
N/A 127.0.0.1:51602 tcp
N/A 127.0.0.1:51605 tcp
N/A 127.0.0.1:51608 tcp
N/A 127.0.0.1:51618 tcp
N/A 127.0.0.1:51622 tcp
N/A 127.0.0.1:51625 tcp
N/A 127.0.0.1:51630 tcp
N/A 127.0.0.1:51635 tcp
N/A 127.0.0.1:51638 tcp
N/A 127.0.0.1:51641 tcp
N/A 127.0.0.1:51652 tcp
N/A 127.0.0.1:51655 tcp
N/A 127.0.0.1:51659 tcp
N/A 127.0.0.1:51665 tcp
N/A 127.0.0.1:51670 tcp
N/A 127.0.0.1:51674 tcp
N/A 127.0.0.1:51677 tcp
N/A 127.0.0.1:51683 tcp
N/A 127.0.0.1:51686 tcp
N/A 127.0.0.1:51691 tcp
N/A 127.0.0.1:51696 tcp
N/A 127.0.0.1:51698 tcp
N/A 127.0.0.1:51702 tcp
N/A 127.0.0.1:51708 tcp
N/A 127.0.0.1:51713 tcp
N/A 127.0.0.1:51717 tcp
N/A 127.0.0.1:51719 tcp
N/A 127.0.0.1:51723 tcp
N/A 127.0.0.1:51733 tcp
N/A 127.0.0.1:51738 tcp
N/A 127.0.0.1:51741 tcp
N/A 127.0.0.1:51752 tcp
N/A 127.0.0.1:51755 tcp
N/A 127.0.0.1:51761 tcp
N/A 127.0.0.1:51763 tcp
N/A 127.0.0.1:51767 tcp
N/A 127.0.0.1:51769 tcp
N/A 127.0.0.1:51774 tcp
N/A 127.0.0.1:51780 tcp
N/A 127.0.0.1:51784 tcp
N/A 127.0.0.1:51793 tcp
N/A 127.0.0.1:51803 tcp
N/A 127.0.0.1:51810 tcp
N/A 127.0.0.1:51814 tcp
N/A 127.0.0.1:51817 tcp
N/A 127.0.0.1:51820 tcp
N/A 127.0.0.1:51830 tcp
N/A 127.0.0.1:51833 tcp
N/A 127.0.0.1:51836 tcp
N/A 127.0.0.1:51840 tcp
N/A 127.0.0.1:51843 tcp
N/A 127.0.0.1:51847 tcp
N/A 127.0.0.1:51855 tcp
N/A 127.0.0.1:51859 tcp
N/A 127.0.0.1:51863 tcp
N/A 127.0.0.1:51866 tcp
N/A 127.0.0.1:51869 tcp
N/A 127.0.0.1:51875 tcp
N/A 127.0.0.1:51883 tcp
N/A 127.0.0.1:51887 tcp
N/A 127.0.0.1:51895 tcp
N/A 127.0.0.1:51897 tcp
N/A 127.0.0.1:51901 tcp
N/A 127.0.0.1:51905 tcp
N/A 127.0.0.1:51907 tcp
N/A 127.0.0.1:51911 tcp
N/A 127.0.0.1:51914 tcp
N/A 127.0.0.1:51916 tcp
N/A 127.0.0.1:51921 tcp
N/A 127.0.0.1:51930 tcp
N/A 127.0.0.1:51933 tcp
N/A 127.0.0.1:51937 tcp
N/A 127.0.0.1:51943 tcp
N/A 127.0.0.1:51945 tcp
N/A 127.0.0.1:51951 tcp
N/A 127.0.0.1:51953 tcp
N/A 127.0.0.1:51957 tcp
N/A 127.0.0.1:51960 tcp
N/A 127.0.0.1:51974 tcp
N/A 127.0.0.1:51978 tcp
N/A 127.0.0.1:51987 tcp
N/A 127.0.0.1:51990 tcp
N/A 127.0.0.1:51993 tcp
N/A 127.0.0.1:51995 tcp
N/A 127.0.0.1:51998 tcp
N/A 127.0.0.1:52012 tcp
N/A 127.0.0.1:52014 tcp
N/A 127.0.0.1:52017 tcp
N/A 127.0.0.1:52019 tcp
N/A 127.0.0.1:52022 tcp
N/A 127.0.0.1:52034 tcp
N/A 127.0.0.1:52037 tcp
N/A 127.0.0.1:52040 tcp
N/A 127.0.0.1:52044 tcp
N/A 127.0.0.1:52048 tcp
N/A 127.0.0.1:52055 tcp
N/A 127.0.0.1:52058 tcp
N/A 127.0.0.1:52062 tcp
N/A 127.0.0.1:52065 tcp
N/A 127.0.0.1:52068 tcp
N/A 127.0.0.1:52070 tcp
N/A 127.0.0.1:52077 tcp
N/A 127.0.0.1:52084 tcp
N/A 127.0.0.1:52090 tcp
N/A 127.0.0.1:52101 tcp
N/A 127.0.0.1:52103 tcp
N/A 127.0.0.1:52107 tcp
N/A 127.0.0.1:52109 tcp
N/A 127.0.0.1:52116 tcp
N/A 127.0.0.1:52118 tcp
N/A 127.0.0.1:52122 tcp
N/A 127.0.0.1:52127 tcp
N/A 127.0.0.1:52131 tcp
N/A 127.0.0.1:52135 tcp
N/A 127.0.0.1:52139 tcp
N/A 127.0.0.1:52142 tcp
N/A 127.0.0.1:52146 tcp
N/A 127.0.0.1:52151 tcp
N/A 127.0.0.1:52154 tcp
N/A 127.0.0.1:52166 tcp
N/A 127.0.0.1:52169 tcp
N/A 127.0.0.1:52172 tcp
N/A 127.0.0.1:52175 tcp
N/A 127.0.0.1:52177 tcp
N/A 127.0.0.1:52184 tcp
N/A 127.0.0.1:52191 tcp
N/A 127.0.0.1:52194 tcp
N/A 127.0.0.1:52197 tcp
N/A 127.0.0.1:52207 tcp
N/A 127.0.0.1:52210 tcp
N/A 127.0.0.1:52213 tcp
N/A 127.0.0.1:52225 tcp
N/A 127.0.0.1:52228 tcp
N/A 127.0.0.1:52231 tcp
N/A 127.0.0.1:52234 tcp
N/A 127.0.0.1:52239 tcp
N/A 127.0.0.1:52242 tcp
N/A 127.0.0.1:52247 tcp
N/A 127.0.0.1:52251 tcp
N/A 127.0.0.1:52254 tcp
N/A 127.0.0.1:52263 tcp
N/A 127.0.0.1:52266 tcp
N/A 127.0.0.1:52271 tcp
N/A 127.0.0.1:52273 tcp
N/A 127.0.0.1:52276 tcp
N/A 127.0.0.1:52279 tcp
N/A 127.0.0.1:52286 tcp
N/A 127.0.0.1:52295 tcp
N/A 127.0.0.1:52298 tcp
N/A 127.0.0.1:52301 tcp
N/A 127.0.0.1:52305 tcp
N/A 127.0.0.1:52310 tcp
N/A 127.0.0.1:52313 tcp
N/A 127.0.0.1:52317 tcp
N/A 127.0.0.1:52320 tcp
N/A 127.0.0.1:52323 tcp
N/A 127.0.0.1:52325 tcp
N/A 127.0.0.1:52330 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:52343 tcp
N/A 127.0.0.1:52346 tcp
N/A 127.0.0.1:52351 tcp
N/A 127.0.0.1:52354 tcp
N/A 127.0.0.1:52361 tcp
N/A 127.0.0.1:52366 tcp
N/A 127.0.0.1:52370 tcp
N/A 127.0.0.1:52374 tcp
N/A 127.0.0.1:52378 tcp
N/A 127.0.0.1:52381 tcp
N/A 127.0.0.1:52387 tcp
N/A 127.0.0.1:52391 tcp
N/A 127.0.0.1:52393 tcp
N/A 127.0.0.1:52395 tcp
N/A 127.0.0.1:52404 tcp
N/A 127.0.0.1:52410 tcp
N/A 127.0.0.1:52413 tcp
N/A 127.0.0.1:52421 tcp
N/A 127.0.0.1:52426 tcp
N/A 127.0.0.1:52429 tcp
N/A 127.0.0.1:52434 tcp
N/A 127.0.0.1:52438 tcp
N/A 127.0.0.1:52441 tcp
N/A 127.0.0.1:52444 tcp
N/A 127.0.0.1:52449 tcp
N/A 127.0.0.1:52451 tcp
N/A 127.0.0.1:52459 tcp
N/A 127.0.0.1:52466 tcp
N/A 127.0.0.1:52469 tcp
N/A 127.0.0.1:52472 tcp
N/A 127.0.0.1:52476 tcp
N/A 127.0.0.1:52482 tcp
N/A 127.0.0.1:52486 tcp
N/A 127.0.0.1:52489 tcp
N/A 127.0.0.1:52494 tcp
N/A 127.0.0.1:52502 tcp
N/A 127.0.0.1:52505 tcp
N/A 127.0.0.1:52507 tcp
N/A 127.0.0.1:52513 tcp
N/A 127.0.0.1:52521 tcp
N/A 127.0.0.1:52526 tcp
N/A 127.0.0.1:52532 tcp
N/A 127.0.0.1:52535 tcp
N/A 127.0.0.1:52539 tcp
N/A 127.0.0.1:52542 tcp
N/A 127.0.0.1:52545 tcp
N/A 127.0.0.1:52547 tcp
N/A 127.0.0.1:52550 tcp
N/A 127.0.0.1:52552 tcp
N/A 127.0.0.1:52560 tcp
N/A 127.0.0.1:52562 tcp
N/A 127.0.0.1:52566 tcp
N/A 127.0.0.1:52572 tcp
N/A 127.0.0.1:52575 tcp
N/A 127.0.0.1:52578 tcp
N/A 127.0.0.1:52591 tcp
N/A 127.0.0.1:52593 tcp
N/A 127.0.0.1:52597 tcp
N/A 127.0.0.1:52602 tcp
N/A 127.0.0.1:52608 tcp
N/A 127.0.0.1:52611 tcp
N/A 127.0.0.1:52615 tcp
N/A 127.0.0.1:52620 tcp
N/A 127.0.0.1:52623 tcp
N/A 127.0.0.1:52628 tcp
N/A 127.0.0.1:52632 tcp
N/A 127.0.0.1:52636 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:52644 tcp
N/A 127.0.0.1:52647 tcp
N/A 127.0.0.1:52649 tcp
N/A 127.0.0.1:52653 tcp
N/A 127.0.0.1:52658 tcp
N/A 127.0.0.1:52666 tcp
N/A 127.0.0.1:52671 tcp
N/A 127.0.0.1:52676 tcp
N/A 127.0.0.1:52679 tcp
N/A 127.0.0.1:52683 tcp
N/A 127.0.0.1:52690 tcp
N/A 127.0.0.1:52693 tcp
N/A 127.0.0.1:52697 tcp
N/A 127.0.0.1:52700 tcp
N/A 127.0.0.1:52704 tcp
N/A 127.0.0.1:52710 tcp
N/A 127.0.0.1:52714 tcp
N/A 127.0.0.1:52718 tcp
N/A 127.0.0.1:52720 tcp
N/A 127.0.0.1:52723 tcp
N/A 127.0.0.1:52728 tcp
N/A 127.0.0.1:52736 tcp
N/A 127.0.0.1:52738 tcp
N/A 127.0.0.1:52744 tcp
N/A 127.0.0.1:52746 tcp
N/A 127.0.0.1:52752 tcp
N/A 127.0.0.1:52760 tcp
N/A 127.0.0.1:52763 tcp
N/A 127.0.0.1:52766 tcp
N/A 127.0.0.1:52768 tcp
N/A 127.0.0.1:52784 tcp
N/A 127.0.0.1:52786 tcp
N/A 127.0.0.1:52788 tcp
N/A 127.0.0.1:52791 tcp
N/A 127.0.0.1:52800 tcp
N/A 127.0.0.1:52804 tcp
N/A 127.0.0.1:52808 tcp
N/A 127.0.0.1:52813 tcp
N/A 127.0.0.1:52817 tcp
N/A 127.0.0.1:52820 tcp
N/A 127.0.0.1:52822 tcp
N/A 127.0.0.1:52824 tcp
N/A 127.0.0.1:52829 tcp
N/A 127.0.0.1:52840 tcp
N/A 127.0.0.1:52845 tcp
N/A 127.0.0.1:52850 tcp
N/A 127.0.0.1:52853 tcp
N/A 127.0.0.1:52856 tcp
N/A 127.0.0.1:52859 tcp
N/A 127.0.0.1:52861 tcp
N/A 127.0.0.1:52866 tcp
N/A 127.0.0.1:52874 tcp
N/A 127.0.0.1:52877 tcp
N/A 127.0.0.1:52881 tcp
N/A 127.0.0.1:52883 tcp
N/A 127.0.0.1:52887 tcp
N/A 127.0.0.1:52897 tcp
N/A 127.0.0.1:52902 tcp
N/A 127.0.0.1:52904 tcp
N/A 127.0.0.1:52907 tcp
N/A 127.0.0.1:52913 tcp
N/A 127.0.0.1:52920 tcp
N/A 127.0.0.1:52924 tcp
N/A 127.0.0.1:52929 tcp
N/A 127.0.0.1:52931 tcp
N/A 127.0.0.1:52934 tcp
N/A 127.0.0.1:52938 tcp
N/A 127.0.0.1:52946 tcp
N/A 127.0.0.1:52948 tcp
N/A 127.0.0.1:52957 tcp
N/A 127.0.0.1:52962 tcp
N/A 127.0.0.1:52965 tcp
N/A 127.0.0.1:52970 tcp
N/A 127.0.0.1:52974 tcp
N/A 127.0.0.1:52979 tcp
N/A 127.0.0.1:52981 tcp
N/A 127.0.0.1:52984 tcp
N/A 127.0.0.1:52986 tcp
N/A 127.0.0.1:52993 tcp
N/A 127.0.0.1:52996 tcp
N/A 127.0.0.1:52999 tcp
N/A 127.0.0.1:53001 tcp
N/A 127.0.0.1:53006 tcp
N/A 127.0.0.1:53010 tcp
N/A 127.0.0.1:53017 tcp
N/A 127.0.0.1:53020 tcp
N/A 127.0.0.1:53026 tcp
N/A 127.0.0.1:53031 tcp
N/A 127.0.0.1:53034 tcp
N/A 127.0.0.1:53040 tcp
N/A 127.0.0.1:53043 tcp
N/A 127.0.0.1:53047 tcp
N/A 127.0.0.1:53057 tcp
N/A 127.0.0.1:53059 tcp
N/A 127.0.0.1:53063 tcp
N/A 127.0.0.1:53065 tcp
N/A 127.0.0.1:53069 tcp
N/A 127.0.0.1:53077 tcp
N/A 127.0.0.1:53079 tcp
N/A 127.0.0.1:53084 tcp
N/A 127.0.0.1:53087 tcp
N/A 127.0.0.1:53092 tcp
N/A 127.0.0.1:53098 tcp
N/A 127.0.0.1:53100 tcp
N/A 127.0.0.1:53106 tcp
N/A 127.0.0.1:53109 tcp
N/A 127.0.0.1:53112 tcp
N/A 127.0.0.1:53117 tcp
N/A 127.0.0.1:53120 tcp
N/A 127.0.0.1:53125 tcp
N/A 127.0.0.1:53128 tcp
N/A 127.0.0.1:53132 tcp
N/A 127.0.0.1:53135 tcp
N/A 127.0.0.1:53138 tcp
N/A 127.0.0.1:53148 tcp
N/A 127.0.0.1:53154 tcp
N/A 127.0.0.1:53155 tcp
N/A 127.0.0.1:53161 tcp
N/A 127.0.0.1:53169 tcp
N/A 127.0.0.1:53171 tcp
N/A 127.0.0.1:53173 tcp
N/A 127.0.0.1:53175 tcp
N/A 127.0.0.1:53187 tcp
N/A 127.0.0.1:53190 tcp
N/A 127.0.0.1:53193 tcp
N/A 127.0.0.1:53196 tcp
N/A 127.0.0.1:53202 tcp
N/A 127.0.0.1:53207 tcp
N/A 127.0.0.1:53210 tcp
N/A 127.0.0.1:53213 tcp
N/A 127.0.0.1:53216 tcp
N/A 127.0.0.1:53222 tcp
N/A 127.0.0.1:53227 tcp
N/A 127.0.0.1:53231 tcp
N/A 127.0.0.1:53233 tcp
N/A 127.0.0.1:53242 tcp
N/A 127.0.0.1:53247 tcp
N/A 127.0.0.1:53250 tcp
N/A 127.0.0.1:53253 tcp
N/A 127.0.0.1:53257 tcp
N/A 127.0.0.1:53262 tcp
N/A 127.0.0.1:53266 tcp
N/A 127.0.0.1:53271 tcp
N/A 127.0.0.1:53277 tcp
N/A 127.0.0.1:53280 tcp
N/A 127.0.0.1:53284 tcp
N/A 127.0.0.1:53287 tcp
N/A 127.0.0.1:53289 tcp
N/A 127.0.0.1:53293 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:53301 tcp
N/A 127.0.0.1:53308 tcp
N/A 127.0.0.1:53312 tcp
N/A 127.0.0.1:53314 tcp
N/A 127.0.0.1:53318 tcp
N/A 127.0.0.1:53325 tcp
N/A 127.0.0.1:53331 tcp
N/A 127.0.0.1:53336 tcp
N/A 127.0.0.1:53340 tcp
N/A 127.0.0.1:53342 tcp
N/A 127.0.0.1:53346 tcp
N/A 127.0.0.1:53349 tcp
N/A 127.0.0.1:53354 tcp
N/A 127.0.0.1:53362 tcp
N/A 127.0.0.1:53365 tcp
N/A 127.0.0.1:53373 tcp
N/A 127.0.0.1:53378 tcp
N/A 127.0.0.1:53380 tcp
N/A 127.0.0.1:53382 tcp
N/A 127.0.0.1:53386 tcp
N/A 127.0.0.1:53390 tcp
N/A 127.0.0.1:53397 tcp
N/A 127.0.0.1:53401 tcp
N/A 127.0.0.1:53406 tcp
N/A 127.0.0.1:53409 tcp
N/A 127.0.0.1:53413 tcp
N/A 127.0.0.1:53417 tcp
N/A 127.0.0.1:53423 tcp
N/A 127.0.0.1:53428 tcp
N/A 127.0.0.1:53431 tcp
N/A 127.0.0.1:53438 tcp
N/A 127.0.0.1:53442 tcp
N/A 127.0.0.1:53444 tcp
N/A 127.0.0.1:53449 tcp
N/A 127.0.0.1:53452 tcp
N/A 127.0.0.1:53455 tcp
N/A 127.0.0.1:53466 tcp
N/A 127.0.0.1:53470 tcp
N/A 127.0.0.1:53474 tcp
N/A 127.0.0.1:53479 tcp
N/A 127.0.0.1:53481 tcp
N/A 127.0.0.1:53484 tcp
N/A 127.0.0.1:53488 tcp
N/A 127.0.0.1:53491 tcp
N/A 127.0.0.1:53497 tcp
N/A 127.0.0.1:53502 tcp
N/A 127.0.0.1:53508 tcp
N/A 127.0.0.1:53510 tcp
N/A 127.0.0.1:53513 tcp
N/A 127.0.0.1:53518 tcp
N/A 127.0.0.1:53520 tcp
N/A 127.0.0.1:53524 tcp
N/A 127.0.0.1:53528 tcp
N/A 127.0.0.1:53531 tcp
N/A 127.0.0.1:53534 tcp
N/A 127.0.0.1:53542 tcp
N/A 127.0.0.1:53548 tcp
N/A 127.0.0.1:53554 tcp
N/A 127.0.0.1:53557 tcp
N/A 127.0.0.1:53560 tcp
N/A 127.0.0.1:53565 tcp
N/A 127.0.0.1:53568 tcp
N/A 127.0.0.1:53572 tcp
N/A 127.0.0.1:53581 tcp
N/A 127.0.0.1:53585 tcp
N/A 127.0.0.1:53589 tcp
N/A 127.0.0.1:53597 tcp
N/A 127.0.0.1:53601 tcp
N/A 127.0.0.1:53604 tcp
N/A 127.0.0.1:53607 tcp
N/A 127.0.0.1:53615 tcp
N/A 127.0.0.1:53621 tcp
N/A 127.0.0.1:53624 tcp
N/A 127.0.0.1:53626 tcp
N/A 127.0.0.1:53634 tcp
N/A 127.0.0.1:53639 tcp
N/A 127.0.0.1:53641 tcp
N/A 127.0.0.1:53644 tcp
N/A 127.0.0.1:53651 tcp
N/A 127.0.0.1:53659 tcp
N/A 127.0.0.1:53662 tcp
N/A 127.0.0.1:53666 tcp
N/A 127.0.0.1:53673 tcp
N/A 127.0.0.1:53676 tcp
N/A 127.0.0.1:53680 tcp
N/A 127.0.0.1:53682 tcp
N/A 127.0.0.1:53685 tcp
N/A 127.0.0.1:53689 tcp
N/A 127.0.0.1:53693 tcp
N/A 127.0.0.1:53698 tcp
N/A 127.0.0.1:53703 tcp
N/A 127.0.0.1:53713 tcp
N/A 127.0.0.1:53716 tcp
N/A 127.0.0.1:53719 tcp
N/A 127.0.0.1:53725 tcp
N/A 127.0.0.1:53730 tcp
N/A 127.0.0.1:53732 tcp
N/A 127.0.0.1:53734 tcp
N/A 127.0.0.1:53740 tcp
N/A 127.0.0.1:53744 tcp
N/A 127.0.0.1:53750 tcp
N/A 127.0.0.1:53753 tcp
N/A 127.0.0.1:53759 tcp
N/A 127.0.0.1:53762 tcp
N/A 127.0.0.1:53769 tcp
N/A 127.0.0.1:53776 tcp
N/A 127.0.0.1:53780 tcp
N/A 127.0.0.1:53787 tcp
N/A 127.0.0.1:53791 tcp
N/A 127.0.0.1:53794 tcp
N/A 127.0.0.1:53798 tcp
N/A 127.0.0.1:53803 tcp
N/A 127.0.0.1:53809 tcp
N/A 127.0.0.1:53812 tcp
N/A 127.0.0.1:53817 tcp
N/A 127.0.0.1:53822 tcp
N/A 127.0.0.1:53827 tcp
N/A 127.0.0.1:53830 tcp
N/A 127.0.0.1:53832 tcp
N/A 127.0.0.1:53840 tcp
