Malware Analysis Report

2024-11-15 06:15

Sample ID 240225-fpkmfsch6t
Target 66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe
SHA256 66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3
Tags
smokeloader backdoor bootkit persistence trojan upx glupteba lumma stealc pub1 discovery dropper evasion loader stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3

Threat Level: Known bad

The file 66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe was found to be: Known bad.

Malicious Activity Summary

smokeloader backdoor bootkit persistence trojan upx glupteba lumma stealc pub1 discovery dropper evasion loader stealer

Glupteba

Glupteba payload

Lumma Stealer

Stealc

SmokeLoader

Detects executables containing URLs to raw contents of a Github gist

Detects executables containing artifacts associated with disabling Widnows Defender

UPX dump on OEP (original entry point)

Detects Windows executables referencing non-Windows User-Agents

Detects executables Discord URL observed in first stage droppers

Detects executables referencing many varying, potentially fake Windows User-Agents

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Detects executables packed with VMProtect.

Creates new service(s)

Downloads MZ/PE file

Contacts a large (569) amount of remote hosts

Stops running service(s)

Loads dropped DLL

Executes dropped EXE

UPX packed file

Deletes itself

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Program crash

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Uses Task Scheduler COM API

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-25 05:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 05:02

Reported

2024-02-25 05:05

Platform

win7-20240221-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe"

Signatures

SmokeLoader

trojan backdoor smokeloader

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7964.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS = "\"C:\\ProgramData\\Drivers\\csrss.exe\"" C:\Users\Admin\AppData\Local\Temp\7964.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\94B4.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2588 set thread context of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\9011.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1196 wrote to memory of 2588 N/A N/A C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 1196 wrote to memory of 2588 N/A N/A C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 1196 wrote to memory of 2588 N/A N/A C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 1196 wrote to memory of 2588 N/A N/A C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 2588 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\7964.exe C:\Users\Admin\AppData\Local\Temp\7964.exe
PID 1196 wrote to memory of 3032 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 3032 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 3032 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 3032 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1196 wrote to memory of 3032 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3032 wrote to memory of 2576 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3032 wrote to memory of 2576 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3032 wrote to memory of 2576 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3032 wrote to memory of 2576 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3032 wrote to memory of 2576 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3032 wrote to memory of 2576 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3032 wrote to memory of 2576 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1196 wrote to memory of 2608 N/A N/A C:\Users\Admin\AppData\Local\Temp\9011.exe
PID 1196 wrote to memory of 2608 N/A N/A C:\Users\Admin\AppData\Local\Temp\9011.exe
PID 1196 wrote to memory of 2608 N/A N/A C:\Users\Admin\AppData\Local\Temp\9011.exe
PID 1196 wrote to memory of 2608 N/A N/A C:\Users\Admin\AppData\Local\Temp\9011.exe
PID 1196 wrote to memory of 2060 N/A N/A C:\Users\Admin\AppData\Local\Temp\94B4.exe
PID 1196 wrote to memory of 2060 N/A N/A C:\Users\Admin\AppData\Local\Temp\94B4.exe
PID 1196 wrote to memory of 2060 N/A N/A C:\Users\Admin\AppData\Local\Temp\94B4.exe
PID 1196 wrote to memory of 2060 N/A N/A C:\Users\Admin\AppData\Local\Temp\94B4.exe
PID 2608 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\9011.exe C:\Windows\SysWOW64\WerFault.exe
PID 2608 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\9011.exe C:\Windows\SysWOW64\WerFault.exe
PID 2608 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\9011.exe C:\Windows\SysWOW64\WerFault.exe
PID 2608 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\9011.exe C:\Windows\SysWOW64\WerFault.exe
PID 1196 wrote to memory of 612 N/A N/A C:\Users\Admin\AppData\Local\Temp\13A4.exe
PID 1196 wrote to memory of 612 N/A N/A C:\Users\Admin\AppData\Local\Temp\13A4.exe
PID 1196 wrote to memory of 612 N/A N/A C:\Users\Admin\AppData\Local\Temp\13A4.exe
PID 1196 wrote to memory of 612 N/A N/A C:\Users\Admin\AppData\Local\Temp\13A4.exe
PID 1196 wrote to memory of 1944 N/A N/A C:\Users\Admin\AppData\Local\Temp\A1FF.exe
PID 1196 wrote to memory of 1944 N/A N/A C:\Users\Admin\AppData\Local\Temp\A1FF.exe
PID 1196 wrote to memory of 1944 N/A N/A C:\Users\Admin\AppData\Local\Temp\A1FF.exe
PID 1196 wrote to memory of 1944 N/A N/A C:\Users\Admin\AppData\Local\Temp\A1FF.exe
PID 1196 wrote to memory of 2948 N/A N/A C:\Users\Admin\AppData\Local\Temp\9E6.exe
PID 1196 wrote to memory of 2948 N/A N/A C:\Users\Admin\AppData\Local\Temp\9E6.exe
PID 1196 wrote to memory of 2948 N/A N/A C:\Users\Admin\AppData\Local\Temp\9E6.exe
PID 1196 wrote to memory of 2948 N/A N/A C:\Users\Admin\AppData\Local\Temp\9E6.exe
PID 1196 wrote to memory of 2948 N/A N/A C:\Users\Admin\AppData\Local\Temp\9E6.exe
PID 1196 wrote to memory of 2948 N/A N/A C:\Users\Admin\AppData\Local\Temp\9E6.exe
PID 1196 wrote to memory of 2948 N/A N/A C:\Users\Admin\AppData\Local\Temp\9E6.exe
PID 1196 wrote to memory of 2932 N/A N/A C:\Users\Admin\AppData\Local\Temp\52F8.exe
PID 1196 wrote to memory of 2932 N/A N/A C:\Users\Admin\AppData\Local\Temp\52F8.exe
PID 1196 wrote to memory of 2932 N/A N/A C:\Users\Admin\AppData\Local\Temp\52F8.exe
PID 1196 wrote to memory of 2932 N/A N/A C:\Users\Admin\AppData\Local\Temp\52F8.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe

