Malware Analysis Report

2024-11-15 06:15

Sample ID 240224-3ljmbagg55
Target 5212ecaf2c3880d92f371356d84105be.exe
SHA256 cc4cb393dfc2c8fef2d76f297554a93cbec91244fe7ad5dc3ab533018d52fc84
Tags
glupteba smokeloader stealc backdoor bootkit dropper evasion loader persistence stealer trojan upx lumma pub1
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cc4cb393dfc2c8fef2d76f297554a93cbec91244fe7ad5dc3ab533018d52fc84

Threat Level: Known bad

The file 5212ecaf2c3880d92f371356d84105be.exe was found to be: Known bad.

Malicious Activity Summary

glupteba smokeloader stealc backdoor bootkit dropper evasion loader persistence stealer trojan upx lumma pub1

Stealc

SmokeLoader

Glupteba

Glupteba payload

Lumma Stealer

Creates new service(s)

Modifies Windows Firewall

Downloads MZ/PE file

Stops running service(s)

Executes dropped EXE

UPX packed file

Loads dropped DLL

Deletes itself

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-24 23:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 23:36

Reported

2024-02-24 23:38

Platform

win7-20240221-en

Max time kernel

46s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\E418.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\C91.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2652 set thread context of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\244.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1268 wrote to memory of 2652 N/A N/A C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 1268 wrote to memory of 2652 N/A N/A C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 1268 wrote to memory of 2652 N/A N/A C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 1268 wrote to memory of 2652 N/A N/A C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 2652 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\E418.exe C:\Users\Admin\AppData\Local\Temp\E418.exe
PID 1268 wrote to memory of 2424 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1268 wrote to memory of 2424 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1268 wrote to memory of 2424 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1268 wrote to memory of 2424 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1268 wrote to memory of 2424 N/A N/A C:\Windows\system32\regsvr32.exe
PID 2424 wrote to memory of 2500 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 2500 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 2500 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 2500 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 2500 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 2500 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2424 wrote to memory of 2500 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Users\Admin\AppData\Local\Temp\244.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Users\Admin\AppData\Local\Temp\244.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Users\Admin\AppData\Local\Temp\244.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Users\Admin\AppData\Local\Temp\244.exe
PID 1268 wrote to memory of 2492 N/A N/A C:\Users\Admin\AppData\Local\Temp\C91.exe
PID 1268 wrote to memory of 2492 N/A N/A C:\Users\Admin\AppData\Local\Temp\C91.exe
PID 1268 wrote to memory of 2492 N/A N/A C:\Users\Admin\AppData\Local\Temp\C91.exe
PID 1268 wrote to memory of 2492 N/A N/A C:\Users\Admin\AppData\Local\Temp\C91.exe
PID 2012 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\244.exe C:\Windows\SysWOW64\WerFault.exe
PID 2012 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\244.exe C:\Windows\SysWOW64\WerFault.exe
PID 2012 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\244.exe C:\Windows\SysWOW64\WerFault.exe
PID 2012 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\244.exe C:\Windows\SysWOW64\WerFault.exe
PID 1268 wrote to memory of 2224 N/A N/A C:\Users\Admin\AppData\Local\Temp\2EF1.exe
PID 1268 wrote to memory of 2224 N/A N/A C:\Users\Admin\AppData\Local\Temp\2EF1.exe
PID 1268 wrote to memory of 2224 N/A N/A C:\Users\Admin\AppData\Local\Temp\2EF1.exe
PID 1268 wrote to memory of 2224 N/A N/A C:\Users\Admin\AppData\Local\Temp\2EF1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe

"C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe"

C:\Users\Admin\AppData\Local\Temp\E418.exe

C:\Users\Admin\AppData\Local\Temp\E418.exe

C:\Users\Admin\AppData\Local\Temp\E418.exe

C:\Users\Admin\AppData\Local\Temp\E418.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\EC24.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\EC24.dll

C:\Users\Admin\AppData\Local\Temp\244.exe

C:\Users\Admin\AppData\Local\Temp\244.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 124

C:\Users\Admin\AppData\Local\Temp\C91.exe

C:\Users\Admin\AppData\Local\Temp\C91.exe

C:\Users\Admin\AppData\Local\Temp\2EF1.exe

C:\Users\Admin\AppData\Local\Temp\2EF1.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"

C:\Users\Admin\AppData\Local\Temp\47EE.exe

C:\Users\Admin\AppData\Local\Temp\47EE.exe

C:\Users\Admin\AppData\Local\Temp\is-5SRTD.tmp\47EE.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5SRTD.tmp\47EE.tmp" /SL5="$40184,4323177,54272,C:\Users\Admin\AppData\Local\Temp\47EE.exe"