N/A 127.0.0.1:53846 tcp
N/A 127.0.0.1:53849 tcp
N/A 127.0.0.1:53852 tcp
N/A 127.0.0.1:53857 tcp
N/A 127.0.0.1:53864 tcp
N/A 127.0.0.1:53868 tcp
N/A 127.0.0.1:53874 tcp
N/A 127.0.0.1:53881 tcp
N/A 127.0.0.1:53883 tcp
N/A 127.0.0.1:53885 tcp
N/A 127.0.0.1:53889 tcp
N/A 127.0.0.1:53895 tcp
N/A 127.0.0.1:53901 tcp
N/A 127.0.0.1:53907 tcp
N/A 127.0.0.1:53912 tcp
N/A 127.0.0.1:53915 tcp
N/A 127.0.0.1:53918 tcp
N/A 127.0.0.1:53921 tcp
N/A 127.0.0.1:53927 tcp
N/A 127.0.0.1:53931 tcp
N/A 127.0.0.1:53935 tcp
N/A 127.0.0.1:53939 tcp
N/A 127.0.0.1:53944 tcp
N/A 127.0.0.1:53950 tcp
N/A 127.0.0.1:53954 tcp
N/A 127.0.0.1:53957 tcp
N/A 127.0.0.1:53966 tcp
N/A 127.0.0.1:53970 tcp
N/A 127.0.0.1:53974 tcp
N/A 127.0.0.1:53978 tcp
N/A 127.0.0.1:53984 tcp
N/A 127.0.0.1:53989 tcp
N/A 127.0.0.1:53991 tcp
N/A 127.0.0.1:53993 tcp
N/A 127.0.0.1:53995 tcp
N/A 127.0.0.1:54003 tcp
N/A 127.0.0.1:54005 tcp
N/A 127.0.0.1:54011 tcp
N/A 127.0.0.1:54014 tcp
N/A 127.0.0.1:54023 tcp
N/A 127.0.0.1:54027 tcp
N/A 127.0.0.1:54032 tcp
N/A 127.0.0.1:54037 tcp
N/A 127.0.0.1:54039 tcp
N/A 127.0.0.1:54043 tcp
N/A 127.0.0.1:54051 tcp
N/A 127.0.0.1:54056 tcp
N/A 127.0.0.1:54059 tcp
N/A 127.0.0.1:54066 tcp
N/A 127.0.0.1:54069 tcp
N/A 127.0.0.1:54072 tcp
N/A 127.0.0.1:54076 tcp
N/A 127.0.0.1:54078 tcp
N/A 127.0.0.1:54081 tcp
N/A 127.0.0.1:54083 tcp
N/A 127.0.0.1:54088 tcp
N/A 127.0.0.1:54092 tcp
N/A 127.0.0.1:54099 tcp
N/A 127.0.0.1:54104 tcp
N/A 127.0.0.1:54108 tcp
N/A 127.0.0.1:54112 tcp
N/A 127.0.0.1:54114 tcp
N/A 127.0.0.1:54122 tcp
N/A 127.0.0.1:54125 tcp
N/A 127.0.0.1:54129 tcp
N/A 127.0.0.1:54133 tcp
N/A 127.0.0.1:54141 tcp
N/A 127.0.0.1:54145 tcp
N/A 127.0.0.1:54150 tcp
N/A 127.0.0.1:54155 tcp
N/A 127.0.0.1:54158 tcp
N/A 127.0.0.1:54161 tcp
N/A 127.0.0.1:54165 tcp
N/A 127.0.0.1:54170 tcp
N/A 127.0.0.1:54178 tcp
N/A 127.0.0.1:54180 tcp
N/A 127.0.0.1:54182 tcp
N/A 127.0.0.1:54189 tcp
N/A 127.0.0.1:54195 tcp
N/A 127.0.0.1:54198 tcp
N/A 127.0.0.1:54201 tcp
N/A 127.0.0.1:54205 tcp
N/A 127.0.0.1:54208 tcp
N/A 127.0.0.1:54211 tcp
N/A 127.0.0.1:54213 tcp
N/A 127.0.0.1:54218 tcp
N/A 127.0.0.1:54222 tcp
N/A 127.0.0.1:54225 tcp
N/A 127.0.0.1:54229 tcp
N/A 127.0.0.1:54232 tcp
N/A 127.0.0.1:54236 tcp
N/A 127.0.0.1:54240 tcp
N/A 127.0.0.1:54243 tcp
N/A 127.0.0.1:54246 tcp
N/A 127.0.0.1:54256 tcp
N/A 127.0.0.1:54258 tcp
N/A 127.0.0.1:54261 tcp
N/A 127.0.0.1:54266 tcp
N/A 127.0.0.1:54270 tcp
N/A 127.0.0.1:54273 tcp
N/A 127.0.0.1:54275 tcp
N/A 127.0.0.1:54281 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:54287 tcp
N/A 127.0.0.1:54290 tcp
N/A 127.0.0.1:54297 tcp
N/A 127.0.0.1:54299 tcp
N/A 127.0.0.1:54303 tcp
N/A 127.0.0.1:54306 tcp
N/A 127.0.0.1:54311 tcp
N/A 127.0.0.1:54315 tcp
N/A 127.0.0.1:54319 tcp
N/A 127.0.0.1:54322 tcp
N/A 127.0.0.1:54326 tcp
N/A 127.0.0.1:54331 tcp
N/A 127.0.0.1:54339 tcp
N/A 127.0.0.1:54341 tcp
N/A 127.0.0.1:54344 tcp
N/A 127.0.0.1:54351 tcp
N/A 127.0.0.1:54361 tcp
N/A 127.0.0.1:54363 tcp
N/A 127.0.0.1:54366 tcp
N/A 127.0.0.1:54368 tcp
N/A 127.0.0.1:54373 tcp
N/A 127.0.0.1:54381 tcp
N/A 127.0.0.1:54384 tcp
N/A 127.0.0.1:54388 tcp
N/A 127.0.0.1:54391 tcp
N/A 127.0.0.1:54394 tcp
N/A 127.0.0.1:54398 tcp
N/A 127.0.0.1:54403 tcp
N/A 127.0.0.1:54405 tcp
N/A 127.0.0.1:54408 tcp
N/A 127.0.0.1:54417 tcp
N/A 127.0.0.1:54420 tcp
N/A 127.0.0.1:54423 tcp
N/A 127.0.0.1:54435 tcp
N/A 127.0.0.1:54440 tcp
N/A 127.0.0.1:54443 tcp
N/A 127.0.0.1:54450 tcp
N/A 127.0.0.1:54453 tcp
N/A 127.0.0.1:54458 tcp
N/A 127.0.0.1:54463 tcp
US 8.8.8.8:53 server7.statsexplorer.org udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 stun.stunprotocol.org udp
US 162.159.135.233:443 cdn.discordapp.com tcp
BG 185.82.216.108:443 server7.statsexplorer.org tcp
N/A 127.0.0.1:54468 tcp
N/A 127.0.0.1:54472 tcp
N/A 127.0.0.1:54483 tcp
N/A 127.0.0.1:54485 tcp
N/A 127.0.0.1:54488 tcp
N/A 127.0.0.1:54490 tcp
N/A 127.0.0.1:54492 tcp
N/A 127.0.0.1:54496 tcp
N/A 127.0.0.1:54504 tcp
N/A 127.0.0.1:54510 tcp
N/A 127.0.0.1:54513 tcp
N/A 127.0.0.1:54518 tcp
N/A 127.0.0.1:54522 tcp
N/A 127.0.0.1:54530 tcp
N/A 127.0.0.1:54537 tcp
N/A 127.0.0.1:54547 tcp
N/A 127.0.0.1:54550 tcp
N/A 127.0.0.1:54552 tcp
N/A 127.0.0.1:54556 tcp
N/A 127.0.0.1:54559 tcp
N/A 127.0.0.1:54561 tcp
N/A 127.0.0.1:54566 tcp
N/A 127.0.0.1:54570 tcp
N/A 127.0.0.1:54572 tcp
N/A 127.0.0.1:54574 tcp
N/A 127.0.0.1:54576 tcp
N/A 127.0.0.1:54582 tcp
N/A 127.0.0.1:54586 tcp
N/A 127.0.0.1:54596 tcp
N/A 127.0.0.1:54599 tcp
N/A 127.0.0.1:54601 tcp
N/A 127.0.0.1:54605 tcp
N/A 127.0.0.1:54608 tcp
N/A 127.0.0.1:54612 tcp
N/A 127.0.0.1:54614 tcp
N/A 127.0.0.1:54616 tcp
N/A 127.0.0.1:54623 tcp
N/A 127.0.0.1:54625 tcp
N/A 127.0.0.1:54629 tcp
N/A 127.0.0.1:54637 tcp
N/A 127.0.0.1:54640 tcp
N/A 127.0.0.1:54647 tcp
N/A 127.0.0.1:54651 tcp
N/A 127.0.0.1:54657 tcp
N/A 127.0.0.1:54663 tcp
N/A 127.0.0.1:54665 tcp
N/A 127.0.0.1:54667 tcp
N/A 127.0.0.1:54671 tcp
N/A 127.0.0.1:54673 tcp
N/A 127.0.0.1:54678 tcp
N/A 127.0.0.1:54687 tcp
N/A 127.0.0.1:54689 tcp
N/A 127.0.0.1:54697 tcp
N/A 127.0.0.1:54703 tcp
N/A 127.0.0.1:54706 tcp
N/A 127.0.0.1:54710 tcp
N/A 127.0.0.1:54715 tcp
N/A 127.0.0.1:54718 tcp
N/A 127.0.0.1:54725 tcp
N/A 127.0.0.1:54728 tcp
N/A 127.0.0.1:54731 tcp
N/A 127.0.0.1:54734 tcp
N/A 127.0.0.1:54738 tcp
N/A 127.0.0.1:54741 tcp
N/A 127.0.0.1:54744 tcp
N/A 127.0.0.1:54754 tcp
N/A 127.0.0.1:54757 tcp
N/A 127.0.0.1:54760 tcp
N/A 127.0.0.1:54762 tcp
N/A 127.0.0.1:54764 tcp
N/A 127.0.0.1:54773 tcp
N/A 127.0.0.1:54779 tcp
N/A 127.0.0.1:54783 tcp
N/A 127.0.0.1:54787 tcp
N/A 127.0.0.1:54792 tcp
N/A 127.0.0.1:54794 tcp
N/A 127.0.0.1:54798 tcp
N/A 127.0.0.1:54802 tcp
N/A 127.0.0.1:54806 tcp
N/A 127.0.0.1:54812 tcp
N/A 127.0.0.1:54816 tcp
N/A 127.0.0.1:54824 tcp
N/A 127.0.0.1:54826 tcp
N/A 127.0.0.1:54831 tcp
N/A 127.0.0.1:54835 tcp
N/A 127.0.0.1:54837 tcp
N/A 127.0.0.1:54841 tcp
N/A 127.0.0.1:54849 tcp
N/A 127.0.0.1:54853 tcp
N/A 127.0.0.1:54856 tcp
N/A 127.0.0.1:54858 tcp
N/A 127.0.0.1:54865 tcp
N/A 127.0.0.1:54869 tcp
N/A 127.0.0.1:54872 tcp
N/A 127.0.0.1:54876 tcp
N/A 127.0.0.1:54880 tcp
N/A 127.0.0.1:54882 tcp
N/A 127.0.0.1:54893 tcp
N/A 127.0.0.1:54895 tcp
N/A 127.0.0.1:54903 tcp
N/A 127.0.0.1:54906 tcp
N/A 127.0.0.1:54913 tcp
N/A 127.0.0.1:54917 tcp
N/A 127.0.0.1:54919 tcp
N/A 127.0.0.1:54923 tcp
N/A 127.0.0.1:54929 tcp
N/A 127.0.0.1:54932 tcp
N/A 127.0.0.1:54934 tcp
N/A 127.0.0.1:54937 tcp
N/A 127.0.0.1:54947 tcp
N/A 127.0.0.1:54953 tcp
N/A 127.0.0.1:54957 tcp
N/A 127.0.0.1:54961 tcp
N/A 127.0.0.1:54964 tcp
N/A 127.0.0.1:54968 tcp
N/A 127.0.0.1:54972 tcp
N/A 127.0.0.1:54975 tcp
N/A 127.0.0.1:54978 tcp
N/A 127.0.0.1:54985 tcp
N/A 127.0.0.1:54989 tcp
N/A 127.0.0.1:54991 tcp
N/A 127.0.0.1:54996 tcp
N/A 127.0.0.1:55000 tcp
N/A 127.0.0.1:55003 tcp
N/A 127.0.0.1:55006 tcp
N/A 127.0.0.1:55011 tcp
N/A 127.0.0.1:55016 tcp
N/A 127.0.0.1:55019 tcp
N/A 127.0.0.1:55025 tcp
N/A 127.0.0.1:55031 tcp
N/A 127.0.0.1:55033 tcp
N/A 127.0.0.1:55037 tcp
N/A 127.0.0.1:55043 tcp
N/A 127.0.0.1:55047 tcp
N/A 127.0.0.1:55054 tcp
N/A 127.0.0.1:55061 tcp
N/A 127.0.0.1:55064 tcp
N/A 127.0.0.1:55068 tcp
N/A 127.0.0.1:55074 tcp
N/A 127.0.0.1:55077 tcp
N/A 127.0.0.1:55081 tcp
N/A 127.0.0.1:55085 tcp
N/A 127.0.0.1:55089 tcp
N/A 127.0.0.1:55093 tcp
N/A 127.0.0.1:55096 tcp
N/A 127.0.0.1:55100 tcp
N/A 127.0.0.1:55106 tcp
N/A 127.0.0.1:55111 tcp
N/A 127.0.0.1:55117 tcp
N/A 127.0.0.1:55120 tcp
N/A 127.0.0.1:55125 tcp
N/A 127.0.0.1:55128 tcp
N/A 127.0.0.1:55132 tcp
N/A 127.0.0.1:55134 tcp
N/A 127.0.0.1:55136 tcp
N/A 127.0.0.1:55142 tcp
N/A 127.0.0.1:55146 tcp
N/A 127.0.0.1:55153 tcp
N/A 127.0.0.1:55156 tcp
N/A 127.0.0.1:55158 tcp
N/A 127.0.0.1:55163 tcp
N/A 127.0.0.1:55172 tcp
N/A 127.0.0.1:55174 tcp
N/A 127.0.0.1:55177 tcp
N/A 127.0.0.1:55187 tcp
N/A 127.0.0.1:55190 tcp
N/A 127.0.0.1:55193 tcp
N/A 127.0.0.1:55199 tcp
N/A 127.0.0.1:55202 tcp
N/A 127.0.0.1:55206 tcp
N/A 127.0.0.1:55209 tcp
N/A 127.0.0.1:55213 tcp
N/A 127.0.0.1:55219 tcp
N/A 127.0.0.1:55222 tcp
N/A 127.0.0.1:55228 tcp
N/A 127.0.0.1:55234 tcp
N/A 127.0.0.1:55240 tcp
N/A 127.0.0.1:55242 tcp
N/A 127.0.0.1:55245 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:55250 tcp
N/A 127.0.0.1:55259 tcp
N/A 127.0.0.1:55261 tcp
N/A 127.0.0.1:55263 tcp
N/A 127.0.0.1:55265 tcp
N/A 127.0.0.1:55268 tcp
N/A 127.0.0.1:55276 tcp
N/A 127.0.0.1:55280 tcp
N/A 127.0.0.1:55282 tcp
N/A 127.0.0.1:55285 tcp
N/A 127.0.0.1:55288 tcp
N/A 127.0.0.1:55296 tcp
N/A 127.0.0.1:55299 tcp
N/A 127.0.0.1:55306 tcp
N/A 127.0.0.1:55310 tcp
N/A 127.0.0.1:55312 tcp
N/A 127.0.0.1:55314 tcp
N/A 127.0.0.1:55317 tcp
N/A 127.0.0.1:55320 tcp
N/A 127.0.0.1:55331 tcp
N/A 127.0.0.1:55334 tcp
N/A 127.0.0.1:55337 tcp
N/A 127.0.0.1:55339 tcp
N/A 127.0.0.1:55348 tcp
N/A 127.0.0.1:55350 tcp
N/A 127.0.0.1:55355 tcp
N/A 127.0.0.1:55360 tcp
N/A 127.0.0.1:55363 tcp
N/A 127.0.0.1:55366 tcp
N/A 127.0.0.1:55369 tcp
N/A 127.0.0.1:55379 tcp
N/A 127.0.0.1:55381 tcp
N/A 127.0.0.1:55386 tcp
N/A 127.0.0.1:55392 tcp
N/A 127.0.0.1:55396 tcp
N/A 127.0.0.1:55402 tcp
N/A 127.0.0.1:55406 tcp
N/A 127.0.0.1:55410 tcp
N/A 127.0.0.1:55420 tcp
N/A 127.0.0.1:55424 tcp
N/A 127.0.0.1:55426 tcp
N/A 127.0.0.1:55429 tcp
N/A 127.0.0.1:55432 tcp
N/A 127.0.0.1:55434 tcp
N/A 127.0.0.1:55438 tcp
N/A 127.0.0.1:55446 tcp
N/A 127.0.0.1:55450 tcp
N/A 127.0.0.1:55458 tcp
N/A 127.0.0.1:55461 tcp
N/A 127.0.0.1:55465 tcp
N/A 127.0.0.1:55469 tcp
N/A 127.0.0.1:55475 tcp
N/A 127.0.0.1:55477 tcp
N/A 127.0.0.1:55482 tcp
N/A 127.0.0.1:55487 tcp
N/A 127.0.0.1:55490 tcp
N/A 127.0.0.1:55498 tcp
N/A 127.0.0.1:55501 tcp
N/A 127.0.0.1:55504 tcp
N/A 127.0.0.1:55515 tcp
N/A 127.0.0.1:55517 tcp
N/A 127.0.0.1:55522 tcp
N/A 127.0.0.1:55525 tcp
N/A 127.0.0.1:55529 tcp
N/A 127.0.0.1:55536 tcp
N/A 127.0.0.1:55542 tcp
N/A 127.0.0.1:55546 tcp
N/A 127.0.0.1:55549 tcp
N/A 127.0.0.1:55554 tcp
N/A 127.0.0.1:55559 tcp
N/A 127.0.0.1:55563 tcp
N/A 127.0.0.1:55570 tcp
N/A 127.0.0.1:55575 tcp
N/A 127.0.0.1:55579 tcp
N/A 127.0.0.1:55587 tcp
N/A 127.0.0.1:55589 tcp
N/A 127.0.0.1:55595 tcp
N/A 127.0.0.1:55597 tcp
N/A 127.0.0.1:55600 tcp
N/A 127.0.0.1:55609 tcp
N/A 127.0.0.1:55613 tcp
N/A 127.0.0.1:55616 tcp
N/A 127.0.0.1:55619 tcp
N/A 127.0.0.1:55621 tcp
N/A 127.0.0.1:55630 tcp
N/A 127.0.0.1:55633 tcp
N/A 127.0.0.1:55639 tcp
N/A 127.0.0.1:55643 tcp
N/A 127.0.0.1:55644 tcp
N/A 127.0.0.1:55650 tcp
N/A 127.0.0.1:55653 tcp
N/A 127.0.0.1:55658 tcp
N/A 127.0.0.1:55660 tcp
N/A 127.0.0.1:55664 tcp
N/A 127.0.0.1:55666 tcp
N/A 127.0.0.1:55671 tcp
N/A 127.0.0.1:55674 tcp
N/A 127.0.0.1:55679 tcp
N/A 127.0.0.1:55683 tcp
N/A 127.0.0.1:55690 tcp
N/A 127.0.0.1:55694 tcp
N/A 127.0.0.1:55696 tcp
N/A 127.0.0.1:55702 tcp
N/A 127.0.0.1:55707 tcp
N/A 127.0.0.1:55709 tcp
N/A 127.0.0.1:55713 tcp
N/A 127.0.0.1:55720 tcp
N/A 127.0.0.1:55724 tcp
N/A 127.0.0.1:55728 tcp
N/A 127.0.0.1:55730 tcp
N/A 127.0.0.1:55733 tcp
N/A 127.0.0.1:55737 tcp
N/A 127.0.0.1:55740 tcp
N/A 127.0.0.1:55744 tcp
N/A 127.0.0.1:55746 tcp
N/A 127.0.0.1:55752 tcp
N/A 127.0.0.1:55757 tcp
N/A 127.0.0.1:55760 tcp
N/A 127.0.0.1:55763 tcp
N/A 127.0.0.1:55766 tcp
N/A 127.0.0.1:55768 tcp
N/A 127.0.0.1:55770 tcp
N/A 127.0.0.1:55772 tcp
N/A 127.0.0.1:55778 tcp
N/A 127.0.0.1:55788 tcp
N/A 127.0.0.1:55790 tcp
N/A 127.0.0.1:55796 tcp
N/A 127.0.0.1:55799 tcp
N/A 127.0.0.1:55804 tcp
N/A 127.0.0.1:55807 tcp
N/A 127.0.0.1:55810 tcp
N/A 127.0.0.1:55813 tcp
N/A 127.0.0.1:55818 tcp
N/A 127.0.0.1:55824 tcp
N/A 127.0.0.1:55826 tcp
N/A 127.0.0.1:55828 tcp
N/A 127.0.0.1:55836 tcp
N/A 127.0.0.1:55840 tcp
N/A 127.0.0.1:55842 tcp
N/A 127.0.0.1:55844 tcp
N/A 127.0.0.1:55848 tcp
N/A 127.0.0.1:55851 tcp
N/A 127.0.0.1:55856 tcp
N/A 127.0.0.1:55860 tcp
N/A 127.0.0.1:55866 tcp
N/A 127.0.0.1:55869 tcp
N/A 127.0.0.1:55876 tcp
N/A 127.0.0.1:55880 tcp
N/A 127.0.0.1:55882 tcp
N/A 127.0.0.1:55884 tcp
N/A 127.0.0.1:55888 tcp
N/A 127.0.0.1:55890 tcp
N/A 127.0.0.1:55893 tcp
N/A 127.0.0.1:55896 tcp
N/A 127.0.0.1:55901 tcp
N/A 127.0.0.1:55902 tcp
N/A 127.0.0.1:55908 tcp
N/A 127.0.0.1:55915 tcp
N/A 127.0.0.1:55921 tcp
N/A 127.0.0.1:55925 tcp
N/A 127.0.0.1:55928 tcp
N/A 127.0.0.1:55930 tcp
N/A 127.0.0.1:55933 tcp
N/A 127.0.0.1:55935 tcp