"C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe"

C:\Users\Admin\AppData\Local\Temp\7964.exe

C:\Users\Admin\AppData\Local\Temp\7964.exe

C:\Users\Admin\AppData\Local\Temp\7964.exe

C:\Users\Admin\AppData\Local\Temp\7964.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\83E0.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\83E0.dll

C:\Users\Admin\AppData\Local\Temp\9011.exe

C:\Users\Admin\AppData\Local\Temp\9011.exe

C:\Users\Admin\AppData\Local\Temp\94B4.exe

C:\Users\Admin\AppData\Local\Temp\94B4.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 124

C:\Users\Admin\AppData\Local\Temp\13A4.exe

C:\Users\Admin\AppData\Local\Temp\13A4.exe

C:\Users\Admin\AppData\Local\Temp\A1FF.exe

C:\Users\Admin\AppData\Local\Temp\A1FF.exe

C:\Users\Admin\AppData\Local\Temp\9E6.exe

C:\Users\Admin\AppData\Local\Temp\9E6.exe

C:\Users\Admin\AppData\Local\Temp\52F8.exe

C:\Users\Admin\AppData\Local\Temp\52F8.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
GB 139.162.210.252:443 tcp
PL 51.68.141.70:443 tcp
DE 217.160.49.126:443 tcp
N/A 127.0.0.1:49225 tcp
DE 217.160.49.126:443 tcp
PL 51.68.141.70:443 tcp
US 8.8.8.8:53 gmbo.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 uzlomojedchbrjers.cem udp
US 8.8.8.8:53 fpj.cem.vz udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 gmbo.cem udp
US 8.8.8.8:53 fpj.cem.vz udp
US 8.8.8.8:53 fpj.cem.vz udp
US 8.8.8.8:53 uzlomojedchbrjers.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:49312 tcp
N/A 127.0.0.1:49319 tcp
N/A 127.0.0.1:49322 tcp
N/A 127.0.0.1:49325 tcp
N/A 127.0.0.1:49329 tcp
N/A 127.0.0.1:49331 tcp
N/A 127.0.0.1:49338 tcp
N/A 127.0.0.1:49347 tcp
N/A 127.0.0.1:49349 tcp
N/A 127.0.0.1:49352 tcp
N/A 127.0.0.1:49355 tcp
N/A 127.0.0.1:49358 tcp
N/A 127.0.0.1:49360 tcp
N/A 127.0.0.1:49364 tcp
N/A 127.0.0.1:49367 tcp
N/A 127.0.0.1:49381 tcp
N/A 127.0.0.1:49383 tcp
N/A 127.0.0.1:49387 tcp
N/A 127.0.0.1:49391 tcp
N/A 127.0.0.1:49395 tcp
N/A 127.0.0.1:49397 tcp
N/A 127.0.0.1:49399 tcp
N/A 127.0.0.1:49401 tcp
N/A 127.0.0.1:49403 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:49409 tcp
N/A 127.0.0.1:49425 tcp
N/A 127.0.0.1:49436 tcp
N/A 127.0.0.1:49438 tcp
N/A 127.0.0.1:49440 tcp
N/A 127.0.0.1:49455 tcp
N/A 127.0.0.1:49458 tcp
N/A 127.0.0.1:49460 tcp
N/A 127.0.0.1:49462 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:49468 tcp
N/A 127.0.0.1:49470 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49478 tcp
N/A 127.0.0.1:49482 tcp
N/A 127.0.0.1:49484 tcp
N/A 127.0.0.1:49486 tcp
N/A 127.0.0.1:49488 tcp
N/A 127.0.0.1:49490 tcp
N/A 127.0.0.1:49492 tcp
N/A 127.0.0.1:49493 tcp
N/A 127.0.0.1:49496 tcp
N/A 127.0.0.1:49498 tcp
N/A 127.0.0.1:49501 tcp
N/A 127.0.0.1:49504 tcp
N/A 127.0.0.1:49506 tcp
US 8.8.8.8:53 ybhee.cem.br udp
N/A 127.0.0.1:49513 tcp
N/A 127.0.0.1:49520 tcp
N/A 127.0.0.1:49535 tcp
N/A 127.0.0.1:49540 tcp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ybhee.cem udp
N/A 127.0.0.1:49548 tcp
N/A 127.0.0.1:49553 tcp
N/A 127.0.0.1:49557 tcp
US 8.8.8.8:53 redoffmbol.cem udp
N/A 127.0.0.1:49563 tcp