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

"C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe" -i

C:\Users\Admin\AppData\Local\Temp\5316.exe

C:\Users\Admin\AppData\Local\Temp\5316.exe

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

"C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe" -s

C:\Users\Admin\AppData\Local\Temp\nsj6AA7.tmp

C:\Users\Admin\AppData\Local\Temp\nsj6AA7.tmp

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "UTIXDCVF"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "UTIXDCVF"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
CA 198.50.191.95:443 tcp
US 162.251.116.82:443 tcp
CA 148.113.162.135:9001 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 trmpc.com udp
CA 148.113.162.135:9001 tcp
KR 175.119.10.231:80 trmpc.com tcp
N/A 127.0.0.1:49240 tcp
US 8.8.8.8:53 en.bestsup.su udp
US 104.21.29.103:80 en.bestsup.su tcp
US 162.251.116.82:443 tcp
DE 185.172.128.90:80 185.172.128.90 tcp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 fcckokoro-hachiman.com udp
US 8.8.8.8:53 gorinkan-fujiidera.com udp
US 8.8.8.8:53 disneymuuusam080120.com udp
US 8.8.8.8:53 princedigitalempire.com udp
US 8.8.8.8:53 produkmuslimselamat.com udp
US 8.8.8.8:53 www.ptbimadrillingtools.com udp
US 8.8.8.8:53 puroantojoalfajores.com udp
MY 103.27.72.16:443 produkmuslimselamat.com tcp
US 8.8.8.8:53 pusatgrosirbesibaja.com udp
US 8.8.8.8:53 sarveshwareecollege.com udp
US 8.8.8.8:53 seoultransportation.com udp
US 8.8.8.8:53 shop-atlantafalcons.com udp
US 8.8.8.8:53 Signalblockerproducts.com udp
US 8.8.8.8:53 www.soebagjojatimdjarot.com udp
US 68.168.213.74:443 princedigitalempire.com tcp
US 216.246.112.37:443 puroantojoalfajores.com tcp
FI 65.109.99.96:443 www.ptbimadrillingtools.com tcp
SG 109.106.254.179:443 sarveshwareecollege.com tcp
JP 183.90.228.23:443 fcckokoro-hachiman.com tcp
JP 183.181.79.23:443 gorinkan-fujiidera.com tcp
US 8.8.8.8:53 softtennis-practice.com udp
ID 103.160.37.195:443 pusatgrosirbesibaja.com tcp
US 104.26.12.199:443 Signalblockerproducts.com tcp
US 104.21.3.176:443 shop-atlantafalcons.com tcp
ID 203.175.8.66:443 www.soebagjojatimdjarot.com tcp
KR 141.164.36.77:443 seoultransportation.com tcp
US 8.8.8.8:53 sonaearebaureinashi.com udp
US 8.8.8.8:53 spinningbikereviews.com udp
US 8.8.8.8:53 studiobulldog-anime.com udp
US 8.8.8.8:53 synergycyberdefense.com udp
DE 185.30.32.183:443 spinningbikereviews.com tcp
JP 150.95.59.37:443 softtennis-practice.com tcp
JP 162.43.117.15:443 sonaearebaureinashi.com tcp
JP 162.43.116.159:443 studiobulldog-anime.com tcp
US 8.8.8.8:53 swipesinternational.com udp
US 8.8.8.8:53 theprosperingparent.com udp
US 8.8.8.8:53 smallspacemaximalist.com udp
DE 185.172.128.145:80 185.172.128.145 tcp
US 160.153.0.127:443 synergycyberdefense.com tcp
US 8.8.8.8:53 tokobioinsuleafresmi.com udp
US 8.8.8.8:53 yourstyleelectronics.com udp
US 8.8.8.8:53 arantzaexportaciones.com udp
NL 92.63.173.44:80 swipesinternational.com tcp
US 66.235.200.146:443 smallspacemaximalist.com tcp
US 8.8.8.8:53 themonticellomailbox.com udp
US 66.235.200.145:443 theprosperingparent.com tcp
US 8.8.8.8:53 unchartedafricatours.com udp
US 8.8.8.8:53 watcooilcolorsrecipe.com udp
US 8.8.8.8:53 talikatzmanportfolio.com udp
US 8.8.8.8:53 123befinanciallyfree.com udp
US 8.8.8.8:53 cashsconstructioninc.com udp
US 8.8.8.8:53 www.anewconceptfurniture.com udp
US 8.8.8.8:53 blkkminhajutthalibin.com udp
SG 45.143.81.159:443 tokobioinsuleafresmi.com tcp
JP 150.95.59.26:443 watcooilcolorsrecipe.com tcp
US 172.93.120.85:443 unchartedafricatours.com tcp
US 209.182.203.21:443 yourstyleelectronics.com tcp
US 104.21.33.72:443 cashsconstructioninc.com tcp
US 108.178.43.98:443 www.anewconceptfurniture.com tcp
US 66.235.200.147:443 talikatzmanportfolio.com tcp
US 104.21.28.120:443 123befinanciallyfree.com tcp
US 66.235.200.147:443 talikatzmanportfolio.com tcp
US 135.148.164.212:443 arantzaexportaciones.com tcp
SG 45.130.231.246:80 blkkminhajutthalibin.com tcp
US 8.8.8.8:53 casinomitpaysafecard.com udp
US 104.21.72.53:443 casinomitpaysafecard.com tcp
US 8.8.8.8:53 www.cathygallsophrologue.com udp
US 8.8.8.8:53 chucklecherish.com udp
US 8.8.8.8:53 chequeredconfessions.com udp
US 8.8.8.8:53 chucklecherish.com udp
US 8.8.8.8:53 www.cindysellslasvegasnv.com udp
US 8.8.8.8:53 controlscapitalgroup.com udp
US 8.8.8.8:53 cys-mudanzasfcazorla.com udp
US 8.8.8.8:53 dhrjtalbyrpmservices.com udp
US 8.8.8.8:53 email-design-systems.com udp
US 8.8.8.8:53 www.energieginecologiche.com udp
US 8.8.8.8:53 erasmustripsbulgaria.com udp
US 8.8.8.8:53 crazyhibachicatering.com udp
US 8.8.8.8:53 featuredbrassetsales.com udp
US 8.8.8.8:53 firmaangelyasociados.com udp
US 8.8.8.8:53 foreverywebsitealive.com udp
US 8.8.8.8:53 eliteteamenterprises.com udp
US 8.8.8.8:53 epicjourneytransport.com udp
US 8.8.8.8:53 deslimmebespaarcoach.com udp
US 8.8.8.8:53 emdad-khodro-hamedan.com udp
US 8.8.8.8:53 financestrailblazers.com udp
US 8.8.8.8:53 forexdolandiriciligi.com udp
US 8.8.8.8:53 flowersandbakerpoint.com udp
US 8.8.8.8:53 fuelenginemanagement.com udp
US 8.8.8.8:53 fotocabinasonrieperu.com udp
US 8.8.8.8:53 gallerydeptofficials.com udp
US 8.8.8.8:53 get-out-the-rat-race.com udp
US 8.8.8.8:53 ghazalafamilydaycare.com udp
US 8.8.8.8:53 gooposicionespolicia.com udp
US 8.8.8.8:53 graceinteriorsstudio.com udp
US 8.8.8.8:53 gothiconlineboutique.com udp
US 8.8.8.8:53 gothicsuppliesbazaar.com udp
US 50.63.25.32:443 www.cindysellslasvegasnv.com tcp
US 44.208.201.167:443 chucklecherish.com tcp
US 66.235.200.145:443 chequeredconfessions.com tcp
US 66.235.200.146:443 controlscapitalgroup.com tcp
GB 154.49.138.171:443 crazyhibachicatering.com tcp
FI 135.181.176.108:443 dhrjtalbyrpmservices.com tcp
CH 195.15.224.106:443 www.energieginecologiche.com tcp
BG 193.107.68.111:80 erasmustripsbulgaria.com tcp
ES 82.98.175.33:443 cys-mudanzasfcazorla.com tcp
US 38.60.251.231:443 gallerydeptofficials.com tcp
US 104.21.41.9:443 gothiconlineboutique.com tcp
US 172.67.135.99:443 featuredbrassetsales.com tcp
FR 109.234.165.176:443 www.cathygallsophrologue.com tcp
US 44.208.201.167:443 chucklecherish.com tcp
US 104.21.86.171:443 email-design-systems.com tcp
US 174.136.25.106:80 firmaangelyasociados.com tcp
GB 154.49.138.29:443 graceinteriorsstudio.com tcp
US 149.100.151.166:443 foreverywebsitealive.com tcp
US 45.132.243.36:443 eliteteamenterprises.com tcp
US 162.0.209.19:443 fotocabinasonrieperu.com tcp
GB 151.236.52.229:443 gooposicionespolicia.com tcp
US 8.8.8.8:53 greenairductsolution.com udp
NL 185.114.157.173:443 deslimmebespaarcoach.com tcp
US 162.254.39.111:443 ghazalafamilydaycare.com tcp
IR 217.144.107.50:80 emdad-khodro-hamedan.com tcp
US 172.67.129.228:443 gothicsuppliesbazaar.com tcp
US 8.8.8.8:53 guvenilirguncelgiris.com udp
US 160.153.0.21:443 epicjourneytransport.com tcp
US 203.161.44.27:443 financestrailblazers.com tcp
US 104.21.40.174:80 fuelenginemanagement.com tcp
US 54.85.199.254:443 get-out-the-rat-race.com tcp
IN 89.117.157.214:443 flowersandbakerpoint.com tcp
US 104.21.60.149:443 guvenilirguncelgiris.com tcp
US 35.188.58.213:443 greenairductsolution.com tcp
US 8.8.8.8:53 gujaratjobstutorials.com udp
US 8.8.8.8:53 hanoifoodtastingtour.com udp
SG 172.96.191.110:443 hanoifoodtastingtour.com tcp
US 8.8.8.8:53 hockeystickssetsales.com udp
US 172.67.203.123:443 hockeystickssetsales.com tcp
US 8.8.8.8:53 playfordvet.com.au udp
US 8.8.8.8:53 homeofficedecordeals.com udp
US 8.8.8.8:53 horseboxhirenearme.com udp
US 8.8.8.8:53 ecomstorenetwork.com udp
US 8.8.8.8:53 imaginestudiospvtltd.com udp
US 8.8.8.8:53 informationworldblog.com udp
US 8.8.8.8:53 juliekundalinirising.com udp
US 8.8.8.8:53 www.lajugueteriademexico.com udp
US 8.8.8.8:53 www.kupitinogometnidresi.com udp
US 8.8.8.8:53 jordanonlinemarketer.com udp
US 8.8.8.8:53 www.graceinteriorsstudio.com udp
US 8.8.8.8:53 mavimlifegayrimenkul.com udp
US 8.8.8.8:53 www.mcsupercarexperience.com udp
US 8.8.8.8:53 strelnikoff.net udp
US 8.8.8.8:53 aabusinessetup.com udp
US 8.8.8.8:53 jcremodelingcleaning.com udp
US 8.8.8.8:53 ilfornettodailgelato.com udp
US 8.8.8.8:53 www.ghazalafamilydaycare.com udp
US 8.8.8.8:53 jvcapitalenterprises.com udp
US 8.8.8.8:53 katiechachachinagirl.com udp
US 8.8.8.8:53 lamaisondelapastilla.com udp
US 8.8.8.8:53 latinaboliviatravels.com udp
US 8.8.8.8:53 laynenortonmarketing.com udp
US 8.8.8.8:53 michiganhorsetherapy.com udp
US 8.8.8.8:53 lightsofthenightcity.com udp
US 8.8.8.8:53 mysuitebeautystudios.com udp
US 8.8.8.8:53 spielgarten.net udp
US 8.8.8.8:53 techie-life.net udp
US 8.8.8.8:53 bajamartv.net udp
US 8.8.8.8:53 hostingrd.net udp
US 8.8.8.8:53 mommyapprovedreviews.com udp
US 8.8.8.8:53 naturalremedyratings.com udp
US 8.8.8.8:53 lettersfromtherealme.com udp
US 8.8.8.8:53 adcraftmedia.net udp
US 8.8.8.8:53 trionixlink.com udp
US 8.8.8.8:53 dropthecable.net udp
US 8.8.8.8:53 tumarketeam.com udp
US 8.8.8.8:53 ukanytravel.com udp
US 8.8.8.8:53 trustsmmpro.com udp
US 8.8.8.8:53 ultratechos.com udp
US 8.8.8.8:53 unhasmaster.com udp
US 8.8.8.8:53 unwiseadult.com udp
US 160.153.0.49:443 playfordvet.com.au tcp
FR 51.91.236.255:443 juliekundalinirising.com tcp
US 172.67.172.86:443 ecomstorenetwork.com tcp
ES 82.98.175.109:443 ilfornettodailgelato.com tcp
US 66.235.200.146:443 jordanonlinemarketer.com tcp
US 172.67.172.86:443 ecomstorenetwork.com tcp
TR 185.149.100.132:443 mavimlifegayrimenkul.com tcp
US 141.193.213.10:443 horseboxhirenearme.com tcp
US 66.235.200.147:80 jvcapitalenterprises.com tcp
US 65.99.252.206:443 www.lajugueteriademexico.com tcp
DE 81.169.145.72:80 spielgarten.net tcp
US 185.212.71.244:443 mysuitebeautystudios.com tcp
SG 45.76.182.83:443 informationworldblog.com tcp
DE 212.95.51.14:443 trionixlink.com tcp
US 66.198.240.50:443 dropthecable.net tcp
US 104.21.61.203:443 lightsofthenightcity.com tcp
IN 89.117.157.184:443 imaginestudiospvtltd.com tcp
GB 154.49.138.228:443 www.graceinteriorsstudio.com tcp
FI 135.181.176.108:443 aabusinessetup.com tcp
US 160.153.0.40:443 jcremodelingcleaning.com tcp
CA 143.110.208.62:443 lamaisondelapastilla.com tcp
IT 31.11.36.57:443 www.mcsupercarexperience.com tcp
US 192.64.117.122:443 strelnikoff.net tcp
US 192.185.89.30:443 ukanytravel.com tcp
US 209.74.105.250:443 www.kupitinogometnidresi.com tcp
DE 81.169.145.78:80 techie-life.net tcp
US 162.241.62.196:443 tumarketeam.com tcp
US 8.8.8.8:53 jenforsenate.com udp
US 162.254.39.111:443 www.ghazalafamilydaycare.com tcp
LT 84.32.84.32:443 katiechachachinagirl.com tcp
US 104.21.92.25:443 latinaboliviatravels.com tcp
US 3.33.130.190:443 laynenortonmarketing.com tcp
IR 217.144.107.50:443 emdad-khodro-hamedan.com tcp
US 192.185.90.28:443 hostingrd.net tcp
US 192.185.131.135:443 bajamartv.net tcp
IN 101.53.134.148:443 homeofficedecordeals.com tcp
US 192.185.131.129:443 adcraftmedia.net tcp
US 192.185.129.39:443 trustsmmpro.com tcp
US 8.8.8.8:53 jotamaxclean.com udp
US 8.8.8.8:53 jennisabrina.com udp
US 8.8.8.8:53 kampefitness.com udp
US 8.8.8.8:53 karirjakarta.com udp
US 157.245.251.220:443 michiganhorsetherapy.com tcp
US 86.38.202.89:443 mommyapprovedreviews.com tcp
US 149.100.151.151:443 naturalremedyratings.com tcp
US 44.208.201.167:443 lettersfromtherealme.com tcp
US 162.241.60.254:443 ultratechos.com tcp
US 162.241.24.227:443 unwiseadult.com tcp
US 192.64.119.222:80 jenforsenate.com tcp
ID 103.253.213.46:443 karirjakarta.com tcp
US 192.185.211.36:443 jotamaxclean.com tcp
US 104.21.64.228:443 jennisabrina.com tcp
US 209.74.105.250:443 www.kupitinogometnidresi.com tcp
US 172.67.187.160:443 kampefitness.com tcp
US 8.8.8.8:53 lunar-direct.com udp
US 8.8.8.8:53 lucabet24hrz.com udp
US 8.8.8.8:53 mademyafrica.com udp
US 8.8.8.8:53 luxdecorsarl.com udp
US 8.8.8.8:53 maitresoares.com udp
US 8.8.8.8:53 mediagabriel.com udp
US 8.8.8.8:53 mas1x2agency.com udp
US 8.8.8.8:53 meroomglobal.com udp
US 8.8.8.8:53 mehmetaliklc.com udp
US 8.8.8.8:53 mukrostehnik.com udp
US 8.8.8.8:53 myhealthaura.com udp
US 8.8.8.8:53 mishellvideo.com udp
US 8.8.8.8:53 momwholelife.com udp
US 8.8.8.8:53 lustercarbon.com udp
US 8.8.8.8:53 ma-test-live.com udp
US 8.8.8.8:53 margikennels.com udp
US 8.8.8.8:53 magialquimia.com udp
US 8.8.8.8:53 luis-walcher.com udp
SG 45.13.132.56:443 mukrostehnik.com tcp
US 8.8.8.8:53 makaikailani.com udp
NL 185.224.137.20:443 ma-test-live.com tcp
BR 185.239.210.191:443 magialquimia.com tcp
FR 89.116.147.142:443 luxdecorsarl.com tcp
FR 51.91.236.193:443 maitresoares.com tcp
US 172.67.201.216:443 meroomglobal.com tcp
BR 45.152.44.68:443 mas1x2agency.com tcp
IN 154.41.233.30:443 myhealthaura.com tcp
SG 156.67.222.114:443 momwholelife.com tcp
US 8.8.8.8:53 www.medicurewise.com udp
RU 45.130.41.109:443 mademyafrica.com tcp
US 8.8.8.8:53 men-boosters.com udp
US 8.8.8.8:53 medsdirectly.com udp
US 8.8.8.8:53 meusmartbank.com udp
US 8.8.8.8:53 milkemporium.com udp
US 8.8.8.8:53 mythxdigital.com udp
US 8.8.8.8:53 myblazestore.com udp
US 8.8.8.8:53 myutahgarden.com udp
US 8.8.8.8:53 moahnatureza.com udp
FR 89.117.169.172:443 mehmetaliklc.com tcp
BR 191.6.222.67:443 mediagabriel.com tcp
US 45.66.159.157:80 miaomiaoacgn.com tcp
PL 78.27.236.187:80 mishellvideo.com tcp
DE 5.44.111.88:80 luis-walcher.com tcp
US 8.8.8.8:53 monicapoveda.com udp
US 8.8.8.8:53 naianapapini.com udp
US 8.8.8.8:53 naheljustice.com udp
US 8.8.8.8:53 naineshjoshi.com udp
US 8.8.8.8:53 nascentkraft.com udp
US 8.8.8.8:53 newsprime365.com udp
US 8.8.8.8:53 nccujapanese.com udp
US 8.8.8.8:53 uav-dev.com udp
US 8.8.8.8:53 newkandyfire.com udp
US 8.8.8.8:53 news22trends.com udp
US 8.8.8.8:53 newscylinder.com udp
US 172.67.216.46:443 lunar-direct.com tcp
US 8.8.8.8:53 nicoleeifler.com udp
US 8.8.8.8:53 newswardrobe.com udp
US 50.21.186.18:443 makaikailani.com tcp
US 104.21.26.89:443 men-boosters.com tcp
GB 185.77.97.243:443 milkemporium.com tcp
US 69.163.178.7:443 meusmartbank.com tcp
US 172.67.208.36:443 medsdirectly.com tcp
US 216.128.142.122:443 myutahgarden.com tcp
BR 185.211.7.54:443 naianapapini.com tcp
SG 156.67.222.93:443 newkandyfire.com tcp
IN 82.180.140.31:443 naineshjoshi.com tcp
IN 154.41.233.32:443 newsprime365.com tcp
IN 111.118.212.120:443 nascentkraft.com tcp
BE 213.158.94.139:443 moahnatureza.com tcp
US 195.179.237.62:443 news22trends.com tcp
US 66.235.200.146:443 myblazestore.com tcp
US 173.236.201.19:443 www.medicurewise.com tcp
US 160.153.0.164:443 nccujapanese.com tcp
IN 217.21.90.66:443 newscylinder.com tcp
DE 217.160.0.76:443 uav-dev.com tcp
US 208.167.255.120:443 naheljustice.com tcp
NL 145.14.156.133:443 monicapoveda.com tcp
US 8.8.8.8:53 nextlevelhft.com udp
US 66.235.200.146:443 myblazestore.com tcp
GB 185.77.97.123:443 newswardrobe.com tcp
US 8.8.8.8:53 niloofarzare.com udp
US 8.8.8.8:53 78acgngo.com udp
DE 167.235.204.234:443 nicoleeifler.com tcp
US 8.8.8.8:53 nocodepanama.com udp
US 8.8.8.8:53 niqzentaiwan.com udp
US 8.8.8.8:53 nonrocaholic.com udp
US 134.122.29.38:443 nextlevelhft.com tcp
US 45.66.159.157:80 78acgngo.com tcp
DE 176.9.35.120:443 niloofarzare.com tcp
PL 78.27.236.187:443 mishellvideo.com tcp
US 8.8.8.8:53 oceanpanther.com udp
US 8.8.8.8:53 www.jenforsenate.com udp
MY 202.59.9.216:80 niqzentaiwan.com tcp
US 8.8.8.8:53 www.jennisabrina.com udp
US 173.236.201.68:443 nonrocaholic.com tcp
US 8.8.8.8:53 imunify-alert.com udp
US 8.8.8.8:53 ourreviewhub.com udp
US 8.8.8.8:53 offshorelion.com udp
US 8.8.8.8:53 ordinaryshow.com udp
IN 68.178.151.43:80 oceanpanther.com tcp
US 8.8.8.8:53 pameidesigns.com udp
US 8.8.8.8:53 peace-pharma.com udp
US 8.8.8.8:53 passagespace.com udp
US 8.8.8.8:53 www.kampefitness.com udp
US 8.8.8.8:53 payungimpian.com udp
US 8.8.8.8:53 pensivereads.com udp
US 8.8.8.8:53 parthmagotra.com udp
US 8.8.8.8:53 photobalkana.com udp
US 8.8.8.8:53 pathumonline.com udp
US 8.8.8.8:53 pineconesite.com udp
US 8.8.8.8:53 www.futureguru.in udp
US 8.8.8.8:53 pkeyhongkong.com udp
US 8.8.8.8:53 pendiksporum.com udp
US 8.8.8.8:53 playgolfinus.com udp
US 8.8.8.8:53 petloverxoxo.com udp
US 8.8.8.8:53 plumpengbird.com udp
US 8.8.8.8:53 pointsascent.com udp
US 8.8.8.8:53 pika-showapk.com udp
US 8.8.8.8:53 pizzeriademo.com udp
US 8.8.8.8:53 playcmcasino.com udp
US 8.8.8.8:53 plazacapecod.com udp
US 8.8.8.8:53 www.pnwdoulacare.com udp
US 8.8.8.8:53 polymathnote.com udp
US 8.8.8.8:53 pollywogpuff.com udp
DE 91.195.240.19:80 www.jenforsenate.com tcp
US 8.8.8.8:53 pomonapaving.com udp
US 172.67.156.64:443 www.jennisabrina.com tcp
US 172.67.161.211:443 offshorelion.com tcp
US 172.67.187.160:443 www.kampefitness.com tcp
IN 82.180.143.213:443 pensivereads.com tcp
IN 89.117.27.100:443 pameidesigns.com tcp
DE 148.251.187.96:443 photobalkana.com tcp
US 50.62.222.52:443 pineconesite.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 191.96.56.200:443 ourreviewhub.com tcp
IN 46.28.45.213:443 parthmagotra.com tcp
IN 82.180.140.31:443 www.futureguru.in tcp
FR 92.205.14.71:80 pendiksporum.com tcp
MY 103.191.76.4:80 payungimpian.com tcp
US 104.21.12.114:443 ordinaryshow.com tcp
IN 86.38.243.32:443 pika-showapk.com tcp
US 172.67.212.162:443 pkeyhongkong.com tcp
US 172.67.193.73:443 plumpengbird.com tcp
US 172.67.135.62:443 pathumonline.com tcp
US 185.212.70.180:443 passagespace.com tcp
CA 23.227.38.65:443 petloverxoxo.com tcp
US 137.184.125.196:443 playgolfinus.com tcp
US 208.113.161.144:443 plazacapecod.com tcp
US 208.97.151.95:443 www.pnwdoulacare.com tcp
IN 193.203.185.220:443 pollywogpuff.com tcp
VN 103.74.119.157:443 peace-pharma.com tcp
DE 158.220.111.47:443 polymathnote.com tcp
US 104.21.65.194:443 playcmcasino.com tcp
BE 213.158.94.164:443 pizzeriademo.com tcp
US 173.236.127.54:443 pomonapaving.com tcp
US 8.8.8.8:53 www.meusmartbank.com udp
US 8.8.8.8:53 newkandyfire.lk udp
US 8.8.8.8:53 pozitivprint.com udp
US 8.8.8.8:53 prasaarmarts.com udp
US 8.8.8.8:53 princeshetos.com udp
US 8.8.8.8:53 proamsterdam.com udp
US 8.8.8.8:53 promotoraes4.com udp
US 8.8.8.8:53 procureitall.com udp
US 8.8.8.8:53 promofmoment.com udp
US 8.8.8.8:53 profbobdubai.com udp
US 8.8.8.8:53 propertylaos.com udp
GB 185.77.97.209:443 promotoraes4.com tcp
US 69.163.178.7:443 www.meusmartbank.com tcp
US 149.100.151.180:443 prasaarmarts.com tcp
US 8.8.8.8:53 purefitworld.com udp
US 8.8.8.8:53 www.pslmclothing.com udp
CA 104.251.111.203:80 proamsterdam.com tcp
IN 69.57.172.23:443 profbobdubai.com tcp
US 8.8.8.8:53 peshawarbahriatown.com udp
BR 185.239.210.53:443 procureitall.com tcp
SE 93.188.2.55:443 pozitivprint.com tcp
US 8.8.8.8:53 www.nonrocaholic.com udp
US 8.8.8.8:53 promptbanana.com udp
TH 118.27.130.233:80 propertylaos.com tcp
US 8.8.8.8:53 www.proyectosfyj.com udp
US 8.8.8.8:53 www.ptsshowclubs.com udp
US 8.8.8.8:53 wolfchildcreative.com udp
US 192.185.214.135:443 promofmoment.com tcp
US 162.144.13.43:443 princeshetos.com tcp
US 8.8.8.8:53 acuariobabylenceria.com udp
US 8.8.8.8:53 adoptastreetinhaiti.com udp
US 8.8.8.8:53 saifurrahmansoykat.com udp
US 8.8.8.8:53 arabiandohacarpets.com udp
US 8.8.8.8:53 annabellevonreutern.com udp
US 8.8.8.8:53 africansmusiconline.com udp
US 8.8.8.8:53 adsvertuadvertising.com udp
US 8.8.8.8:53 adventuresofcharley.com udp
US 8.8.8.8:53 andyscustomconcrete.com udp
US 8.8.8.8:53 betonyourweightloss.com udp
SG 156.67.222.93:443 newkandyfire.lk tcp
US 8.8.8.8:53 www.plumpengbird.com udp
US 8.8.8.8:53 adamarmusicaantigua.com udp
US 8.8.8.8:53 word.yyisjade.top udp
US 8.8.8.8:53 blueescortsservices.com udp
US 199.188.206.16:443 peshawarbahriatown.com tcp
US 89.117.139.207:443 promptbanana.com tcp
CA 192.99.18.84:443 www.proyectosfyj.com tcp
US 173.236.201.68:443 www.nonrocaholic.com tcp
US 173.231.242.82:443 www.pslmclothing.com tcp
US 8.8.8.8:53 brisketsandgravybbq.com udp
US 50.201.112.56:443 www.ptsshowclubs.com tcp
US 106.0.62.81:443 purefitworld.com tcp
US 198.54.116.212:443 wolfchildcreative.com tcp
US 160.153.0.25:443 adventuresofcharley.com tcp
BR 185.245.180.60:443 adsvertuadvertising.com tcp
US 172.67.193.73:443 www.plumpengbird.com tcp
US 154.12.224.50:443 acuariobabylenceria.com tcp
US 173.236.202.69:443 adamarmusicaantigua.com tcp
US 8.8.8.8:53 www.crucialonsite.com udp
US 198.23.62.101:443 africansmusiconline.com tcp
US 8.8.8.8:53 cactusrojoeditorial.com udp
US 8.8.8.8:53 ccexpressurgentcare.com udp
US 8.8.8.8:53 chandanguptadigital.com udp
US 8.8.8.8:53 civilservicemastery.com udp
US 8.8.8.8:53 cell2fixqueenand410.com udp
US 63.250.38.159:443 saifurrahmansoykat.com tcp
GB 154.49.138.207:443 arabiandohacarpets.com tcp
US 34.208.164.222:80 andyscustomconcrete.com tcp
US 137.184.125.196:443 word.yyisjade.top tcp
US 8.8.8.8:53 christophermcconney.com udp
US 8.8.8.8:53 codigomultiplicador.com udp
DE 81.169.145.149:80 annabellevonreutern.com tcp
US 3.33.130.190:80 betonyourweightloss.com tcp
US 173.236.203.0:443 adoptastreetinhaiti.com tcp
US 209.160.104.120:443 brisketsandgravybbq.com tcp
US 8.8.8.8:53 dailyamericanliving.com udp
US 64.31.43.226:443 blueescortsservices.com tcp
US 8.8.8.8:53 derivetravelservice.com udp
US 8.8.8.8:53 devinebeautybengals.com udp
US 8.8.8.8:53 cottonhousekidswear.com udp
US 172.67.218.57:443 ccexpressurgentcare.com tcp
US 195.179.239.96:443 cactusrojoeditorial.com tcp
US 208.115.236.166:443 cell2fixqueenand410.com tcp
NL 5.182.209.17:443 derivetravelservice.com tcp