N/A 127.0.0.1:55940 tcp
N/A 127.0.0.1:55946 tcp
N/A 127.0.0.1:55951 tcp
N/A 127.0.0.1:55955 tcp
N/A 127.0.0.1:55958 tcp
N/A 127.0.0.1:55961 tcp
N/A 127.0.0.1:55966 tcp
N/A 127.0.0.1:55970 tcp
N/A 127.0.0.1:55973 tcp
N/A 127.0.0.1:55979 tcp
N/A 127.0.0.1:55983 tcp
N/A 127.0.0.1:55986 tcp
N/A 127.0.0.1:55989 tcp
N/A 127.0.0.1:55995 tcp
N/A 127.0.0.1:55998 tcp
N/A 127.0.0.1:56001 tcp
N/A 127.0.0.1:56004 tcp
N/A 127.0.0.1:56011 tcp
N/A 127.0.0.1:56014 tcp
N/A 127.0.0.1:56016 tcp
N/A 127.0.0.1:56018 tcp
N/A 127.0.0.1:56026 tcp
N/A 127.0.0.1:56029 tcp
N/A 127.0.0.1:56036 tcp
N/A 127.0.0.1:56038 tcp
N/A 127.0.0.1:56041 tcp
N/A 127.0.0.1:56043 tcp
N/A 127.0.0.1:56050 tcp
N/A 127.0.0.1:56054 tcp
N/A 127.0.0.1:56057 tcp
N/A 127.0.0.1:56059 tcp
N/A 127.0.0.1:56061 tcp
N/A 127.0.0.1:56063 tcp
N/A 127.0.0.1:56067 tcp
N/A 127.0.0.1:56077 tcp
N/A 127.0.0.1:56079 tcp
N/A 127.0.0.1:56083 tcp
N/A 127.0.0.1:56086 tcp
N/A 127.0.0.1:56090 tcp
N/A 127.0.0.1:56096 tcp
N/A 127.0.0.1:56100 tcp
N/A 127.0.0.1:56102 tcp
N/A 127.0.0.1:56105 tcp
N/A 127.0.0.1:56108 tcp
N/A 127.0.0.1:56117 tcp
N/A 127.0.0.1:56119 tcp
N/A 127.0.0.1:56122 tcp
N/A 127.0.0.1:56124 tcp
N/A 127.0.0.1:56126 tcp
N/A 127.0.0.1:56130 tcp
N/A 127.0.0.1:56134 tcp
N/A 127.0.0.1:56141 tcp
N/A 127.0.0.1:56145 tcp
N/A 127.0.0.1:56147 tcp
N/A 127.0.0.1:56150 tcp
N/A 127.0.0.1:56158 tcp
N/A 127.0.0.1:56162 tcp
N/A 127.0.0.1:56165 tcp
N/A 127.0.0.1:56167 tcp
N/A 127.0.0.1:56171 tcp
N/A 127.0.0.1:56177 tcp
N/A 127.0.0.1:56179 tcp
N/A 127.0.0.1:56182 tcp
N/A 127.0.0.1:56183 tcp
N/A 127.0.0.1:56193 tcp
N/A 127.0.0.1:56196 tcp
N/A 127.0.0.1:56199 tcp
N/A 127.0.0.1:56201 tcp
N/A 127.0.0.1:56208 tcp
N/A 127.0.0.1:56211 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:56216 tcp
N/A 127.0.0.1:56222 tcp
N/A 127.0.0.1:56225 tcp
N/A 127.0.0.1:56227 tcp
N/A 127.0.0.1:56230 tcp
N/A 127.0.0.1:56235 tcp
N/A 127.0.0.1:56240 tcp
N/A 127.0.0.1:56243 tcp
N/A 127.0.0.1:56247 tcp
N/A 127.0.0.1:56251 tcp
N/A 127.0.0.1:56254 tcp
N/A 127.0.0.1:56259 tcp
N/A 127.0.0.1:56261 tcp
N/A 127.0.0.1:56263 tcp
N/A 127.0.0.1:56265 tcp
N/A 127.0.0.1:56267 tcp
N/A 127.0.0.1:56269 tcp
N/A 127.0.0.1:56271 tcp
N/A 127.0.0.1:56273 tcp
N/A 127.0.0.1:56275 tcp
N/A 127.0.0.1:56277 tcp
N/A 127.0.0.1:56279 tcp
N/A 127.0.0.1:56281 tcp
N/A 127.0.0.1:56283 tcp
N/A 127.0.0.1:56285 tcp
N/A 127.0.0.1:56287 tcp
N/A 127.0.0.1:56289 tcp
N/A 127.0.0.1:56291 tcp
N/A 127.0.0.1:56293 tcp
N/A 127.0.0.1:56295 tcp
N/A 127.0.0.1:56297 tcp
N/A 127.0.0.1:56299 tcp
N/A 127.0.0.1:56301 tcp
N/A 127.0.0.1:56303 tcp
N/A 127.0.0.1:56305 tcp
N/A 127.0.0.1:56307 tcp
N/A 127.0.0.1:56309 tcp
N/A 127.0.0.1:56311 tcp
N/A 127.0.0.1:56313 tcp
N/A 127.0.0.1:56315 tcp
N/A 127.0.0.1:56317 tcp
N/A 127.0.0.1:56319 tcp
N/A 127.0.0.1:56321 tcp
N/A 127.0.0.1:56323 tcp
N/A 127.0.0.1:56325 tcp
N/A 127.0.0.1:56327 tcp
N/A 127.0.0.1:56329 tcp
N/A 127.0.0.1:56331 tcp
N/A 127.0.0.1:56333 tcp
N/A 127.0.0.1:56335 tcp
N/A 127.0.0.1:56337 tcp
N/A 127.0.0.1:56339 tcp
N/A 127.0.0.1:56341 tcp
N/A 127.0.0.1:56343 tcp
N/A 127.0.0.1:56345 tcp
N/A 127.0.0.1:56347 tcp
N/A 127.0.0.1:56349 tcp
N/A 127.0.0.1:56351 tcp
N/A 127.0.0.1:56353 tcp
N/A 127.0.0.1:56356 tcp
N/A 127.0.0.1:56358 tcp
N/A 127.0.0.1:56360 tcp
N/A 127.0.0.1:56362 tcp
N/A 127.0.0.1:56364 tcp
N/A 127.0.0.1:56366 tcp
N/A 127.0.0.1:56368 tcp
N/A 127.0.0.1:56370 tcp
N/A 127.0.0.1:56372 tcp
N/A 127.0.0.1:56374 tcp
N/A 127.0.0.1:56376 tcp
N/A 127.0.0.1:56378 tcp
N/A 127.0.0.1:56380 tcp
N/A 127.0.0.1:56382 tcp
N/A 127.0.0.1:56384 tcp
N/A 127.0.0.1:56386 tcp
N/A 127.0.0.1:56387 tcp
N/A 127.0.0.1:56390 tcp
N/A 127.0.0.1:56392 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:56395 tcp
N/A 127.0.0.1:56397 tcp
N/A 127.0.0.1:56399 tcp
N/A 127.0.0.1:56401 tcp
N/A 127.0.0.1:56403 tcp
N/A 127.0.0.1:56405 tcp
N/A 127.0.0.1:56407 tcp
N/A 127.0.0.1:56409 tcp
N/A 127.0.0.1:56411 tcp
N/A 127.0.0.1:56413 tcp
N/A 127.0.0.1:56415 tcp
N/A 127.0.0.1:56417 tcp
N/A 127.0.0.1:56419 tcp
N/A 127.0.0.1:56421 tcp
N/A 127.0.0.1:56423 tcp
N/A 127.0.0.1:56425 tcp
N/A 127.0.0.1:56427 tcp
N/A 127.0.0.1:56429 tcp
N/A 127.0.0.1:56431 tcp
N/A 127.0.0.1:56433 tcp
N/A 127.0.0.1:56435 tcp
N/A 127.0.0.1:56437 tcp
N/A 127.0.0.1:56439 tcp
N/A 127.0.0.1:56441 tcp
N/A 127.0.0.1:56443 tcp
N/A 127.0.0.1:56445 tcp
N/A 127.0.0.1:56447 tcp
N/A 127.0.0.1:56449 tcp
N/A 127.0.0.1:56451 tcp
N/A 127.0.0.1:56453 tcp
N/A 127.0.0.1:56455 tcp
N/A 127.0.0.1:56457 tcp
N/A 127.0.0.1:56459 tcp
N/A 127.0.0.1:56461 tcp
N/A 127.0.0.1:56463 tcp
N/A 127.0.0.1:56465 tcp
N/A 127.0.0.1:56467 tcp
N/A 127.0.0.1:56469 tcp
N/A 127.0.0.1:56471 tcp
N/A 127.0.0.1:56473 tcp
N/A 127.0.0.1:56475 tcp
N/A 127.0.0.1:56477 tcp
N/A 127.0.0.1:56479 tcp
N/A 127.0.0.1:56481 tcp
N/A 127.0.0.1:56483 tcp
N/A 127.0.0.1:56485 tcp
N/A 127.0.0.1:56487 tcp
N/A 127.0.0.1:56489 tcp
N/A 127.0.0.1:56491 tcp
N/A 127.0.0.1:56493 tcp
N/A 127.0.0.1:56495 tcp
N/A 127.0.0.1:56497 tcp
N/A 127.0.0.1:56499 tcp
N/A 127.0.0.1:56501 tcp
N/A 127.0.0.1:56503 tcp
N/A 127.0.0.1:56505 tcp
N/A 127.0.0.1:56507 tcp
N/A 127.0.0.1:56509 tcp
N/A 127.0.0.1:56511 tcp
N/A 127.0.0.1:56513 tcp
N/A 127.0.0.1:56515 tcp
N/A 127.0.0.1:56517 tcp
N/A 127.0.0.1:56519 tcp
N/A 127.0.0.1:56521 tcp
N/A 127.0.0.1:56523 tcp
N/A 127.0.0.1:56525 tcp
N/A 127.0.0.1:56527 tcp
N/A 127.0.0.1:56529 tcp
N/A 127.0.0.1:56531 tcp
N/A 127.0.0.1:56533 tcp
N/A 127.0.0.1:56536 tcp
N/A 127.0.0.1:56538 tcp
N/A 127.0.0.1:56540 tcp
N/A 127.0.0.1:56542 tcp
N/A 127.0.0.1:56544 tcp
N/A 127.0.0.1:56546 tcp
N/A 127.0.0.1:56548 tcp
N/A 127.0.0.1:56550 tcp
N/A 127.0.0.1:56552 tcp
N/A 127.0.0.1:56554 tcp
N/A 127.0.0.1:56556 tcp
N/A 127.0.0.1:56558 tcp
N/A 127.0.0.1:56560 tcp
N/A 127.0.0.1:56562 tcp
N/A 127.0.0.1:56564 tcp
N/A 127.0.0.1:56578 tcp
N/A 127.0.0.1:56784 tcp
N/A 127.0.0.1:56787 tcp
N/A 127.0.0.1:56789 tcp
N/A 127.0.0.1:56791 tcp
N/A 127.0.0.1:56793 tcp
N/A 127.0.0.1:56796 tcp
N/A 127.0.0.1:56798 tcp
N/A 127.0.0.1:56801 tcp
N/A 127.0.0.1:56803 tcp
N/A 127.0.0.1:56805 tcp
N/A 127.0.0.1:56807 tcp
N/A 127.0.0.1:56810 tcp
N/A 127.0.0.1:56812 tcp
N/A 127.0.0.1:56815 tcp
N/A 127.0.0.1:56817 tcp
N/A 127.0.0.1:56819 tcp
N/A 127.0.0.1:56821 tcp
N/A 127.0.0.1:56824 tcp
N/A 127.0.0.1:56826 tcp
N/A 127.0.0.1:56828 tcp
N/A 127.0.0.1:56830 tcp
N/A 127.0.0.1:56832 tcp
N/A 127.0.0.1:56834 tcp
N/A 127.0.0.1:56836 tcp
N/A 127.0.0.1:56838 tcp
N/A 127.0.0.1:56840 tcp
N/A 127.0.0.1:56842 tcp
N/A 127.0.0.1:56845 tcp
N/A 127.0.0.1:56847 tcp
N/A 127.0.0.1:56849 tcp
N/A 127.0.0.1:56851 tcp
N/A 127.0.0.1:56854 tcp
N/A 127.0.0.1:56856 tcp
N/A 127.0.0.1:56858 tcp
N/A 127.0.0.1:56860 tcp
N/A 127.0.0.1:56862 tcp
N/A 127.0.0.1:56864 tcp
N/A 127.0.0.1:56866 tcp
N/A 127.0.0.1:56868 tcp
N/A 127.0.0.1:56870 tcp
N/A 127.0.0.1:56872 tcp
N/A 127.0.0.1:56874 tcp
N/A 127.0.0.1:56876 tcp
N/A 127.0.0.1:56878 tcp
N/A 127.0.0.1:56880 tcp
N/A 127.0.0.1:56882 tcp
N/A 127.0.0.1:56884 tcp
N/A 127.0.0.1:56886 tcp
N/A 127.0.0.1:56888 tcp
N/A 127.0.0.1:56890 tcp
N/A 127.0.0.1:56893 tcp
N/A 127.0.0.1:56895 tcp
N/A 127.0.0.1:56897 tcp
N/A 127.0.0.1:56898 tcp
N/A 127.0.0.1:56902 tcp
N/A 127.0.0.1:56901 tcp
N/A 127.0.0.1:56905 tcp
N/A 127.0.0.1:56907 tcp
N/A 127.0.0.1:56909 tcp
N/A 127.0.0.1:56911 tcp
N/A 127.0.0.1:56912 tcp
N/A 127.0.0.1:56915 tcp
N/A 127.0.0.1:56917 tcp
N/A 127.0.0.1:56919 tcp
N/A 127.0.0.1:56921 tcp
N/A 127.0.0.1:56923 tcp
N/A 127.0.0.1:56925 tcp
N/A 127.0.0.1:56927 tcp
N/A 127.0.0.1:56929 tcp
N/A 127.0.0.1:56931 tcp
N/A 127.0.0.1:56933 tcp
N/A 127.0.0.1:56935 tcp
N/A 127.0.0.1:56937 tcp
N/A 127.0.0.1:56938 tcp
N/A 127.0.0.1:56942 tcp
N/A 127.0.0.1:56944 tcp
N/A 127.0.0.1:56947 tcp
N/A 127.0.0.1:56946 tcp
N/A 127.0.0.1:56950 tcp
N/A 127.0.0.1:56953 tcp
N/A 127.0.0.1:56952 tcp
N/A 127.0.0.1:56956 tcp
N/A 127.0.0.1:56958 tcp
N/A 127.0.0.1:56960 tcp
N/A 127.0.0.1:56962 tcp
N/A 127.0.0.1:56964 tcp
N/A 127.0.0.1:56966 tcp
N/A 127.0.0.1:56968 tcp
N/A 127.0.0.1:56970 tcp
N/A 127.0.0.1:56972 tcp
N/A 127.0.0.1:56974 tcp
N/A 127.0.0.1:56977 tcp
N/A 127.0.0.1:56979 tcp
N/A 127.0.0.1:56981 tcp
N/A 127.0.0.1:56983 tcp
N/A 127.0.0.1:56985 tcp
N/A 127.0.0.1:56987 tcp
N/A 127.0.0.1:56989 tcp
N/A 127.0.0.1:56992 tcp
N/A 127.0.0.1:56994 tcp
N/A 127.0.0.1:56997 tcp
N/A 127.0.0.1:56996 tcp
N/A 127.0.0.1:57000 tcp
N/A 127.0.0.1:57002 tcp
N/A 127.0.0.1:57004 tcp
N/A 127.0.0.1:57006 tcp
N/A 127.0.0.1:57008 tcp
N/A 127.0.0.1:57010 tcp
N/A 127.0.0.1:57012 tcp
N/A 127.0.0.1:57015 tcp
N/A 127.0.0.1:57018 tcp
N/A 127.0.0.1:57017 tcp
N/A 127.0.0.1:57021 tcp
N/A 127.0.0.1:57023 tcp
N/A 127.0.0.1:57025 tcp
N/A 127.0.0.1:57027 tcp
N/A 127.0.0.1:57029 tcp
N/A 127.0.0.1:57032 tcp
N/A 127.0.0.1:57031 tcp
N/A 127.0.0.1:57035 tcp
N/A 127.0.0.1:57037 tcp
N/A 127.0.0.1:57040 tcp
N/A 127.0.0.1:57042 tcp
N/A 127.0.0.1:57044 tcp
N/A 127.0.0.1:57046 tcp
N/A 127.0.0.1:57048 tcp
N/A 127.0.0.1:57050 tcp
N/A 127.0.0.1:57052 tcp
N/A 127.0.0.1:57054 tcp
N/A 127.0.0.1:57056 tcp
N/A 127.0.0.1:57058 tcp
N/A 127.0.0.1:57060 tcp
N/A 127.0.0.1:57062 tcp
N/A 127.0.0.1:57064 tcp
N/A 127.0.0.1:57066 tcp
N/A 127.0.0.1:57068 tcp
N/A 127.0.0.1:57070 tcp
N/A 127.0.0.1:57072 tcp
N/A 127.0.0.1:57074 tcp
N/A 127.0.0.1:57076 tcp
N/A 127.0.0.1:57078 tcp
N/A 127.0.0.1:57081 tcp
N/A 127.0.0.1:57083 tcp
N/A 127.0.0.1:57084 tcp
N/A 127.0.0.1:57087 tcp
N/A 127.0.0.1:57089 tcp
N/A 127.0.0.1:57091 tcp
N/A 127.0.0.1:57093 tcp
N/A 127.0.0.1:57094 tcp
N/A 127.0.0.1:57097 tcp
N/A 127.0.0.1:57099 tcp
N/A 127.0.0.1:57101 tcp
N/A 127.0.0.1:57104 tcp
N/A 127.0.0.1:57106 tcp
N/A 127.0.0.1:57109 tcp
N/A 127.0.0.1:57111 tcp
N/A 127.0.0.1:57113 tcp
N/A 127.0.0.1:57115 tcp
N/A 127.0.0.1:57117 tcp
N/A 127.0.0.1:57119 tcp
N/A 127.0.0.1:57120 tcp
N/A 127.0.0.1:57123 tcp
N/A 127.0.0.1:57125 tcp
N/A 127.0.0.1:57127 tcp
N/A 127.0.0.1:57129 tcp
N/A 127.0.0.1:57131 tcp
N/A 127.0.0.1:57133 tcp
N/A 127.0.0.1:57135 tcp
N/A 127.0.0.1:57137 tcp
N/A 127.0.0.1:57139 tcp
N/A 127.0.0.1:57141 tcp
N/A 127.0.0.1:57143 tcp
N/A 127.0.0.1:57145 tcp
N/A 127.0.0.1:57147 tcp
N/A 127.0.0.1:57149 tcp
N/A 127.0.0.1:57151 tcp
N/A 127.0.0.1:57153 tcp
N/A 127.0.0.1:57155 tcp
N/A 127.0.0.1:57157 tcp
N/A 127.0.0.1:57159 tcp
N/A 127.0.0.1:57161 tcp
N/A 127.0.0.1:57163 tcp
N/A 127.0.0.1:57165 tcp
N/A 127.0.0.1:57167 tcp
N/A 127.0.0.1:57169 tcp
N/A 127.0.0.1:57171 tcp
N/A 127.0.0.1:57173 tcp
N/A 127.0.0.1:57175 tcp
N/A 127.0.0.1:57177 tcp
N/A 127.0.0.1:57179 tcp
N/A 127.0.0.1:57181 tcp
N/A 127.0.0.1:57183 tcp
N/A 127.0.0.1:57185 tcp
N/A 127.0.0.1:57187 tcp
N/A 127.0.0.1:57189 tcp
N/A 127.0.0.1:57191 tcp
N/A 127.0.0.1:57193 tcp
N/A 127.0.0.1:57195 tcp
N/A 127.0.0.1:57197 tcp
N/A 127.0.0.1:57199 tcp
N/A 127.0.0.1:57201 tcp
N/A 127.0.0.1:57203 tcp
N/A 127.0.0.1:57205 tcp
N/A 127.0.0.1:57207 tcp
N/A 127.0.0.1:57209 tcp
N/A 127.0.0.1:57211 tcp
N/A 127.0.0.1:57213 tcp
N/A 127.0.0.1:57215 tcp
N/A 127.0.0.1:57217 tcp
N/A 127.0.0.1:57219 tcp
N/A 127.0.0.1:57221 tcp
N/A 127.0.0.1:57223 tcp
N/A 127.0.0.1:57225 tcp
N/A 127.0.0.1:57227 tcp
N/A 127.0.0.1:57229 tcp
N/A 127.0.0.1:57231 tcp
N/A 127.0.0.1:57233 tcp
N/A 127.0.0.1:57235 tcp
N/A 127.0.0.1:57237 tcp
N/A 127.0.0.1:57239 tcp
N/A 127.0.0.1:57241 tcp
N/A 127.0.0.1:57243 tcp
N/A 127.0.0.1:57245 tcp
N/A 127.0.0.1:57248 tcp
N/A 127.0.0.1:57250 tcp
N/A 127.0.0.1:57252 tcp
N/A 127.0.0.1:57254 tcp
N/A 127.0.0.1:57256 tcp
N/A 127.0.0.1:57258 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:57261 tcp
N/A 127.0.0.1:57263 tcp
N/A 127.0.0.1:57265 tcp
N/A 127.0.0.1:57267 tcp
N/A 127.0.0.1:57269 tcp
N/A 127.0.0.1:57271 tcp
N/A 127.0.0.1:57273 tcp
N/A 127.0.0.1:57275 tcp
N/A 127.0.0.1:57277 tcp
N/A 127.0.0.1:57279 tcp
N/A 127.0.0.1:57281 tcp
N/A 127.0.0.1:57284 tcp
N/A 127.0.0.1:57286 tcp
N/A 127.0.0.1:57288 tcp
N/A 127.0.0.1:57290 tcp
N/A 127.0.0.1:57292 tcp
N/A 127.0.0.1:57294 tcp
N/A 127.0.0.1:57296 tcp
N/A 127.0.0.1:57298 tcp
N/A 127.0.0.1:57300 tcp
N/A 127.0.0.1:57302 tcp
N/A 127.0.0.1:57304 tcp
N/A 127.0.0.1:57306 tcp
N/A 127.0.0.1:57308 tcp
N/A 127.0.0.1:57310 tcp
N/A 127.0.0.1:57312 tcp
N/A 127.0.0.1:57314 tcp
N/A 127.0.0.1:57316 tcp
N/A 127.0.0.1:57318 tcp
N/A 127.0.0.1:57320 tcp
N/A 127.0.0.1:57322 tcp