N/A 127.0.0.1:49566 tcp
N/A 127.0.0.1:49568 tcp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 ybhee.cem.br udp
US 8.8.8.8:53 sbrvbjbzokuzoversojy.bc.oz udp
US 8.8.8.8:53 redoffmbol.cem udp
N/A 127.0.0.1:49582 tcp
N/A 127.0.0.1:49585 tcp
N/A 127.0.0.1:49589 tcp
N/A 127.0.0.1:49593 tcp
N/A 127.0.0.1:49595 tcp
N/A 127.0.0.1:49599 tcp
N/A 127.0.0.1:49602 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:49605 tcp
N/A 127.0.0.1:49607 tcp
N/A 127.0.0.1:49619 tcp
N/A 127.0.0.1:49636 tcp
N/A 127.0.0.1:49638 tcp
N/A 127.0.0.1:49640 tcp
N/A 127.0.0.1:49642 tcp
N/A 127.0.0.1:49645 tcp
N/A 127.0.0.1:49647 tcp
N/A 127.0.0.1:49651 tcp
N/A 127.0.0.1:49654 tcp
N/A 127.0.0.1:49656 tcp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 sbrvbjbzokuzoversojy.bc.oz udp
N/A 127.0.0.1:49663 tcp
US 8.8.8.8:53 ybhee.cem udp
US 8.8.8.8:53 trmpc.com udp
US 8.8.8.8:53 ybhee.cem.br udp
KR 183.100.39.16:80 trmpc.com tcp
N/A 127.0.0.1:49666 tcp
N/A 127.0.0.1:49668 tcp
N/A 127.0.0.1:49670 tcp
N/A 127.0.0.1:49672 tcp
N/A 127.0.0.1:49674 tcp
N/A 127.0.0.1:49676 tcp
N/A 127.0.0.1:49678 tcp
N/A 127.0.0.1:49683 tcp
N/A 127.0.0.1:49685 tcp
N/A 127.0.0.1:49687 tcp
US 8.8.8.8:53 ybhee.cem.br udp
N/A 127.0.0.1:49702 tcp
N/A 127.0.0.1:49704 tcp
N/A 127.0.0.1:49706 tcp
N/A 127.0.0.1:49709 tcp
N/A 127.0.0.1:49713 tcp
N/A 127.0.0.1:49715 tcp
N/A 127.0.0.1:49720 tcp
N/A 127.0.0.1:49733 tcp
US 8.8.8.8:53 ybhee.cem.br udp
N/A 127.0.0.1:49743 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:49749 tcp
N/A 127.0.0.1:49751 tcp
N/A 127.0.0.1:49753 tcp
N/A 127.0.0.1:49755 tcp
N/A 127.0.0.1:49761 tcp
US 8.8.8.8:53 en.bestsup.su udp
US 104.21.29.103:80 en.bestsup.su tcp
N/A 127.0.0.1:49763 tcp
N/A 127.0.0.1:49766 tcp
N/A 127.0.0.1:49773 tcp
N/A 127.0.0.1:49776 tcp
N/A 127.0.0.1:49778 tcp
N/A 127.0.0.1:49785 tcp
N/A 127.0.0.1:49804 tcp
N/A 127.0.0.1:49806 tcp
N/A 127.0.0.1:49808 tcp
N/A 127.0.0.1:49810 tcp
N/A 127.0.0.1:49814 tcp
N/A 127.0.0.1:49816 tcp
N/A 127.0.0.1:49820 tcp
N/A 127.0.0.1:49825 tcp
N/A 127.0.0.1:49827 tcp
N/A 127.0.0.1:49830 tcp
N/A 127.0.0.1:49832 tcp
N/A 127.0.0.1:49834 tcp
US 8.8.8.8:53 bbckfremjhefujure.oe udp
N/A 127.0.0.1:49837 tcp
N/A 127.0.0.1:49839 tcp
N/A 127.0.0.1:49841 tcp
US 8.8.8.8:53 ybhee.cem.br udp
N/A 127.0.0.1:49845 tcp
N/A 127.0.0.1:49847 tcp
N/A 127.0.0.1:49849 tcp
N/A 127.0.0.1:49851 tcp
N/A 127.0.0.1:49853 tcp
N/A 127.0.0.1:49859 tcp
N/A 127.0.0.1:49863 tcp
N/A 127.0.0.1:49867 tcp
N/A 127.0.0.1:49880 tcp
N/A 127.0.0.1:49889 tcp
N/A 127.0.0.1:49895 tcp
N/A 127.0.0.1:49903 tcp
N/A 127.0.0.1:52639 tcp
N/A 127.0.0.1:49918 tcp
N/A 127.0.0.1:49924 tcp
N/A 127.0.0.1:49929 tcp
N/A 127.0.0.1:49931 tcp
US 8.8.8.8:53 ybhee.cem.br udp
N/A 127.0.0.1:49933 tcp
N/A 127.0.0.1:49936 tcp
N/A 127.0.0.1:49940 tcp
N/A 127.0.0.1:49942 tcp
N/A 127.0.0.1:49944 tcp
US 8.8.8.8:53 ybhee.cem.br udp
N/A 127.0.0.1:49955 tcp
N/A 127.0.0.1:49957 tcp
N/A 127.0.0.1:49959 tcp
N/A 127.0.0.1:49961 tcp
N/A 127.0.0.1:49963 tcp
N/A 127.0.0.1:49966 tcp
N/A 127.0.0.1:49968 tcp
N/A 127.0.0.1:49971 tcp