IE 18.66.171.126:443 chandanguptadigital.com tcp
US 35.209.219.198:443 www.crucialonsite.com tcp
US 209.182.202.254:443 civilservicemastery.com tcp
US 72.167.206.79:443 cottonhousekidswear.com tcp
GB 141.136.33.47:443 christophermcconney.com tcp
US 172.67.175.185:443 dailyamericanliving.com tcp
BR 177.154.191.132:443 codigomultiplicador.com tcp
FR 92.205.7.232:443 devinebeautybengals.com tcp
US 8.8.8.8:53 clapfitnesswellness.it udp
GB 154.49.138.126:443 clapfitnesswellness.it tcp
US 8.8.8.8:53 dermalflex-supplies.com udp
US 8.8.8.8:53 dempsildiputado2024.com udp
DE 212.90.120.180:443 dermalflex-supplies.com tcp
US 8.8.8.8:53 dharmavarmahospital.com udp
US 31.170.160.159:443 dempsildiputado2024.com tcp
US 8.8.8.8:53 digitales-solutions.com udp
US 8.8.8.8:53 discountonlineshops.com udp
FR 91.234.195.182:443 digitales-solutions.com tcp
IN 103.14.122.182:443 dharmavarmahospital.com tcp
US 8.8.8.8:53 www.dzuydolphintraining.com udp
US 8.8.8.8:53 digitalmarketing-ny.com udp
US 8.8.8.8:53 fantastiqueboutique.com udp
US 8.8.8.8:53 drogueriavidaanimal.com udp
US 8.8.8.8:53 diversitypsicologia.com udp
US 8.8.8.8:53 financialempirebank.com udp
US 8.8.8.8:53 fortbite-supplement.com udp
US 8.8.8.8:53 exportleftoverwoods.com udp
US 8.8.8.8:53 www.adoptastreetinhaiti.com udp
US 8.8.8.8:53 francaisdesaffaires.com udp
US 8.8.8.8:53 finnishtechandgames.com udp
US 8.8.8.8:53 globalenvisiongroup.com udp
US 8.8.8.8:53 goodmorningcleaning.com udp
US 8.8.8.8:53 www.goldreefexpeditions.com udp
US 8.8.8.8:53 getsoftskillscenter.com udp
US 8.8.8.8:53 gomilica-appartment.com udp
US 8.8.8.8:53 www.adamarmusicaantigua.com udp
US 8.8.8.8:53 glutenfreedietguide.com udp
US 8.8.8.8:53 grandfinconsultants.com udp
US 8.8.8.8:53 highbrassautorepair.com udp
US 8.8.8.8:53 guatemalaluxurystay.com udp
US 8.8.8.8:53 guzmangulpsngoodies.com udp
US 8.8.8.8:53 ching-long-yat-system.com udp
US 8.8.8.8:53 www.cilingiroglubeyazesya.com udp
US 8.8.8.8:53 recaptcha.cloud udp
US 8.8.8.8:53 cleanandcleanservices.com udp
DE 217.160.0.73:443 fantastiqueboutique.com tcp
US 173.236.195.242:443 www.dzuydolphintraining.com tcp
BR 185.211.7.136:443 drogueriavidaanimal.com tcp
US 8.8.8.8:53 clinicadentalosamayor.com udp
DE 51.195.62.41:443 financialempirebank.com tcp
US 195.149.87.70:443 digitalmarketing-ny.com tcp
US 3.33.130.190:443 betonyourweightloss.com tcp
FR 89.116.147.55:443 diversitypsicologia.com tcp
BR 149.100.155.53:443 discountonlineshops.com tcp
US 208.109.70.73:443 globalenvisiongroup.com tcp
FI 135.181.182.88:443 exportleftoverwoods.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 162.250.125.234:443 finnishtechandgames.com tcp
SG 194.163.42.234:443 francaisdesaffaires.com tcp
DE 80.241.219.222:443 www.goldreefexpeditions.com tcp
GB 154.49.138.98:443 fortbite-supplement.com tcp
US 173.236.202.69:443 www.adamarmusicaantigua.com tcp
US 66.33.221.59:443 guatemalaluxurystay.com tcp
US 141.193.213.11:443 guzmangulpsngoodies.com tcp
US 67.205.18.242:443 glutenfreedietguide.com tcp
US 173.236.203.0:443 www.adoptastreetinhaiti.com tcp
US 45.55.221.223:443 goodmorningcleaning.com tcp
DE 88.198.131.116:443 recaptcha.cloud tcp
US 8.8.8.8:53 crabbyjoescartrentals.com udp
GB 153.92.6.20:443 getsoftskillscenter.com tcp
DE 89.163.140.240:443 www.cilingiroglubeyazesya.com tcp
US 74.208.236.83:443 highbrassautorepair.com tcp
DE 148.251.15.151:443 gomilica-appartment.com tcp
HK 103.11.100.7:443 ching-long-yat-system.com tcp
BE 213.158.94.164:443 clinicadentalosamayor.com tcp
US 8.8.8.8:53 coloradomedicinewoman.com udp
CA 69.90.162.230:443 cleanandcleanservices.com tcp
US 8.8.8.8:53 www.plazacapecod.com udp
US 8.8.8.8:53 crossshorttermrentals.com udp
US 8.8.8.8:53 cursosprofesionalesaa.com udp
US 160.153.0.187:443 crabbyjoescartrentals.com tcp
US 8.8.8.8:53 decofiestasinfantiles.com udp
US 8.8.8.8:53 deasilglobalresources.com udp
US 8.8.8.8:53 deluxerentacarantalya.com udp
US 75.75.243.80:443 crossshorttermrentals.com tcp
US 8.8.8.8:53 eaglesacramentoschool.com udp
US 162.241.253.90:443 coloradomedicinewoman.com tcp
US 208.113.161.144:443 www.plazacapecod.com tcp
US 8.8.8.8:53 distribucionesercosac.com udp
US 8.8.8.8:53 elmasrya-workingspace.com udp
US 8.8.8.8:53 www.moonelectrolysis.com udp
US 138.128.178.242:443 cursosprofesionalesaa.com tcp
BR 149.100.155.241:443 decofiestasinfantiles.com tcp
US 8.8.8.8:53 faithprimitivetvradio.com udp
NL 145.14.151.115:443 deluxerentacarantalya.com tcp
US 74.208.236.92:443 deasilglobalresources.com tcp
BR 187.45.193.219:443 eaglesacramentoschool.com tcp
US 8.8.8.8:53 eliteprocuresolutions.com udp
US 192.250.227.13:443 distribucionesercosac.com tcp
US 154.49.142.203:443 elmasrya-workingspace.com tcp
US 64.176.199.123:443 www.moonelectrolysis.com tcp
US 54.85.199.254:443 eliteprocuresolutions.com tcp
US 192.254.189.212:443 faithprimitivetvradio.com tcp
US 8.8.8.8:53 enzorshandymanservice.com udp
US 8.8.8.8:53 europa-global-finance.com udp
US 8.8.8.8:53 frankheart-production.com udp
US 8.8.8.8:53 featuredproductstoday.com udp
US 8.8.8.8:53 equilibretperformance.com udp
US 8.8.8.8:53 freegardeningarticles.com udp
US 8.8.8.8:53 globalmarinesejahtera.com udp
US 8.8.8.8:53 gofast-digital-design.com udp
US 8.8.8.8:53 www.glutenfreedietguide.com udp
US 8.8.8.8:53 gatewaysupercarrental.com udp
US 8.8.8.8:53 financialwarriorelite.com udp
US 8.8.8.8:53 god-mercytravelagency.com udp
US 8.8.8.8:53 greenaccommodationltd.com udp
US 8.8.8.8:53 hotelyhostalsantuario.com udp
US 8.8.8.8:53 goldwinginternational.com udp
US 8.8.8.8:53 interior-design-decor.com udp
US 8.8.8.8:53 imaginegreeceretreats.com udp
US 8.8.8.8:53 hybridwastemanagement.com udp
US 8.8.8.8:53 goldreefexpeditions.com udp
US 8.8.8.8:53 www.crossshorttermrentals.com udp
US 8.8.8.8:53 internetonlinenumber1.com udp
US 8.8.8.8:53 konstantinoskourtisit.com udp
US 8.8.8.8:53 jmsecula-tout-travaux.com udp
US 8.8.8.8:53 lasufridamexicangrill.com udp
US 8.8.8.8:53 marinhoadvocaciasaude.com udp
US 8.8.8.8:53 digitalnomadconferences.com udp
US 162.241.219.194:80 enzorshandymanservice.com tcp
FR 109.234.165.90:443 europa-global-finance.com tcp
US 8.8.8.8:53 electromenager-baratier.com udp
CH 83.166.133.59:443 equilibretperformance.com tcp
US 104.21.83.238:443 freegardeningarticles.com tcp
US 67.205.18.242:443 www.glutenfreedietguide.com tcp
US 154.56.47.19:443 interior-design-decor.com tcp
IN 89.117.188.173:443 goldwinginternational.com tcp
IN 217.21.90.128:443 hybridwastemanagement.com tcp
DE 80.241.219.222:443 goldreefexpeditions.com tcp
US 195.35.33.195:443 financialwarriorelite.com tcp
NL 109.106.246.197:443 gofast-digital-design.com tcp
SG 185.237.145.73:80 globalmarinesejahtera.com tcp
US 8.8.8.8:53 faithfulmultibusinesses.com udp
US 75.75.243.80:443 www.crossshorttermrentals.com tcp
US 104.21.20.161:443 internetonlinenumber1.com tcp
US 162.241.217.63:80 konstantinoskourtisit.com tcp
US 192.185.14.238:443 lasufridamexicangrill.com tcp
US 162.241.224.125:80 digitalnomadconferences.com tcp
FR 89.116.147.196:443 god-mercytravelagency.com tcp
US 184.94.213.167:443 greenaccommodationltd.com tcp
US 209.172.2.100:443 electromenager-baratier.com tcp
GB 153.92.6.111:443 gatewaysupercarrental.com tcp
BR 149.100.155.237:443 featuredproductstoday.com tcp
US 64.90.52.156:443 frankheart-production.com tcp
US 162.241.62.221:443 hotelyhostalsantuario.com tcp
NL 198.20.116.197:443 imaginegreeceretreats.com tcp
FR 109.234.161.88:443 jmsecula-tout-travaux.com tcp
US 162.241.203.146:443 marinhoadvocaciasaude.com tcp
US 8.8.8.8:53 fearlessmomentrepreneur.com udp
US 8.8.8.8:53 prediksisule4d.net udp
US 8.8.8.8:53 enableyourfullpotential.com udp
US 8.8.8.8:53 farrallbuiltagriculture.com udp
US 8.8.8.8:53 honor88d.xyz udp
ZA 197.242.67.67:80 fearlessmomentrepreneur.com tcp
US 184.94.213.93:443 prediksisule4d.net tcp
US 162.255.119.237:443 honor88d.xyz tcp
DE 217.160.0.25:443 enableyourfullpotential.com tcp
US 69.163.249.18:443 farrallbuiltagriculture.com tcp
BR 187.45.193.219:443 eaglesacramentoschool.com tcp
US 8.8.8.8:53 theadsky.xyz udp
US 8.8.8.8:53 yummyyums.xyz udp
US 8.8.8.8:53 s-digital.xyz udp
US 8.8.8.8:53 ntcmtech.xyz udp
US 8.8.8.8:53 digitalace.xyz udp
US 8.8.8.8:53 www.rtpwabah4d.site udp
US 8.8.8.8:53 www.greenaccommodationltd.com udp
US 8.8.8.8:53 coltenmoore.xyz udp
US 8.8.8.8:53 www.outsourcingcollage.xyz udp
US 8.8.8.8:53 wptest.webspacekit.com udp
US 8.8.8.8:53 omoodreza.xyz udp
US 8.8.8.8:53 artofmetal.xyz udp
US 8.8.8.8:53 www.drsurojitc.xyz udp
US 8.8.8.8:53 unixcorn.xyz udp
US 8.8.8.8:53 kynutayninh.xyz udp
US 8.8.8.8:53 thedigiera.xyz udp
US 8.8.8.8:53 mdnuruddin.xyz udp
US 8.8.8.8:53 gracescents.xyz udp
US 8.8.8.8:53 mohitevents.xyz udp
US 8.8.8.8:53 prostamaxforte4you.xyz udp
US 8.8.8.8:53 formasdeganardinero.xyz udp
US 8.8.8.8:53 seoexpertbyabdulalim.xyz udp
US 184.94.213.167:443 www.greenaccommodationltd.com tcp
US 104.21.5.67:443 www.rtpwabah4d.site tcp
US 104.21.61.170:443 rumahsakit.co.id tcp
US 172.67.135.202:443 wptest.webspacekit.com tcp
US 107.178.105.34:80 gracescents.xyz tcp
US 8.8.8.8:53 formando-inversionistas.com udp
AT 193.219.97.143:443 prostamaxforte4you.xyz tcp
US 50.63.7.230:443 ntcmtech.xyz tcp
US 107.178.105.34:443 gracescents.xyz tcp
US 195.179.236.49:443 formasdeganardinero.xyz tcp
KR 158.247.255.84:443 hotissue.xyz tcp
US 149.100.151.10:443 coltenmoore.xyz tcp
SG 45.90.228.189:443 kynutayninh.xyz tcp
US 204.93.224.121:443 formando-inversionistas.com tcp
US 217.196.55.118:443 yummyyums.xyz tcp
US 172.67.185.163:443 unixcorn.xyz tcp
US 8.8.8.8:53 vedantcementproducts.xyz udp
US 107.178.105.34:443 vedantcementproducts.xyz tcp
US 172.67.176.47:443 imunify-alert.com tcp
US 8.8.8.8:53 www.freegardeningarticles.com udp
US 8.8.8.8:53 theinvestmentplanner.xyz udp
US 8.8.8.8:53 bloguerodepluginsparamc.xyz udp
US 8.8.8.8:53 saasandb2bsolutionhub.xyz udp
US 8.8.8.8:53 www.rtpwabah4da.xyz udp
US 8.8.8.8:53 solucionesdeunbloguero.xyz udp
US 195.179.236.49:443 solucionesdeunbloguero.xyz tcp
US 172.67.183.116:443 www.freegardeningarticles.com tcp
US 66.29.132.135:443 saasandb2bsolutionhub.xyz tcp
US 104.21.53.172:443 www.rtpwabah4da.xyz tcp
US 195.179.236.49:443 solucionesdeunbloguero.xyz tcp
US 8.8.8.8:53 atlanticcomputerslivestreammedia.xyz udp
US 8.8.8.8:53 www.owwa.online udp
US 8.8.8.8:53 lmfh.online udp
US 8.8.8.8:53 trendy2.online udp
US 104.21.59.244:80 atlanticcomputerslivestreammedia.xyz tcp
JP 54.65.109.38:443 www.owwa.online tcp
US 8.8.8.8:53 hfer.online udp
US 8.8.8.8:53 sndg.online udp
PT 94.46.176.46:443 hfer.online tcp
US 160.153.0.189:443 lmfh.online tcp
US 8.8.8.8:53 cuty.io udp
US 8.8.8.8:53 9done.online udp
US 8.8.8.8:53 www.fearlessmomentrepreneur.com udp
US 8.8.8.8:53 ajyad.online udp
US 8.8.8.8:53 iocab.online udp
US 8.8.8.8:53 wpbnk.online udp
US 8.8.8.8:53 gli80.online udp
US 8.8.8.8:53 hycons.online udp
US 8.8.8.8:53 bfssi.online udp
US 8.8.8.8:53 quilzy.online udp
US 8.8.8.8:53 shury.online udp
US 8.8.8.8:53 mipiel.online udp
US 8.8.8.8:53 listov.online udp
US 172.67.139.32:443 cuty.io tcp
US 8.8.8.8:53 virtco.online udp
US 8.8.8.8:53 ossden.online udp
US 8.8.8.8:53 kinohi.online udp
US 8.8.8.8:53 xollar.online udp
US 8.8.8.8:53 mxcwin.online udp
US 8.8.8.8:53 vozjpa.online udp
US 8.8.8.8:53 idland.online udp
US 8.8.8.8:53 rizzqy.online udp
US 8.8.8.8:53 cymath.online udp
US 8.8.8.8:53 rendafuturista.online udp
US 8.8.8.8:53 sabary.online udp
US 8.8.8.8:53 taxidvdldakmil.online udp
US 8.8.8.8:53 speedytimeline.online udp
US 172.67.212.103:443 bfssi.online tcp
FR 154.49.245.133:443 gites.online tcp
FR 154.49.245.138:443 shury.online tcp
FR 15.188.219.54:443 quilzy.online tcp
BR 185.213.81.126:443 mipiel.online tcp
US 8.8.8.8:53 webconsultancy.online udp
BR 177.154.191.243:443 gli80.online tcp
LT 84.32.84.32:443 xollar.online tcp
US 92.204.132.36:443 ajyad.online tcp
DE 88.198.131.116:443 recaptcha.cloud tcp
NL 94.131.11.30:80 kinohi.online tcp
ZA 197.242.67.67:443 www.fearlessmomentrepreneur.com tcp
IN 217.21.87.157:443 hycons.online tcp
NL 162.0.217.68:443 idland.online tcp
US 195.35.33.8:443 cymath.online tcp
IN 89.117.188.81:443 ossden.online tcp
IN 89.117.157.53:443 iocab.online tcp
US 8.8.8.8:53 thetotalfusion.online udp
BR 149.100.155.223:443 rendafuturista.online tcp
US 194.195.84.31:443 vozjpa.online tcp
BR 45.152.46.243:443 mxcwin.online tcp
CA 107.173.196.77:80 speedytimeline.online tcp
VN 103.173.227.188:80 sabary.online tcp
VN 103.74.116.222:443 taxidvdldakmil.online tcp
ES 81.25.126.125:443 fumh.online tcp
US 8.8.8.8:53 webdigiexperts.online udp
US 8.8.8.8:53 codingwithnajid.online udp
US 8.8.8.8:53 exego.app udp
US 8.8.8.8:53 amiclearformula.online udp
IN 89.117.157.220:443 webconsultancy.online tcp
US 8.8.8.8:53 corteconfeccion.online udp
US 8.8.8.8:53 elegancialatina.online udp
US 8.8.8.8:53 eljardinsecreto.online udp
US 149.100.151.21:443 codingwithnajid.online tcp
US 8.8.8.8:53 julianacapriche.online udp
US 172.67.73.247:443 exego.app tcp
BR 154.49.247.252:443 elegancialatina.online tcp
US 162.241.85.21:443 webdigiexperts.online tcp
US 8.8.8.8:53 harmonywellness.online udp
US 8.8.8.8:53 epicmininggroup.online udp
US 8.8.8.8:53 healthassesment.online udp
US 8.8.8.8:53 harshitjeweller.online udp
BR 154.49.247.234:443 corteconfeccion.online tcp
US 8.8.8.8:53 magicalmadarasg.online udp
US 8.8.8.8:53 nikolastankovic.online udp
US 8.8.8.8:53 pushpendrakumar.online udp
US 8.8.8.8:53 snaphealthylife.online udp
US 8.8.8.8:53 aashirwadfinance.online udp
US 8.8.8.8:53 churrasqueirovip.online udp
US 8.8.8.8:53 comunidadeglobal.online udp
US 8.8.8.8:53 rahmtuinsurance.online udp
US 8.8.8.8:53 purplecupnation.online udp
US 8.8.8.8:53 thebackbanchers.online udp
US 82.180.173.215:443 eljardinsecreto.online tcp
US 8.8.8.8:53 chefempreendedor.online udp
US 8.8.8.8:53 acessototal-free.online udp
US 8.8.8.8:53 codigodagrandeza.online udp
IN 154.41.233.72:443 thebackbanchers.online tcp
FR 57.128.95.87:443 snaphealthylife.online tcp
NL 212.107.17.44:443 nikolastankovic.online tcp
GB 185.77.97.243:443 rahmtuinsurance.online tcp
BR 149.100.155.7:443 comunidadeglobal.online tcp
BR 82.180.159.77:443 acessototal-free.online tcp
IN 89.117.157.253:443 harshitjeweller.online tcp
GB 31.22.4.26:443 epicmininggroup.online tcp
BR 154.49.247.173:443 armariolucrativo.online tcp
DE 95.111.231.44:80 pushpendrakumar.online tcp
US 8.8.8.8:53 descubrasecretos.online udp
GB 185.77.97.196:443 codigodagrandeza.online tcp
US 104.21.5.76:443 magicalmadarasg.online tcp
BR 154.49.247.156:443 julianacapriche.online tcp
LT 84.32.84.32:443 healthassesment.online tcp
US 8.8.8.8:53 gruposdowhatsapp.online udp
IN 217.21.88.188:443 aashirwadfinance.online tcp
US 8.8.8.8:53 cuerpo-saludable.online udp
US 8.8.8.8:53 doceriadesucesso.online udp
US 162.241.217.213:443 harmonywellness.online tcp
US 8.8.8.8:53 misegurolibertad.online udp
US 8.8.8.8:53 ganhandoevivendo.online udp
US 8.8.8.8:53 icdpsederecoleta.online udp
US 195.179.237.85:443 descubrasecretos.online tcp
US 8.8.8.8:53 nailprofissional.online udp
US 63.250.43.12:80 excellentenglish.online tcp
US 50.116.112.42:443 gruposdowhatsapp.online tcp
BR 149.100.155.188:443 cuerpo-saludable.online tcp
US 50.6.138.135:443 doceriadesucesso.online tcp
LT 84.32.84.32:443 icdpsederecoleta.online tcp
LT 84.32.84.32:443 icdpsederecoleta.online tcp
US 8.8.8.8:53 xpepeb.xyz udp
US 8.8.8.8:53 www.nowfelenterprise.online udp
US 8.8.8.8:53 originalgotavita.online udp
US 8.8.8.8:53 kspot.xyz udp
US 8.8.8.8:53 www.filaq.com udp
US 8.8.8.8:53 www.exibw.com udp
US 8.8.8.8:53 elnozze.click udp
US 8.8.8.8:53 ledich.com udp
US 8.8.8.8:53 donduro.com udp
US 8.8.8.8:53 www.icibw.com udp
BR 45.224.131.211:443 ganhandoevivendo.online tcp
US 8.8.8.8:53 bettexmx.com udp
US 8.8.8.8:53 po-inu.com udp
US 8.8.8.8:53 ec-wiki.com udp
US 8.8.8.8:53 bloom607.com udp
DE 79.133.41.61:443 ledich.com tcp
US 8.8.8.8:53 bmsec-bd.com udp
US 162.241.225.228:443 donduro.com tcp
US 190.8.176.166:443 www.filaq.com tcp
US 162.241.61.74:443 bettexmx.com tcp
US 8.8.8.8:53 bucitana.com udp
US 8.8.8.8:53 msgtinvt.com udp
US 162.0.232.65:443 xpepeb.xyz tcp
US 162.241.169.33:443 bloom607.com tcp
US 162.213.251.99:443 kspot.xyz tcp
US 66.29.132.136:443 po-inu.com tcp
HK 144.48.143.132:443 www.icibw.com tcp
HK 144.48.143.132:443 www.icibw.com tcp
US 162.241.2.87:443 originalgotavita.online tcp
US 66.235.200.146:80 ec-wiki.com tcp
US 192.185.109.189:443 bmsec-bd.com tcp
US 85.239.246.26:443 bucitana.com tcp
ZA 102.130.121.142:443 msgtinvt.com tcp
US 8.8.8.8:53 nuailabs.com udp
US 8.8.8.8:53 queremal.com udp
US 8.8.8.8:53 brogervs.com udp
US 8.8.8.8:53 rebdrawn.com udp
US 66.29.132.135:443 nuailabs.com tcp
US 8.8.8.8:53 camirock.com udp
US 8.8.8.8:53 navpages.com udp
US 8.8.8.8:53 priviavn.com udp
US 8.8.8.8:53 renge-cl.com udp
US 8.8.8.8:53 robegram.com udp
US 8.8.8.8:53 rgxclick.com udp
US 8.8.8.8:53 rangovip.com udp
US 8.8.8.8:53 renoveli.com udp
US 8.8.8.8:53 remachex.com udp
US 8.8.8.8:53 roseonca.com udp
US 8.8.8.8:53 satukoin.com udp
US 8.8.8.8:53 robowala.com udp
US 8.8.8.8:53 sambhang.com udp
US 8.8.8.8:53 www.guatemalaluxurystay.com udp
US 8.8.8.8:53 sepplast.com udp
US 8.8.8.8:53 shopviaa.com udp
US 8.8.8.8:53 seoandit.com udp
US 8.8.8.8:53 sfwofree.com udp
US 8.8.8.8:53 devalnath.com udp
US 8.8.8.8:53 dexsensei.com udp
US 8.8.8.8:53 www.domainicana.com udp
US 8.8.8.8:53 df-marsim.com udp
US 192.185.48.122:443 queremal.com tcp
NL 209.124.66.13:443 robegram.com tcp
US 162.241.218.133:443 rebdrawn.com tcp
NL 45.58.138.111:443 rangovip.com tcp
US 162.241.252.101:443 roseonca.com tcp
US 104.21.90.212:443 satukoin.com tcp
US 76.76.21.21:443 devkhaled.com tcp
US 108.163.225.126:80 shopviaa.com tcp
FR 89.117.169.212:443 dexsensei.com tcp
US 66.235.200.113:443 sambhang.com tcp
US 66.33.221.59:443 www.guatemalaluxurystay.com tcp
DE 46.101.214.73:443 www.domainicana.com tcp
US 162.241.61.219:443 brogervs.com tcp
US 8.8.8.8:53 digihilfe.com udp
CA 148.113.163.192:443 sepplast.com tcp
US 3.33.130.190:443 sfwofree.com tcp
IN 89.117.157.49:443 devalnath.com tcp
GB 185.181.117.86:443 renoveli.com tcp
GB 154.49.138.132:443 navpages.com tcp
CA 23.227.38.65:443 rgxclick.com tcp
US 172.96.161.196:443 seoandit.com tcp
VN 45.252.249.23:443 priviavn.com tcp
US 192.185.131.113:443 remachex.com tcp
N/A 127.0.0.1:48874 tcp
US 160.153.0.86:80 df-marsim.com tcp
US 8.8.8.8:53 www.dmesherpa.com udp
US 8.8.8.8:53 diemax-tn.com udp
US 8.8.8.8:53 dinepalau.com udp
GB 154.49.138.38:443 digihilfe.com tcp
JP 163.44.176.14:443 renge-cl.com tcp
US 149.100.151.206:443 diemax-tn.com tcp
US 151.101.130.159:443 www.dmesherpa.com tcp
US 199.250.214.216:80 dinepalau.com tcp
US 8.8.8.8:53 drmahnoor.com udp
US 8.8.8.8:53 doggscare.com udp
US 172.67.188.25:80 drmahnoor.com tcp
US 8.8.8.8:53 dropkitch.com udp
US 8.8.8.8:53 dugiworld.com udp
US 162.159.137.9:443 dropkitch.com tcp
US 8.8.8.8:53 dzerkalko.com udp
US 8.8.8.8:53 eclomedia.com udp
DE 136.243.4.172:443 doggscare.com tcp
GB 185.77.97.219:443 dugiworld.com tcp
NL 89.116.53.206:443 dzerkalko.com tcp
US 8.8.8.8:53 earninfoz.com udp
US 8.8.8.8:53 ecoharboz.com udp
US 8.8.8.8:53 eljawhary.com udp
US 195.35.15.138:443 eclomedia.com tcp
US 8.8.8.8:53 eliwaxing.com udp
US 8.8.8.8:53 388goalv2s.com udp
US 8.8.8.8:53 zinprordc.com udp
US 8.8.8.8:53 3979tintuc.com udp
US 8.8.8.8:53 8keonhacai.com udp
US 8.8.8.8:53 abomerkama.com udp
US 8.8.8.8:53 aditivijay.com udp
US 8.8.8.8:53 agingvital.com udp
US 8.8.8.8:53 agsysindia.com udp
US 8.8.8.8:53 aanishmart.com udp
US 8.8.8.8:53 advokatisg.com udp
US 8.8.8.8:53 aarondarke.com udp
US 8.8.8.8:53 www.eltacos45.com udp
US 8.8.8.8:53 www.agnespater.com udp
US 8.8.8.8:53 ab-rentals.com udp
US 8.8.8.8:53 ai-arabiic.com udp
US 8.8.8.8:53 aceoftides.com udp
US 8.8.8.8:53 aidandress.com udp
US 8.8.8.8:53 ajeddynews.com udp
US 8.8.8.8:53 albedoblue.com udp
US 8.8.8.8:53 aibreeders.com udp
US 162.0.215.10:443 earninfoz.com tcp
US 192.64.119.90:443 ecoharboz.com tcp
US 8.8.8.8:53 aigcspider.com udp
US 8.8.8.8:53 alamarkinc.com udp
US 8.8.8.8:53 alinaraghi.com udp
US 8.8.8.8:53 alishiping.com udp
US 172.67.216.44:80 8keonhacai.com tcp
US 8.8.8.8:53 aliyusifli.com udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 8.8.8.8:53 allwebsaas.com udp
US 172.67.152.176:443 eliwaxing.com tcp
US 191.96.56.80:443 aditivijay.com tcp
IN 82.180.165.145:443 agsysindia.com tcp
US 8.8.8.8:53 alwayzlike.com udp
US 154.56.47.43:443 abomerkama.com tcp
US 162.159.137.9:443 agingvital.com tcp
US 173.236.192.211:443 www.elnjranii.com tcp
US 8.8.8.8:53 alphaeditr.com udp
FR 154.49.245.104:443 eljawhary.com tcp
FR 109.234.164.71:443 www.eltacos45.com tcp
US 172.67.176.47:443 imunify-alert.com tcp
FR 154.49.245.55:443 zinprordc.com tcp
US 8.8.8.8:53 amarsamvad.com udp
US 104.21.48.100:443 aanishmart.com tcp
US 192.64.119.225:443 aceoftides.com tcp
FR 89.116.147.176:443 ai-arabiic.com tcp
US 74.208.236.137:443 aibreeders.com tcp
US 104.21.26.194:443 aidandress.com tcp
US 160.153.0.86:443 df-marsim.com tcp
US 34.121.114.47:443 advokatisg.com tcp
US 151.101.66.159:443 aarondarke.com tcp
CN 47.100.64.39:80 aigcspider.com tcp
US 66.29.132.222:443 ajeddynews.com tcp
DE 88.198.45.240:443 alamarkinc.com tcp