N/A 127.0.0.1:57324 tcp
N/A 127.0.0.1:57326 tcp
N/A 127.0.0.1:57328 tcp
N/A 127.0.0.1:57330 tcp
N/A 127.0.0.1:57332 tcp
N/A 127.0.0.1:57334 tcp
N/A 127.0.0.1:57336 tcp
N/A 127.0.0.1:57338 tcp
N/A 127.0.0.1:57340 tcp
N/A 127.0.0.1:57342 tcp
N/A 127.0.0.1:57343 tcp
N/A 127.0.0.1:57754 tcp
N/A 127.0.0.1:57755 tcp
N/A 127.0.0.1:57759 tcp
N/A 127.0.0.1:57761 tcp
N/A 127.0.0.1:57763 tcp
N/A 127.0.0.1:57765 tcp
N/A 127.0.0.1:57767 tcp
N/A 127.0.0.1:57769 tcp
N/A 127.0.0.1:57771 tcp
N/A 127.0.0.1:57773 tcp
N/A 127.0.0.1:57775 tcp
N/A 127.0.0.1:57777 tcp
N/A 127.0.0.1:57779 tcp
N/A 127.0.0.1:57781 tcp
N/A 127.0.0.1:57783 tcp
N/A 127.0.0.1:57785 tcp
N/A 127.0.0.1:57787 tcp
N/A 127.0.0.1:57790 tcp
N/A 127.0.0.1:57792 tcp
N/A 127.0.0.1:57794 tcp
N/A 127.0.0.1:57796 tcp
N/A 127.0.0.1:57798 tcp
N/A 127.0.0.1:57800 tcp
N/A 127.0.0.1:57802 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:57805 tcp
N/A 127.0.0.1:57807 tcp
N/A 127.0.0.1:57809 tcp
N/A 127.0.0.1:57811 tcp
N/A 127.0.0.1:57813 tcp
N/A 127.0.0.1:57815 tcp
N/A 127.0.0.1:57817 tcp
N/A 127.0.0.1:57819 tcp
N/A 127.0.0.1:57821 tcp
N/A 127.0.0.1:57824 tcp
N/A 127.0.0.1:57823 tcp
N/A 127.0.0.1:57827 tcp
N/A 127.0.0.1:57829 tcp
N/A 127.0.0.1:57831 tcp
N/A 127.0.0.1:57833 tcp
N/A 127.0.0.1:57835 tcp
N/A 127.0.0.1:57837 tcp
N/A 127.0.0.1:57839 tcp
N/A 127.0.0.1:57841 tcp
N/A 127.0.0.1:57843 tcp
N/A 127.0.0.1:57845 tcp
N/A 127.0.0.1:57847 tcp
N/A 127.0.0.1:57849 tcp
N/A 127.0.0.1:57851 tcp
N/A 127.0.0.1:57853 tcp
N/A 127.0.0.1:57855 tcp
N/A 127.0.0.1:57857 tcp
N/A 127.0.0.1:57859 tcp
N/A 127.0.0.1:57861 tcp
N/A 127.0.0.1:57863 tcp
N/A 127.0.0.1:57865 tcp
N/A 127.0.0.1:57867 tcp
N/A 127.0.0.1:57869 tcp
N/A 127.0.0.1:57870 tcp
N/A 127.0.0.1:57873 tcp
N/A 127.0.0.1:57875 tcp
N/A 127.0.0.1:57877 tcp
N/A 127.0.0.1:57879 tcp
N/A 127.0.0.1:57881 tcp
N/A 127.0.0.1:57884 tcp
N/A 127.0.0.1:57883 tcp
N/A 127.0.0.1:57887 tcp
N/A 127.0.0.1:57888 tcp
N/A 127.0.0.1:57891 tcp
N/A 127.0.0.1:57893 tcp
N/A 127.0.0.1:57895 tcp
N/A 127.0.0.1:57898 tcp
N/A 127.0.0.1:57900 tcp
N/A 127.0.0.1:57902 tcp
N/A 127.0.0.1:57904 tcp
N/A 127.0.0.1:57906 tcp
N/A 127.0.0.1:57908 tcp
N/A 127.0.0.1:57911 tcp
N/A 127.0.0.1:57913 tcp
N/A 127.0.0.1:57915 tcp
N/A 127.0.0.1:57917 tcp
N/A 127.0.0.1:57919 tcp
N/A 127.0.0.1:57921 tcp
N/A 127.0.0.1:57923 tcp
N/A 127.0.0.1:57925 tcp
N/A 127.0.0.1:57929 tcp
N/A 127.0.0.1:57931 tcp
N/A 127.0.0.1:57933 tcp
N/A 127.0.0.1:57935 tcp
N/A 127.0.0.1:57938 tcp
N/A 127.0.0.1:57940 tcp
N/A 127.0.0.1:57942 tcp
N/A 127.0.0.1:57944 tcp
N/A 127.0.0.1:57947 tcp
N/A 127.0.0.1:57949 tcp
N/A 127.0.0.1:57951 tcp
N/A 127.0.0.1:57953 tcp
N/A 127.0.0.1:57956 tcp
N/A 127.0.0.1:57958 tcp
N/A 127.0.0.1:57960 tcp
N/A 127.0.0.1:57962 tcp
N/A 127.0.0.1:57966 tcp
N/A 127.0.0.1:57969 tcp
N/A 127.0.0.1:57971 tcp
N/A 127.0.0.1:57973 tcp
N/A 127.0.0.1:57975 tcp
N/A 127.0.0.1:57977 tcp
N/A 127.0.0.1:57979 tcp
N/A 127.0.0.1:57981 tcp
N/A 127.0.0.1:57984 tcp
N/A 127.0.0.1:57983 tcp
N/A 127.0.0.1:57987 tcp
N/A 127.0.0.1:57990 tcp
N/A 127.0.0.1:57992 tcp
N/A 127.0.0.1:57994 tcp
N/A 127.0.0.1:57996 tcp
N/A 127.0.0.1:57998 tcp
N/A 127.0.0.1:58000 tcp
N/A 127.0.0.1:58002 tcp
N/A 127.0.0.1:58004 tcp
N/A 127.0.0.1:58006 tcp
N/A 127.0.0.1:58008 tcp
N/A 127.0.0.1:58010 tcp
N/A 127.0.0.1:58012 tcp
N/A 127.0.0.1:58014 tcp
N/A 127.0.0.1:58016 tcp
N/A 127.0.0.1:58018 tcp
N/A 127.0.0.1:58021 tcp
N/A 127.0.0.1:58023 tcp
N/A 127.0.0.1:58025 tcp
N/A 127.0.0.1:58028 tcp
N/A 127.0.0.1:58030 tcp
N/A 127.0.0.1:58032 tcp
N/A 127.0.0.1:58034 tcp
N/A 127.0.0.1:58036 tcp
N/A 127.0.0.1:58039 tcp
N/A 127.0.0.1:58038 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:58043 tcp
N/A 127.0.0.1:58045 tcp
N/A 127.0.0.1:58048 tcp
N/A 127.0.0.1:58050 tcp
N/A 127.0.0.1:58051 tcp
N/A 127.0.0.1:58054 tcp
N/A 127.0.0.1:58056 tcp
N/A 127.0.0.1:58058 tcp
N/A 127.0.0.1:58060 tcp
N/A 127.0.0.1:58063 tcp
N/A 127.0.0.1:58065 tcp
N/A 127.0.0.1:58067 tcp
N/A 127.0.0.1:58069 tcp
N/A 127.0.0.1:58072 tcp
N/A 127.0.0.1:58074 tcp
N/A 127.0.0.1:58075 tcp
N/A 127.0.0.1:58078 tcp
N/A 127.0.0.1:58507 tcp
N/A 127.0.0.1:58509 tcp
N/A 127.0.0.1:58510 tcp
N/A 127.0.0.1:58513 tcp
N/A 127.0.0.1:58515 tcp
N/A 127.0.0.1:58517 tcp
N/A 127.0.0.1:58519 tcp
N/A 127.0.0.1:58521 tcp
N/A 127.0.0.1:58523 tcp
N/A 127.0.0.1:58525 tcp
N/A 127.0.0.1:58527 tcp
N/A 127.0.0.1:58529 tcp
N/A 127.0.0.1:58532 tcp
N/A 127.0.0.1:58534 tcp
N/A 127.0.0.1:58536 tcp
N/A 127.0.0.1:58538 tcp
N/A 127.0.0.1:58540 tcp
N/A 127.0.0.1:58542 tcp
N/A 127.0.0.1:58544 tcp
N/A 127.0.0.1:58546 tcp
N/A 127.0.0.1:58548 tcp
N/A 127.0.0.1:58550 tcp
N/A 127.0.0.1:58552 tcp
N/A 127.0.0.1:58554 tcp
N/A 127.0.0.1:58556 tcp
N/A 127.0.0.1:58558 tcp
N/A 127.0.0.1:58560 tcp
N/A 127.0.0.1:58563 tcp
N/A 127.0.0.1:58562 tcp
N/A 127.0.0.1:58566 tcp
N/A 127.0.0.1:58568 tcp
N/A 127.0.0.1:58569 tcp
N/A 127.0.0.1:58572 tcp
N/A 127.0.0.1:58574 tcp
N/A 127.0.0.1:58576 tcp
N/A 127.0.0.1:58578 tcp
N/A 127.0.0.1:58580 tcp
N/A 127.0.0.1:58582 tcp
N/A 127.0.0.1:58585 tcp
N/A 127.0.0.1:58587 tcp
N/A 127.0.0.1:58589 tcp
N/A 127.0.0.1:58591 tcp
N/A 127.0.0.1:58593 tcp
N/A 127.0.0.1:58595 tcp
N/A 127.0.0.1:58597 tcp
N/A 127.0.0.1:58599 tcp
N/A 127.0.0.1:58601 tcp
N/A 127.0.0.1:58603 tcp
N/A 127.0.0.1:58605 tcp
N/A 127.0.0.1:58607 tcp
N/A 127.0.0.1:58609 tcp
N/A 127.0.0.1:58611 tcp
N/A 127.0.0.1:58613 tcp
N/A 127.0.0.1:58614 tcp
N/A 127.0.0.1:58617 tcp
N/A 127.0.0.1:58619 tcp
N/A 127.0.0.1:58621 tcp
N/A 127.0.0.1:58623 tcp
N/A 127.0.0.1:58625 tcp
N/A 127.0.0.1:58627 tcp
N/A 127.0.0.1:58629 tcp
N/A 127.0.0.1:58631 tcp
N/A 127.0.0.1:58633 tcp
N/A 127.0.0.1:58635 tcp
N/A 127.0.0.1:58638 tcp
N/A 127.0.0.1:58637 tcp
N/A 127.0.0.1:58641 tcp
N/A 127.0.0.1:58643 tcp
N/A 127.0.0.1:58645 tcp
N/A 127.0.0.1:58647 tcp
N/A 127.0.0.1:58649 tcp
N/A 127.0.0.1:58651 tcp
N/A 127.0.0.1:58653 tcp
N/A 127.0.0.1:58655 tcp
N/A 127.0.0.1:58658 tcp
N/A 127.0.0.1:58657 tcp
N/A 127.0.0.1:58661 tcp
N/A 127.0.0.1:58663 tcp
N/A 127.0.0.1:58665 tcp
N/A 127.0.0.1:58667 tcp
N/A 127.0.0.1:58669 tcp
N/A 127.0.0.1:58671 tcp
N/A 127.0.0.1:58673 tcp
N/A 127.0.0.1:58675 tcp
N/A 127.0.0.1:58677 tcp
N/A 127.0.0.1:58679 tcp
N/A 127.0.0.1:58681 tcp
N/A 127.0.0.1:58683 tcp
N/A 127.0.0.1:58685 tcp
N/A 127.0.0.1:58687 tcp
N/A 127.0.0.1:58690 tcp
N/A 127.0.0.1:58692 tcp
N/A 127.0.0.1:58694 tcp
N/A 127.0.0.1:58696 tcp
N/A 127.0.0.1:58698 tcp
N/A 127.0.0.1:58700 tcp
N/A 127.0.0.1:58703 tcp
N/A 127.0.0.1:58702 tcp
N/A 127.0.0.1:58706 tcp
N/A 127.0.0.1:58708 tcp
N/A 127.0.0.1:58710 tcp
N/A 127.0.0.1:58711 tcp
N/A 127.0.0.1:58714 tcp
N/A 127.0.0.1:58716 tcp
N/A 127.0.0.1:58718 tcp
N/A 127.0.0.1:58720 tcp
N/A 127.0.0.1:58722 tcp
N/A 127.0.0.1:58724 tcp
N/A 127.0.0.1:58726 tcp
N/A 127.0.0.1:58728 tcp
N/A 127.0.0.1:58730 tcp
N/A 127.0.0.1:58732 tcp
N/A 127.0.0.1:58734 tcp
N/A 127.0.0.1:58736 tcp
N/A 127.0.0.1:58737 tcp
N/A 127.0.0.1:58740 tcp
N/A 127.0.0.1:58743 tcp
N/A 127.0.0.1:58742 tcp
N/A 127.0.0.1:58746 tcp
N/A 127.0.0.1:58748 tcp
N/A 127.0.0.1:58750 tcp
N/A 127.0.0.1:58752 tcp
N/A 127.0.0.1:58754 tcp
N/A 127.0.0.1:58756 tcp
N/A 127.0.0.1:58757 tcp
N/A 127.0.0.1:58760 tcp
N/A 127.0.0.1:58763 tcp
N/A 127.0.0.1:58765 tcp
N/A 127.0.0.1:58767 tcp
N/A 127.0.0.1:58769 tcp
N/A 127.0.0.1:58771 tcp
N/A 127.0.0.1:58773 tcp
N/A 127.0.0.1:58775 tcp
N/A 127.0.0.1:58777 tcp
N/A 127.0.0.1:58779 tcp
N/A 127.0.0.1:58781 tcp
N/A 127.0.0.1:58783 tcp
N/A 127.0.0.1:58785 tcp
N/A 127.0.0.1:58787 tcp
N/A 127.0.0.1:58789 tcp
N/A 127.0.0.1:58791 tcp
N/A 127.0.0.1:58793 tcp
N/A 127.0.0.1:58795 tcp
N/A 127.0.0.1:58797 tcp
N/A 127.0.0.1:58800 tcp
N/A 127.0.0.1:58799 tcp
N/A 127.0.0.1:58803 tcp
N/A 127.0.0.1:58805 tcp
N/A 127.0.0.1:58807 tcp
N/A 127.0.0.1:58809 tcp
N/A 127.0.0.1:58811 tcp
N/A 127.0.0.1:58813 tcp
N/A 127.0.0.1:58815 tcp
N/A 127.0.0.1:58817 tcp
N/A 127.0.0.1:58819 tcp
N/A 127.0.0.1:58822 tcp
N/A 127.0.0.1:58821 tcp
N/A 127.0.0.1:58825 tcp
N/A 127.0.0.1:58827 tcp
N/A 127.0.0.1:58829 tcp
N/A 127.0.0.1:58831 tcp
N/A 127.0.0.1:58833 tcp
N/A 127.0.0.1:58835 tcp
N/A 127.0.0.1:58837 tcp
N/A 127.0.0.1:58839 tcp
N/A 127.0.0.1:58841 tcp
N/A 127.0.0.1:58843 tcp
N/A 127.0.0.1:58845 tcp
N/A 127.0.0.1:58847 tcp
N/A 127.0.0.1:58849 tcp
N/A 127.0.0.1:58851 tcp
N/A 127.0.0.1:58852 tcp
N/A 127.0.0.1:58855 tcp
N/A 127.0.0.1:58857 tcp
N/A 127.0.0.1:58858 tcp
N/A 127.0.0.1:58861 tcp
N/A 127.0.0.1:58863 tcp
N/A 127.0.0.1:58865 tcp
N/A 127.0.0.1:58867 tcp
N/A 127.0.0.1:58869 tcp
N/A 127.0.0.1:58871 tcp
N/A 127.0.0.1:58873 tcp
N/A 127.0.0.1:58875 tcp
N/A 127.0.0.1:58877 tcp
N/A 127.0.0.1:58879 tcp
N/A 127.0.0.1:58881 tcp
N/A 127.0.0.1:58883 tcp
N/A 127.0.0.1:58886 tcp
N/A 127.0.0.1:58885 tcp
N/A 127.0.0.1:58889 tcp
N/A 127.0.0.1:58891 tcp
N/A 127.0.0.1:58893 tcp
N/A 127.0.0.1:58895 tcp
N/A 127.0.0.1:58897 tcp
N/A 127.0.0.1:58899 tcp
N/A 127.0.0.1:58901 tcp
N/A 127.0.0.1:58904 tcp
N/A 127.0.0.1:58906 tcp
N/A 127.0.0.1:58908 tcp
N/A 127.0.0.1:58910 tcp
N/A 127.0.0.1:58912 tcp
N/A 127.0.0.1:58914 tcp
N/A 127.0.0.1:58916 tcp
N/A 127.0.0.1:58918 tcp
N/A 127.0.0.1:58922 tcp
N/A 127.0.0.1:58926 tcp
N/A 127.0.0.1:58932 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:58955 tcp
N/A 127.0.0.1:58961 tcp
N/A 127.0.0.1:58963 tcp
N/A 127.0.0.1:58969 tcp
N/A 127.0.0.1:58981 tcp
N/A 127.0.0.1:58985 tcp
N/A 127.0.0.1:59003 tcp
N/A 127.0.0.1:59021 tcp
N/A 127.0.0.1:59024 tcp
N/A 127.0.0.1:59027 tcp
N/A 127.0.0.1:59026 tcp
N/A 127.0.0.1:59030 tcp
N/A 127.0.0.1:59032 tcp
N/A 127.0.0.1:59034 tcp
N/A 127.0.0.1:59036 tcp
N/A 127.0.0.1:59038 tcp
N/A 127.0.0.1:59040 tcp
N/A 127.0.0.1:59042 tcp
N/A 127.0.0.1:59044 tcp
N/A 127.0.0.1:59046 tcp
N/A 127.0.0.1:59048 tcp
N/A 127.0.0.1:59050 tcp
N/A 127.0.0.1:59051 tcp
N/A 127.0.0.1:59054 tcp
N/A 127.0.0.1:59056 tcp
N/A 127.0.0.1:59058 tcp
N/A 127.0.0.1:59060 tcp
N/A 127.0.0.1:59062 tcp
N/A 127.0.0.1:59064 tcp
N/A 127.0.0.1:59066 tcp
N/A 127.0.0.1:59069 tcp
N/A 127.0.0.1:59071 tcp
N/A 127.0.0.1:59073 tcp
N/A 127.0.0.1:59075 tcp
N/A 127.0.0.1:59078 tcp
N/A 127.0.0.1:59080 tcp
N/A 127.0.0.1:59082 tcp
N/A 127.0.0.1:59084 tcp
N/A 127.0.0.1:59077 tcp
N/A 127.0.0.1:59087 tcp
N/A 127.0.0.1:59089 tcp
N/A 127.0.0.1:59091 tcp
N/A 127.0.0.1:59093 tcp
N/A 127.0.0.1:59094 tcp
N/A 127.0.0.1:59097 tcp
N/A 127.0.0.1:59099 tcp
N/A 127.0.0.1:59101 tcp
N/A 127.0.0.1:59103 tcp
N/A 127.0.0.1:59105 tcp
N/A 127.0.0.1:59108 tcp
N/A 127.0.0.1:59110 tcp
N/A 127.0.0.1:59112 tcp
N/A 127.0.0.1:59114 tcp
N/A 127.0.0.1:59116 tcp
N/A 127.0.0.1:59118 tcp
N/A 127.0.0.1:59121 tcp
N/A 127.0.0.1:59120 tcp
N/A 127.0.0.1:59126 tcp
N/A 127.0.0.1:59128 tcp
N/A 127.0.0.1:59131 tcp
N/A 127.0.0.1:59133 tcp
N/A 127.0.0.1:59135 tcp
N/A 127.0.0.1:59137 tcp
N/A 127.0.0.1:59140 tcp
N/A 127.0.0.1:59142 tcp
N/A 127.0.0.1:59144 tcp
N/A 127.0.0.1:59146 tcp
N/A 127.0.0.1:59148 tcp
N/A 127.0.0.1:59150 tcp
N/A 127.0.0.1:59152 tcp
N/A 127.0.0.1:59155 tcp
N/A 127.0.0.1:59158 tcp
N/A 127.0.0.1:59160 tcp
N/A 127.0.0.1:59162 tcp
N/A 127.0.0.1:59163 tcp
N/A 127.0.0.1:59166 tcp
N/A 127.0.0.1:59168 tcp
N/A 127.0.0.1:59170 tcp
N/A 127.0.0.1:59172 tcp
N/A 127.0.0.1:59175 tcp
N/A 127.0.0.1:59177 tcp
N/A 127.0.0.1:59180 tcp
N/A 127.0.0.1:59182 tcp
N/A 127.0.0.1:59184 tcp
N/A 127.0.0.1:59186 tcp
N/A 127.0.0.1:59188 tcp
N/A 127.0.0.1:59190 tcp
N/A 127.0.0.1:59192 tcp
N/A 127.0.0.1:59194 tcp
N/A 127.0.0.1:59196 tcp
N/A 127.0.0.1:59198 tcp
N/A 127.0.0.1:59200 tcp
N/A 127.0.0.1:59202 tcp
N/A 127.0.0.1:59204 tcp
N/A 127.0.0.1:59206 tcp
N/A 127.0.0.1:59208 tcp
N/A 127.0.0.1:59210 tcp
N/A 127.0.0.1:59212 tcp
N/A 127.0.0.1:59214 tcp
N/A 127.0.0.1:59216 tcp
N/A 127.0.0.1:59218 tcp
N/A 127.0.0.1:59220 tcp
N/A 127.0.0.1:59222 tcp
N/A 127.0.0.1:59224 tcp
N/A 127.0.0.1:59226 tcp
N/A 127.0.0.1:59228 tcp
N/A 127.0.0.1:59230 tcp
N/A 127.0.0.1:59232 tcp
N/A 127.0.0.1:59234 tcp
N/A 127.0.0.1:59236 tcp
N/A 127.0.0.1:59238 tcp
N/A 127.0.0.1:59240 tcp
N/A 127.0.0.1:59242 tcp
N/A 127.0.0.1:59244 tcp
N/A 127.0.0.1:59246 tcp
N/A 127.0.0.1:59248 tcp
N/A 127.0.0.1:59250 tcp
N/A 127.0.0.1:59252 tcp
N/A 127.0.0.1:59254 tcp
N/A 127.0.0.1:59256 tcp
N/A 127.0.0.1:59258 tcp
N/A 127.0.0.1:59260 tcp
N/A 127.0.0.1:59262 tcp