Files

memory/1960-1-0x0000000002E40000-0x0000000002F40000-memory.dmp

memory/1960-2-0x0000000000220000-0x000000000022B000-memory.dmp

memory/1960-3-0x0000000000400000-0x0000000002D3F000-memory.dmp

memory/1960-5-0x0000000000400000-0x0000000002D3F000-memory.dmp

memory/1196-4-0x0000000002DF0000-0x0000000002E06000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7964.exe

MD5 0c115f8bfa52df41bf55979e615fc9dc
SHA1 bab9e8ed03ada856024161c1455d2d188f82b507
SHA256 4e73110e33be1ae421aa3574b54826095efdc1000d15dd270e8204490b77e4c9
SHA512 51593bb257374b7258682775bba62e681ecaf6a1fb8255bcd1a00643a24f6520b055e2094549cb07596d845540c6c9e6387e6c9b6cdd36feacbd0fef4f762a5c

C:\Users\Admin\AppData\Local\Temp\7964.exe

MD5 b2fdceb3b4d53dab1f616ff2edaab2e5
SHA1 34cee87e40076f6cc103b54909274b2979d95c3a
SHA256 c282bf5d083bed9ea61133daf494f5bdaa15338c259fbe1189f2cd42e6ddeef8
SHA512 bc4a775ba9609c8d028d269cd55960bcf4cbffc4489773a3c8ad7491fa3a2546a9b7ff537cd23f1199792444d234ade1c83b171a2486c6691c8036c50ea89c2b

memory/2588-17-0x0000000004860000-0x0000000004A18000-memory.dmp

memory/2660-27-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2588-18-0x0000000004860000-0x0000000004A18000-memory.dmp

memory/2660-28-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-29-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2588-26-0x0000000004A20000-0x0000000004BD7000-memory.dmp

memory/2660-30-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7964.exe

MD5 147f5f5bbc80b2ad753993e15f3f32c2
SHA1 16d73b4abeef12cf76414338901eb7bbef46775f
SHA256 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990
SHA512 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6

memory/2660-31-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-23-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\83E0.dll

MD5 7f341437d787033f6b2e746037413de6
SHA1 3c41114a7782cabc996183faae3c8be2fad4613b
SHA256 de3307883a72f85e2f2caaa0a5dfa0e76f08136bfa7e2daf78e4b15cce4d0860
SHA512 8ab0900bd5ed08a01fd997e8b8a106ba3d553081508d3c29f3f47965e538af4c8aee5af09cd1622ecf43da677136165b8a6b266fd574c1353de28d97f4dd5ee4

\Users\Admin\AppData\Local\Temp\83E0.dll

MD5 783a0d04fa675e3ac921fc4db25e73f0
SHA1 7c44c426dbfeb53335d931c91d8e524ac155424b
SHA256 09da77eec8a7f70c6db57b0ce71e08e38031e9813ae6ca0ad45f5ddb7e866d61
SHA512 49a621e18a4db532259ee35728ce0b902b90a3a442e79718b792907cbdf01d6826b0892ca508cf06bbf9bcd03331fe0cb9c7a7a64ce1a442d20809efd422301d

memory/2576-39-0x0000000010000000-0x000000001020C000-memory.dmp

memory/2576-40-0x0000000000170000-0x0000000000176000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 101360b70d900277b1b8a1f08f4b1c48
SHA1 56e6ef73af3b7a161fe793db26df71784933706a
SHA256 5d5d1d2456e4d9b2d1364dfe298b77d11421d0427829749fbdb2d50aebecf387
SHA512 fc9c535513d1b3ee82ad219bff235936bec1a9b513bc9e1745762337670dcae96dc9c3d7107df092616ce7ec339f1b008e20100eaf5f30611652fc0c14a75b2d

memory/2576-50-0x0000000002640000-0x000000000277C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9011.exe

MD5 837c618c7cbbe1a6e0dd9abf561641f7
SHA1 6a946bc8320cb78b5208f3669a26cec5a097dc56
SHA256 76d8a3f96b4a49afb8097b79962e71cf8915c2a1afd5bf41ee5eba6feb3fb02e
SHA512 81cddf99feb6f78248b6d9a502b7f19eb8d51c7064a4582895b728b1e52a1e07d42154953c7f3c25c1c351ada15f20ebc7b577ef051d89901670d06f7918cbc5

memory/2576-57-0x0000000002780000-0x000000000289B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9011.exe