Files

memory/2244-3-0x0000000000400000-0x0000000002D3F000-memory.dmp

memory/2244-2-0x00000000001C0000-0x00000000001CB000-memory.dmp

memory/2244-1-0x0000000000270000-0x0000000000370000-memory.dmp

memory/1268-4-0x0000000002950000-0x0000000002966000-memory.dmp

memory/2244-5-0x0000000000400000-0x0000000002D3F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E418.exe

MD5 147f5f5bbc80b2ad753993e15f3f32c2
SHA1 16d73b4abeef12cf76414338901eb7bbef46775f
SHA256 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990
SHA512 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6

memory/2652-17-0x00000000047F0000-0x00000000049A8000-memory.dmp

memory/2652-21-0x00000000049B0000-0x0000000004B67000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E418.exe

MD5 712758ce9ccbad00a538c6529c164919
SHA1 16167344fa42336c084df85f426a301cacc11a36
SHA256 8c977583aed4fa50619b5744b18eadfb396f63c82445f13e09a49e4223921c7a
SHA512 ef2f8f0f6acc3e219547cfe8b3fa43e8686923b104acadd18bbb71c6f259257549b0e346f91f8761229e06eeb892bf84915cd9f45816bb358e1e9dc6b332bae7

\Users\Admin\AppData\Local\Temp\E418.exe

MD5 9974fc4e3b723c5d2b4cfe9960cb678b
SHA1 5cda65bcec43aefce7709b1e40ef9049ddfff227
SHA256 5327df45ba7a55a68b4f5b0c38e19c68f66e1f6083646e91d5836ae7b7246668
SHA512 38671acec6ac7bbd7fc317c4449a4e574ebdeeb2a699fdeb4427782f83d50d59216de26afbf3cb5d2d71348395daeccdb804f763be88d4623752f3f3d8809335

memory/2652-18-0x00000000047F0000-0x00000000049A8000-memory.dmp

memory/2760-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2760-24-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E418.exe

MD5 b3ac8757b974c5499ea89c42f1e93deb
SHA1 c3a0fdf2204f783744d72cf42aa150f65a97e00d
SHA256 ffb8de4701a1fc68838f86f12c67073e40fe097fa8afd3939cffff7c3e40f1ee
SHA512 78069756499a41aaa945e103df4314a7993e1f98556c830fb23e28a6ebe2ac7c531896d35d0992292ff0e8baf7bffec9167970d9163caf72ccfc78491cd040fc

memory/2652-28-0x00000000047F0000-0x00000000049A8000-memory.dmp

memory/2760-27-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-30-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-29-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-31-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-32-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EC24.dll

MD5 b3e59d85c160b4c7ce9a05d6de1bfb7a
SHA1 f2019bb1a5698bc5d9321aae8286945f1b3128b3
SHA256 dfdb9a61d4dbe208da6b993ac7e56eabfdbb97f048dda69e8425fedfada0830a
SHA512 646c860931cd9d067f693c37968f2ef1009285f5c4025beb55653640f5b9397e8ce2dad93ba4b2ed0a7d4b1515c25818634e3b0a63fb53fdf3738ae8bf663da2

\Users\Admin\AppData\Local\Temp\EC24.dll

MD5 971bb96e9194e1053e94c995f47efb47
SHA1 ae57c0dfba58812fd3e24bb890c803c25635399d
SHA256 747eb7c409c8e819899a180c4d4cfe6f30c0b26b67a0a26261ec183299cf95b3
SHA512 c48e559a2280f5d7b29159b97eb61cd163e678692ffffd64b23d5c6d67806f43691686befa662eccabaa8ef4c8fbbc3adfc505545f4e400f5e8dd1a505e312aa

memory/2500-40-0x0000000010000000-0x000000001020C000-memory.dmp

memory/2500-42-0x0000000000170000-0x0000000000176000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 85d36231a44299485f30e170ecb3d19e
SHA1 796578ae405dffedd94d5122ff5c178f95c9927c
SHA256 2f52788933f7d946747a5b205bc621a261484b539ebf574e4eaf9cf14889d296
SHA512 0a6388a72f208946b326070f6e7318bf9c47991d060081aaa5e74309d55d608c3b58ebd80f37fb0ddbbc68cd19cbb03f133239b59ada611ca829474ab565cadd

memory/2500-51-0x00000000022C0000-0x00000000023FC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\244.exe

MD5 d2cd592a3c90aa4c973020c21700f0e9
SHA1 ea0c9ba5fcf67d4045ca5658185cad7bba1e410c
SHA256 1f77d3fd6589a33420afbaf0f8fc68e208b1aaf6c1d6dee8b65e0eee1d5e60c4
SHA512 2a3b1011f354ce10c11acd249bd70f9f6d05f3858db90c709c6dd99fc6babdcc8e07d9942362fa67a43604b93f04de6b35ac39dda62f9869a9f1eb9719b1b8d4

C:\Users\Admin\AppData\Local\Temp\244.exe

MD5 330019010e46796ff1d855feecf700a6
SHA1 d5b096bd51cfb5b248b2d654f94c809d93cdcbd4
SHA256 68316ed0bab8d3ef08d472e9b2b39f3c29bd1cc1655780420cda510094777c55
SHA512 c2cb5930fc82804d2f5175d50dab0bda646230f9aa82837ff52caaaa5f15716f3e7a78cbc42cc997401c155493e2729f2fe90ddc4580a87224ce8e73825f6466

memory/2500-57-0x0000000002400000-0x000000000251B000-memory.dmp

memory/2500-60-0x0000000002400000-0x000000000251B000-memory.dmp

memory/2500-61-0x0000000002400000-0x000000000251B000-memory.dmp

memory/2012-62-0x0000000000080000-0x0000000000081000-memory.dmp

memory/2012-64-0x0000000000080000-0x0000000000081000-memory.dmp

memory/2012-67-0x00000000008A0000-0x000000000114F000-memory.dmp

memory/2012-66-0x0000000000080000-0x0000000000081000-memory.dmp

memory/2012-68-0x00000000008A0000-0x000000000114F000-memory.dmp

memory/2012-69-0x0000000077030000-0x0000000077031000-memory.dmp

memory/2012-71-0x0000000000090000-0x0000000000091000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C91.exe

MD5 e6dd149f484e5dd78f545b026f4a1691
SHA1 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6
SHA256 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7
SHA512 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b

memory/2760-79-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2492-81-0x0000000002F20000-0x0000000003020000-memory.dmp

memory/2492-82-0x0000000000220000-0x000000000028B000-memory.dmp

\Users\Admin\AppData\Local\Temp\244.exe

MD5 201ebf2b81d8457a9bd6cb6f02f3f0a5
SHA1 e4b6e3dbc9166142b27364424328d155807ee305
SHA256 ed4492440f47a4f402c8a4e47c3528522dd7550f5af7fd53e73fdb18ac861355
SHA512 dcad01a370118ab00cf97ed5bc03f761684a720fd9da09aaf87c0ba46068d1324df0aaffc7a85f13fe28fa689ecbda483d2d089e2510551a0cd71d5c04a791bd

memory/2492-80-0x0000000000400000-0x0000000002D8C000-memory.dmp

\Users\Admin\AppData\Local\Temp\244.exe

MD5 41d5b06c81f3a4e2a8975ad6c8270891
SHA1 327272e103a727d01ac5fd5c2fc840fc00a2c9ab
SHA256 1970ace956806294a1a80c98a68a0aaca44a28df08bdb0e0c8cfbe84186ac816
SHA512 c19ebfda96e591ab9bfb4870a8fb8d4a37da11dee15a865154cfd7a3212b1c9aab273f488f7e0476ae2a64da84ea70a61a372acd177b20e2af512349863d5fcb

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 4c0de193e437002a87282f1d8977146c
SHA1 2ccc8278f04d47702f5af02be3dd00438045ae80
SHA256 619f49d4cbe581c604c2b3e03b4df809e63e7b12ac15da042c359fc37b3ccb7f
SHA512 26de597a5180c1100ee896780e063359e551fa807f34a0fd699345d6f72db065a2a76f2733b653712177c04e3d2cae91ce64b4459ccc0e1d81a723867d63388b

\Users\Admin\AppData\Local\Temp\244.exe

MD5 c2252694b562c9cc15e2b12ba09398b5
SHA1 320a0099bfef1edc1a287ca3f167ae39c09a41a7
SHA256 7ea67d1df7ac8e01182a9530b7055107f0aeff1d3eb1cbcbb25b6db0c8af7543
SHA512 7843965c450eb45af0d94e35f17c5b32de99e17cd05b8c71a696b18f1e1a66482f64feafdb3e1a09ca040df19cba5c5881003a73cf7678685a479d7ad632dc12

C:\Users\Admin\AppData\Local\Temp\2EF1.exe

MD5 9cf3206efc386bf4bafd9dc9301d9865
SHA1 bbdf888cc0d61c125c4e5eb81061b9ebc24d6238
SHA256 2b07697a0925cb913647b4f132db56d860f6f3991a556161b1cfe33da5272809
SHA512 f5c80249579bc52dc4d48dd4bd9298b9247b58e3df9e4910ec6ce7bc7c0c841883f15ad641794a3bebc346bfee22199f3119a4ad14e8d8885138e51363465572

C:\Users\Admin\AppData\Local\Temp\2EF1.exe

MD5 ec4792a87cd3cda4accae17be1a89691
SHA1 a39721f1acdb65b71b2d5812b2527d6300709b12
SHA256 a8eedac76acd56ff54106082d79700b4e7d3a6072da82cb6b4d4ec178edfcc8a
SHA512 eb8b2599cd3039a00f27d3e8ca46bb788f3e3e15c9c6afcec54ba7ccf731d5caa4c165e732db694cd727ac4e689dc510a02a8c10f355e07f0cb361f8c2fb9677

memory/2760-104-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2224-108-0x0000000000050000-0x0000000000906000-memory.dmp

memory/2492-105-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/2224-109-0x0000000072DE0000-0x00000000734CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 58a8fb2feaaa4ffefd1eb4e2564851cd
SHA1 68ed266ddddf5bbeb2b84a1dda64383cd67919b0
SHA256 f7d832b5fa9767003fc33e77dd7ab120d77af54fe2288ba30f0269c8d31d5794
SHA512 32590e3ecb35e468cef38c0a15bf771568b6e4ca524d59cdc794ff686c628638f5d2e1647b567bd79fadd730d8a8cc0d00daee8d8df4f7cf7cef610a36286f34

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 f60c00841f658ab4cc135468327236d0
SHA1 86434887c498f06d8aaa77089fd21036aba8c67d
SHA256 e8dca86e2cdb8655a76eafae2896bd989d10898b93081e9af9613c6ab9df926c
SHA512 de239632f75a000173eb3693aee8b3df687a3f80c88429a993c050d5514297aa35f4ef9880f06a4e9a5b36015817b1c6c54a15ba76c1aab31253fff46feb9def

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 a094434872c63b3b3c6f75b0598d3a23
SHA1 e1afecd6fc27bc1dda034438a6d6b5b6d6bc9bdc
SHA256 f567941f37c9a14b3970c7f58b6d96616c08aadc8df406d87144469b1228797b
SHA512 69c753d200ee8da3bbcae87af4c95158ff3f657d913d4f8e967b2b984337b934801d704374bfb76bb3c6d11972aa414be026267c88e6d7e42118f3081379a89c

\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 7aecc890db3a72f0718888e9e3cb0f75
SHA1 436faa81170ab7b512c81a55849e6d69b412916c
SHA256 5be784e24ba5370e7421df5e15f695fd1840d751a2b58a98c14633be3ade25ae
SHA512 d333f27dd720ca1b61580ab7f48667de3f348ee3b9e9d0d748955fe7db6e6f0d28ccbe091f70e9132010e7d4ccfc701ddd8d9996a591389f57df5757b4fce926

memory/2220-119-0x0000000002840000-0x0000000002C38000-memory.dmp

\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 17a2774e22d8df3fb108e8971475ac21
SHA1 196ce868a70e6b129e83fc1b9e39ee7c73ff5658
SHA256 bc7c42edd1b7b0d5b44c6ff099a48cddb0530ad955fb355b7a0e71d72b3afc01
SHA512 4f890541838de5480a995ab7df7560a56305237627a03fe7961fc68546cb2fbb7b254874084b25c7133309a95d739a5fc806dc916bcbe515504f17c3dbd6c4d0

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 d9bfd55a2da2ab8fa71efb38674f754b
SHA1 304146c751862ebbe3e0d48353f2d440d93f9ff3
SHA256 78478e69a6f70dffc880b9abb1dc9497013a9d89a332b64c2e90da3db9f81c7e
SHA512 c77a415a518864018924f3b7591b50a040d9c649f5a7d1e1b55a261e97557b463721dec31ce1f63dd77dd5e8c2889b5fe71ebb5c1b3d79275db88b42118e802e

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 9f7709424489a28ebb0606d94be1cdeb
SHA1 51e357504b4b95c28103f84fc43761dd395dbc99
SHA256 b7e8195a93ea3e1332252f47789dbc2b0cdf960416114f619b1e0fd219dae3b6
SHA512 6cce3aa923334e23fcb6e89751bc1ac4e9e2456d272e8ab93cc4f4d90754f2b782abfe49495b6dc34182fc43fb826543e77c829ac603f45eda14383633802606

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 bfafb26a98bd95c23e08531e154ec21e
SHA1 31f59bf7d68d9db8ec20819a27cdd85786d861b9
SHA256 8675f19a966a74d97d2d83b1f4de574d080a9df8567f6c6e1e2fc7d6d7f18e46
SHA512 137c995a7010bf2f174b36ad6f9109a7de17e6a6659c1373161ef8eebabe90ae313cc55e3ba38e7757cfa95452fe9a655f5fcf5facf54003c471d23e64ea851d

memory/2224-134-0x0000000072DE0000-0x00000000734CE000-memory.dmp

\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 a66da81b9c8c59e49f33cf0ffa48b4f3
SHA1 9988e9dc5aa5e4a02d8e4647f5ddda2d2f9335c9
SHA256 0764696406742a626427219ecf03dc7990cbceb890f0418e6340441ee3e4e4ab
SHA512 869b60f52b01798e17d72f9d7add8ea2770e75489d5eee615970f4bb2119645e921dc1edc05d3d46a135949d47e7c8442698ea73573ce372592bc7bb2bd6ad59

\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 4092a93261f7284dd62d3cbdb10e3ab6
SHA1 5d0d0e08c58709539e2cb15822a0b761a16665fb
SHA256 b9fdcadd021fbb3e67b1b3e18139f8e5dadd47a2beaefa7ecd378f76fda50d17
SHA512 2d2ef23139cdeb791a92d71195a3c753a859321753cca4ccb740dd00a970aad6b46fcd55a49a0727db3b2d9a872f4d8709c3184324e72e02db64ac5aa5d07c08

C:\Users\Admin\AppData\Local\Temp\47EE.exe

MD5 c750664b7a6658499b68c06406b36124
SHA1 5ee06a91564fd1385ce13d4b338e66d1490d36b8
SHA256 30a95b6d85f67b013db093826e778c1fdef75c40030b75a2628d7c184c6146d0
SHA512 655d72dad96e6833250794d4c9e2f9e303eb74272594ef5482b63d39a3d22ccc2d256f8e40f9c1a0986c441adfe01c0aeead839a48aa0e84b47c3613407239c2

memory/2292-139-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2292-142-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\47EE.exe

MD5 bb08eb6092e0c409e30de9369ef7df07
SHA1 8ab637635145cfc9e54c2051503912f6dfe67b92
SHA256 2417e82220dd49dcb2bad732988f4d3f6cee72dd19938c6a1a0e7a7d1e473701
SHA512 9e728f8f61e82bb547824d3eba6c5cd9dd57ef0f2d1ae9f11fd445e609e5e5ab0c4fb9c76e63175416fea565b9cd919536570e7132084c52bc9ba4ca8ff316be

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 6bd5caec0f074c37417a9e6d62bdf0cd
SHA1 0e1272ecdec1a2244a8e94536c0affde6fefc771
SHA256 1e5af307f0668e0def8c7aad005a689e80826284269ba41e37114c0591bd759f
SHA512 899ec1fec57708d08317d906feb1118a5890c4dcb5241073000b770d626379250d99aab687bf39e49a224900b2de9e5429c939325ddff18c39db6ab8aebfcb1b

\Users\Admin\AppData\Local\Temp\is-5SRTD.tmp\47EE.tmp

MD5 f9331a5ee52e9205578b639c0d1d4d92
SHA1 951c6511e05cea4e21fcc1e13f492bd33718199e
SHA256 cc901b11b4a83cca3abe4b0c756e19993f30b45277d3936e8345277fe8d29b05
SHA512 6b59c01df1f169dd5a822de2bfa4771c85aec7670f874df6ff4d8831cf827bf6bbab3bba295f94a03e990c5ec47e227efc8245394f3483a45af3ceabb2bf31ce

C:\Users\Admin\AppData\Local\Temp\is-5SRTD.tmp\47EE.tmp

MD5 733240cd52ddc7e25ac98178d72daaef
SHA1 01f8158d645e4034c9ff2f1aaba92bf75782d8e7
SHA256 badd6e1194894a7280a8e4aa51f9a04f04cfb2081614da78293d2870a5ae7e0f
SHA512 861a596746eddf4de1a8a9c42956a0c52695a65a4079583d40787b8eb0ba5d5cc09e2b7e3788ec4cb5f18ae6d6498e8b9bfd6381bd7bb46242edec33f87715cf

\Users\Admin\AppData\Local\Temp\is-56P5C.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

\Users\Admin\AppData\Local\Temp\is-56P5C.tmp\_isetup\_isdecmp.dll

MD5 53e91ee215f171e5337de9eadf2b7918
SHA1 e67d6bb06741306f964bdf21cb0426915e866488
SHA256 b765ef42a83ab9ec273f6a6aada2f5ab995ccbce40e7757fab35d77133da00a7
SHA512 fe24ad561525254de67cc62dd5e328242cd4cd1bbf943ac14736a5933974b153e413eca3d352af3eea8a8e3afc7dbc20795177e5d286f994e85bb8f594a3dae8

memory/2760-158-0x0000000000400000-0x0000000000848000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-56P5C.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

MD5 b14280d245d2947c069fce8fb15951c4
SHA1 774247444da64e0e16be7fff3b8930a463cd158e
SHA256 8f7249b7d9b5d55d5bff7b473dfa3164419542aa6052b0a9eef475663c6ffcdc
SHA512 1d8e831ea1c9d5a3d928266fff6153f593e9c9ef2ce60b4cbdea83f07f09c3591c4c04a557cc221e2b0da37fc7822277d9b57a86150420793982bbf8af8bac36

\Users\Admin\AppData\Local\Temp\nso4EBD.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

\Users\Admin\AppData\Local\Temp\BroomSetup.exe

MD5 c3f62bfe8af6ff28accd8fa580372351
SHA1 6c8bd8645734c769592ba5703783877a9a21da68
SHA256 3430dcc229abd0112c6ccc461236c8df9fec9e539204e8e7c924f4d67057bfd2
SHA512 278800e9b9718d9c64f906f6c8dc78b1e868a8287974df4169339b0a7246102725e3e62129b2da250ab9a74403deb4e8652c5f1f239c83c45bde90a022ce824f

\??\c:\users\admin\appdata\local\temp\is-5srtd.tmp\47ee.tmp

MD5 17a8697f12a3c6196f9af529950bda6a
SHA1 95ffe3ac2e052da21827e107ce49d5a09b9f7b34
SHA256 c28497147101366a323a5c0040823d9fdd7905b7d190bc645d31b6e2b3d741c5
SHA512 0befe7903b827a78eb7297d560db27c6cad0324203e8a29fc91cd1cb7ead2f903ccb00caa21a8c28abf820f21334f9f56cb439bcb9dc247c08cea6119a3d1b74

memory/2220-190-0x0000000002C40000-0x000000000352B000-memory.dmp

memory/1936-182-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2056-212-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2760-211-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2220-210-0x0000000002840000-0x0000000002C38000-memory.dmp

memory/2220-202-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

MD5 1f2c11b537a45913645d514da31f0c0c
SHA1 3a2037fa804f8b3eb0b4e9c0821e3d31bcd37cc6
SHA256 a45c5215219f0adfc62ee1399e723573dab2ec01a47a50f14ddc2f4fde41b32d
SHA512 52c63c2b5ada9dc17a2b810b9b24c0528e9a9cea06970541eb5340c63f32297b9783170aba8f22a5bec9d38f48cec0a82ec6dc952c36774d237078b9644dce4c

\Users\Admin\AppData\Local\Trafaret\trafaret.exe

MD5 781bda2299c9d68c3d5770f93b1a56ac
SHA1 18df5ad9885b19c53eef1357032adeb6e3ae88d1
SHA256 ac99a912196d23daacb12b53256242c9bb67f8eaa2360927ec9abe33b4247bd0
SHA512 18514d991523ad2f78fd0300c62bed5914a1b66c9fcfae4d3594495a31302e40723b5859637ca274e8a11df69f8a6ac7b4ff9515801424a13b5c7ac8f3026213