N/A 127.0.0.1:59264 tcp
N/A 127.0.0.1:59266 tcp
N/A 127.0.0.1:59268 tcp
N/A 127.0.0.1:59270 tcp
N/A 127.0.0.1:59272 tcp
N/A 127.0.0.1:59274 tcp
N/A 127.0.0.1:59276 tcp
N/A 127.0.0.1:59278 tcp
N/A 127.0.0.1:59280 tcp
N/A 127.0.0.1:59282 tcp
N/A 127.0.0.1:59285 tcp
N/A 127.0.0.1:59298 tcp
N/A 127.0.0.1:59300 tcp
N/A 127.0.0.1:59302 tcp
N/A 127.0.0.1:59304 tcp
N/A 127.0.0.1:59306 tcp
N/A 127.0.0.1:59308 tcp
N/A 127.0.0.1:59310 tcp
N/A 127.0.0.1:59312 tcp
N/A 127.0.0.1:59314 tcp
N/A 127.0.0.1:59316 tcp
N/A 127.0.0.1:59318 tcp
N/A 127.0.0.1:59320 tcp
N/A 127.0.0.1:59322 tcp
N/A 127.0.0.1:59324 tcp
N/A 127.0.0.1:59326 tcp
N/A 127.0.0.1:59329 tcp
N/A 127.0.0.1:59331 tcp
N/A 127.0.0.1:59328 tcp
N/A 127.0.0.1:59334 tcp
N/A 127.0.0.1:59336 tcp
N/A 127.0.0.1:59338 tcp
N/A 127.0.0.1:59340 tcp
N/A 127.0.0.1:59342 tcp
N/A 127.0.0.1:59344 tcp
N/A 127.0.0.1:59346 tcp
N/A 127.0.0.1:59348 tcp
N/A 127.0.0.1:59350 tcp
N/A 127.0.0.1:59352 tcp
N/A 127.0.0.1:59354 tcp
N/A 127.0.0.1:59356 tcp
N/A 127.0.0.1:59358 tcp
N/A 127.0.0.1:59360 tcp
N/A 127.0.0.1:59362 tcp
N/A 127.0.0.1:59364 tcp
N/A 127.0.0.1:59366 tcp
N/A 127.0.0.1:59368 tcp
N/A 127.0.0.1:59370 tcp
N/A 127.0.0.1:59372 tcp
N/A 127.0.0.1:59374 tcp
N/A 127.0.0.1:59376 tcp
N/A 127.0.0.1:59378 tcp
N/A 127.0.0.1:59380 tcp
N/A 127.0.0.1:59382 tcp
N/A 127.0.0.1:59384 tcp
N/A 127.0.0.1:59385 tcp
N/A 127.0.0.1:59388 tcp
N/A 127.0.0.1:59390 tcp
N/A 127.0.0.1:59392 tcp
N/A 127.0.0.1:59394 tcp
N/A 127.0.0.1:59396 tcp
N/A 127.0.0.1:59398 tcp
N/A 127.0.0.1:59400 tcp
N/A 127.0.0.1:59402 tcp
N/A 127.0.0.1:59404 tcp
N/A 127.0.0.1:59406 tcp
N/A 127.0.0.1:59408 tcp
N/A 127.0.0.1:59410 tcp
N/A 127.0.0.1:59412 tcp
N/A 127.0.0.1:59414 tcp
N/A 127.0.0.1:59416 tcp
N/A 127.0.0.1:59418 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59422 tcp
N/A 127.0.0.1:59424 tcp
N/A 127.0.0.1:59426 tcp
N/A 127.0.0.1:59428 tcp
N/A 127.0.0.1:59430 tcp
N/A 127.0.0.1:59432 tcp
N/A 127.0.0.1:59434 tcp
N/A 127.0.0.1:59436 tcp
N/A 127.0.0.1:59438 tcp
N/A 127.0.0.1:59440 tcp
N/A 127.0.0.1:59442 tcp
N/A 127.0.0.1:59444 tcp
N/A 127.0.0.1:59446 tcp
N/A 127.0.0.1:59448 tcp
N/A 127.0.0.1:59450 tcp
N/A 127.0.0.1:59452 tcp
N/A 127.0.0.1:59454 tcp
N/A 127.0.0.1:59456 tcp
N/A 127.0.0.1:59458 tcp
N/A 127.0.0.1:59460 tcp
N/A 127.0.0.1:59462 tcp
N/A 127.0.0.1:59464 tcp
N/A 127.0.0.1:59466 tcp
N/A 127.0.0.1:59468 tcp
N/A 127.0.0.1:59470 tcp
N/A 127.0.0.1:59472 tcp
N/A 127.0.0.1:59474 tcp
N/A 127.0.0.1:59476 tcp
N/A 127.0.0.1:59478 tcp
N/A 127.0.0.1:59480 tcp
N/A 127.0.0.1:59482 tcp
N/A 127.0.0.1:59484 tcp
N/A 127.0.0.1:59486 tcp
N/A 127.0.0.1:59488 tcp
N/A 127.0.0.1:59490 tcp
N/A 127.0.0.1:59492 tcp
N/A 127.0.0.1:59494 tcp
N/A 127.0.0.1:59496 tcp
N/A 127.0.0.1:59498 tcp
N/A 127.0.0.1:59500 tcp
N/A 127.0.0.1:59502 tcp
N/A 127.0.0.1:59504 tcp
N/A 127.0.0.1:59506 tcp
N/A 127.0.0.1:59508 tcp
N/A 127.0.0.1:59510 tcp
N/A 127.0.0.1:59512 tcp
N/A 127.0.0.1:59514 tcp
N/A 127.0.0.1:59516 tcp
N/A 127.0.0.1:59518 tcp
N/A 127.0.0.1:59520 tcp
N/A 127.0.0.1:59522 tcp
N/A 127.0.0.1:59524 tcp
N/A 127.0.0.1:59526 tcp
N/A 127.0.0.1:59528 tcp
N/A 127.0.0.1:59530 tcp
N/A 127.0.0.1:59532 tcp
N/A 127.0.0.1:59534 tcp
N/A 127.0.0.1:59536 tcp
N/A 127.0.0.1:59538 tcp
N/A 127.0.0.1:59540 tcp
N/A 127.0.0.1:59542 tcp
N/A 127.0.0.1:59544 tcp
N/A 127.0.0.1:59546 tcp
N/A 127.0.0.1:59548 tcp
N/A 127.0.0.1:59550 tcp
N/A 127.0.0.1:59552 tcp
N/A 127.0.0.1:59554 tcp
N/A 127.0.0.1:59555 tcp
N/A 127.0.0.1:59558 tcp
N/A 127.0.0.1:59560 tcp
N/A 127.0.0.1:59562 tcp
N/A 127.0.0.1:59564 tcp
N/A 127.0.0.1:59566 tcp
N/A 127.0.0.1:59568 tcp
N/A 127.0.0.1:59570 tcp
N/A 127.0.0.1:59572 tcp
N/A 127.0.0.1:59574 tcp
N/A 127.0.0.1:59576 tcp
N/A 127.0.0.1:59578 tcp
N/A 127.0.0.1:59580 tcp
N/A 127.0.0.1:59582 tcp
N/A 127.0.0.1:59584 tcp
N/A 127.0.0.1:59586 tcp
N/A 127.0.0.1:59588 tcp
N/A 127.0.0.1:59590 tcp
N/A 127.0.0.1:59592 tcp
N/A 127.0.0.1:59594 tcp
N/A 127.0.0.1:59596 tcp
N/A 127.0.0.1:59598 tcp
N/A 127.0.0.1:59600 tcp
N/A 127.0.0.1:59602 tcp
N/A 127.0.0.1:59605 tcp
N/A 127.0.0.1:59607 tcp
N/A 127.0.0.1:59609 tcp
N/A 127.0.0.1:59604 tcp
N/A 127.0.0.1:59612 tcp
N/A 127.0.0.1:59614 tcp
N/A 127.0.0.1:59616 tcp
N/A 127.0.0.1:59618 tcp
N/A 127.0.0.1:59620 tcp
N/A 127.0.0.1:59622 tcp
N/A 127.0.0.1:59624 tcp
N/A 127.0.0.1:59626 tcp
N/A 127.0.0.1:59628 tcp
N/A 127.0.0.1:59630 tcp
N/A 127.0.0.1:59632 tcp
N/A 127.0.0.1:59634 tcp
N/A 127.0.0.1:59636 tcp
N/A 127.0.0.1:59638 tcp
N/A 127.0.0.1:59640 tcp
N/A 127.0.0.1:59642 tcp
N/A 127.0.0.1:59644 tcp
N/A 127.0.0.1:59646 tcp
N/A 127.0.0.1:59647 tcp
N/A 127.0.0.1:59650 tcp
N/A 127.0.0.1:59652 tcp
N/A 127.0.0.1:59654 tcp
N/A 127.0.0.1:59656 tcp
N/A 127.0.0.1:59657 tcp
N/A 127.0.0.1:59660 tcp
N/A 127.0.0.1:59662 tcp
N/A 127.0.0.1:59664 tcp
N/A 127.0.0.1:59666 tcp
N/A 127.0.0.1:59668 tcp
N/A 127.0.0.1:59670 tcp
N/A 127.0.0.1:59672 tcp
N/A 127.0.0.1:59674 tcp
N/A 127.0.0.1:59677 tcp
N/A 127.0.0.1:59679 tcp
N/A 127.0.0.1:59676 tcp
N/A 127.0.0.1:59682 tcp
N/A 127.0.0.1:59684 tcp
N/A 127.0.0.1:59686 tcp
N/A 127.0.0.1:59688 tcp
N/A 127.0.0.1:59690 tcp
N/A 127.0.0.1:59692 tcp
N/A 127.0.0.1:59694 tcp
N/A 127.0.0.1:59696 tcp
N/A 127.0.0.1:59698 tcp
N/A 127.0.0.1:59700 tcp
N/A 127.0.0.1:59702 tcp
N/A 127.0.0.1:59704 tcp
N/A 127.0.0.1:59706 tcp
N/A 127.0.0.1:59708 tcp
N/A 127.0.0.1:59710 tcp
N/A 127.0.0.1:59712 tcp
N/A 127.0.0.1:59714 tcp
N/A 127.0.0.1:59716 tcp
N/A 127.0.0.1:59718 tcp
N/A 127.0.0.1:59720 tcp
N/A 127.0.0.1:59722 tcp
N/A 127.0.0.1:59724 tcp
N/A 127.0.0.1:59726 tcp
N/A 127.0.0.1:59728 tcp
N/A 127.0.0.1:59730 tcp
N/A 127.0.0.1:59732 tcp
N/A 127.0.0.1:59734 tcp
N/A 127.0.0.1:59736 tcp
N/A 127.0.0.1:59738 tcp
N/A 127.0.0.1:59740 tcp
N/A 127.0.0.1:59742 tcp
N/A 127.0.0.1:59744 tcp
N/A 127.0.0.1:59746 tcp
N/A 127.0.0.1:59748 tcp
N/A 127.0.0.1:59750 tcp
N/A 127.0.0.1:59752 tcp
N/A 127.0.0.1:59754 tcp
N/A 127.0.0.1:59756 tcp
N/A 127.0.0.1:59758 tcp
N/A 127.0.0.1:59760 tcp
N/A 127.0.0.1:59762 tcp
N/A 127.0.0.1:59764 tcp
N/A 127.0.0.1:59766 tcp
N/A 127.0.0.1:59768 tcp
N/A 127.0.0.1:59770 tcp
N/A 127.0.0.1:59772 tcp
N/A 127.0.0.1:59774 tcp
N/A 127.0.0.1:59776 tcp
N/A 127.0.0.1:59778 tcp
N/A 127.0.0.1:59780 tcp
N/A 127.0.0.1:59782 tcp
N/A 127.0.0.1:59784 tcp
N/A 127.0.0.1:59786 tcp
N/A 127.0.0.1:59788 tcp
N/A 127.0.0.1:59790 tcp
N/A 127.0.0.1:59792 tcp
N/A 127.0.0.1:59794 tcp
N/A 127.0.0.1:59796 tcp
N/A 127.0.0.1:59798 tcp
N/A 127.0.0.1:59800 tcp
N/A 127.0.0.1:59802 tcp
N/A 127.0.0.1:59804 tcp
N/A 127.0.0.1:59806 tcp
N/A 127.0.0.1:59808 tcp
N/A 127.0.0.1:59810 tcp
N/A 127.0.0.1:59812 tcp
N/A 127.0.0.1:59814 tcp
N/A 127.0.0.1:59816 tcp
N/A 127.0.0.1:59818 tcp
N/A 127.0.0.1:59820 tcp
N/A 127.0.0.1:59822 tcp
N/A 127.0.0.1:59824 tcp
N/A 127.0.0.1:59826 tcp
N/A 127.0.0.1:59828 tcp
N/A 127.0.0.1:59830 tcp
N/A 127.0.0.1:59832 tcp
N/A 127.0.0.1:59834 tcp
N/A 127.0.0.1:59836 tcp
N/A 127.0.0.1:59838 tcp
N/A 127.0.0.1:59840 tcp
N/A 127.0.0.1:59842 tcp
N/A 127.0.0.1:59844 tcp
N/A 127.0.0.1:59846 tcp
N/A 127.0.0.1:59848 tcp
N/A 127.0.0.1:59850 tcp
N/A 127.0.0.1:59852 tcp
N/A 127.0.0.1:59854 tcp
N/A 127.0.0.1:59856 tcp
N/A 127.0.0.1:59858 tcp
N/A 127.0.0.1:59860 tcp
N/A 127.0.0.1:59862 tcp
N/A 127.0.0.1:59864 tcp
N/A 127.0.0.1:59866 tcp
N/A 127.0.0.1:59868 tcp
N/A 127.0.0.1:59870 tcp
N/A 127.0.0.1:59872 tcp
N/A 127.0.0.1:59874 tcp
N/A 127.0.0.1:59876 tcp
N/A 127.0.0.1:59878 tcp
N/A 127.0.0.1:59880 tcp
N/A 127.0.0.1:59882 tcp
N/A 127.0.0.1:59884 tcp
N/A 127.0.0.1:59886 tcp
N/A 127.0.0.1:59888 tcp
N/A 127.0.0.1:59890 tcp
N/A 127.0.0.1:59892 tcp
N/A 127.0.0.1:59894 tcp
N/A 127.0.0.1:59896 tcp
N/A 127.0.0.1:59898 tcp
N/A 127.0.0.1:59900 tcp
N/A 127.0.0.1:59902 tcp
N/A 127.0.0.1:59904 tcp
N/A 127.0.0.1:59906 tcp
N/A 127.0.0.1:59908 tcp
N/A 127.0.0.1:59910 tcp
N/A 127.0.0.1:59912 tcp
N/A 127.0.0.1:59914 tcp
N/A 127.0.0.1:59916 tcp
N/A 127.0.0.1:59918 tcp
N/A 127.0.0.1:59920 tcp
N/A 127.0.0.1:59922 tcp
N/A 127.0.0.1:59924 tcp
N/A 127.0.0.1:59926 tcp
N/A 127.0.0.1:59928 tcp
N/A 127.0.0.1:59930 tcp
N/A 127.0.0.1:59932 tcp
N/A 127.0.0.1:59934 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:59937 tcp
N/A 127.0.0.1:59939 tcp
N/A 127.0.0.1:59941 tcp
N/A 127.0.0.1:59943 tcp
N/A 127.0.0.1:59944 tcp
N/A 127.0.0.1:59947 tcp
N/A 127.0.0.1:59949 tcp
N/A 127.0.0.1:59951 tcp
N/A 127.0.0.1:59953 tcp
N/A 127.0.0.1:59955 tcp
N/A 127.0.0.1:59957 tcp
N/A 127.0.0.1:59959 tcp
N/A 127.0.0.1:59961 tcp
N/A 127.0.0.1:59963 tcp
N/A 127.0.0.1:59965 tcp
N/A 127.0.0.1:59967 tcp
N/A 127.0.0.1:59969 tcp
N/A 127.0.0.1:59971 tcp
N/A 127.0.0.1:59973 tcp
N/A 127.0.0.1:59977 tcp
N/A 127.0.0.1:59979 tcp
N/A 127.0.0.1:59981 tcp
N/A 127.0.0.1:59983 tcp
N/A 127.0.0.1:59975 tcp
N/A 127.0.0.1:59985 tcp
N/A 127.0.0.1:59987 tcp
N/A 127.0.0.1:59989 tcp
N/A 127.0.0.1:59991 tcp
N/A 127.0.0.1:59993 tcp
N/A 127.0.0.1:59995 tcp
N/A 127.0.0.1:59997 tcp
N/A 127.0.0.1:59999 tcp
N/A 127.0.0.1:60001 tcp
N/A 127.0.0.1:60004 tcp
N/A 127.0.0.1:60006 tcp
N/A 127.0.0.1:60003 tcp
N/A 127.0.0.1:60009 tcp
N/A 127.0.0.1:60011 tcp
N/A 127.0.0.1:60013 tcp
N/A 127.0.0.1:60015 tcp
N/A 127.0.0.1:60017 tcp
N/A 127.0.0.1:60019 tcp
N/A 127.0.0.1:60021 tcp
N/A 127.0.0.1:60023 tcp
N/A 127.0.0.1:60025 tcp
N/A 127.0.0.1:60027 tcp
N/A 127.0.0.1:60029 tcp
N/A 127.0.0.1:60031 tcp
N/A 127.0.0.1:60033 tcp
N/A 127.0.0.1:60035 tcp
N/A 127.0.0.1:60037 tcp
N/A 127.0.0.1:60038 tcp
N/A 127.0.0.1:60041 tcp
N/A 127.0.0.1:60043 tcp
N/A 127.0.0.1:60045 tcp
N/A 127.0.0.1:60047 tcp
N/A 127.0.0.1:60049 tcp
N/A 127.0.0.1:60051 tcp
N/A 127.0.0.1:60053 tcp
N/A 127.0.0.1:60055 tcp
N/A 127.0.0.1:60057 tcp
N/A 127.0.0.1:60059 tcp
N/A 127.0.0.1:60061 tcp
N/A 127.0.0.1:60063 tcp
N/A 127.0.0.1:60065 tcp
N/A 127.0.0.1:60067 tcp
N/A 127.0.0.1:60069 tcp
N/A 127.0.0.1:60071 tcp
N/A 127.0.0.1:60073 tcp
N/A 127.0.0.1:60075 tcp
N/A 127.0.0.1:60077 tcp
N/A 127.0.0.1:60079 tcp
N/A 127.0.0.1:60081 tcp
N/A 127.0.0.1:60083 tcp
N/A 127.0.0.1:60085 tcp
N/A 127.0.0.1:60087 tcp
N/A 127.0.0.1:60089 tcp
N/A 127.0.0.1:60091 tcp
N/A 127.0.0.1:60093 tcp
N/A 127.0.0.1:60095 tcp
N/A 127.0.0.1:60097 tcp
N/A 127.0.0.1:60099 tcp
N/A 127.0.0.1:60101 tcp
N/A 127.0.0.1:60103 tcp
N/A 127.0.0.1:60105 tcp
N/A 127.0.0.1:60107 tcp
N/A 127.0.0.1:60109 tcp
N/A 127.0.0.1:60111 tcp
US 8.8.8.8:53 walkinglate.com udp
US 104.21.23.184:443 walkinglate.com tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 184.23.21.104.in-addr.arpa udp
US 8.8.8.8:53 108.216.82.185.in-addr.arpa udp
N/A 127.0.0.1:60113 tcp
N/A 127.0.0.1:60115 tcp
N/A 127.0.0.1:60117 tcp
N/A 127.0.0.1:60119 tcp
N/A 127.0.0.1:60121 tcp
N/A 127.0.0.1:60123 tcp
N/A 127.0.0.1:60125 tcp
N/A 127.0.0.1:60127 tcp
N/A 127.0.0.1:60129 tcp
N/A 127.0.0.1:60131 tcp
N/A 127.0.0.1:60133 tcp
N/A 127.0.0.1:60135 tcp
N/A 127.0.0.1:60137 tcp
N/A 127.0.0.1:60139 tcp
N/A 127.0.0.1:60141 tcp
N/A 127.0.0.1:60143 tcp
N/A 127.0.0.1:60145 tcp
N/A 127.0.0.1:60147 tcp
N/A 127.0.0.1:60149 tcp
N/A 127.0.0.1:60151 tcp
N/A 127.0.0.1:60153 tcp
N/A 127.0.0.1:60155 tcp
N/A 127.0.0.1:60157 tcp
N/A 127.0.0.1:60159 tcp
N/A 127.0.0.1:60161 tcp
N/A 127.0.0.1:60163 tcp
N/A 127.0.0.1:60165 tcp
N/A 127.0.0.1:60167 tcp
N/A 127.0.0.1:60169 tcp
N/A 127.0.0.1:60171 tcp
N/A 127.0.0.1:60173 tcp
N/A 127.0.0.1:60175 tcp
N/A 127.0.0.1:60177 tcp
N/A 127.0.0.1:60179 tcp
N/A 127.0.0.1:60181 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:60184 tcp
N/A 127.0.0.1:60186 tcp
N/A 127.0.0.1:60188 tcp
N/A 127.0.0.1:60190 tcp
N/A 127.0.0.1:60192 tcp
N/A 127.0.0.1:60194 tcp
N/A 127.0.0.1:60196 tcp
N/A 127.0.0.1:60198 tcp
N/A 127.0.0.1:60200 tcp
N/A 127.0.0.1:60202 tcp
N/A 127.0.0.1:60204 tcp
N/A 127.0.0.1:60206 tcp
N/A 127.0.0.1:60208 tcp
N/A 127.0.0.1:60210 tcp
N/A 127.0.0.1:60212 tcp
N/A 127.0.0.1:60214 tcp
N/A 127.0.0.1:60216 tcp
N/A 127.0.0.1:60218 tcp
N/A 127.0.0.1:60220 tcp
N/A 127.0.0.1:60222 tcp
N/A 127.0.0.1:60224 tcp
N/A 127.0.0.1:60226 tcp
N/A 127.0.0.1:60228 tcp
N/A 127.0.0.1:60230 tcp
N/A 127.0.0.1:60232 tcp
N/A 127.0.0.1:60234 tcp
N/A 127.0.0.1:60236 tcp
N/A 127.0.0.1:60238 tcp
N/A 127.0.0.1:60240 tcp
N/A 127.0.0.1:60242 tcp
N/A 127.0.0.1:60244 tcp
N/A 127.0.0.1:60246 tcp
N/A 127.0.0.1:60250 tcp