MD5 a47f852ec1363ba368d10d82d48086b7
SHA1 d39992b105554e54960331d23487c61e48b5436a
SHA256 b1039f60690875488a72bf9ad09c5839bebee60543d0c114f48b21c7664942ea
SHA512 df12746fd1d060b0eeb2c821185e14485b7758d41e4ea88223a938ea97cfd12f9cc28f6a7a27a3b96e0864bbf2218b7d68b56de557ec6ea4a800fce1a881c792

C:\Users\Admin\AppData\Local\Temp\94B4.exe

MD5 e6dd149f484e5dd78f545b026f4a1691
SHA1 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6
SHA256 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7
SHA512 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 4202ba85188d7d3de2aceaf6946e9cbc
SHA1 3384efbe793ceee5db864a79799f72edbe8b2227
SHA256 91976614c518436dc5ec512af78bbe6a661a1e07ec9ffcca90b4f8ec336d0735
SHA512 e9a165e01099c6367a12be24b5ffec5a3ac80f44751dad5be2f7c020322f1d3c0e9288c21594963cec88ee12ad5435feca9aa6c394478186ff5f81723a6dbe5c

memory/2060-70-0x0000000002EB0000-0x0000000002FB0000-memory.dmp

memory/2060-85-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/2608-88-0x0000000000FB0000-0x000000000185F000-memory.dmp

memory/2608-89-0x00000000000C0000-0x00000000000C1000-memory.dmp

memory/2060-83-0x0000000000220000-0x000000000028B000-memory.dmp

memory/2060-91-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/2660-93-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2608-92-0x00000000000C0000-0x00000000000C1000-memory.dmp

memory/2608-94-0x0000000077DB0000-0x0000000077DB1000-memory.dmp

memory/2576-97-0x0000000010000000-0x000000001020C000-memory.dmp

memory/2608-78-0x00000000000C0000-0x00000000000C1000-memory.dmp

memory/2608-98-0x00000000000D0000-0x00000000000D1000-memory.dmp

memory/2576-69-0x0000000002780000-0x000000000289B000-memory.dmp

memory/2660-99-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-100-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-104-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-105-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-108-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-110-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-114-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-118-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-125-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-131-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-135-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-133-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-132-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-130-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-128-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-126-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-123-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-122-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-117-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-116-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-115-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-111-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-109-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2660-106-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\13A4.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/612-223-0x0000000001080000-0x0000000001936000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\A1FF.exe

MD5 3893d9674f9791363d8f92edae4427a7
SHA1 93603d9de7c259c8437f320f032ba171be67e200
SHA256 ad3a5d32351e9b26a5206751e45f27bf4def2890008e573dce58c4e9791fdcce
SHA512 9918357b96ea5af2ec3f056c0d7c41a025558fba88d6ada2ade153dc5b944670acdcc0e1abc76e52d9a9186abd15345519802f605473bf4fb59c81f972a3a6d6

C:\Users\Admin\AppData\Local\Temp\9E6.exe

MD5 11eb0a10f78be46588571972a4c74a2e
SHA1 d72959bb548e3051b97e0f13643ee4ac47604624
SHA256 92842e4ce17c59ca055bf2399a15f31c2b238cb086d2159ea240febe939714ed
SHA512 4a9ff65cb7f21653911293429f7a42cb8a38a0e2ca0567e2b6f53b5707603bdc76d7cfec8b987cd73ce8c5f525f404861bb21620d6d01c97b0d797b880d9cb83

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-25 05:02

Reported

2024-02-25 05:05

Platform

win10v2004-20240221-en

Max time kernel

49s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe"

Signatures

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Windows executables referencing non-Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A

Detects executables Discord URL observed in first stage droppers

Description Indicator Process Target
N/A N/A N/A N/A

Detects executables containing URLs to raw contents of a Github gist

Description Indicator Process Target
N/A N/A N/A N/A

Detects executables containing artifacts associated with disabling Widnows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detects executables packed with VMProtect.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects executables referencing many varying, potentially fake Windows User-Agents

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Contacts a large (569) amount of remote hosts

discovery

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\126A.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1836 set thread context of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3376 wrote to memory of 1836 N/A N/A C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 3376 wrote to memory of 1836 N/A N/A C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 3376 wrote to memory of 1836 N/A N/A C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 1836 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\126A.exe C:\Users\Admin\AppData\Local\Temp\126A.exe
PID 3376 wrote to memory of 1840 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3376 wrote to memory of 1840 N/A N/A C:\Windows\system32\regsvr32.exe
PID 1840 wrote to memory of 3780 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1840 wrote to memory of 3780 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1840 wrote to memory of 3780 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3376 wrote to memory of 1064 N/A N/A C:\Users\Admin\AppData\Local\Temp\28D2.exe
PID 3376 wrote to memory of 1064 N/A N/A C:\Users\Admin\AppData\Local\Temp\28D2.exe
PID 3376 wrote to memory of 1064 N/A N/A C:\Users\Admin\AppData\Local\Temp\28D2.exe
PID 3376 wrote to memory of 4436 N/A N/A C:\Users\Admin\AppData\Local\Temp\2C8C.exe
PID 3376 wrote to memory of 4436 N/A N/A C:\Users\Admin\AppData\Local\Temp\2C8C.exe
PID 3376 wrote to memory of 4436 N/A N/A C:\Users\Admin\AppData\Local\Temp\2C8C.exe
PID 3376 wrote to memory of 4828 N/A N/A C:\Users\Admin\AppData\Local\Temp\3C5C.exe
PID 3376 wrote to memory of 4828 N/A N/A C:\Users\Admin\AppData\Local\Temp\3C5C.exe
PID 3376 wrote to memory of 4828 N/A N/A C:\Users\Admin\AppData\Local\Temp\3C5C.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe

"C:\Users\Admin\AppData\Local\Temp\66cab13aed3126ab1755e139bf5c2a9c7782dfd36ebeb7078045b5ec107dc4a3.exe"

C:\Users\Admin\AppData\Local\Temp\126A.exe

C:\Users\Admin\AppData\Local\Temp\126A.exe

C:\Users\Admin\AppData\Local\Temp\126A.exe

C:\Users\Admin\AppData\Local\Temp\126A.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1885.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\1885.dll

C:\Users\Admin\AppData\Local\Temp\28D2.exe

C:\Users\Admin\AppData\Local\Temp\28D2.exe

C:\Users\Admin\AppData\Local\Temp\2C8C.exe

C:\Users\Admin\AppData\Local\Temp\2C8C.exe

C:\Users\Admin\AppData\Local\Temp\3C5C.exe

C:\Users\Admin\AppData\Local\Temp\3C5C.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"

C:\Users\Admin\AppData\Local\Temp\4ECC.exe

C:\Users\Admin\AppData\Local\Temp\4ECC.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\5852.exe

C:\Users\Admin\AppData\Local\Temp\5852.exe

C:\Users\Admin\AppData\Local\Temp\5C8A.exe

C:\Users\Admin\AppData\Local\Temp\5C8A.exe

C:\Users\Admin\AppData\Local\Temp\is-PEBDU.tmp\5852.tmp

"C:\Users\Admin\AppData\Local\Temp\is-PEBDU.tmp\5852.tmp" /SL5="$A0054,4185251,54272,C:\Users\Admin\AppData\Local\Temp\5852.exe"

C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp

C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe

"C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe" -i

C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe

"C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe" -s

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3668 -ip 3668

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 540

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2184 -ip 2184

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 2336

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "UTIXDCVF"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "UTIXDCVF"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1268 -ip 1268