C:\Users\Admin\AppData\Local\Temp\5316.exe

MD5 c51f272106049c638ffa8708e97e4c4a
SHA1 d239c735820c2a152ecbb6679e552cc5bdb91cec
SHA256 76b30a6beb5079d0812c2c7a2dda643e86ab4ee37e0f848860e7afd9790af078
SHA512 fbe3072c8473f21be7ce18aeef0e4bc44a48bd97c9dc152446981f091127b4613a826196e5d8082d1014de77c9bcbf9d63c3c399fd743d6e4f5f355eacee7829

memory/1936-226-0x0000000003110000-0x00000000034A0000-memory.dmp

memory/860-227-0x0000000000400000-0x0000000000790000-memory.dmp

memory/1248-228-0x0000000002F30000-0x0000000003030000-memory.dmp

memory/1248-225-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/2760-229-0x0000000000400000-0x0000000000848000-memory.dmp

memory/860-231-0x0000000000400000-0x0000000000790000-memory.dmp

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

MD5 403de70b51a03b8363e8dbe9459eae2a
SHA1 83b9c272145e096429373db17ab1bd37dea6d764
SHA256 8b40f0341d6b0e2f23098bc32dad496d098cf0abccd7d277d7fd8c73cb49f7ea
SHA512 3968bed947980cce156782bab8e25c20a6547dac5b8b0204b571de3a3c6f371ecb2885214271c28cfa5ef9908e1acab6b035dc38eac7ebdabacd9167d619a44a

memory/2220-234-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/2012-243-0x00000000008A0000-0x000000000114F000-memory.dmp

memory/860-237-0x0000000000400000-0x0000000000790000-memory.dmp

memory/2348-244-0x0000000000400000-0x0000000000790000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nso4EBD.tmp\INetC.dll

MD5 2e579ef6ca2fe04d4283d5b2e1d201c0
SHA1 0e0c07cc093f6b1d60f861ba78693f89cd094627
SHA256 dddbc66c62134a34cad8f1f9a7423028b1584abed75ce7cf9c6daa14e44275e2
SHA512 65c2252a581bd71ffe4c4b1936a70534710b188a9196eb5e94e63d46b4d13535335d6ad4ce42961cdab4cdd7dd97ef8aba4cb2ede78e9e860a86e7ca2502cc25

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

MD5 1b42a4448d8733883d708facbe343f52
SHA1 71486672bd1430f99f7405d9f24b7ef9270cec96
SHA256 0b644356da13f4ce30ee128e84d06f30853704f26738c8b82f86ac877d4d3ee1
SHA512 ca82e29ded512c3cd49a930986549538d759d869a9435afb82a0a473fe964d4b8b7ecb22350be222fe1ef99878873580d4f206ca833eae8a85f3aae2e5516507

C:\Users\Admin\AppData\Local\Temp\nsj6AA7.tmp

MD5 593c6bba2414d94e5e05d505074793dc
SHA1 1315c0ffbecf2e1eea0f5ac63adce7cc403ea9e8
SHA256 44a0af487346e24e3a06361a917a81ec151ddb8b7a1c558294cfc283a35ce4ec
SHA512 6e9d0191723db1caf54f50d1ba249079f74c0b8cdb745fefb283a248279375248c6ddc27f70b1887678c5e5e22fc9a58cec1a613e758b3a96d2c72a5b7da5257

memory/2940-255-0x0000000002F10000-0x0000000003010000-memory.dmp

memory/2940-256-0x0000000000220000-0x0000000000254000-memory.dmp

memory/2292-257-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2760-258-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-259-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-260-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-261-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-268-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2940-267-0x0000000000400000-0x0000000002D41000-memory.dmp

memory/1936-270-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/2760-271-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2056-272-0x0000000000400000-0x00000000008E2000-memory.dmp

memory/2760-274-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-278-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-280-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-282-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-279-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-283-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-281-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-285-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-275-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-277-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-273-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2760-266-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1248-473-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/1624-783-0x000000001B090000-0x000000001B372000-memory.dmp

memory/1624-1068-0x0000000002790000-0x0000000002798000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 03818a56b65eefdf91d7f244e82929cc
SHA1 f85f55235112944dff1d220cb9d1a8dd2e21685e
SHA256 3f0f740114cbf99aaca71047a398e6aeabefee5e7c3e58cefb0a25dfc817548e
SHA512 f60f60efb27c9bd1df230e562971b970cad7e6e1c0ee331059962ef44297487715ea07a0fe60a2ded3a4295c90babb37d1cf2dff77be53f25a8310a340beb33b

\ProgramData\mozglue.dll

MD5 d56637ea2ca40bc8b22303c9f274cd91
SHA1 c729b37a70880edae19c9cbfc37d6abc54d8dae9
SHA256 0d3f8ec284e987e994a99f7929aa65842cf17d2f88deff7358fa5cd90ff51de1
SHA512 c6ce71956e40f75b70f2bd74a063d4ba3cb7384d50fc01d06c6a1e969d53b0044257262c683f931ee5e43e5f9062e9ffdd1aca46eb1f8be75cb2c39d843bcbe3

\ProgramData\nss3.dll

MD5 8f2318356b5eb6ba97f7a117f1a4562f
SHA1 be2464cb96b2b83341c9d9fef7393593a0fa6ec5
SHA256 28a5a93b18df96fc42f56176e1363f187e75580a5f197b681c4f71f5e92b10ed
SHA512 a0015f0e1d12d073c98090a9b3d678ad9d8f04872475cf32ed84b163022206391b295c1bb16ff7e85d5bfaae330a19a797dc0aede5bbb2c18185aca65bd721a9

\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 cf71d723e6a3a2abdb69313657a0862f
SHA1 9fae6ddc3f0a9e3c874a278435946d83f3f9ab1c
SHA256 ed443d39cd06137b2b8c8a54057b8a855a84960f41c4bb53ed81028293dfe125
SHA512 b140ee2a326a7727c80b3c817f266a6f3299102d113cdecf674f70613e90f83b4466fec1b91a3639cc5722e6d5b6c3baabe46d8dabc330c881a5732b32d36d6e

\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 d36d5fcf6f7e6c67304fed7123a7f816
SHA1 e8fd7e15c0e589532c8c2f908f68db1c39b326c5
SHA256 1a50d506c0ff940abf59a98a627d7be435a0cdd2f5beb9271a3c5a362ed76657
SHA512 39927f760d26def097777f2db9f4267ea226f5c36ad96073572be241293975ccaade37b7d491b4894b748fcc2827a5e1152dfb7bef33eec9bc6b992ae00a02fa

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 5ca7fc407124217ed4ac456d5369e951
SHA1 5defeaea509bafe38005a9232d94282b59525ef3
SHA256 dff322ad2a276c1108b45e701c5af4f94a664fb25b72e95b3b29b60bd034a120
SHA512 dacc7e70b13b59f4dc7d47f2b254c510d6603f1c3cb59213569cc267057beb2a8952dc5fd1fda2fe3747d94144c1526c85c454af9e7a6e47a0c41f40cbd5f572

memory/2940-1355-0x0000000000400000-0x0000000002D41000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-24 23:36

Reported

2024-02-24 23:38

Platform

win10v2004-20240221-en

Max time kernel

40s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

Creates new service(s)

persistence

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\298C.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 536 set thread context of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3444 wrote to memory of 536 N/A N/A C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 3444 wrote to memory of 536 N/A N/A C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 3444 wrote to memory of 536 N/A N/A C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 536 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\298C.exe C:\Users\Admin\AppData\Local\Temp\298C.exe
PID 3444 wrote to memory of 740 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3444 wrote to memory of 740 N/A N/A C:\Windows\system32\regsvr32.exe
PID 740 wrote to memory of 1716 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 740 wrote to memory of 1716 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 740 wrote to memory of 1716 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3444 wrote to memory of 3976 N/A N/A C:\Users\Admin\AppData\Local\Temp\44D6.exe
PID 3444 wrote to memory of 3976 N/A N/A C:\Users\Admin\AppData\Local\Temp\44D6.exe
PID 3444 wrote to memory of 3976 N/A N/A C:\Users\Admin\AppData\Local\Temp\44D6.exe
PID 3444 wrote to memory of 3116 N/A N/A C:\Users\Admin\AppData\Local\Temp\499A.exe
PID 3444 wrote to memory of 3116 N/A N/A C:\Users\Admin\AppData\Local\Temp\499A.exe
PID 3444 wrote to memory of 3116 N/A N/A C:\Users\Admin\AppData\Local\Temp\499A.exe
PID 3444 wrote to memory of 2016 N/A N/A C:\Users\Admin\AppData\Local\Temp\60CC.exe
PID 3444 wrote to memory of 2016 N/A N/A C:\Users\Admin\AppData\Local\Temp\60CC.exe
PID 3444 wrote to memory of 2016 N/A N/A C:\Users\Admin\AppData\Local\Temp\60CC.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe

"C:\Users\Admin\AppData\Local\Temp\5212ecaf2c3880d92f371356d84105be.exe"

C:\Users\Admin\AppData\Local\Temp\298C.exe

C:\Users\Admin\AppData\Local\Temp\298C.exe

C:\Users\Admin\AppData\Local\Temp\298C.exe

C:\Users\Admin\AppData\Local\Temp\298C.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2F49.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\2F49.dll

C:\Users\Admin\AppData\Local\Temp\44D6.exe

C:\Users\Admin\AppData\Local\Temp\44D6.exe

C:\Users\Admin\AppData\Local\Temp\499A.exe

C:\Users\Admin\AppData\Local\Temp\499A.exe

C:\Users\Admin\AppData\Local\Temp\60CC.exe

C:\Users\Admin\AppData\Local\Temp\60CC.exe

C:\Users\Admin\AppData\Local\Temp\6AEF.exe

C:\Users\Admin\AppData\Local\Temp\6AEF.exe

C:\Users\Admin\AppData\Local\Temp\7437.exe

C:\Users\Admin\AppData\Local\Temp\7437.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\78BC.exe

C:\Users\Admin\AppData\Local\Temp\78BC.exe

C:\Users\Admin\AppData\Local\Temp\is-6OF4O.tmp\7437.tmp

"C:\Users\Admin\AppData\Local\Temp\is-6OF4O.tmp\7437.tmp" /SL5="$8021A,4323177,54272,C:\Users\Admin\AppData\Local\Temp\7437.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

"C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe" -i

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

"C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe" -s

C:\Users\Admin\AppData\Local\Temp\nswA100.tmp

C:\Users\Admin\AppData\Local\Temp\nswA100.tmp

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2868 -ip 2868

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3992 -ip 3992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 2312