N/A 127.0.0.1:60252 tcp
N/A 127.0.0.1:60254 tcp
N/A 127.0.0.1:60248 tcp
N/A 127.0.0.1:60256 tcp
N/A 127.0.0.1:60257 tcp
N/A 127.0.0.1:60260 tcp
N/A 127.0.0.1:60262 tcp
N/A 127.0.0.1:60264 tcp
N/A 127.0.0.1:60266 tcp
N/A 127.0.0.1:60268 tcp
N/A 127.0.0.1:60269 tcp
N/A 127.0.0.1:60272 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:60274 tcp
N/A 127.0.0.1:60277 tcp
N/A 127.0.0.1:60279 tcp
N/A 127.0.0.1:60281 tcp
N/A 127.0.0.1:60283 tcp
N/A 127.0.0.1:60285 tcp
N/A 127.0.0.1:60287 tcp
N/A 127.0.0.1:60289 tcp
N/A 127.0.0.1:60291 tcp
N/A 127.0.0.1:60293 tcp
N/A 127.0.0.1:60295 tcp
N/A 127.0.0.1:60297 tcp
N/A 127.0.0.1:60299 tcp
N/A 127.0.0.1:60301 tcp
N/A 127.0.0.1:60303 tcp
N/A 127.0.0.1:60305 tcp
N/A 127.0.0.1:60307 tcp
N/A 127.0.0.1:60309 tcp
N/A 127.0.0.1:60311 tcp
N/A 127.0.0.1:60313 tcp
N/A 127.0.0.1:60315 tcp
N/A 127.0.0.1:60317 tcp
N/A 127.0.0.1:60319 tcp
N/A 127.0.0.1:60321 tcp
N/A 127.0.0.1:60323 tcp
N/A 127.0.0.1:60325 tcp
N/A 127.0.0.1:60327 tcp
N/A 127.0.0.1:60329 tcp
N/A 127.0.0.1:60331 tcp
N/A 127.0.0.1:60333 tcp
N/A 127.0.0.1:60335 tcp
N/A 127.0.0.1:60337 tcp
N/A 127.0.0.1:60339 tcp
N/A 127.0.0.1:60341 tcp
N/A 127.0.0.1:60343 tcp
N/A 127.0.0.1:60345 tcp
N/A 127.0.0.1:60347 tcp
N/A 127.0.0.1:60349 tcp
N/A 127.0.0.1:60351 tcp
N/A 127.0.0.1:60353 tcp
N/A 127.0.0.1:60355 tcp
N/A 127.0.0.1:60357 tcp
N/A 127.0.0.1:60359 tcp
N/A 127.0.0.1:60361 tcp
N/A 127.0.0.1:60363 tcp
N/A 127.0.0.1:60365 tcp
N/A 127.0.0.1:60367 tcp
N/A 127.0.0.1:60369 tcp
N/A 127.0.0.1:60371 tcp
N/A 127.0.0.1:60373 tcp
N/A 127.0.0.1:60375 tcp
N/A 127.0.0.1:60377 tcp
N/A 127.0.0.1:60379 tcp
N/A 127.0.0.1:60381 tcp
N/A 127.0.0.1:60383 tcp
N/A 127.0.0.1:60385 tcp
N/A 127.0.0.1:60387 tcp
N/A 127.0.0.1:60389 tcp
N/A 127.0.0.1:60391 tcp
N/A 127.0.0.1:60393 tcp
N/A 127.0.0.1:60395 tcp
N/A 127.0.0.1:60397 tcp
N/A 127.0.0.1:60400 tcp
N/A 127.0.0.1:60399 tcp
N/A 127.0.0.1:60403 tcp
N/A 127.0.0.1:60405 tcp
N/A 127.0.0.1:60407 tcp
N/A 127.0.0.1:60409 tcp
N/A 127.0.0.1:60411 tcp
N/A 127.0.0.1:60413 tcp
N/A 127.0.0.1:60415 tcp
N/A 127.0.0.1:60417 tcp
N/A 127.0.0.1:60419 tcp
N/A 127.0.0.1:60421 tcp
N/A 127.0.0.1:60423 tcp
N/A 127.0.0.1:60425 tcp
N/A 127.0.0.1:60427 tcp
N/A 127.0.0.1:60429 tcp
N/A 127.0.0.1:60431 tcp
N/A 127.0.0.1:60433 tcp
N/A 127.0.0.1:60435 tcp
N/A 127.0.0.1:60437 tcp
N/A 127.0.0.1:60439 tcp
N/A 127.0.0.1:60440 tcp
N/A 127.0.0.1:60443 tcp
N/A 127.0.0.1:60445 tcp
N/A 127.0.0.1:60447 tcp
N/A 127.0.0.1:60449 tcp
N/A 127.0.0.1:60451 tcp
N/A 127.0.0.1:60453 tcp
N/A 127.0.0.1:60455 tcp
N/A 127.0.0.1:60457 tcp
N/A 127.0.0.1:60459 tcp
N/A 127.0.0.1:60461 tcp
N/A 127.0.0.1:60463 tcp
N/A 127.0.0.1:60465 tcp
N/A 127.0.0.1:60467 tcp
N/A 127.0.0.1:60470 tcp
N/A 127.0.0.1:60472 tcp
N/A 127.0.0.1:60474 tcp
N/A 127.0.0.1:60476 tcp
N/A 127.0.0.1:60478 tcp
N/A 127.0.0.1:60480 tcp
N/A 127.0.0.1:60482 tcp
N/A 127.0.0.1:60484 tcp
N/A 127.0.0.1:60486 tcp
N/A 127.0.0.1:60488 tcp
N/A 127.0.0.1:60490 tcp
N/A 127.0.0.1:60492 tcp
N/A 127.0.0.1:60494 tcp
N/A 127.0.0.1:60496 tcp
N/A 127.0.0.1:60498 tcp
N/A 127.0.0.1:60500 tcp
N/A 127.0.0.1:60502 tcp
N/A 127.0.0.1:60504 tcp
N/A 127.0.0.1:60506 tcp
N/A 127.0.0.1:60508 tcp
N/A 127.0.0.1:60510 tcp
N/A 127.0.0.1:60512 tcp
N/A 127.0.0.1:60514 tcp
N/A 127.0.0.1:60516 tcp
N/A 127.0.0.1:60518 tcp
N/A 127.0.0.1:60520 tcp
N/A 127.0.0.1:60522 tcp
N/A 127.0.0.1:60524 tcp
N/A 127.0.0.1:60526 tcp
N/A 127.0.0.1:60528 tcp
N/A 127.0.0.1:60530 tcp
N/A 127.0.0.1:60532 tcp
N/A 127.0.0.1:60534 tcp
N/A 127.0.0.1:60536 tcp
N/A 127.0.0.1:60538 tcp
N/A 127.0.0.1:60540 tcp
N/A 127.0.0.1:60542 tcp
N/A 127.0.0.1:60544 tcp
N/A 127.0.0.1:60546 tcp
N/A 127.0.0.1:60548 tcp
N/A 127.0.0.1:60550 tcp
N/A 127.0.0.1:60469 tcp
N/A 127.0.0.1:60553 tcp
N/A 127.0.0.1:60555 tcp
N/A 127.0.0.1:60557 tcp
N/A 127.0.0.1:60559 tcp
N/A 127.0.0.1:60561 tcp
N/A 127.0.0.1:60563 tcp
N/A 127.0.0.1:60565 tcp
N/A 127.0.0.1:60567 tcp
N/A 127.0.0.1:60569 tcp
N/A 127.0.0.1:60571 tcp
N/A 127.0.0.1:60573 tcp
N/A 127.0.0.1:60575 tcp
N/A 127.0.0.1:60577 tcp
N/A 127.0.0.1:60579 tcp
N/A 127.0.0.1:60581 tcp
N/A 127.0.0.1:60583 tcp
N/A 127.0.0.1:60585 tcp
N/A 127.0.0.1:60587 tcp
N/A 127.0.0.1:60589 tcp
N/A 127.0.0.1:60591 tcp
N/A 127.0.0.1:60593 tcp
N/A 127.0.0.1:60595 tcp
N/A 127.0.0.1:60597 tcp
N/A 127.0.0.1:60599 tcp
N/A 127.0.0.1:60601 tcp
N/A 127.0.0.1:60603 tcp
N/A 127.0.0.1:60605 tcp
N/A 127.0.0.1:60607 tcp
N/A 127.0.0.1:60609 tcp
N/A 127.0.0.1:60611 tcp
N/A 127.0.0.1:60613 tcp
N/A 127.0.0.1:60615 tcp
N/A 127.0.0.1:60617 tcp
N/A 127.0.0.1:60619 tcp
N/A 127.0.0.1:60621 tcp
N/A 127.0.0.1:60623 tcp
N/A 127.0.0.1:60625 tcp
N/A 127.0.0.1:60627 tcp
N/A 127.0.0.1:60629 tcp
N/A 127.0.0.1:60631 tcp
N/A 127.0.0.1:60633 tcp
N/A 127.0.0.1:60635 tcp
N/A 127.0.0.1:60637 tcp
N/A 127.0.0.1:60639 tcp
N/A 127.0.0.1:60641 tcp
N/A 127.0.0.1:60643 tcp
N/A 127.0.0.1:60645 tcp
N/A 127.0.0.1:60647 tcp
N/A 127.0.0.1:60649 tcp
N/A 127.0.0.1:60651 tcp
N/A 127.0.0.1:60653 tcp
N/A 127.0.0.1:60655 tcp
N/A 127.0.0.1:60657 tcp
N/A 127.0.0.1:60659 tcp
N/A 127.0.0.1:60661 tcp
N/A 127.0.0.1:60663 tcp
N/A 127.0.0.1:60665 tcp
N/A 127.0.0.1:60667 tcp
N/A 127.0.0.1:60669 tcp
N/A 127.0.0.1:60671 tcp
N/A 127.0.0.1:60673 tcp
N/A 127.0.0.1:60675 tcp
N/A 127.0.0.1:60677 tcp
N/A 127.0.0.1:60679 tcp
N/A 127.0.0.1:60681 tcp
N/A 127.0.0.1:60683 tcp
N/A 127.0.0.1:60685 tcp
N/A 127.0.0.1:60687 tcp
N/A 127.0.0.1:60689 tcp
N/A 127.0.0.1:60691 tcp
N/A 127.0.0.1:60693 tcp
N/A 127.0.0.1:60695 tcp
N/A 127.0.0.1:60697 tcp
N/A 127.0.0.1:60699 tcp
N/A 127.0.0.1:60701 tcp
N/A 127.0.0.1:60703 tcp
N/A 127.0.0.1:60705 tcp
N/A 127.0.0.1:60707 tcp
N/A 127.0.0.1:60709 tcp
N/A 127.0.0.1:60711 tcp
N/A 127.0.0.1:60713 tcp
N/A 127.0.0.1:60715 tcp
N/A 127.0.0.1:60717 tcp
N/A 127.0.0.1:60719 tcp
N/A 127.0.0.1:60721 tcp
N/A 127.0.0.1:60723 tcp
N/A 127.0.0.1:60725 tcp
N/A 127.0.0.1:60727 tcp
N/A 127.0.0.1:60729 tcp
N/A 127.0.0.1:60731 tcp
N/A 127.0.0.1:60733 tcp
N/A 127.0.0.1:60735 tcp
N/A 127.0.0.1:60737 tcp
N/A 127.0.0.1:60739 tcp
N/A 127.0.0.1:60741 tcp
N/A 127.0.0.1:60743 tcp
N/A 127.0.0.1:60745 tcp
N/A 127.0.0.1:60747 tcp
N/A 127.0.0.1:60749 tcp
N/A 127.0.0.1:60751 tcp
N/A 127.0.0.1:60753 tcp
N/A 127.0.0.1:60755 tcp
N/A 127.0.0.1:60757 tcp
N/A 127.0.0.1:60759 tcp
N/A 127.0.0.1:60761 tcp
N/A 127.0.0.1:60763 tcp
N/A 127.0.0.1:60765 tcp
N/A 127.0.0.1:60767 tcp
N/A 127.0.0.1:60769 tcp
N/A 127.0.0.1:60771 tcp
N/A 127.0.0.1:60773 tcp
N/A 127.0.0.1:60775 tcp
N/A 127.0.0.1:60777 tcp
N/A 127.0.0.1:60779 tcp
N/A 127.0.0.1:60781 tcp
N/A 127.0.0.1:60783 tcp
N/A 127.0.0.1:60785 tcp
N/A 127.0.0.1:60787 tcp
N/A 127.0.0.1:60789 tcp
N/A 127.0.0.1:60791 tcp
N/A 127.0.0.1:60793 tcp
N/A 127.0.0.1:60795 tcp
N/A 127.0.0.1:60797 tcp
N/A 127.0.0.1:60799 tcp
N/A 127.0.0.1:60801 tcp
N/A 127.0.0.1:60803 tcp
N/A 127.0.0.1:60805 tcp
N/A 127.0.0.1:60807 tcp
N/A 127.0.0.1:60809 tcp
N/A 127.0.0.1:60811 tcp
N/A 127.0.0.1:60813 tcp
N/A 127.0.0.1:60815 tcp
N/A 127.0.0.1:60817 tcp
N/A 127.0.0.1:60819 tcp
N/A 127.0.0.1:60821 tcp
N/A 127.0.0.1:60823 tcp
N/A 127.0.0.1:60825 tcp
N/A 127.0.0.1:60827 tcp
N/A 127.0.0.1:60829 tcp
N/A 127.0.0.1:60831 tcp
N/A 127.0.0.1:60833 tcp
N/A 127.0.0.1:60835 tcp
N/A 127.0.0.1:60837 tcp
N/A 127.0.0.1:60839 tcp
N/A 127.0.0.1:60841 tcp
N/A 127.0.0.1:60843 tcp
N/A 127.0.0.1:60845 tcp
N/A 127.0.0.1:60847 tcp
N/A 127.0.0.1:60849 tcp
N/A 127.0.0.1:60851 tcp
N/A 127.0.0.1:60853 tcp
N/A 127.0.0.1:60855 tcp
N/A 127.0.0.1:60857 tcp
N/A 127.0.0.1:60859 tcp
N/A 127.0.0.1:60861 tcp
N/A 127.0.0.1:60863 tcp
N/A 127.0.0.1:60865 tcp
N/A 127.0.0.1:60867 tcp
N/A 127.0.0.1:60869 tcp
N/A 127.0.0.1:60871 tcp
N/A 127.0.0.1:60873 tcp
N/A 127.0.0.1:60875 tcp
N/A 127.0.0.1:60877 tcp
N/A 127.0.0.1:60879 tcp
N/A 127.0.0.1:60881 tcp
N/A 127.0.0.1:60883 tcp
N/A 127.0.0.1:60885 tcp
N/A 127.0.0.1:60887 tcp
N/A 127.0.0.1:60889 tcp
N/A 127.0.0.1:60891 tcp
N/A 127.0.0.1:60893 tcp
N/A 127.0.0.1:60895 tcp
N/A 127.0.0.1:60897 tcp
N/A 127.0.0.1:60899 tcp
N/A 127.0.0.1:60901 tcp
N/A 127.0.0.1:60903 tcp
N/A 127.0.0.1:60905 tcp
N/A 127.0.0.1:60907 tcp
N/A 127.0.0.1:60909 tcp
N/A 127.0.0.1:60911 tcp
N/A 127.0.0.1:60913 tcp
N/A 127.0.0.1:60915 tcp
N/A 127.0.0.1:60917 tcp
N/A 127.0.0.1:60919 tcp
N/A 127.0.0.1:60921 tcp
N/A 127.0.0.1:60923 tcp
N/A 127.0.0.1:60925 tcp
N/A 127.0.0.1:60927 tcp
N/A 127.0.0.1:60929 tcp
N/A 127.0.0.1:60931 tcp
N/A 127.0.0.1:15078 tcp
N/A 127.0.0.1:60934 tcp
N/A 127.0.0.1:60936 tcp
N/A 127.0.0.1:60938 tcp
N/A 127.0.0.1:60940 tcp
N/A 127.0.0.1:60942 tcp
N/A 127.0.0.1:60944 tcp
N/A 127.0.0.1:60946 tcp
N/A 127.0.0.1:60948 tcp
N/A 127.0.0.1:60950 tcp
N/A 127.0.0.1:60952 tcp
N/A 127.0.0.1:60954 tcp
N/A 127.0.0.1:60956 tcp
N/A 127.0.0.1:60958 tcp
N/A 127.0.0.1:60960 tcp
N/A 127.0.0.1:60962 tcp
N/A 127.0.0.1:60964 tcp
N/A 127.0.0.1:60966 tcp
N/A 127.0.0.1:60968 tcp
N/A 127.0.0.1:60970 tcp
N/A 127.0.0.1:60972 tcp
N/A 127.0.0.1:60974 tcp
N/A 127.0.0.1:60976 tcp
N/A 127.0.0.1:60978 tcp
N/A 127.0.0.1:60980 tcp
N/A 127.0.0.1:60982 tcp
N/A 127.0.0.1:60984 tcp
N/A 127.0.0.1:60986 tcp
N/A 127.0.0.1:60988 tcp
N/A 127.0.0.1:60990 tcp
N/A 127.0.0.1:60992 tcp
N/A 127.0.0.1:60994 tcp
N/A 127.0.0.1:60996 tcp
N/A 127.0.0.1:60998 tcp
N/A 127.0.0.1:61000 tcp
N/A 127.0.0.1:61002 tcp
N/A 127.0.0.1:61004 tcp
N/A 127.0.0.1:61006 tcp
N/A 127.0.0.1:61008 tcp
N/A 127.0.0.1:61010 tcp
N/A 127.0.0.1:61012 tcp
N/A 127.0.0.1:61014 tcp
N/A 127.0.0.1:61016 tcp
N/A 127.0.0.1:61018 tcp
N/A 127.0.0.1:61020 tcp
N/A 127.0.0.1:61022 tcp
N/A 127.0.0.1:61024 tcp
N/A 127.0.0.1:61026 tcp
N/A 127.0.0.1:61028 tcp
N/A 127.0.0.1:61030 tcp
N/A 127.0.0.1:61032 tcp
N/A 127.0.0.1:61034 tcp
N/A 127.0.0.1:61036 tcp
N/A 127.0.0.1:61038 tcp
N/A 127.0.0.1:61040 tcp
N/A 127.0.0.1:61042 tcp
N/A 127.0.0.1:61044 tcp
N/A 127.0.0.1:61046 tcp
N/A 127.0.0.1:61048 tcp
N/A 127.0.0.1:61050 tcp
N/A 127.0.0.1:61052 tcp
N/A 127.0.0.1:61054 tcp
N/A 127.0.0.1:61056 tcp
N/A 127.0.0.1:61058 tcp
N/A 127.0.0.1:61060 tcp
N/A 127.0.0.1:61062 tcp
N/A 127.0.0.1:61064 tcp
N/A 127.0.0.1:61066 tcp
N/A 127.0.0.1:61068 tcp
N/A 127.0.0.1:61070 tcp
N/A 127.0.0.1:61072 tcp
N/A 127.0.0.1:61074 tcp
N/A 127.0.0.1:61076 tcp
N/A 127.0.0.1:61078 tcp
N/A 127.0.0.1:61080 tcp
N/A 127.0.0.1:61082 tcp
N/A 127.0.0.1:61084 tcp
N/A 127.0.0.1:61086 tcp
N/A 127.0.0.1:61088 tcp
N/A 127.0.0.1:61090 tcp
N/A 127.0.0.1:61092 tcp
N/A 127.0.0.1:61094 tcp
N/A 127.0.0.1:61096 tcp
N/A 127.0.0.1:61098 tcp
N/A 127.0.0.1:61100 tcp
N/A 127.0.0.1:61102 tcp
N/A 127.0.0.1:61104 tcp
N/A 127.0.0.1:61106 tcp
N/A 127.0.0.1:61108 tcp
N/A 127.0.0.1:61110 tcp
N/A 127.0.0.1:61112 tcp
N/A 127.0.0.1:61114 tcp
N/A 127.0.0.1:61116 tcp
N/A 127.0.0.1:61118 tcp
N/A 127.0.0.1:61120 tcp
N/A 127.0.0.1:61122 tcp
N/A 127.0.0.1:61124 tcp
N/A 127.0.0.1:61126 tcp
N/A 127.0.0.1:61128 tcp
N/A 127.0.0.1:61130 tcp
N/A 127.0.0.1:61132 tcp
N/A 127.0.0.1:61134 tcp
N/A 127.0.0.1:61136 tcp
N/A 127.0.0.1:61138 tcp
N/A 127.0.0.1:61140 tcp
N/A 127.0.0.1:61142 tcp
N/A 127.0.0.1:61144 tcp
N/A 127.0.0.1:61146 tcp
N/A 127.0.0.1:61148 tcp
N/A 127.0.0.1:61150 tcp
N/A 127.0.0.1:61152 tcp
N/A 127.0.0.1:61154 tcp
N/A 127.0.0.1:61156 tcp
N/A 127.0.0.1:61158 tcp
N/A 127.0.0.1:61160 tcp
N/A 127.0.0.1:61162 tcp
N/A 127.0.0.1:61164 tcp
N/A 127.0.0.1:61166 tcp
N/A 127.0.0.1:61168 tcp
N/A 127.0.0.1:61170 tcp
N/A 127.0.0.1:61172 tcp
N/A 127.0.0.1:61174 tcp
N/A 127.0.0.1:61176 tcp
N/A 127.0.0.1:61178 tcp
N/A 127.0.0.1:61180 tcp
N/A 127.0.0.1:61182 tcp
N/A 127.0.0.1:61184 tcp
N/A 127.0.0.1:61186 tcp
N/A 127.0.0.1:61188 tcp
N/A 127.0.0.1:61191 tcp
N/A 127.0.0.1:61193 tcp
N/A 127.0.0.1:61195 tcp
N/A 127.0.0.1:61197 tcp
N/A 127.0.0.1:61199 tcp
N/A 127.0.0.1:61201 tcp
N/A 127.0.0.1:61203 tcp
N/A 127.0.0.1:61205 tcp
N/A 127.0.0.1:61207 tcp
N/A 127.0.0.1:61209 tcp
N/A 127.0.0.1:61211 tcp
N/A 127.0.0.1:61213 tcp
N/A 127.0.0.1:3478 udp
BG 185.82.216.108:443 server7.statsexplorer.org tcp
US 8.8.8.8:53 stun.sipgate.net udp
US 3.33.249.248:3478 stun.sipgate.net udp
BG 185.82.216.108:443 server7.statsexplorer.org tcp
US 8.8.8.8:53 248.249.33.3.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
IT 185.196.8.22:80 bwvdnbh.com tcp
NL 45.155.249.96:2023 tcp