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 460

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 104.21.94.2:443 resergvearyinitiani.shop tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 104.21.80.118:443 technologyenterdo.shop tcp
US 8.8.8.8:53 2.94.21.104.in-addr.arpa udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 trmpc.com udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
KR 183.100.39.16:80 trmpc.com tcp
US 8.8.8.8:53 detectordiscusser.shop udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 118.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 16.39.100.183.in-addr.arpa udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 en.bestsup.su udp
US 172.67.171.112:80 en.bestsup.su tcp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 112.171.67.172.in-addr.arpa udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
DE 185.172.128.127:80 185.172.128.127 tcp
US 8.8.8.8:53 127.128.172.185.in-addr.arpa udp
CH 46.19.141.85:8100 tcp
DE 142.93.169.197:9001 tcp
DE 185.172.128.145:80 185.172.128.145 tcp
US 8.8.8.8:53 197.169.93.142.in-addr.arpa udp
US 8.8.8.8:53 145.128.172.185.in-addr.arpa udp
DE 136.243.92.194:9001 tcp
FI 135.181.213.167:9200 tcp
US 8.8.8.8:53 194.92.243.136.in-addr.arpa udp
US 8.8.8.8:53 167.213.181.135.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
DE 136.243.92.194:9001 tcp
FI 135.181.213.167:9200 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 slicerr.net udp
US 8.8.8.8:53 bestbusinessideas.net udp
US 8.8.8.8:53 tegalpools.net udp
US 8.8.8.8:53 tuabogadomigratorio.net udp
DE 81.169.145.72:80 slicerr.net tcp
US 8.8.8.8:53 cannaboostcbdgummies.net udp
US 8.8.8.8:53 abundancemarketinginc.net udp
SG 68.178.236.110:80 tegalpools.net tcp
US 216.239.34.21:443 tuabogadomigratorio.net tcp
US 8.8.8.8:53 firststreetplazaeaton.net udp
US 8.8.8.8:53 streamindiaapkdownload.net udp
US 8.8.8.8:53 dermaclearantiagingcream.net udp
US 162.144.14.245:443 cannaboostcbdgummies.net tcp
US 8.8.8.8:53 presentes-de-produtoscom.net udp
US 8.8.8.8:53 amenajarirenovariinterioare.net udp
IN 134.209.145.114:443 streamindiaapkdownload.net tcp
US 70.40.220.126:443 abundancemarketinginc.net tcp
US 66.235.200.145:443 firststreetplazaeaton.net tcp
US 8.8.8.8:53 nbvo.org udp
US 8.8.8.8:53 72.145.169.81.in-addr.arpa udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 w4dt.org udp
US 50.87.150.117:443 dermaclearantiagingcream.net tcp
US 143.95.32.79:80 amenajarirenovariinterioare.net tcp
BR 45.152.46.138:443 presentes-de-produtoscom.net tcp
US 8.8.8.8:53 coyl.org udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 8.8.8.8:53 a3psm.org udp
US 50.87.180.87:443 nbvo.org tcp
US 8.8.8.8:53 acstp.org udp
US 8.8.8.8:53 aiwiz.org udp
US 8.8.8.8:53 aleih.org udp
US 172.67.181.150:443 coyl.org tcp
FR 89.116.147.188:443 a3psm.org tcp
US 8.8.8.8:53 ancwl.org udp
US 162.254.39.93:443 acstp.org tcp
US 8.8.8.8:53 nihit.org udp
US 8.8.8.8:53 245.14.144.162.in-addr.arpa udp
US 8.8.8.8:53 145.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 126.220.40.70.in-addr.arpa udp
US 8.8.8.8:53 33.64.42.5.in-addr.arpa udp
US 8.8.8.8:53 117.150.87.50.in-addr.arpa udp
US 8.8.8.8:53 79.32.95.143.in-addr.arpa udp
US 8.8.8.8:53 138.46.152.45.in-addr.arpa udp
US 8.8.8.8:53 87.180.87.50.in-addr.arpa udp
US 8.8.8.8:53 tcpse.org udp
US 8.8.8.8:53 puccc.org udp
US 8.8.8.8:53 tvcnj.org udp
US 8.8.8.8:53 ufav2.org udp
US 8.8.8.8:53 elapo.org udp
US 162.241.24.173:443 aiwiz.org tcp
US 8.8.8.8:53 taff2.org udp
US 138.128.191.138:443 aleih.org tcp
US 8.8.8.8:53 isshr.org udp
US 8.8.8.8:53 nailli.org udp
US 66.235.200.147:80 tcpse.org tcp
ZA 41.222.34.14:443 ancwl.org tcp
US 208.97.152.71:443 nihit.org tcp
US 8.8.8.8:53 adepos.org udp
US 198.54.116.158:443 puccc.org tcp
US 8.8.8.8:53 jcmcoh.org udp
US 162.241.217.135:443 tvcnj.org tcp
US 172.67.181.195:443 ufav2.org tcp
US 8.8.8.8:53 150.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 188.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 93.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 173.24.241.162.in-addr.arpa udp
US 104.21.18.71:443 elapo.org tcp
US 8.8.8.8:53 www.arbemo.org udp
US 160.153.0.39:443 taff2.org tcp
US 131.186.3.178:443 isshr.org tcp
LT 84.32.84.32:443 nailli.org tcp
US 8.8.8.8:53 mgdphb.org udp
US 8.8.8.8:53 arepso.org udp
US 8.8.8.8:53 topguy.org udp
US 164.52.146.195:443 jcmcoh.org tcp
ZA 156.38.230.107:443 adepos.org tcp
US 8.8.8.8:53 mialin.org udp
US 8.8.8.8:53 kingm4.org udp
US 8.8.8.8:53 www.elapo.org udp
US 108.163.201.34:443 www.arbemo.org tcp
US 162.254.39.113:443 mgdphb.org tcp
DE 194.163.180.153:80 arepso.org tcp
US 8.8.8.8:53 stpllc.org udp
US 8.8.8.8:53 www.fr-cni.org udp
US 8.8.8.8:53 funaki.org udp
US 8.8.8.8:53 147.200.235.66.in-addr.arpa udp
US 8.8.8.8:53 138.191.128.138.in-addr.arpa udp