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "UTIXDCVF"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "UTIXDCVF"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 172.67.217.100:443 resergvearyinitiani.shop tcp
US 8.8.8.8:53 100.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 trmpc.com udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
BA 109.175.29.39:80 trmpc.com tcp
US 8.8.8.8:53 detectordiscusser.shop udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 en.bestsup.su udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 172.67.171.112:80 en.bestsup.su tcp
US 8.8.8.8:53 39.29.175.109.in-addr.arpa udp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 112.171.67.172.in-addr.arpa udp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
US 85.209.157.3:443 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
FI 95.216.118.16:4223 tcp
DE 188.195.109.45:9001 tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
AT 5.42.64.33:80 5.42.64.33 tcp
FR 178.20.55.18:443 tcp
US 128.31.0.39:9101 tcp
US 8.8.8.8:53 33.64.42.5.in-addr.arpa udp
PL 54.37.138.104:443 tcp
DE 131.188.40.189:443 tcp
US 8.8.8.8:53 189.40.188.131.in-addr.arpa udp
GB 109.73.65.37:9001 tcp
US 15.204.245.166:9000 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
KR 210.182.29.70:80 tcp
US 8.8.8.8:53 70.29.182.210.in-addr.arpa udp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
US 8.8.8.8:53 xmr-eu2.nanopool.org udp
PL 51.68.137.186:14433 xmr-eu2.nanopool.org tcp
US 8.8.8.8:53 pastebin.com udp
US 104.20.67.143:443 pastebin.com tcp
GB 109.73.65.37:9001 tcp
KR 210.182.29.70:80 kamsmad.com tcp
US 8.8.8.8:53 143.67.20.104.in-addr.arpa udp
US 8.8.8.8:53 186.137.68.51.in-addr.arpa udp
US 15.204.245.166:9000 tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
KR 210.182.29.70:80 kamsmad.com tcp
US 8.8.8.8:53 prima49.com udp
US 8.8.8.8:53 seosoap.com udp
US 8.8.8.8:53 snapven.com udp
US 8.8.8.8:53 www.umehita.com udp
US 8.8.8.8:53 titaves.com.ar udp
US 198.143.128.25:443 seosoap.com tcp
US 8.8.8.8:53 webisuc.com udp
TH 27.254.86.99:443 prima49.com tcp
US 8.8.8.8:53 widezik.com udp
FI 65.108.75.199:443 snapven.com tcp
US 8.8.8.8:53 xiata4d.com udp
DE 46.4.205.207:443 webisuc.com tcp
US 8.8.8.8:53 247wnews.com udp
SG 167.99.72.234:443 widezik.com tcp
US 8.8.8.8:53 ajk-news.com udp
SG 103.145.227.154:443 www.umehita.com tcp
US 162.0.235.109:443 xiata4d.com tcp
US 198.54.114.219:443 247wnews.com tcp
US 8.8.8.8:53 bepriend.com udp
US 198.54.116.50:443 ajk-news.com tcp
US 8.8.8.8:53 blvyapim.com udp
US 8.8.8.8:53 before54.com udp
AR 200.58.112.49:443 titaves.com.ar tcp
US 8.8.8.8:53 bmcpsych.com udp
US 8.8.8.8:53 calalena.com udp
US 8.8.8.8:53 199.75.108.65.in-addr.arpa udp
US 8.8.8.8:53 99.86.254.27.in-addr.arpa udp
US 8.8.8.8:53 207.205.4.46.in-addr.arpa udp
US 8.8.8.8:53 234.72.99.167.in-addr.arpa udp
US 8.8.8.8:53 109.235.0.162.in-addr.arpa udp
US 8.8.8.8:53 154.227.145.103.in-addr.arpa udp
US 8.8.8.8:53 25.128.143.198.in-addr.arpa udp
US 8.8.8.8:53 219.114.54.198.in-addr.arpa udp
US 8.8.8.8:53 www.cardifsa.com udp
TR 176.53.74.78:443 blvyapim.com tcp
KR 183.111.183.119:80 bepriend.com tcp
US 3.138.210.196:443 before54.com tcp
US 8.8.8.8:53 casakalo.com udp
US 8.8.8.8:53 chidoway.com udp
US 8.8.8.8:53 www.cpofenix.com udp
US 8.8.8.8:53 cup-info.com udp
US 8.8.8.8:53 or-cursus.com udp
US 8.8.8.8:53 danglane.com udp
ES 185.37.231.123:443 bmcpsych.com tcp
DE 81.169.145.160:80 calalena.com tcp
US 8.8.8.8:53 hoya-123.com udp
US 8.8.8.8:53 grapixus.com udp
US 8.8.8.8:53 50.116.54.198.in-addr.arpa udp
US 8.8.8.8:53 49.112.58.200.in-addr.arpa udp
US 8.8.8.8:53 hoya-456.com udp
DE 5.9.138.152:443 www.cpofenix.com tcp
US 8.8.8.8:53 dejabook.com udp
SE 46.16.236.10:443 casakalo.com tcp
US 8.8.8.8:53 hugokine.com udp
US 8.8.8.8:53 iandlove.com udp
US 104.21.20.80:443 hoya-123.com tcp
US 67.223.118.145:443 danglane.com tcp
DE 193.141.3.70:443 or-cursus.com tcp
US 8.8.8.8:53 ideadive.com udp
US 8.8.8.8:53 idenpack.com udp
FR 94.23.81.153:443 cup-info.com tcp
US 172.67.216.148:443 hoya-456.com tcp
US 8.8.8.8:53 illoillu.com udp
US 8.8.8.8:53 incomeof.com udp
FI 95.217.145.143:443 grapixus.com tcp
US 68.66.224.36:443 dejabook.com tcp
US 8.8.8.8:53 78.74.53.176.in-addr.arpa udp
US 8.8.8.8:53 196.210.138.3.in-addr.arpa udp
US 8.8.8.8:53 119.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 160.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 123.231.37.185.in-addr.arpa udp
US 8.8.8.8:53 indivery.com udp
US 8.8.8.8:53 isgpaket.com udp
US 8.8.8.8:53 itil4pro.com udp
FR 54.36.91.62:80 hugokine.com tcp
US 67.223.118.103:443 iandlove.com tcp
US 8.8.8.8:53 itinshop.com udp
US 86.38.202.88:443 ideadive.com tcp
US 147.182.207.18:443 illoillu.com tcp
US 162.241.61.204:443 idenpack.com tcp
US 8.8.8.8:53 itiourne.com udp
NL 213.249.67.35:443 incomeof.com tcp
US 8.8.8.8:53 152.138.9.5.in-addr.arpa udp
US 8.8.8.8:53 10.236.16.46.in-addr.arpa udp
US 8.8.8.8:53 80.20.21.104.in-addr.arpa udp
US 8.8.8.8:53 70.3.141.193.in-addr.arpa udp
US 8.8.8.8:53 153.81.23.94.in-addr.arpa udp
US 8.8.8.8:53 148.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 145.118.223.67.in-addr.arpa udp
US 8.8.8.8:53 143.145.217.95.in-addr.arpa udp
US 8.8.8.8:53 36.224.66.68.in-addr.arpa udp
US 8.8.8.8:53 jajajani.com udp
US 172.67.183.126:443 indivery.com tcp
US 8.8.8.8:53 jagariya.com udp
US 8.8.8.8:53 janemaju.com udp
US 172.67.221.64:443 isgpaket.com tcp
US 8.8.8.8:53 jarsofic.com udp
US 8.8.8.8:53 jasaskck.com udp
US 8.8.8.8:53 jcmbazar.com udp
US 8.8.8.8:53 jecursos.com udp
US 8.8.8.8:53 web.istx.edu.ec udp
US 8.8.8.8:53 62.91.36.54.in-addr.arpa udp
US 8.8.8.8:53 103.118.223.67.in-addr.arpa udp
US 8.8.8.8:53 88.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 204.61.241.162.in-addr.arpa udp
US 8.8.8.8:53 18.207.182.147.in-addr.arpa udp
US 8.8.8.8:53 35.67.249.213.in-addr.arpa udp
US 8.8.8.8:53 126.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 jkoreatc.com udp
US 8.8.8.8:53 johorcup.com udp
US 185.212.71.162:443 jajajani.com tcp
DE 3.65.227.185:443 itiourne.com tcp
FR 54.36.91.62:443 hugokine.com tcp
IN 195.35.44.187:443 jagariya.com tcp
KR 183.111.183.119:443 bepriend.com tcp
NL 164.92.148.197:80 jarsofic.com tcp
US 8.8.8.8:53 jojo-gpt.com udp
US 8.8.8.8:53 joypay88.com udp
US 8.8.8.8:53 jtkeycap.com udp
US 8.8.8.8:53 juneepic.com udp
US 8.8.8.8:53 kaylakva.com udp
US 74.91.26.114:443 itinshop.com tcp
US 8.8.8.8:53 kaynaija.com udp
DE 46.4.205.207:443 web.istx.edu.ec tcp
SG 83.136.216.73:443 janemaju.com tcp
SG 18.136.14.152:443 johorcup.com tcp
US 8.8.8.8:53 64.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 kdkinney.com udp
US 8.8.8.8:53 kevilall.com udp
ID 103.160.37.195:443 jasaskck.com tcp
US 108.167.151.39:443 jecursos.com tcp
KR 183.111.183.81:80 jkoreatc.com tcp
US 3.33.130.190:443 joypay88.com tcp
US 195.35.32.12:443 jcmbazar.com tcp
US 172.67.186.68:443 jtkeycap.com tcp
US 8.8.8.8:53 kleverty.com udp
US 185.212.71.176:443 kaynaija.com tcp
US 8.8.8.8:53 klik2app.com udp
US 162.144.13.173:443 kaylakva.com tcp
US 104.21.44.76:443 jojo-gpt.com tcp
US 8.8.8.8:53 komikass.com udp
SG 194.163.35.83:443 juneepic.com tcp
US 159.223.199.94:443 kdkinney.com tcp
US 8.8.8.8:53 162.71.212.185.in-addr.arpa udp
US 8.8.8.8:53 187.44.35.195.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 68.186.67.172.in-addr.arpa udp
US 8.8.8.8:53 39.151.167.108.in-addr.arpa udp
US 8.8.8.8:53 73.216.136.83.in-addr.arpa udp
US 45.32.75.239:443 kevilall.com tcp
US 8.8.8.8:53 kreotica.com udp
US 8.8.8.8:53 kuikbook.com udp
US 8.8.8.8:53 laalbook.com udp
DE 157.90.213.242:443 klik2app.com tcp
US 104.21.44.29:443 komikass.com tcp
US 8.8.8.8:53 lajvaard.com udp
US 8.8.8.8:53 landexma.com udp
US 8.8.8.8:53 laspoint.com udp
US 8.8.8.8:53 lawdaisy.com udp
US 8.8.8.8:53 lemendys.com udp
US 8.8.8.8:53 liizefii.com udp
US 8.8.8.8:53 lipstiko.com udp
US 8.8.8.8:53 koning19.com udp
US 8.8.8.8:53 12.32.35.195.in-addr.arpa udp
US 8.8.8.8:53 152.14.136.18.in-addr.arpa udp
US 8.8.8.8:53 76.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 176.71.212.185.in-addr.arpa udp
US 8.8.8.8:53 195.37.160.103.in-addr.arpa udp
US 8.8.8.8:53 81.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 173.13.144.162.in-addr.arpa udp
US 8.8.8.8:53 83.35.163.194.in-addr.arpa udp
US 8.8.8.8:53 94.199.223.159.in-addr.arpa udp
US 8.8.8.8:53 239.75.32.45.in-addr.arpa udp
US 172.67.210.138:443 lajvaard.com tcp
US 104.21.47.147:443 laalbook.com tcp
FR 185.98.131.147:443 kreotica.com tcp
US 66.235.200.147:443 kleverty.com tcp
US 8.8.8.8:53 lisarass.com udp
US 8.8.8.8:53 live7mvn.com udp
US 8.8.8.8:53 loeionly.com udp
US 8.8.8.8:53 loginsbo.com udp
US 8.8.8.8:53 nat-kapseln.de udp
US 8.8.8.8:53 lmentari.com udp
US 8.8.8.8:53 love2060.com udp
US 8.8.8.8:53 luftcode.com udp
KR 158.247.250.83:443 lawdaisy.com tcp
GB 165.232.40.159:443 jisoolog.com tcp
US 165.140.70.86:443 landexma.com tcp
US 8.8.8.8:53 29.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 242.213.90.157.in-addr.arpa udp
US 8.8.8.8:53 138.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 147.47.21.104.in-addr.arpa udp
DE 217.160.0.135:443 lemendys.com tcp
US 8.8.8.8:53 mandubus.com udp
US 8.8.8.8:53 mangadio.com udp
NL 160.153.131.188:443 laspoint.com tcp
US 86.38.202.30:443 liizefii.com tcp
US 172.67.149.246:80 lipstiko.com tcp
DE 81.169.145.90:443 koning19.com tcp
US 8.8.8.8:53 in.laalbook.com udp
US 8.8.8.8:53 marinoha.com udp
US 8.8.8.8:53 m-anysex.com udp
US 8.8.8.8:53 mbbsonly.com udp
US 8.8.8.8:53 www.m2salons.com udp
US 8.8.8.8:53 www.johorcup.com udp
US 172.67.182.132:443 live7mvn.com tcp
US 8.8.8.8:53 mcpsauda.com udp
US 8.8.8.8:53 mdcoxsbd.com udp
US 8.8.8.8:53 mehedi99.com udp
US 192.185.131.119:443 lmentari.com tcp
US 152.70.155.192:443 loeionly.com tcp
IN 128.199.19.239:443 loginsbo.com tcp
DE 81.169.145.88:443 nat-kapseln.de tcp
US 191.101.13.223:443 luftcode.com tcp
DE 161.97.82.103:443 kuikbook.com tcp
US 8.8.8.8:53 mirasabo.com udp
US 8.8.8.8:53 147.131.98.185.in-addr.arpa udp
US 8.8.8.8:53 147.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 mitikasi.com udp
US 8.8.8.8:53 miwakpon.com udp
HK 47.243.185.189:443 love2060.com tcp
US 89.117.9.62:443 mangadio.com tcp
SG 188.166.180.198:443 mandubus.com tcp
US 172.67.190.107:443 m-anysex.com tcp
SG 18.136.14.152:443 www.johorcup.com tcp
US 8.8.8.8:53 modround.com udp
US 8.8.8.8:53 mr-shaun.com udp
JP 183.90.182.153:443 marinoha.com tcp
IN 89.117.188.124:443 mcpsauda.com tcp
DE 168.119.5.246:443 mehedi99.com tcp
DE 116.203.210.186:443 mirasabo.com tcp
US 104.21.47.147:443 in.laalbook.com tcp
US 8.8.8.8:53 myharuhi.com udp
US 149.100.151.89:443 mitikasi.com tcp
US 8.8.8.8:53 86.70.140.165.in-addr.arpa udp
US 8.8.8.8:53 135.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 246.149.67.172.in-addr.arpa udp
US 8.8.8.8:53 90.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 132.182.67.172.in-addr.arpa udp
US 8.8.8.8:53 30.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 159.40.232.165.in-addr.arpa udp
US 8.8.8.8:53 88.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 83.250.247.158.in-addr.arpa udp
US 8.8.8.8:53 103.82.97.161.in-addr.arpa udp
US 8.8.8.8:53 119.131.185.192.in-addr.arpa udp
US 8.8.8.8:53 192.155.70.152.in-addr.arpa udp
US 8.8.8.8:53 223.13.101.191.in-addr.arpa udp
US 8.8.8.8:53 239.19.199.128.in-addr.arpa udp
FR 109.234.165.102:443 miwakpon.com tcp
US 162.241.85.65:443 www.m2salons.com tcp
US 8.8.8.8:53 nandinij.com udp
US 172.67.149.246:443 lipstiko.com tcp
US 63.250.38.73:443 mdcoxsbd.com tcp
US 8.8.8.8:53 napolivr.com udp
US 8.8.8.8:53 mostala7.com udp
US 8.8.8.8:53 nasarsan.com udp
US 8.8.8.8:53 ncta2023.com udp
US 8.8.8.8:53 needaedu.com udp
US 8.8.8.8:53 neybooks.com udp
US 8.8.8.8:53 busybuyingltd.com udp
US 45.40.155.32:443 myharuhi.com tcp
US 8.8.8.8:53 189.185.243.47.in-addr.arpa udp
US 8.8.8.8:53 62.9.117.89.in-addr.arpa udp
US 8.8.8.8:53 107.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.180.166.188.in-addr.arpa udp
US 8.8.8.8:53 246.5.119.168.in-addr.arpa udp
US 8.8.8.8:53 186.210.203.116.in-addr.arpa udp
US 8.8.8.8:53 102.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 124.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 89.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 consciousvybz.com udp
US 8.8.8.8:53 eltashiranews.com udp
IN 172.105.56.46:443 mostala7.com tcp
IN 89.117.188.29:443 modround.com tcp
IN 103.104.74.204:443 mnrlands.com tcp
US 86.38.202.43:443 nasarsan.com tcp
KR 141.164.56.166:443 mr-shaun.com tcp
VN 61.14.233.171:443 napolivr.com tcp
US 8.8.8.8:53 eventlivelink.com udp
US 8.8.8.8:53 ecomexcellent.com udp
IN 89.117.188.82:443 nandinij.com tcp
US 8.8.8.8:53 prevencionutpl.com udp
US 65.99.225.119:443 neybooks.com tcp
US 8.8.8.8:53 provincenotary.com udp
US 63.250.38.130:443 consciousvybz.com tcp
US 8.8.8.8:53 quietsolitudes.com udp
US 8.8.8.8:53 vegasmaltipoos.com udp
US 8.8.8.8:53 indalipictures.com udp
US 8.8.8.8:53 153.182.90.183.in-addr.arpa udp
US 8.8.8.8:53 65.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 73.38.250.63.in-addr.arpa udp
US 8.8.8.8:53 writelywonders.com udp
US 8.8.8.8:53 imunify-alert.com udp
US 8.8.8.8:53 obitschapelnews.com udp
US 8.8.8.8:53 reysbeautyshelf.com udp
IN 89.117.157.246:443 needaedu.com tcp
US 8.8.8.8:53 uncoveredcloset.com udp
US 8.8.8.8:53 tristarsurvival.com udp
US 198.54.120.129:443 busybuyingltd.com tcp
US 8.8.8.8:53 xtremelongevity.com udp
US 198.54.116.211:443 ecomexcellent.com tcp
US 198.54.114.254:443 prevencionutpl.com tcp
US 8.8.8.8:53 5boromanagement.com udp
US 8.8.8.8:53 afiyahmarketing.com udp
US 162.254.39.94:443 eltashiranews.com tcp
US 8.8.8.8:53 beaveracresfarm.com udp
US 162.254.39.113:443 provincenotary.com tcp
US 162.254.39.115:443 indalipictures.com tcp
US 162.0.235.191:443 obitschapelnews.com tcp
US 162.0.235.191:443 obitschapelnews.com tcp
US 8.8.8.8:53 46.56.105.172.in-addr.arpa udp
US 8.8.8.8:53 29.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 204.74.104.103.in-addr.arpa udp
US 8.8.8.8:53 43.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 82.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 166.56.164.141.in-addr.arpa udp
US 8.8.8.8:53 119.225.99.65.in-addr.arpa udp
US 8.8.8.8:53 171.233.14.61.in-addr.arpa udp
US 172.67.176.47:443 imunify-alert.com tcp
US 104.21.88.127:443 writelywonders.com tcp
US 162.0.229.10:443 eventlivelink.com tcp
US 8.8.8.8:53 luxuryhousehome.com udp
US 8.8.8.8:53 makeitbetter530.com udp
US 162.254.39.95:443 reysbeautyshelf.com tcp
US 8.8.8.8:53 www.marionportfolio.com udp
CA 23.227.38.65:443 uncoveredcloset.com tcp
US 8.8.8.8:53 marketplayer247.com udp
US 8.8.8.8:53 maskstuccostone.com udp
US 199.188.200.9:443 tristarsurvival.com tcp
US 8.8.8.8:53 www.melissalyonslaw.com udp
US 8.8.8.8:53 130.38.250.63.in-addr.arpa udp
US 8.8.8.8:53 246.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 129.120.54.198.in-addr.arpa udp
US 8.8.8.8:53 47.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 127.88.21.104.in-addr.arpa udp
US 8.8.8.8:53 254.114.54.198.in-addr.arpa udp
US 8.8.8.8:53 211.116.54.198.in-addr.arpa udp
US 8.8.8.8:53 94.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 113.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 191.235.0.162.in-addr.arpa udp
US 8.8.8.8:53 115.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 merchendiseshop.com udp
US 8.8.8.8:53 merryragdollcat.com udp
US 8.8.8.8:53 m-dconstruction.com udp
US 8.8.8.8:53 gautamisolutions.com udp
US 8.8.8.8:53 www.masquedeskienfr.com udp
US 66.235.200.147:443 beaveracresfarm.com tcp
US 66.235.200.146:443 xtremelongevity.com tcp
US 8.8.8.8:53 getstuffengraved.com udp
SG 194.163.33.95:443 luxuryhousehome.com tcp
US 8.8.8.8:53 globalbeautytips.com udp
US 66.235.200.147:443 beaveracresfarm.com tcp
US 8.8.8.8:53 glowydowynajecia.com udp
US 8.8.8.8:53 godlyplayetc2024.com udp
US 8.8.8.8:53 goinglocopodcast.com udp
US 8.8.8.8:53 hairremovalstone.com udp
US 208.97.151.147:443 www.melissalyonslaw.com tcp
FR 109.234.165.176:443 www.marionportfolio.com tcp
US 82.180.138.154:443 maskstuccostone.com tcp
US 8.8.8.8:53 10.229.0.162.in-addr.arpa udp
US 8.8.8.8:53 95.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 9.200.188.199.in-addr.arpa udp
US 8.8.8.8:53 hanuman-chaalisa.com udp
SE 5.150.195.197:443 merchendiseshop.com tcp
US 154.49.240.192:443 merryragdollcat.com tcp
US 208.109.57.66:443 m-dconstruction.com tcp
US 8.8.8.8:53 haraldhentzschel.com udp
US 8.8.8.8:53 ginecologotoluca.com udp
US 8.8.8.8:53 haymmamindonesia.com udp
CA 104.255.152.88:443 www.masquedeskienfr.com tcp
US 137.184.187.45:443 makeitbetter530.com tcp
US 8.8.8.8:53 healingmyhusband.com udp
US 8.8.8.8:53 harmonyheadlines.com udp
US 8.8.8.8:53 healthwithingrid.com udp
US 162.241.224.35:443 getstuffengraved.com tcp
US 8.8.8.8:53 hermitandthemoon.com udp
US 8.8.8.8:53 highmeadowfarmva.com udp
FR 188.165.21.8:443 glowydowynajecia.com tcp
KR 158.247.251.150:443 marketplayer247.com tcp
US 162.241.253.219:80 gradedcoinmarket.com tcp
US 162.213.251.87:443 globalbeautytips.com tcp
US 8.8.8.8:53 146.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 95.33.163.194.in-addr.arpa udp
US 162.240.231.216:443 hairremovalstone.com tcp
IN 154.41.233.39:443 hanuman-chaalisa.com tcp
DE 217.160.0.253:80 godlyplayetc2024.com tcp
DE 217.160.0.31:80 haraldhentzschel.com tcp
US 50.63.178.202:443 goinglocopodcast.com tcp
US 8.8.8.8:53 hobbyisttoriches.com udp
US 8.8.8.8:53 homestaysbyrenee.com udp
US 8.8.8.8:53 historiadelsiglo.com udp
US 8.8.8.8:53 liveandworkhappy.com udp
US 8.8.8.8:53 healthyisorganic.com udp
US 68.66.226.116:443 healthwithingrid.com tcp
SG 103.21.221.19:443 haymmamindonesia.com tcp
US 192.185.131.189:443 ginecologotoluca.com tcp
US 8.8.8.8:53 localvoicetelugu.com udp
US 69.175.102.130:443 hermitandthemoon.com tcp
US 66.235.200.147:443 healingmyhusband.com tcp
US 8.8.8.8:53 lotuswheeltravel.com udp
US 8.8.8.8:53 176.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 147.151.97.208.in-addr.arpa udp
US 8.8.8.8:53 197.195.150.5.in-addr.arpa udp
US 8.8.8.8:53 154.138.180.82.in-addr.arpa udp
US 8.8.8.8:53 192.240.49.154.in-addr.arpa udp
US 8.8.8.8:53 88.152.255.104.in-addr.arpa udp
US 8.8.8.8:53 8.21.165.188.in-addr.arpa udp
US 8.8.8.8:53 35.224.241.162.in-addr.arpa udp
US 8.8.8.8:53 219.253.241.162.in-addr.arpa udp
US 162.241.253.102:443 harmonyheadlines.com tcp
US 167.71.183.162:443 highmeadowfarmva.com tcp
US 104.16.159.43:443 hobbyisttoriches.com tcp
US 8.8.8.8:53 love-4-no-hunger.com udp
US 8.8.8.8:53 www.malekotojarhotel.com udp
IN 154.41.233.20:443 localvoicetelugu.com tcp
US 216.246.46.135:443 historiadelsiglo.com tcp
US 173.201.188.114:80 liveandworkhappy.com tcp
US 8.8.8.8:53 meestertechnical.com udp
US 75.75.243.13:443 homestaysbyrenee.com tcp
US 8.8.8.8:53 manpowerdelivery.com udp
GB 141.136.33.9:443 healthyisorganic.com tcp
US 8.8.8.8:53 melabur-hartanah.com udp
US 8.8.8.8:53 marijajovanovski.com udp
US 67.222.134.16:80 lotuswheeltravel.com tcp
US 8.8.8.8:53 www.eltashiranews.com udp
US 8.8.8.8:53 mhindustrialarea.com udp
US 8.8.8.8:53 87.251.213.162.in-addr.arpa udp
US 8.8.8.8:53 253.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 31.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 150.251.247.158.in-addr.arpa udp
US 8.8.8.8:53 39.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 216.231.240.162.in-addr.arpa udp
US 8.8.8.8:53 116.226.66.68.in-addr.arpa udp
US 8.8.8.8:53 189.131.185.192.in-addr.arpa udp
US 8.8.8.8:53 130.102.175.69.in-addr.arpa udp
US 8.8.8.8:53 19.221.21.103.in-addr.arpa udp
US 8.8.8.8:53 43.159.16.104.in-addr.arpa udp
US 8.8.8.8:53 162.183.71.167.in-addr.arpa udp
US 8.8.8.8:53 102.253.241.162.in-addr.arpa udp
US 8.8.8.8:53 miglioristeroidi.com udp
US 8.8.8.8:53 mulberrycounty70.com udp
SG 128.199.163.137:443 love-4-no-hunger.com tcp
US 154.56.37.64:443 manpowerdelivery.com tcp
US 8.8.8.8:53 murrayshomestays.com udp
US 8.8.8.8:53 muscleformation1.com udp
US 8.8.8.8:53 www.nahradne-plnenie.com udp
US 8.8.8.8:53 www.healthyisorganic.com udp
US 8.8.8.8:53 newpulsemagazine.com udp
US 8.8.8.8:53 negoceautoselect.com udp
US 8.8.8.8:53 ollypopsclothing.com udp
US 8.8.8.8:53 nhanghingockhanh.com udp
US 8.8.8.8:53 www.lotuswheeltravel.com udp
US 160.153.0.13:443 mulberrycounty70.com tcp
US 172.67.159.221:443 miglioristeroidi.com tcp
US 8.8.8.8:53 onlinehumantimes.com udp
US 8.8.8.8:53 onlinevyaparseva.com udp
US 8.8.8.8:53 pedipharmdmomof3.com udp
US 8.8.8.8:53 135.46.246.216.in-addr.arpa udp
US 8.8.8.8:53 20.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 9.33.136.141.in-addr.arpa udp
US 8.8.8.8:53 13.243.75.75.in-addr.arpa udp
US 8.8.8.8:53 16.134.222.67.in-addr.arpa udp
US 8.8.8.8:53 perpetualwallaby.com udp
US 8.8.8.8:53 pinkandblackpaws.com udp
US 8.8.8.8:53 pinoysmoviepedia.com udp
US 8.8.8.8:53 nawapolkarnchang.com udp
US 8.8.8.8:53 pomegranateheart.com udp
IN 154.41.233.44:443 muscleformation1.com tcp
US 8.8.8.8:53 pontevedraspeech.com udp
US 162.254.39.94:443 www.eltashiranews.com tcp
US 160.153.0.103:443 mrturciosroofing.com tcp
US 8.8.8.8:53 pov360photobooth.com udp
US 67.222.134.16:80 www.lotuswheeltravel.com tcp
FR 154.49.245.75:443 negoceautoselect.com tcp
SE 16.171.24.197:443 newpulsemagazine.com tcp
US 104.21.30.26:443 ollypopsclothing.com tcp
GB 141.136.33.9:443 www.healthyisorganic.com tcp
US 8.8.8.8:53 puretouchcareltd.com udp
DE 172.105.75.93:443 www.nahradne-plnenie.com tcp
US 66.235.200.146:80 melabur-hartanah.com tcp
US 66.235.200.112:443 onlinevyaparseva.com tcp
US 66.235.200.147:443 pedipharmdmomof3.com tcp
FR 163.172.101.108:443 pinoysmoviepedia.com tcp
US 8.8.8.8:53 13.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 137.163.199.128.in-addr.arpa udp
US 8.8.8.8:53 221.159.67.172.in-addr.arpa udp
DE 195.201.4.182:443 pinkandblackpaws.com tcp
US 8.8.8.8:53 rajaroypramotors.com udp
US 8.8.8.8:53 radioprehistoria.com udp
NL 107.6.183.178:443 marijajovanovski.com tcp
US 8.8.8.8:53 rapidsolutioninc.com udp
US 8.8.8.8:53 restaurantpoolin.com udp
US 89.117.139.122:443 onlinehumantimes.com tcp
US 170.130.17.136:443 murrayshomestays.com tcp
IR 185.191.77.229:443 www.malekotojarhotel.com tcp
IN 89.117.157.191:443 mhindustrialarea.com tcp
US 172.67.183.98:443 perpetualwallaby.com tcp
TH 202.129.207.19:443 nawapolkarnchang.com tcp
US 141.193.213.10:80 pontevedraspeech.com tcp
GB 153.92.6.236:443 puretouchcareltd.com tcp
US 160.153.0.140:443 pomegranateheart.com tcp
US 74.208.236.90:443 pov360photobooth.com tcp
DE 184.174.37.130:443 radioprehistoria.com tcp
DE 176.9.93.245:443 restaurantpoolin.com tcp
VN 123.30.168.119:443 nhanghingockhanh.com tcp
IN 82.180.143.244:443 rapidsolutioninc.com tcp
US 8.8.8.8:53 44.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 103.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 26.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 75.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 197.24.171.16.in-addr.arpa udp
US 8.8.8.8:53 93.75.105.172.in-addr.arpa udp
US 8.8.8.8:53 112.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 108.101.172.163.in-addr.arpa udp
US 8.8.8.8:53 178.183.6.107.in-addr.arpa udp
US 8.8.8.8:53 182.4.201.195.in-addr.arpa udp
US 8.8.8.8:53 136.17.130.170.in-addr.arpa udp
US 8.8.8.8:53 229.77.191.185.in-addr.arpa udp
US 66.235.200.113:443 rajaroypramotors.com tcp
US 8.8.8.8:53 www.newpulsemagazine.com udp
US 8.8.8.8:53 pbpaws.gr udp
US 8.8.8.8:53 reunionmusiclive.com udp
US 8.8.8.8:53 rivellopuntoauto.com udp
US 8.8.8.8:53 rmmobiledetailng.com udp
US 8.8.8.8:53 www.royalklimaservis.com udp
US 8.8.8.8:53 rpainstalaciones.com udp
US 8.8.8.8:53 www.runningshoessalg.com udp
US 8.8.8.8:53 safirmelaletebar.com udp
US 8.8.8.8:53 samsulelektronik.com udp
US 8.8.8.8:53 www.saveoncloudbills.com udp
US 8.8.8.8:53 www.saleswintershoes.com udp
US 8.8.8.8:53 sejalexpressions.com udp
US 8.8.8.8:53 www.shahbagnewsdaily.com udp
US 8.8.8.8:53 122.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 98.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 191.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 236.6.92.153.in-addr.arpa udp
US 8.8.8.8:53 19.207.129.202.in-addr.arpa udp
US 8.8.8.8:53 140.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 90.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 130.37.174.184.in-addr.arpa udp
US 8.8.8.8:53 shahidkapoorinfo.com udp
US 8.8.8.8:53 sheboygangazette.com udp
IT 185.221.175.68:443 rivellopuntoauto.com tcp
DE 195.201.4.182:443 pbpaws.gr tcp
DE 159.69.66.183:443 www.royalklimaservis.com tcp
US 8.8.8.8:53 campushabitat5u.com udp
US 8.8.8.8:53 deepsouthflavor.com udp
US 8.8.8.8:53 www.murrayshomestays.com udp
US 66.235.200.146:443 rmmobiledetailng.com tcp
FR 213.32.37.233:443 rpainstalaciones.com tcp
US 8.8.8.8:53 devishaktipeetha.com udp
US 172.67.168.149:443 samsulelektronik.com tcp
US 8.8.8.8:53 dculoancalculator.com udp
IR 185.165.31.23:443 safirmelaletebar.com tcp
US 160.153.0.186:443 reunionmusiclive.com tcp
FI 65.109.39.121:443 www.shahbagnewsdaily.com tcp
RU 91.215.85.44:443 sejalexpressions.com tcp
IN 18.61.82.60:443 www.saveoncloudbills.com tcp
US 104.21.14.10:443 www.saleswintershoes.com tcp
US 8.8.8.8:53 245.93.9.176.in-addr.arpa udp
US 8.8.8.8:53 113.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 244.143.180.82.in-addr.arpa udp
US 8.8.8.8:53 119.168.30.123.in-addr.arpa udp
ID 153.92.13.243:443 saleugaadventure.com tcp
US 8.8.8.8:53 elitetalentforseo.com udp
IN 89.117.188.37:443 shahidkapoorinfo.com tcp
US 8.8.8.8:53 famousmarketmedia.com udp
US 8.8.8.8:53 www.dualthreatapparel.com udp
US 170.130.17.136:443 www.murrayshomestays.com tcp
US 34.120.190.48:443 deepsouthflavor.com tcp
US 209.133.217.241:80 sheboygangazette.com tcp
US 8.8.8.8:53 tendenciasemsaude.com udp
US 8.8.8.8:53 thailandresources.com udp
SE 16.171.24.197:443 www.newpulsemagazine.com tcp
US 8.8.8.8:53 thebeautyhub-bham.com udp
US 68.65.123.197:443 devishaktipeetha.com tcp
US 8.8.8.8:53 thehouseoftesting.com udp
US 8.8.8.8:53 theglobalnewswave.com udp
US 8.8.8.8:53 systemandsales.com udp
US 8.8.8.8:53 thesarathchandran.com udp
US 66.29.137.49:443 elitetalentforseo.com tcp
US 8.8.8.8:53 thiepcuoihaiphong.com udp
US 8.8.8.8:53 68.175.221.185.in-addr.arpa udp
US 8.8.8.8:53 183.66.69.159.in-addr.arpa udp
US 8.8.8.8:53 149.168.67.172.in-addr.arpa udp
US 8.8.8.8:53 233.37.32.213.in-addr.arpa udp
US 8.8.8.8:53 186.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 121.39.109.65.in-addr.arpa udp
US 8.8.8.8:53 44.85.215.91.in-addr.arpa udp
US 8.8.8.8:53 23.31.165.185.in-addr.arpa udp
US 8.8.8.8:53 60.82.61.18.in-addr.arpa udp
US 8.8.8.8:53 10.14.21.104.in-addr.arpa udp
US 104.219.248.97:443 famousmarketmedia.com tcp
US 8.8.8.8:53 48.190.120.34.in-addr.arpa udp
US 8.8.8.8:53 threadsvideoindir.com udp
US 8.8.8.8:53 thrivelearninghub.com udp
US 8.8.8.8:53 totalfootballtalk.com udp
US 8.8.8.8:53 transportesluczad.com udp
US 67.223.118.155:443 www.dualthreatapparel.com tcp
US 162.213.253.14:443 dculoancalculator.com tcp
US 8.8.8.8:53 saveoncloudbills.com udp
US 8.8.8.8:53 tripstribetravels.com udp
US 172.67.205.90:443 thailandresources.com tcp
US 86.38.202.53:443 theglobalnewswave.com tcp
GB 195.20.255.139:80 thesarathchandran.com tcp
BR 149.100.155.222:443 tendenciasemsaude.com tcp
US 8.8.8.8:53 www.tsolutionscompany.com udp
US 195.179.239.70:443 totalfootballtalk.com tcp
US 8.8.8.8:53 tugbaelikguzellik.com udp
IN 217.21.91.27:443 thrivelearninghub.com tcp
US 8.8.8.8:53 jameshughesfitness.com udp
US 8.8.8.8:53 jieyuanzhushasshop.com udp
US 8.8.8.8:53 37.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 243.13.92.153.in-addr.arpa udp
US 8.8.8.8:53 241.217.133.209.in-addr.arpa udp
US 8.8.8.8:53 197.123.65.68.in-addr.arpa udp
US 8.8.8.8:53 49.137.29.66.in-addr.arpa udp
US 8.8.8.8:53 97.248.219.104.in-addr.arpa udp
US 8.8.8.8:53 155.118.223.67.in-addr.arpa udp
US 8.8.8.8:53 14.253.213.162.in-addr.arpa udp
GB 165.22.118.144:443 threadsvideoindir.com tcp
US 192.169.165.47:80 transportesluczad.com tcp
US 8.8.8.8:53 jualpulsamurahamri.com udp
US 8.8.8.8:53 juarakicauofficial.com udp
US 8.8.8.8:53 julioisaaccarrillo.com udp
US 8.8.8.8:53 junaidjavedservice.com udp
US 104.21.25.24:80 thehouseoftesting.com tcp
US 104.21.15.225:443 thebeautyhub-bham.com tcp
US 8.8.8.8:53 dualthreatapparel.com udp
US 66.42.71.248:443 systemandsales.com tcp
IT 46.252.149.242:443 campushabitat5u.com tcp
US 66.42.71.248:443 systemandsales.com tcp
US 162.255.119.215:443 jameshughesfitness.com tcp
IN 18.61.82.60:443 saveoncloudbills.com tcp
US 8.8.8.8:53 juniorpharaohtours.com udp
LU 198.251.84.7:443 tugbaelikguzellik.com tcp
US 67.225.141.109:443 tripstribetravels.com tcp
US 154.49.142.155:443 jieyuanzhushasshop.com tcp
US 8.8.8.8:53 kathleencorgishome.com udp
US 8.8.8.8:53 90.205.67.172.in-addr.arpa udp
US 8.8.8.8:53 139.255.20.195.in-addr.arpa udp
US 8.8.8.8:53 144.118.22.165.in-addr.arpa udp
US 8.8.8.8:53 70.239.179.195.in-addr.arpa udp
US 8.8.8.8:53 27.91.21.217.in-addr.arpa udp
US 173.236.141.118:443 www.tsolutionscompany.com tcp
US 8.8.8.8:53 222.155.100.149.in-addr.arpa udp
VN 103.57.220.143:443 thiepcuoihaiphong.com tcp
US 149.100.151.178:443 julioisaaccarrillo.com tcp
US 8.8.8.8:53 www.pontevedraspeech.com udp
US 8.8.8.8:53 keyes-construction.com udp
SG 45.143.81.5:443 juarakicauofficial.com tcp
US 162.255.119.51:443 dualthreatapparel.com tcp
US 104.21.71.251:443 jualpulsamurahamri.com tcp
FI 65.108.198.252:443 junaidjavedservice.com tcp
DE 165.227.132.24:443 juniorpharaohtours.com tcp
US 8.8.8.8:53 knowledgeworldnews.com udp
US 8.8.8.8:53 lamitocondriafilms.com udp
US 8.8.8.8:53 www.labristolmayorista.com udp
US 8.8.8.8:53 landlordzunlimited.com udp
US 8.8.8.8:53 lifestyleskillsphi.com udp
US 195.35.38.188:443 kathleencorgishome.com tcp
US 8.8.8.8:53 limpiezascavicamrsl.com udp
US 8.8.8.8:53 225.15.21.104.in-addr.arpa udp
US 8.8.8.8:53 248.71.42.66.in-addr.arpa udp
US 8.8.8.8:53 242.149.252.46.in-addr.arpa udp
US 8.8.8.8:53 7.84.251.198.in-addr.arpa udp
US 8.8.8.8:53 24.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.141.236.173.in-addr.arpa udp
US 8.8.8.8:53 109.141.225.67.in-addr.arpa udp
US 8.8.8.8:53 155.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 251.71.21.104.in-addr.arpa udp
US 8.8.8.8:53 178.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 143.220.57.103.in-addr.arpa udp
US 8.8.8.8:53 252.198.108.65.in-addr.arpa udp
US 172.67.205.56:443 keyes-construction.com tcp
US 8.8.8.8:53 www.thehouseoftesting.com udp
US 141.193.213.10:80 www.pontevedraspeech.com tcp
US 8.8.8.8:53 bnfd95183.seo103.site udp
FR 89.117.169.95:443 lamitocondriafilms.com tcp
GB 154.49.138.19:443 lifestyleskillsphi.com tcp
US 104.21.25.24:80 www.thehouseoftesting.com tcp
US 8.8.8.8:53 livethelighterside.com udp
US 8.8.8.8:53 www.thesarathchandran.com udp
US 170.130.17.206:443 landlordzunlimited.com tcp
ES 217.61.208.40:443 limpiezascavicamrsl.com tcp
IN 89.117.188.32:443 knowledgeworldnews.com tcp
US 8.8.8.8:53 ljmotherslapschool.com udp
US 8.8.8.8:53 loabluetoothsaigon.com udp
US 8.8.8.8:53 luxuryshoppingtour.com udp
US 8.8.8.8:53 www.famousmarketmedia.com udp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 56.205.67.172.in-addr.arpa udp
US 8.8.8.8:53 188.38.35.195.in-addr.arpa udp
US 8.8.8.8:53 95.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 19.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 maestroantoniochan.com udp
AR 190.105.227.44:443 www.labristolmayorista.com tcp
US 204.12.214.188:443 livethelighterside.com tcp
GB 195.20.255.139:80 www.thesarathchandran.com tcp
US 8.8.8.8:53 mandellypremiacoes.com udp
US 8.8.8.8:53 masterclass-brasil.com udp
US 8.8.8.8:53 mein-schoenes-haus.com udp
US 8.8.8.8:53 maillotdefoot-euro.com udp
US 212.1.209.197:443 maestroantoniochan.com tcp
US 8.8.8.8:53 minookabasementbar.com udp
US 8.8.8.8:53 missionnursingcare.com udp
US 8.8.8.8:53 myluxurylifestyles.com udp
US 8.8.8.8:53 nagercoilurologist.com udp
US 8.8.8.8:53 namanfireengineers.com udp
VN 103.255.237.34:443 loabluetoothsaigon.com tcp
IN 89.117.157.215:443 ljmotherslapschool.com tcp
IT 37.156.244.17:443 luxuryshoppingtour.com tcp
US 104.219.248.97:443 www.famousmarketmedia.com tcp
US 8.8.8.8:53 nationalgroup-iraq.com udp
US 8.8.8.8:53 40.208.61.217.in-addr.arpa udp
US 8.8.8.8:53 206.17.130.170.in-addr.arpa udp
US 8.8.8.8:53 5.81.143.45.in-addr.arpa udp
US 8.8.8.8:53 32.188.117.89.in-addr.arpa udp
US 8.8.8.8:53 188.214.12.204.in-addr.arpa udp
US 8.8.8.8:53 44.227.105.190.in-addr.arpa udp
NL 89.106.200.1:443 masterclass-brasil.com tcp
DE 89.238.65.181:443 mein-schoenes-haus.com tcp
US 172.67.216.85:443 mandellypremiacoes.com tcp
US 104.21.87.13:443 maillotdefoot-euro.com tcp
US 8.8.8.8:53 oliveirapsicologia.com udp
US 8.8.8.8:53 onlinepunterreview.com udp
US 8.8.8.8:53 order-made-sapporo.com udp
US 8.8.8.8:53 hrdatadoodles.com udp
US 8.8.8.8:53 osteopataenmenorca.com udp
US 8.8.8.8:53 outdoorpoolreviews.com udp
US 8.8.8.8:53 parkanddrachmanllc.com udp
US 8.8.8.8:53 neelkanthinstitute.com udp
US 8.8.8.8:53 nohasleemlifecoach.com udp
US 44.208.201.167:443 myluxurylifestyles.com tcp
US 208.97.186.69:443 minookabasementbar.com tcp
IN 89.117.157.115:443 namanfireengineers.com tcp
US 154.49.142.164:443 missionnursingcare.com tcp
US 8.8.8.8:53 ortsgruppemarsberg.com udp
US 8.8.8.8:53 pawfectfoodreviews.com udp
US 8.8.8.8:53 www.pierretechnologies.com udp
US 8.8.8.8:53 197.209.1.212.in-addr.arpa udp
US 8.8.8.8:53 17.244.156.37.in-addr.arpa udp
US 8.8.8.8:53 215.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 34.237.255.103.in-addr.arpa udp
US 8.8.8.8:53 1.200.106.89.in-addr.arpa udp
US 8.8.8.8:53 181.65.238.89.in-addr.arpa udp
IN 103.191.209.47:443 nagercoilurologist.com tcp
US 104.21.40.101:443 nationalgroup-iraq.com tcp
US 74.208.236.90:443 hrdatadoodles.com tcp
US 160.153.0.117:443 onlinepunterreview.com tcp
US 154.49.142.155:443 jieyuanzhushasshop.com tcp
US 8.8.8.8:53 www.masterclass-brasil.com udp
US 8.8.8.8:53 plantsupportsystem.com udp
US 8.8.8.8:53 planetoverseasvisa.com udp
US 8.8.8.8:53 www.plasticareplastica.com udp
ES 134.0.11.90:80 osteopataenmenorca.com tcp
DE 185.30.32.40:443 outdoorpoolreviews.com tcp
IN 89.117.27.158:443 neelkanthinstitute.com tcp
US 107.172.154.8:443 nohasleemlifecoach.com tcp
US 74.208.236.195:443 parkanddrachmanllc.com tcp
US 104.21.30.161:443 oliveirapsicologia.com tcp
US 104.21.78.28:443 order-made-sapporo.com tcp
US 8.8.8.8:53 platieres-sud-immo.com udp
US 8.8.8.8:53 plymouthfoodpantry.com udp
US 34.230.224.136:443 www.pierretechnologies.com tcp
US 8.8.8.8:53 powerweldequipment.com udp
US 8.8.8.8:53 13.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 85.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 167.201.208.44.in-addr.arpa udp
US 8.8.8.8:53 69.186.97.208.in-addr.arpa udp
US 8.8.8.8:53 115.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 164.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 101.40.21.104.in-addr.arpa udp
US 172.67.131.227:443 ortsgruppemarsberg.com tcp
US 195.35.15.246:443 planetoverseasvisa.com tcp
ES 134.0.10.34:443 www.plasticareplastica.com tcp
GB 172.217.169.19:443 www.masterclass-brasil.com tcp
IN 89.117.157.205:443 plantsupportsystem.com tcp
FR 51.83.98.64:443 platieres-sud-immo.com tcp
US 8.8.8.8:53 properties4clients.com udp
US 8.8.8.8:53 prointeriorsmuscat.com udp
US 8.8.8.8:53 realisticallysarah.com udp
US 8.8.8.8:53 rehamatbengalibaba.com udp
US 8.8.8.8:53 www.repliquemontreblog.com udp
IN 68.178.154.108:443 powerweldequipment.com tcp
US 8.8.8.8:53 www.outdoorpoolreviews.com udp
US 8.8.8.8:53 royal-palace-group.com udp
DE 157.90.176.94:443 prointeriorsmuscat.com tcp
US 8.8.8.8:53 47.209.191.103.in-addr.arpa udp
US 8.8.8.8:53 117.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 90.11.0.134.in-addr.arpa udp
US 8.8.8.8:53 161.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 28.78.21.104.in-addr.arpa udp
US 8.8.8.8:53 40.32.30.185.in-addr.arpa udp
US 8.8.8.8:53 8.154.172.107.in-addr.arpa udp
US 8.8.8.8:53 195.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 158.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 136.224.230.34.in-addr.arpa udp
US 8.8.8.8:53 227.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 34.10.0.134.in-addr.arpa udp
US 8.8.8.8:53 19.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.98.83.51.in-addr.arpa udp
US 8.8.8.8:53 246.15.35.195.in-addr.arpa udp
US 8.8.8.8:53 205.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 royaludaipurvillas.com udp
US 8.8.8.8:53 ryokoofficialstore.com udp
US 8.8.8.8:53 satellitewifideals.com udp
US 89.117.139.96:443 rehamatbengalibaba.com tcp
US 66.235.200.146:443 realisticallysarah.com tcp
US 8.8.8.8:53 saudebelezapremium.com udp
US 8.8.8.8:53 scholarshiptravels.com udp
IN 89.117.27.235:443 properties4clients.com tcp
US 8.8.8.8:53 rkapoorenterprises.com udp
US 8.8.8.8:53 sdxonlinemarketing.com udp
US 8.8.8.8:53 rokkampzadevojcice.com udp
US 8.8.8.8:53 www.osteopataenmenorca.com udp
US 8.8.8.8:53 securitytipsonline.com udp
US 8.8.8.8:53 www.minookabasementbar.com udp
US 8.8.8.8:53 services-contacter.com udp
US 31.170.161.104:443 royal-palace-group.com tcp
US 8.8.8.8:53 seu-produto-online.com udp
US 8.8.8.8:53 shanghaisuperstars.com udp
US 8.8.8.8:53 shdistributionsllc.com udp
US 154.49.142.39:443 scholarshiptravels.com tcp