Files

memory/2748-1-0x0000000000AF0000-0x0000000000BF0000-memory.dmp

memory/2748-2-0x0000000000A60000-0x0000000000A6B000-memory.dmp

memory/2748-3-0x0000000000400000-0x0000000000816000-memory.dmp

memory/3316-4-0x0000000000D50000-0x0000000000D66000-memory.dmp

memory/2748-5-0x0000000000400000-0x0000000000816000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BB9F.exe

MD5 75461ea9b4afef6be414c9f5eed6245a
SHA1 f6caeb83cff048a368503fe159efccf81fb04927
SHA256 72fdaa2cf9a067ef48199ddbab6da3db40b380c6a8f0a7dda267b660634d0d46
SHA512 b63e7f8a922fa13799483f3cb6de3c21a9370262e7226d6a9ef313b8b335ceb353394910ef9dc8f635b8162a51da982eb9449704cd72a9118598b2eb1b3c8804

C:\Users\Admin\AppData\Local\Temp\BB9F.exe

MD5 147f5f5bbc80b2ad753993e15f3f32c2
SHA1 16d73b4abeef12cf76414338901eb7bbef46775f
SHA256 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990
SHA512 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6

memory/2064-16-0x0000000004B40000-0x0000000004D00000-memory.dmp

memory/2064-18-0x0000000004D00000-0x0000000004EB7000-memory.dmp

memory/312-17-0x0000000000400000-0x0000000000848000-memory.dmp

memory/312-20-0x0000000000400000-0x0000000000848000-memory.dmp

memory/312-22-0x0000000000400000-0x0000000000848000-memory.dmp

memory/312-23-0x0000000000400000-0x0000000000848000-memory.dmp

memory/312-24-0x0000000000400000-0x0000000000848000-memory.dmp

memory/312-25-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C0C1.dll

MD5 bdc9992d8a0dee6bd105b3af38619774
SHA1 09589ef7751f604d4d9698906b88d6921b67c78f
SHA256 961bc2e5df8864eb42a2fb09868cc3c160e92f47ec3fd88f4b8aba61ecb93681
SHA512 b4b45ec35bbb10d32bcf6752b60e8f95e23651720cf521c036ad07fc43a5de7152f362e72b58176dc84ceee56066914cbfe6851fbc08a3c5e205a7088cac499f

memory/1128-31-0x0000000010000000-0x00000000101A3000-memory.dmp

memory/1128-34-0x0000000002A80000-0x0000000002A86000-memory.dmp

memory/1128-36-0x0000000004560000-0x0000000004686000-memory.dmp

memory/1128-37-0x0000000004690000-0x000000000479B000-memory.dmp

memory/1128-40-0x0000000004690000-0x000000000479B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D1C9.exe

MD5 d76f7f19868ea36dc09fbeb9cebedc46
SHA1 6ddf0102c390c798bc36154d748fa8ba3a2b1b42
SHA256 86646db4beeb330da0cc9e1e14e34f83632bd943ebb2f17736cccfba078579ff
SHA512 48288c2330d8406652e8709bbd3ab7c92df079a96a7d534bcbed689b12d71bd29d9f1302e9780b6c6576c175ab528547981d4266a2955e185c56da6ae633bac1

memory/2964-44-0x0000000001280000-0x0000000001281000-memory.dmp

memory/2964-46-0x0000000002E70000-0x0000000002E71000-memory.dmp

memory/2964-45-0x0000000000170000-0x0000000000D74000-memory.dmp

memory/2964-47-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

memory/2964-48-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

memory/2964-49-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

memory/2964-50-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D610.exe

MD5 1996a23c7c764a77ccacf5808fec23b0
SHA1 5a7141b167056bf8f01c067ebe12ed4ccc608dc7
SHA256 e40c8e14e8cb8a0667026a35e6e281c7a8a02bdf7bc39b53cfe0605e29372888
SHA512 430c8b43c2cbb937d2528fa79c754be1a1b80c95c45c49dba323e3fe6097a7505fc437ddafab54b21d00fba9300b5fa36555535a6fa2eb656b5aa45ccf942e23

memory/2964-60-0x0000000002F00000-0x0000000002F01000-memory.dmp

memory/2964-61-0x0000000002F10000-0x0000000002F11000-memory.dmp

memory/2964-62-0x0000000000170000-0x0000000000D74000-memory.dmp

memory/2964-63-0x0000000002F20000-0x0000000002F21000-memory.dmp

memory/2964-64-0x0000000002F40000-0x0000000002F41000-memory.dmp

memory/2964-65-0x0000000002F50000-0x0000000002F51000-memory.dmp

memory/2964-66-0x0000000002F60000-0x0000000002F61000-memory.dmp

memory/2964-67-0x0000000002F70000-0x0000000002F71000-memory.dmp

memory/2964-69-0x0000000002F90000-0x0000000002F91000-memory.dmp

memory/2964-68-0x0000000002F80000-0x0000000002F81000-memory.dmp

memory/2964-70-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

memory/2964-72-0x0000000002FC0000-0x0000000002FC1000-memory.dmp

memory/2964-71-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

memory/2964-73-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

memory/2964-75-0x0000000003000000-0x0000000003001000-memory.dmp

memory/2964-74-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

memory/2964-76-0x0000000003010000-0x0000000003011000-memory.dmp

memory/2964-77-0x0000000003020000-0x0000000003021000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D1C9.exe

MD5 3fa718e887e68502a6d90c453ee6a7e3
SHA1 c992d3c9fcdb8e87521983be55c8ede7fe174583
SHA256 27854796276699a3cec048d7b4b2c2e0a286324e7ad963784669dee8d5541cec
SHA512 a1e263198f83b4d4d2ab71c6149ac7547e82e4d017b75e745adcb5e4200489d71e924ea3648419889bac5862e04dbb4de77297625624a802caf8d0c34ab55acf

memory/2964-80-0x0000000000170000-0x0000000000D74000-memory.dmp

memory/312-81-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\F5FD.exe

MD5 7c5f93e3cf0ca3a525d38ad61c6d023f
SHA1 3c0fe7c9b9a50286723bda634ce40cde46a42faf
SHA256 67764b62e9fe7546fa12b8f8af95f5258cb7af8d172ea89b6f52e0d5ab269179
SHA512 612bdf50be463a6dc55632b6079d46fc39cd6859377442767426c48af6da076e777d07ee49daa327fa797823e68b87f3782ff8c85d1b7719a7bb87160d8bca7c

C:\Users\Admin\AppData\Local\Temp\F5FD.exe

MD5 20593cc9bd18494e486e52fe4c0c28da
SHA1 17a8e783c169613e05f044568c2683d87e8ac97e
SHA256 ff43d524fbc0c192c4e1829a24770237ed27530531b328500a5f25cb41f0ac43
SHA512 66ae96a8dbbcb82254f15139a955bd36c0f68c29d263cf6fc81382eec6eab26f4ce2ea42a454c7d09b79d8e585450b7a1a0019e05ff3ef6dcca1f152450459ac

memory/936-86-0x00000000002A0000-0x0000000000B56000-memory.dmp

memory/1128-87-0x0000000010000000-0x00000000101A3000-memory.dmp

memory/936-88-0x0000000072690000-0x0000000072D7E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 760fe387d7c560f53f0f9c728a66d3b0
SHA1 543c5b5f57e01ec1744b098ef24e52ed08d81e42
SHA256 aa9ec255d6b490b747edeaf60a5dd617411feae80944d62cc2276551e6095efc
SHA512 2b4d0a18ade76d12236c7a698e48a6875c85e3a9df61727f5070edf4f63d30af380bb40a1d647cb907af25bb2fec4ce6076e7a5d39944ac76e92594bc54522b7

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 32e0649372008cdcf7cb0c82dc0e28ac
SHA1 f1a490c28148ecc5012eecedd0d31159d3a2ecd8
SHA256 1772acd73ad96c6e4190930dde53a5af9ba2c0f16c9274f1da02927d26575964
SHA512 947efd3f7e016e68bcc04c99b53a0bafe0b35b9a83df5821690f49b3e584238be5cdcb730776439046fc277d2b510cbc5490bf592eabbf1985f54b55dbceb3e7

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 2fe9860d62aeebd600e504a6b6c7a9d2
SHA1 edaa583ccc78d914c79389e69d24ce7264a813ef
SHA256 1a75104e58525eed39afac6c3de839e436f7e5212390c4b50c8d308c4d0090c7
SHA512 5429b0f28ed8745eae7d6f2c517ec6c7fc53a48c04c420fb7fb46363d1a98cb239125cf356a8167f23c55a66bd4f3b2872e6e7d10274531179d91544e7cbef57

memory/936-106-0x0000000072690000-0x0000000072D7E000-memory.dmp

\Users\Admin\AppData\Local\Temp\nsgFC81.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

MD5 4451bf12dc7be6aa2448561086570c8a
SHA1 5296cd7413ca23953e13759ede1cc787aa53794c
SHA256 f59a5b0febbfb403478dc41ba4089ef7d9a383d9d191e3e9aedd43d52c70230f
SHA512 4b2d3950b6685a7451db250ff5ec67ba13d6749e56c410e0051d0f0b0e2df826d7f58d8f80cf06e48424788c19f804cfea09f05d0f91de95c62d7ea8c3eaa85b

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 b8e45f2c173a2b4a4cae61694db03ecd
SHA1 2ba86522aca9bbbbc0dc0e6c0afd2e44d03c1514
SHA256 a030a92322c53c225ba009ad8ee853bc43c52a85ffd1eb7b00913abb90c9761f
SHA512 4badedf2dcd07f2cd85cb2ef73e3c25594f676f3081063c292b3b9829cbcb9020bd032922aef02136fa03ef0190644a75c7c974e06ff2acffdabe98c50f499f1

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 8ad7f84f4df99d284538711292c4302c
SHA1 53dece90e07b90cd6576ae4d8b8902e87bdfeecb
SHA256 4c1001cca206f78407b4522a00d9986470c802ad1edd5beb5f9fd4bc682f6566
SHA512 af8282b4310b90604097bf703c8f4ae1bdedba39a4a7db8ecd7c1e41757d4b78f0b3bf546c05921a8109f5f2a0ad98e7d8832ebae60b9a211485db8186a76afe

memory/2964-114-0x0000000000170000-0x0000000000D74000-memory.dmp

memory/4968-115-0x0000000000A10000-0x0000000000A11000-memory.dmp

memory/528-116-0x0000000002A80000-0x0000000002E7B000-memory.dmp

memory/312-117-0x0000000000400000-0x0000000000848000-memory.dmp

memory/528-119-0x0000000002E80000-0x000000000376B000-memory.dmp

memory/528-120-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/312-121-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp

MD5 98f75ae139d548677e3c0ff45c24ed08
SHA1 9052843267fd24e8d4dd700d121506a6ccd6935b
SHA256 83764623a1b1038a7b28ac61a156ca7cdeed91f38c0e3ceb211a3e9380cbdfbe
SHA512 a2efd41d8285b4d506058c0d2e7a01a5a053e0e48932835997778b563c47b6762e3f36c2c49c327513f845735132fa4be5ea2a4609a56352c44f181f2a0d8bbb

C:\Users\Admin\AppData\Local\Temp\715.exe

MD5 48c81c86a68569b6c585da608b77de24
SHA1 01ce4382b2717f637d97b94e8e6f9ae81a62ad63
SHA256 4ab028d9b30bc568d572a7fc0f59c53c09fb86d5a8a73ec5e89c0c029d652310
SHA512 3e7a52aba31e1e3ec38eda9624a51a9a1e814aedd4385aca3f60b744173d094f9a5d1fa71de94d4d5e0951dd0f7116ff1765dc0cd6f5b772ed859dd82e568aea

memory/412-139-0x00000000023A0000-0x00000000024A0000-memory.dmp

memory/412-140-0x0000000002340000-0x0000000002374000-memory.dmp

memory/412-141-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/312-142-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4564-143-0x00000000023E0000-0x00000000023EB000-memory.dmp

memory/4564-144-0x00000000024A0000-0x00000000025A0000-memory.dmp

memory/4564-145-0x0000000000400000-0x00000000022D1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/412-147-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/2680-162-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1BB7.exe

MD5 ae108bde8b803921f66622ba1f4682f7
SHA1 30a8f572ae20356adff3a65f7d06b8bb4bfe63b3
SHA256 18000da96e906b40a8976af48af389ac3b8e8b22ccea5b54e2cf6615a75b45ca
SHA512 5d7ff8ef9e7d557a96b8654feb07e9fe487b05683433f2d8f59138e3997f396271c0b18060de01adf245696c09435eb74a87499cbeed0500375d0dbdb7f71535

C:\Users\Admin\AppData\Local\Temp\1BB7.exe

MD5 9757c845a9abb38652583c167d89ca62
SHA1 ffb193fc0f06153ac89dca3f59e97e9284fb1876
SHA256 1c93fa6dba262dbedf3c690508cd7b9a7da014b9eb1fa1a8306ebfffaeff1693
SHA512 c249ab7a991f4caa21a0fff097f063c0ff533f63116a5e206a2d3703187ac06c696b208b8a8dc9c0e3da6fbb7f30447c76e08bba8986734ef0555d5b69be0695

C:\Users\Admin\AppData\Local\Temp\is-9A2M1.tmp\1BB7.tmp

MD5 8fe7736caca3d3b55bd9123f7d5cd780
SHA1 68158e0909fced212d9076cc891953624e2b401d
SHA256 27821f0047bd4f5f8bfc4939bcb22c110e9de3a852f9589fb253b26b3ec25d94
SHA512 32c20f6f8a0c333dc1aff88bebdf5e46a93711e0e481af92c13156900874b7dfef584633e13761110031d0d52cbc062ba3749b0541a2adf98e1c80f0da264553

\Users\Admin\AppData\Local\Temp\is-8QIM1.tmp\_isetup\_isdecmp.dll

MD5 a813d18268affd4763dde940246dc7e5
SHA1 c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256 e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
SHA512 b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

\Users\Admin\AppData\Local\Temp\is-8QIM1.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

memory/4224-190-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4564-200-0x0000000000400000-0x00000000022D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 96f0956ba7ed02234a86784ca8ba7e1f
SHA1 a1f018a29c37e17f331e32ccff937b2b78252627
SHA256 cea17f503aa33ec253474c58b32b726b6c601e12a1dfacbdda1e0a649034d032
SHA512 2464edc5c027c2013b364f07adc7ed1f40da924ebae91b4c3072baeee442471e93084a6c4c2c2aa85b1fc0b03711eeec200549ee7dc6f49be72a467d51ffb5ea

C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe

MD5 67d82332e6dcfaf01ef59387cc75fa79
SHA1 1263b36a23663b7b79953ccade12e56e2fdee7e5
SHA256 d589c843a3f233649ccce8d102ffe22a0f41fc608cae6141725252a956e23143
SHA512 f32ab5aa53ff5c8d2ca1e0bc1dd14b9955e5452af67dde8bb7b01d4304284c1e4b09fe4ef0150ec042ca31b76e1a01ff67b750dff46aa674bef1d91a154d4a6c

C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe

MD5 a0df8047e1367568cbb44b27b0188282
SHA1 0a91ac2330e8e16f01042a6de463e69c57dd2a11
SHA256 3053ae548799a5dc0e4de91f764d6c220f6619acff24192fa146d98fed0327ea
SHA512 3817bfc53625a37610a2f16ba0915cdf67482f6883e76bb178d4ea97d9a5dce02341ecf65c9a99db6e8d4d4b5bedb93431942a6161479628d3680971c5b2b4a0

memory/2160-257-0x0000000000400000-0x00000000007A5000-memory.dmp

C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe

MD5 4ea56309a9951553a8bfa39295eea38c
SHA1 843d7a94fa4b11360f41511f294a296fc1a7e747
SHA256 8792fe16f785942884d3299a908ae4c16257fcdd870abd456d2ee90b5fe10807
SHA512 d42b9e5b64ff44c353fa2ec58ef1b300448fbec754994b6c38e70ac882dbeb9bbfb326a456a5df40cb9bd4029654762cf87c3cbf6c4203053affafe0305855ed

memory/4968-261-0x0000000000A10000-0x0000000000A11000-memory.dmp

memory/4868-262-0x0000000000400000-0x00000000007A5000-memory.dmp

memory/4868-263-0x0000000000400000-0x00000000007A5000-memory.dmp

memory/528-264-0x0000000002A80000-0x0000000002E7B000-memory.dmp

memory/1132-271-0x0000000007110000-0x0000000007146000-memory.dmp

memory/1132-272-0x0000000071660000-0x0000000071D4E000-memory.dmp

memory/1132-273-0x0000000007830000-0x0000000007E58000-memory.dmp

memory/528-274-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/1132-276-0x0000000007E60000-0x0000000007E82000-memory.dmp

memory/1132-277-0x00000000071F0000-0x0000000007200000-memory.dmp

memory/1132-279-0x0000000007F00000-0x0000000007F66000-memory.dmp

memory/412-278-0x00000000023A0000-0x00000000024A0000-memory.dmp

memory/1132-275-0x00000000071F0000-0x0000000007200000-memory.dmp

memory/1132-283-0x0000000008070000-0x00000000080D6000-memory.dmp

memory/1132-284-0x00000000081B0000-0x0000000008500000-memory.dmp

memory/1132-285-0x0000000008590000-0x00000000085AC000-memory.dmp

memory/1132-286-0x0000000008AB0000-0x0000000008AFB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5n4cn12y.5jf.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/1132-308-0x0000000009640000-0x000000000967C000-memory.dmp

memory/1132-339-0x0000000009700000-0x0000000009776000-memory.dmp

memory/1132-350-0x000000000A530000-0x000000000A563000-memory.dmp

memory/1132-351-0x0000000072F80000-0x0000000072FCB000-memory.dmp

memory/1132-352-0x000000006F840000-0x000000006FB90000-memory.dmp

memory/412-353-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/1132-354-0x000000000A510000-0x000000000A52E000-memory.dmp

memory/1132-356-0x000000007E880000-0x000000007E890000-memory.dmp

memory/1132-360-0x000000000A570000-0x000000000A615000-memory.dmp

memory/1132-362-0x000000000A790000-0x000000000A824000-memory.dmp

memory/1132-366-0x00000000071F0000-0x0000000007200000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\301B.exe

MD5 3167a36293cd606304327715e68d9c17
SHA1 99f7b92cffa91c10dcbbb3b5885d6a61648b45bf
SHA256 9e3cb7d1830d23b71784d2b30ff7fc57fc3c9ec330e8eac9ff48031b9707d0e3
SHA512 fa07c4d70100d6fb917a322a23482da43393f69e4e7ffaa04f12248078ef1353e93d1886052bdbe08b21e81a810f755495fddde6ce7d60d5659f1a553beab3cf

C:\Users\Admin\AppData\Local\Temp\301B.exe

MD5 2a4d63556ad81ecbea2f4d4ccc61bdfe
SHA1 c48902c055bea41e791490f571ac01dc30c1dc86
SHA256 ea106462928990052fa3b31c7a58df6ba03825bed4a2aeffdd9ec19a921ad226
SHA512 2962fde00b200ed0d017a64934f8c0b4976f2c1fcdc32a53b629314701ba822485946e4c2be33963c5dd7634a992188051c83221eb3b91bfcc6b95c50d696db6

memory/2680-416-0x0000000000400000-0x0000000000414000-memory.dmp

\ProgramData\nss3.dll

MD5 bb321fe515951093f65b71afca9dba79
SHA1 6800077cb90a21e0f313266715a4dcd26487ba25
SHA256 20aee75599ac3d5b4743e25adc4c158bd19d0a0de40455d0454236cd893505e8
SHA512 132c6cbf459ddebcee2ea366207dfe6700199bb23789c9c89b9c4d3110bc3d505b7513a246b322d6dd48113821551aa85da828f3323cf2c95d5ebea2b4005ba9

\ProgramData\mozglue.dll

MD5 73ca567027d22ac8d405c96571e74780
SHA1 e683a09f84a7f743824fe4561f157c64507922ea
SHA256 308b4b2be7698fea50f8c706b4b64f6054ebe42c94c7cea7220612db5f68e9bc
SHA512 5f3d1f7c25fbc4937d3ba64b0bf5b05da073535f0ea0e1bf211d91b6e553caf6ef6d405da1bcb3f18a4d23d11bd90309bc10901705f6897ff8870b46bac418c2

C:\ProgramData\mozglue.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2224-423-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-EH6O8.tmp\301B.tmp

MD5 d5709c2171e58c1106a886c080be01f8
SHA1 1f7ae64452f9ba78d65c0d4e6a4d0167f26d04d1
SHA256 4f80b4906439bec266cc9f4552f7cfd82bdeac0d7bf29da0040a673cd6576561
SHA512 965d1eca832cbc354717170a42833212da56117485219203758aff248ceb95139ac0a208fe5eb998467307c13e0be3dd6a1b196ef141bd462cc7642c2cdb5ccd

memory/4224-464-0x00000000001F0000-0x00000000001F1000-memory.dmp

C:\Users\Admin\AppData\Local\VSO Inspector\is-NBDHM.tmp

MD5 6231b452e676ade27ca0ceb3a3cf874a
SHA1 f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1
SHA256 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf
SHA512 f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c

memory/376-465-0x00000000001F0000-0x00000000001F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-4JNLS.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

memory/412-555-0x0000000000400000-0x00000000022DC000-memory.dmp

memory/1132-631-0x0000000007430000-0x000000000744A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 2c75d1a68a555f28effe145e2790d120
SHA1 ac75998b5261d6a7028e498712e6ead365638684
SHA256 83b221bde98c681483e62901565aff57dde1d1db3a3438d4e86dce173fbbdfbe
SHA512 ec1b5bf408c80252d6afcf7bd659c31765ad6496d556c26e8d3d0ba417109e351cebecd6b255138e4e68aeefdf2e0ae6f75a67abe79e1d6d60e6c6a3edcfc0b4

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d122f827c4fc73f9a06d7f6f2d08cd95
SHA1 cd1d1dc2c79c0ee394b72efc264cfd54d96e1ee5
SHA256 b7a6dcfdd64173ecbcef562fd74aee07f3639fa863bd5740c7e72ddc0592b4fc
SHA512 8755979d7383d6cb5e7d63798c9ca8b9c0faeec1fe81907fc75bbbb7be6754ab7b5a09a98492a27f90e3f26951b6891c43d8acd21414fb603cd86a4e10dac986

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 1c19c16e21c97ed42d5beabc93391fc5
SHA1 8ad83f8e0b3acf8dfbbf87931e41f0d664c4df68
SHA256 1bcd97396c83babfe6c5068ba590d7a3f8b70e72955a9d1e4070648e404cbf05
SHA512 7d18776d8f649b3d29c182ff03efc6cea8b527542ee55304980f24577aae8b64e37044407776e220984346c3998ace5f8853afa58c8b38407482a728e9495e0c

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 d4a76b3fc41019cb4cc036559d0c8aa8
SHA1 2da58aebc29b4b6823c9521a00fc6448be19001e
SHA256 809be1b1ba71c6eef154c44c71c57f727a396467e72bb51f2fba903da8451141
SHA512 33914e0fd1a2220a806ef1e5a728f7fbb2badde0fdc991f9838c211f8941d61e96c1ab5d79a0485840b7cab78c33451c99b7fc7eb3128eba91d727bc15fece57

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 278ee6bf8484f146633986ae9474017d
SHA1 41276a98874ff66249dd885828ed56342d66fdec
SHA256 5d6918edcf49355211290e06d0789d83da0696139a2cbe46fc16a01f986ebe6a
SHA512 43be9dab971546d2c53d31293e24bd25a4f0a2bb5c2d0c3d38185dd008de0238ef8c6ffe9edea2328490ff48bf0841a2df901b89f8b2ad035cfca3896f122023

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 b03886cb64c04b828b6ec1b2487df4a4
SHA1 a7b9a99950429611931664950932f0e5525294a4
SHA256 5dfaa8987f5d0476b835140d8a24fb1d9402e390bbe92b8565da09581bd895fc
SHA512 21d1a5a4a218411c2ec29c9ca34ce321f6514e7ca3891eded8c3274aeb230051661a86eda373b9a006554e067de89d816aa1fa864acf0934bbb16a6034930659

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 efdb56e07da4ddcb0aa217c96f315d47
SHA1 a86638e7398003952e07a43442d2eea4d82b9460
SHA256 0a3e76d7df93f1aa5d17adb4fe9757a0390ec6a70881be377dcdb128b480fffb
SHA512 7d5a2ca08193b3e1fdf3453e61bf5282fc3af08740159ecd9cfb42b30791301aa041c42b6204d6dffa50ca940febfc9e6eefda574e9bd9f6d70d99dcad5f8b43

C:\Users\Admin\AppData\Roaming\agawthj

MD5 4e561b93dd483b04489b0f795b511305
SHA1 f6c3fbb2c546affcd2ce431eeb194e04b46e27e0
SHA256 0bde5aeee6547d5fefd4d736958e5ccc14feebf3e7e8bf2142573fff6b73d297
SHA512 a1d17a6c4f7a1765ccbf9f39213b12510386a7a28e9b916a17628353dd8b82c34cd8eeb5faf0ed0f10a1d6b936bec6a946d99c6f35441613c019eebf8034036e

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 58676ed9797350220faf005722f781d5
SHA1 f4ba874e62a9dec1c6de3d15317b8fd2b87ae176
SHA256 1df85c0ffa1d459f7c78216dc9145c4a2836411c1855b876fe898d569e366056
SHA512 6a65e84f3f95c25f3923463ae32c4b100f50f8bb42f8f56a0ea263f2befbb406d17165d4ba762aba79966b6596431cf65bd0c8aae817458669224a075e01d766

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 0f38a17bbaa7b6f75f51c671be981097
SHA1 ee95e5225cfb623b6ddd58902bf72504993e2030
SHA256 03f4d293b34e18f429d34282179a04a705d448f3b88b88982486997f6cd51f39
SHA512 429100ae213ea857fa3fefea7b512bb616219f76cf2a55a4735776650806d42582ff886cd4779a1406d2bc9d0f514c93e40c3d12d9e764ffa8b880067bd704a2

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 dbdeeb102a8ea7a63ac2d771da0e5019
SHA1 7e726231f16464c5f34754e1b7fa885cafe8b6dc
SHA256 60025976ca2d745f8e8fe7d587cea643c97a9b2b612f0ce22e1930cd492ec307
SHA512 80ee3a510c699f7b8adcd902efc4af832d20cd13f9cb6bc0e96b06e257998a81255287e835f188c9cbb871279053b85bdb1584f117dcae7f91893db814095b4b

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

MD5 d98e33b66343e7c96158444127a117f6
SHA1 bb716c5509a2bf345c6c1152f6e3e1452d39d50d
SHA256 5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1
SHA512 705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5