Files

memory/916-1-0x0000000002E80000-0x0000000002F80000-memory.dmp

memory/916-2-0x0000000004A80000-0x0000000004A8B000-memory.dmp

memory/916-3-0x0000000000400000-0x0000000002D3F000-memory.dmp

memory/3444-4-0x00000000024F0000-0x0000000002506000-memory.dmp

memory/916-5-0x0000000000400000-0x0000000002D3F000-memory.dmp

memory/916-8-0x0000000004A80000-0x0000000004A8B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\298C.exe

MD5 928a1ab3000245922cdda2724ac21f3c
SHA1 244256c9f6d968294e483c9ac111896fbd08ae45
SHA256 ba80eace78a96082030e0530d09607cb9eb071f2fd414a980eb3fe6fb443c6c6
SHA512 bfc4669e317bdfed48e75f0ee8bc9f3e1e88d795a33f7faf18dd87e6eeb1aa43ff0e5dd3f7d0b8daa42bd567621fb4ede740bfbe59d57be41687cc0cec16182e

C:\Users\Admin\AppData\Local\Temp\298C.exe

MD5 147f5f5bbc80b2ad753993e15f3f32c2
SHA1 16d73b4abeef12cf76414338901eb7bbef46775f
SHA256 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990
SHA512 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6

memory/536-17-0x0000000004CD0000-0x0000000004E8B000-memory.dmp

memory/536-18-0x0000000004E90000-0x0000000005047000-memory.dmp

memory/3140-20-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\298C.exe

MD5 25be8f1e0f5bfef974b4ecba85965cf5
SHA1 c969455526f7bd21f8b383e10fcf7e41a35cbbec
SHA256 f573d2797166f34e6942daa4941ffa5108706e6ab7caf5283ac800a947066d24
SHA512 a284b7a29a001006e5f5f092120099058be1bad54c9aeab1eefd9ed457e4aed0d837fb629a3567aed9963a5e121603a7a470d78c78a0a6f3e1111aee6fbdbb16

memory/3140-22-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2F49.dll

MD5 908c234cc175ac3d9c789c6cc1dc56fd
SHA1 59a84b1799652cdf41667fd96713ca90d92e8840
SHA256 008c29888ea9bfc7a0b67b10d8da882bd2929a25510051d633432b7f1d559c2b
SHA512 73faf99cf6adec292e57bba95104638740a78cad2c66ce4bd411151c858b7021349bf844cf6f138ae2d139c84e13433118ef76abbbd4c8c93127e6c6e8f39f1f

memory/3140-24-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3140-25-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2F49.dll

MD5 a097cb1d203b236f7bd4c26ceb4fc431
SHA1 404a6d4530407ea1b09a57c3f3508ad71f9d1779
SHA256 582e43cdc6f52113194fd0b6797763bf81829b64ebff2eb8eeb83386760a9133
SHA512 f1afb0a57667ceba1b19710cc6c5330d23177f282a0b94343697c5b52d01aecfb4d4833d790a0bfd102ffcec832954c07e7f6205eec0aa6e92829d6f5c3a8327

memory/3140-27-0x0000000000400000-0x0000000000848000-memory.dmp

memory/1716-29-0x0000000010000000-0x000000001020C000-memory.dmp

memory/1716-28-0x00000000001E0000-0x00000000001E6000-memory.dmp

memory/3140-31-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2F49.dll

MD5 ab0704cf92183f3716e61bfbb8b88ffb
SHA1 35b4a0509bcdc297b3a6c779852dcc5cf184351a
SHA256 5871fc1b8c60061977cf237b500cdad509572adc27137bf407d226dfc1d4eb3a
SHA512 0073aa929c6e5be80d21d509ea45143ce0f533493989104a122497df93050305c433c11cfb3bf816c70fe87a0e30029c6deefcd73c993eedd1c4711d93a505fe

memory/3140-34-0x0000000000A60000-0x0000000000A66000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\44D6.exe

MD5 9771dfe442656435e2b807866615f71d
SHA1 9418b9de360c0010e7ddf2e30ed142381b3b4f62
SHA256 307499f7bddc0434021db3b5b6fe8cf81ca4ed9fd15b0721bafc779aab3518ed
SHA512 f816e4f0d120ec511f0e03ba041d740389324bc9df6345c2b9f586b49217b1c16159e8e3701ccae249ce82c75ff9e949f1fe5a5ca8e4130bc08374fab8816608

C:\Users\Admin\AppData\Local\Temp\44D6.exe

MD5 01481fb0fea86bf018e216a091d27ba2
SHA1 ba75231cddd19b98c9e5dc34d47b326d96e5fb8d
SHA256 fcbb0b389389095d2819aab867566dc70fc38cedd143df05cb51796918511c2f
SHA512 45af2d663c1a40056882e8228401eb42cae9bdbbbbec95569f87e8e86228b6815c0e44d3c92cc3ffa2ffa89aa190b4d9202277c8a759b06c6c93e72817427e05

C:\Users\Admin\AppData\Local\Temp\499A.exe

MD5 e6dd149f484e5dd78f545b026f4a1691
SHA1 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6
SHA256 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7
SHA512 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b

memory/3116-45-0x0000000002ED0000-0x0000000002FD0000-memory.dmp

memory/3116-46-0x00000000049B0000-0x0000000004A1B000-memory.dmp

memory/3976-47-0x00000000010B0000-0x00000000010B1000-memory.dmp

memory/3976-49-0x00000000000F0000-0x000000000099F000-memory.dmp

memory/3116-48-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/3976-52-0x00000000010C0000-0x00000000010C1000-memory.dmp

memory/3116-51-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/3976-53-0x00000000010C0000-0x00000000010C1000-memory.dmp

memory/3976-54-0x00000000010C0000-0x00000000010C1000-memory.dmp

memory/3976-55-0x00000000010C0000-0x00000000010C1000-memory.dmp

memory/3976-56-0x00000000000F0000-0x000000000099F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\60CC.exe

MD5 37c108fa183e4687fd1080d87c1b13e8
SHA1 ca0bec7c13022d853c1ada761f4714df0b6803f1
SHA256 274374ce274afb2a5b4137e6a30ce667f92bb7adc268852734e3f32c43c3e3e8
SHA512 652d6917c1ef6a8d4708e936aaf8fbb1550793fa7ffbe563e999bcbb493e8e4b36e22addeef42a4601ec8a050da73715038c3c0e67014d866798585badd8a3cb

C:\Users\Admin\AppData\Local\Temp\60CC.exe

MD5 91ebe00674a5487d751e983eeb5d49d4
SHA1 580f47c6a2d80d7acb88d205e24de27083704ca2
SHA256 cfb3209b341423fa93b791c35d1b1eb292acee3c5e1c30c5f5d48fa608c00119
SHA512 c8ad586d1f749bfaff9842ab8edef6bcfc9700ad56b3147d5bee01abd55b8cf8d78dcc5b19b2a26eb71a8b606abe5710cf37614de4272e9685abf15d819885ff

memory/2016-65-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/2016-64-0x0000000000430000-0x0000000000CE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6AEF.exe

MD5 3893d9674f9791363d8f92edae4427a7
SHA1 93603d9de7c259c8437f320f032ba171be67e200
SHA256 ad3a5d32351e9b26a5206751e45f27bf4def2890008e573dce58c4e9791fdcce
SHA512 9918357b96ea5af2ec3f056c0d7c41a025558fba88d6ada2ade153dc5b944670acdcc0e1abc76e52d9a9186abd15345519802f605473bf4fb59c81f972a3a6d6

memory/3140-72-0x0000000002DC0000-0x0000000002EFC000-memory.dmp

memory/1716-73-0x0000000002180000-0x00000000022BC000-memory.dmp

memory/836-74-0x0000000002F30000-0x0000000003030000-memory.dmp

memory/836-75-0x0000000002E50000-0x0000000002E5B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 d8fd6ee086168ae33101a622914ea1aa
SHA1 087e83ecd19f56d7e1613dd3ec4397790a56bcdc
SHA256 8c83aa0ca592ee93a216ce28bb14385acafe2568df56ad4b28a8d2e36e32ed3d
SHA512 84227739f05c24c889086a4ec8ca1b92b62d85fb687a49c13024fe223129bb4af98cec4ddf1cf72c0ca0f5b63f3a55a3b3e01c97f4a34eba0dedd3f9da86bfde

C:\Users\Admin\AppData\Local\Temp\7437.exe

MD5 e48b303a406230ddb31007a3ea0d27a2
SHA1 8df366aa720491a63af411e0e0a26645773b55f1
SHA256 c7433bf662afa8fd5fe8bf7ba195be675663556d71709ed7bcab124393adb30b
SHA512 bd9d5b526a27aa6d3f24884f280edb550665fc29be4585b499cf649c41c1f6d382f6438c8a817341c48936d8964fac2d9d55e2702e25b6ccafc46b3a5c9b715c

C:\Users\Admin\AppData\Local\Temp\7437.exe

MD5 5a583ac0e9e79e85ddf591ece6464804
SHA1 6adbc7039a710d09763503d957ddd2115d85ac8c
SHA256 afa57a12bb10f9d30e2ce3702247f627b5358afdb4ae18d86151b1d79ea772a5
SHA512 44c8765295194153812045932cbe0cfc72617f585d78ac76ed31202f21a409ef1c2a02522327e065330581ed3e7fd3b95dd588ba92f3b492c99a13dea8cb0994

memory/836-87-0x0000000000400000-0x0000000002D3E000-memory.dmp

memory/2080-88-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 dd76b1ea2a8bf2f7e800e0a11f01f5e9
SHA1 d31c1ff5b3bfff45af20f5fce0579b80819c5390
SHA256 98ddd0a4e39f3693a0bdda3844934a3211e119eee2d5155e17778b0af18e6b89
SHA512 2b3118524ede04678a6306af55dff202a5dbd1a5443bd815dc6a7e3122518ca3593841b942b46b04c3053e553cf20c8baca39461f27cc7fe5d293e26050b2508

memory/3140-97-0x0000000002F00000-0x000000000301B000-memory.dmp

memory/1716-95-0x0000000002550000-0x000000000266B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 fb8129e365391576bb219e9c32633d1e
SHA1 8bea7c52cfb0921c24446e00351d19c8a9cb8484
SHA256 9e73f75e4b618189e5624f02c4cc5dfb810600181434ede34815a645cc4b24b1
SHA512 941ab808da324d78f3aeef63e274994ff50d8d4270315fe9f3a4029ce86efe372c28b6ab6d39accb61f03eab27ae432fc11155d2dc2f74fe0fb621675016c93f

C:\Users\Admin\AppData\Local\Temp\78BC.exe

MD5 e7daa3a1c5313592c25eadb630a26939
SHA1 f045377dae75ff0685759ad98f8a641f95638593
SHA256 ae4ce161e7962f4e0fe521ff088abfe36eeb319442a4f953b44a9ac4a0f77529
SHA512 bea8938765583b3e6e0fce6e0e77ba372ca45e97635ef12ea4066676da5b60286878170e47cf1f019009beeca46bbdf091b7000509fe1be6f214051d950d5afd

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 b45b646c5c3131dbbb69c15d98255ab1
SHA1 391cb13c4a7d43b683444f6c3a87305de5004a37
SHA256 e107f6f456b4f9c1138e7e0f1c7d4b88db97f62cb5e624da3e574d59681dd7a1
SHA512 13edee5cc6e7a05339aeb9ac4c91f7c787ba887192523f977a4eaac61aeecaccad01791ebee78ddf51196563397a3d52b064af0c897c241e6caf0466c9b7f479

memory/1716-115-0x0000000002550000-0x000000000266B000-memory.dmp

memory/3140-114-0x0000000002F00000-0x000000000301B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\78BC.exe

MD5 df2076b7ede154d455fdd1035115de54
SHA1 62df9325ff2fce5e5a2cf121e84065221a513d77
SHA256 0730675048e9e0a97e9ad20f73712d7e3ba6ed114a7cdfbf8b50075656c4395c
SHA512 5f55d313b2451f14f101d7383e03cdc3a9b36a9f6487a7c164def8018b76983e6fe74288f4457a2f4273d117f1a10a886409f713173bb1f791e86205caf80430

memory/3976-103-0x00000000000F0000-0x000000000099F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-6OF4O.tmp\7437.tmp

MD5 49becb0626a04b87221c00d30c3d14a2
SHA1 96e2f9ea00aa118ce62a368ded287f6b888c0cd4
SHA256 95480cadb85d9df813521fd2360328eafc500001fa487324d3ec571397382b3f
SHA512 a1f4fef9d039fd42a704d68b68552e3932d258123a02a3c66c78b8b2d48623b1e305662b378e0024d9c8b419824d3fd1b91dec96c5149123d945e7707bd6eda2

memory/3116-91-0x0000000000400000-0x0000000002D8C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 65c145064bb3e087c2ec0ae6034c2df0
SHA1 5ec0f6d5fa4a931f5964c709ed79efae1520fefe
SHA256 2d8e8d5d3302cf18163d55b4e452c95fcec38931dcc8acf3ad2e0c2d8740376e
SHA512 7a87a15a1df889f38994f9a26313ab040ae596a7faeeb07faa556d932235486a295a2039fb3b70c0d5c806e136dfdb2c0ccfd58a17e7a68b1594559c59933f3f

memory/3140-121-0x0000000010000000-0x000000001020C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-7IBDC.tmp\_isetup\_isdecmp.dll

MD5 a813d18268affd4763dde940246dc7e5
SHA1 c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256 e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
SHA512 b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

C:\Users\Admin\AppData\Local\Temp\is-7IBDC.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

memory/2868-151-0x0000000002F30000-0x0000000002F9B000-memory.dmp

memory/2868-148-0x0000000002FF0000-0x00000000030F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 107d51b63924f31b65dd7cf8f223fc8e
SHA1 30a1f85554f49cda1e887a5619333a0e1cae3b74
SHA256 b97e3e6fd9164d017db870ff64f66bc3ca6a9a8388d50043ef1e2e1c8a7e5f1e
SHA512 95d6eca043e4653bbd9ce9a8cd25a7fa66b33bb545b614529e220d4bb94943d17837b5786eff58e49620adae249e7711eef2e51910dcbafe1bc492a1316ac05f

memory/3444-128-0x0000000002D80000-0x0000000002D96000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 b4cd344bdf164bc552a7e4b7fd152594
SHA1 8e41f116655fbb8f4f614c21c0b02f06b281beba
SHA256 65e375fbf5477a9c9ea06b4fd5115169b96478deaf55d65f207d89327269a015
SHA512 1624548747342c564bac7e0830bc2710b6de8585fc70d1003ac77e972aaeb907ac6ce45ef53e04f9af38a60811aac6435be9192ded73106c538ddb9dd82916a0

C:\Users\Admin\AppData\Local\Temp\nso8DC5.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

MD5 ef1a808dd52f6a60f3decad399efc547
SHA1 63a81c82975b871239bdc61fc1c22fb705f263f2
SHA256 771a763f010cbe0f5e8091541e5942bb4ec4a685b25fc125fc7deb7fef1e0ca6
SHA512 233a0c76cc0c2dd7cc7ead4773539a2043f7a57e9c108e80542d13c9ee5abbe2f57ce0bd429b73336672ab76e45804eeafea4f1f3d04d0ab46615cba9d4c5f24

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

MD5 b57fac4c3ad4ffc7b389ca9389c80791
SHA1 5d82b1762185e468f9fc0fdd6321a8d7fb8caddc
SHA256 87c58c44d23255ac9751ee247932730c72a78e663206a35b79dbe1bbe7037e78
SHA512 77159e5f060aab42d4b46df5239af628f6116bb556f57a13b198c9d50993dc1f6d8ff65ea605cab96a48494b63e760a16722b5d2c19b446325fdb12bd9a44552

memory/836-150-0x0000000000400000-0x0000000002D3E000-memory.dmp

memory/2016-195-0x0000000074380000-0x0000000074B30000-memory.dmp

memory/4164-204-0x0000000000400000-0x0000000000790000-memory.dmp

memory/1716-205-0x0000000002550000-0x000000000266B000-memory.dmp

memory/3140-206-0x0000000002F00000-0x000000000301B000-memory.dmp

C:\ProgramData\PowerGo 65.0 Build 2191 Essential\PowerGo 65.0 Build 2191 Essential.exe

MD5 a9420f8261620303f2ee9f74200911ff
SHA1 71c3edc7c7659e99deb16a2ab4db3d08e1fd64d5
SHA256 0360c5d4fb30150c8622d8d236260c1e704ef6fbbc9f331f881f1e79be963e7a
SHA512 adab8474ca480b0d0089c6b2cd4486878943028f4cc155004c19bed79c7187f4e62a1e297c29d0bfdca6ac8414391902818fe514ec513d15b191f26bb7716b5b

memory/4164-211-0x0000000000400000-0x0000000000790000-memory.dmp

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

MD5 95008781ffba2db943b3505c93dae543
SHA1 de9b2634830c9164f61acd6c3767c7f0affd12c2
SHA256 d1503f6217870da335ff81f71ecdb75788e094db51c13273e57cecc0b8803abd
SHA512 4fe68a90a7ee1d78dad8fef2ffd39f0c3927679634de878b48aa2c9a3ba59fbfe3b176b358ce38786900dbfba74ba18b7759c4582c8fcf40118bb8cdfccc685a

memory/2868-124-0x0000000000400000-0x0000000002D8C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 ebb513d4d6d769ae21e14c45f491ca1b
SHA1 5f97e01f98b58a17e538a71b81b7a24c999c1859
SHA256 5e467197e806babc85b146d0456992a2a72060494e4dd0a00dc05813f71381c6
SHA512 6e28db09bb87188eeb331f695e9505e80a06286191c29599d0d113e64013a818c0d537040eb527a5da4298adac057ae08928e84cca85d08301c9312e5da36a21

memory/2080-212-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Trafaret\trafaret.exe

MD5 f0d86c0e717a8cd47631afabb8e24c1c
SHA1 282199af28b772b80cdb7949f40af1f50c76af2f
SHA256 384ec800d3653d6230871c610a2ebd6a3f3eb64fce430dffc4b2f3b330fb8c0c
SHA512 fbd1403add83cba54afd64ce1126c742f3814d13093c3846701df4c7eacd283970c6f0edfc559b56f85b55aca093b673c85ef1084dcb170020e5fb3e6d3ca5e1

memory/3116-213-0x0000000000400000-0x0000000002D8C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nswA100.tmp

MD5 593c6bba2414d94e5e05d505074793dc
SHA1 1315c0ffbecf2e1eea0f5ac63adce7cc403ea9e8
SHA256 44a0af487346e24e3a06361a917a81ec151ddb8b7a1c558294cfc283a35ce4ec
SHA512 6e9d0191723db1caf54f50d1ba249079f74c0b8cdb745fefb283a248279375248c6ddc27f70b1887678c5e5e22fc9a58cec1a613e758b3a96d2c72a5b7da5257

memory/2868-220-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/2296-230-0x0000000000540000-0x0000000000541000-memory.dmp

memory/2296-229-0x0000000000400000-0x00000000004BC000-memory.dmp

memory/3140-231-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4932-232-0x00000000009F0000-0x00000000009F1000-memory.dmp

memory/3992-233-0x0000000002EC0000-0x0000000002FC0000-memory.dmp

memory/3992-234-0x00000000049A0000-0x00000000049D4000-memory.dmp

memory/936-237-0x0000000000400000-0x0000000000790000-memory.dmp

memory/3992-238-0x0000000000400000-0x0000000002D41000-memory.dmp

memory/4932-239-0x0000000000400000-0x00000000008E2000-memory.dmp

memory/2544-240-0x0000000002E70000-0x000000000375B000-memory.dmp

memory/2544-241-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/3140-242-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2544-243-0x0000000002960000-0x0000000002D63000-memory.dmp

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

memory/3992-245-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/2676-285-0x00000000047F0000-0x0000000004826000-memory.dmp

memory/2676-288-0x0000000004E60000-0x0000000005488000-memory.dmp

memory/3140-295-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2676-301-0x0000000004DE0000-0x0000000004E02000-memory.dmp

memory/2676-302-0x00000000056C0000-0x0000000005726000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wnzwpbz2.mpd.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2676-315-0x00000000027D0000-0x00000000027E0000-memory.dmp

memory/2676-314-0x00000000027D0000-0x00000000027E0000-memory.dmp

memory/2676-312-0x00000000737F0000-0x0000000073FA0000-memory.dmp

memory/2676-311-0x0000000005730000-0x0000000005796000-memory.dmp

memory/2676-320-0x0000000005A30000-0x0000000005D84000-memory.dmp

memory/2868-324-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/2676-331-0x0000000005DC0000-0x0000000005DDE000-memory.dmp

C:\ProgramData\nss3.dll

MD5 a375aa86bf140331b5a7c1cb4c9aa722
SHA1 9e1fae49a97dd1d20dee39de9ff40c3d7f4c1b74
SHA256 50b4671602fedc06351dad9e07084e875e0981359f3fbe2f129a8dc9df07c839
SHA512 2b9b1cd94fb53c837d0a60a28acb31095c51476fdb5e0bc42a9ad606f69e4394daeffa8b690b45fe0420ef1aee8c466312c72fbb6dc318baf0b0924a7e36ac8a

memory/2676-334-0x0000000005DE0000-0x0000000005E2C000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 138d29726947be96158d2a491a45a0fe
SHA1 37ca6437bc1a9f09ba03587b02c08c0049168933
SHA256 0bc515191604bea8537abca7d0e7ff7526b5a0210c42dde7f6d82f75cd74e4e9
SHA512 931b3fa4a7b85ed3033cd236d0882e798f387f5e4fc9f6fee8d0ee042a48c66037805e422b7b779f2ade42364b48fe3dfc6ca5a871ed2650eb88cf2fb0400491

C:\ProgramData\mozglue.dll

MD5 3c55279217cf056d6d92491368be1dd2
SHA1 857918b5e2dc3edd7c948d2384907423a87ce354
SHA256 678592d85bf3daec6ff984e607ab369e7705e6a5e6ad69a500957d084eff3b4e
SHA512 f3ef3ce5f9e71a17831c90fbdca1384cf69c0016805223a66f5f41e94ddd6b82f4ef0a501dedcebdd4065768ecd6d06eb39c4877768e17fce1a113de426825f8

memory/2676-356-0x0000000006310000-0x0000000006354000-memory.dmp

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

memory/3116-363-0x0000000002ED0000-0x0000000002FD0000-memory.dmp

memory/2676-365-0x00000000027D0000-0x00000000027E0000-memory.dmp

memory/2676-366-0x0000000006ED0000-0x0000000006F46000-memory.dmp

memory/2676-367-0x0000000007800000-0x0000000007E7A000-memory.dmp

memory/2676-368-0x0000000007180000-0x000000000719A000-memory.dmp

memory/2676-375-0x0000000007340000-0x0000000007372000-memory.dmp

memory/2676-374-0x000000007F980000-0x000000007F990000-memory.dmp

memory/2676-376-0x0000000074AE0000-0x0000000074B2C000-memory.dmp

memory/2676-387-0x0000000007320000-0x000000000733E000-memory.dmp

memory/2676-377-0x0000000071080000-0x00000000713D4000-memory.dmp

memory/2676-388-0x0000000007380000-0x0000000007423000-memory.dmp

memory/2676-390-0x0000000007460000-0x000000000746A000-memory.dmp

memory/3992-391-0x0000000000400000-0x0000000002D41000-memory.dmp

memory/2676-397-0x0000000007510000-0x00000000075A6000-memory.dmp

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 4c7354da7a33c3964f96f9e5eb04cf68
SHA1 b1a7c4088a12da765dc80ac5b95d7c5037989805
SHA256 c36c7f69bf4557b7e42bd9ea35121e7280c7678ae3799e724e2ad208041cb2aa
SHA512 08e00d02860818bd35842cd69636cff9730476fbf7958198c1a31d05670064e2a3f30d67e85d36194fda5b7b64d9331d258555ce466c00ccdfbc70384fa455d3

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

MD5 71f83edc33397e5ac273bc1db904ce74
SHA1 2a579055df187ade240efe08a4e22d5332c8086a
SHA256 6f29285f583516eb7a2c4d981d556cef2b369bb19214ac888393746797ee8e0e
SHA512 ad4992ebf8d50fc153a14df1e2aba9b60e1c634bba4aeb04bae4d299aa31124c94586b2495c27c5e618dcf2c5aa33e711b4e22fa0ae8f3d8d8f45dfc96ba53df

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 4825b0026a2794ac627592d6711470f2
SHA1 edd30c650a06daeb270d7e8a53ce18bf78a091fd
SHA256 216e68bb5c713a48c2b5ac3a9d2eb6e0e177c6156dbf250fb40bad1b74f1d81e
SHA512 82f205a6b93c9ae98f0825eb922bfc059b5d7324a69ea7b47fd70a78a54bfe6cd4460b64543654ca6ba7c6fc3d01b4e41e981f21dd46d2cba4d8b731699c1e06

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 ccb72e5f1c81cd629670cadc6356583c
SHA1 ee124fbc63ada85ca6009156071f3d6baf5eabfa
SHA256 af1f70d92498ab342e0735d31a6d8446ca17aefc5587b79501235cc22821d723
SHA512 e2ffda1b0173a6238caa7246b318144b61df74eeff9592e64049f8004ee323128641ea86c1ad4f9cfb7bc3a242ac061a3db1c325c0a0f8447438404d264f7f9e

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 f754cc39baa890846273d1ea3a9b8a9d
SHA1 d4c5dcfc61178ba11694a8acfb53cd86b92db79a
SHA256 8ead4dba48fbc4fc0ff0f4ffb9a739e3937d05e309b362f5ceafcf9f6b585acf
SHA512 8a2b45b173bd0bc28d02ae79c1779b4869fd71a845b81e71383f6b2a8a372482b738329119b31db862c13467a2717c3466bf9147f82ba11a60bb0a02aa50d75b

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 3d086a433708053f9bf9523e1d87a4e8
SHA1 b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28
SHA256 6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69
SHA512 931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 292d481372b526d65f627fc07340519a
SHA1 81c7d440c249b5a38b75416e414c22bda4460316
SHA256 833b322d419153758f3334f253f0b54efda3f584cc77cf8a1178ae0184911b56
SHA512 73204554a431d83a6d907441d82991196a4ec9839ac076f450c08ba0cab5ec36817d85b20a25fea5113efe6c4d40766f91bc52803ad4acf6392de67d86b7c1e8

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

MD5 7c17215818fa374e65035a11f14fdeb6
SHA1 dc018e7fd1446944cdcfde67d528915ad4616230
SHA256 210f3653ac48bebbaba1a6067a0741a8237bfceaa90fb0f18428e7c23478ecb8
SHA512 de8ad87faee6fc332ea9451c28b279b2f6a5a7caba2a5503f93bfb4d65e8eb9c67bd1bad8fbcc5d7476ed7737927492bf215f0f3e110e3d97f16d72b1f3733a3