US 8.8.8.8:53 71.152.97.208.in-addr.arpa udp
US 8.8.8.8:53 14.34.222.41.in-addr.arpa udp
US 8.8.8.8:53 158.116.54.198.in-addr.arpa udp
US 8.8.8.8:53 195.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 71.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 135.217.241.162.in-addr.arpa udp
US 8.8.8.8:53 39.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 32.84.32.84.in-addr.arpa udp
US 8.8.8.8:53 178.3.186.131.in-addr.arpa udp
US 162.254.39.111:80 topguy.org tcp
US 172.67.208.109:443 mialin.org tcp
US 8.8.8.8:53 totoin.org udp
US 104.21.18.71:443 www.elapo.org tcp
US 172.67.207.223:443 kingm4.org tcp
US 154.56.47.80:443 stpllc.org tcp
US 8.8.8.8:53 abwabcc.org udp
US 8.8.8.8:53 acl-sjm.org udp
US 8.8.8.8:53 wankbot.org udp
US 8.8.8.8:53 mofthgo.org udp
US 8.8.8.8:53 www.jcmcoh.org udp
US 8.8.8.8:53 ikatomi.org udp
JP 49.212.221.152:443 funaki.org tcp
US 8.8.8.8:53 kaigaya.org udp
US 8.8.8.8:53 tmwhats.org udp
US 8.8.8.8:53 proeval.org udp
FR 109.234.165.168:443 www.fr-cni.org tcp
US 172.67.150.197:443 totoin.org tcp
LU 217.70.186.103:443 acl-sjm.org tcp
US 8.8.8.8:53 195.146.52.164.in-addr.arpa udp
US 8.8.8.8:53 34.201.163.108.in-addr.arpa udp
US 8.8.8.8:53 107.230.38.156.in-addr.arpa udp
US 8.8.8.8:53 153.180.163.194.in-addr.arpa udp
US 8.8.8.8:53 113.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 109.208.67.172.in-addr.arpa udp
US 8.8.8.8:53 111.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 223.207.67.172.in-addr.arpa udp
US 8.8.8.8:53 80.47.56.154.in-addr.arpa udp
US 164.52.146.195:443 www.jcmcoh.org tcp
US 172.67.213.212:443 wankbot.org tcp
ID 153.92.11.8:80 ikatomi.org tcp
US 172.67.151.230:443 tmwhats.org tcp
US 8.8.8.8:53 jbonews.org udp
US 8.8.8.8:53 myinhue.org udp
US 8.8.8.8:53 lutikhd.org udp
US 8.8.8.8:53 mrhfood.org udp
US 192.232.249.212:443 abwabcc.org tcp
US 8.8.8.8:53 gosetgo.org udp
US 8.8.8.8:53 elektri.org udp
US 8.8.8.8:53 irtibat.org udp
JP 157.7.184.35:443 kaigaya.org tcp
US 8.8.8.8:53 2slgbtqi.org udp
US 8.8.8.8:53 pmglobal.org udp
US 162.144.14.104:443 proeval.org tcp
US 8.8.8.8:53 luckyjob.org udp
US 104.21.63.225:443 lutikhd.org tcp
US 8.8.8.8:53 e3ghana.org udp
US 172.67.223.105:80 mrhfood.org tcp
US 8.8.8.8:53 152.221.212.49.in-addr.arpa udp
US 8.8.8.8:53 197.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 168.165.234.109.in-addr.arpa udp
US 8.8.8.8:53 103.186.70.217.in-addr.arpa udp
US 8.8.8.8:53 212.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 230.151.67.172.in-addr.arpa udp
HK 103.21.220.17:443 luckyjob.org tcp
US 8.8.8.8:53 slimketo.org udp
US 173.255.194.246:443 jbonews.org tcp
US 8.8.8.8:53 suhendar.org udp
US 192.254.232.58:443 gosetgo.org tcp
US 208.113.188.124:443 elektri.org tcp
US 8.8.8.8:53 pmcorner.org udp
US 8.8.8.8:53 gidonline.rip udp
US 8.8.8.8:53 krcconta.org udp
US 8.8.8.8:53 biz-feed.org udp
US 106.0.62.83:443 newrun4u.org tcp
US 104.21.45.210:443 wordmate.org tcp
US 8.8.8.8:53 inewshub.org udp
US 8.8.8.8:53 purbayan.org udp
US 162.241.218.28:443 pmglobal.org tcp
US 8.8.8.8:53 toebeans.org udp
US 8.8.8.8:53 chumatec.org udp
HK 103.21.220.17:443 luckyjob.org tcp
US 162.241.85.121:443 2slgbtqi.org tcp
US 8.8.8.8:53 8.11.92.153.in-addr.arpa udp
US 8.8.8.8:53 212.249.232.192.in-addr.arpa udp
US 8.8.8.8:53 225.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 105.223.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.14.144.162.in-addr.arpa udp
US 8.8.8.8:53 35.184.7.157.in-addr.arpa udp
US 8.8.8.8:53 246.194.255.173.in-addr.arpa udp
US 8.8.8.8:53 17.220.21.103.in-addr.arpa udp
ID 153.92.13.69:443 suhendar.org tcp
US 8.8.8.8:53 day-drink.weeblyte.com udp
US 8.8.8.8:53 www.nihit.org udp
US 8.8.8.8:53 pretty68.org udp
US 104.21.92.179:443 gidonline.rip tcp
US 104.21.77.244:443 biz-feed.org tcp
US 8.8.8.8:53 rbftracker.org udp
US 192.232.219.77:443 slimketo.org tcp
US 162.241.159.130:443 moose252.org tcp
LU 198.251.84.110:80 chumatec.org tcp
TH 147.50.227.16:443 pmcorner.org tcp
US 8.8.8.8:53 lava88game.org udp
US 8.8.8.8:53 broker-pro.org udp
US 8.8.8.8:53 libertnet.org udp
US 8.8.8.8:53 asian-spicy.weeblyte.com udp
US 8.8.8.8:53 cgecglobal.org udp
US 8.8.8.8:53 edenmedia.org udp
US 106.0.62.83:443 inewshub.org tcp
US 104.21.50.58:443 pretty68.org tcp
US 8.8.8.8:53 124.188.113.208.in-addr.arpa udp
US 8.8.8.8:53 58.232.254.192.in-addr.arpa udp
US 8.8.8.8:53 210.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 83.62.0.106.in-addr.arpa udp
US 8.8.8.8:53 28.218.241.162.in-addr.arpa udp
US 8.8.8.8:53 121.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 fchristman.org udp
US 172.67.152.191:443 asian-spicy.weeblyte.com tcp
US 8.8.8.8:53 realrating.org udp
US 8.8.8.8:53 linkflow.ai udp
US 208.97.152.71:443 www.nihit.org tcp
US 63.250.43.12:80 toebeans.org tcp
US 8.8.8.8:53 www.tyriancoin.org udp
US 8.8.8.8:53 roarhawaii.org udp
US 8.8.8.8:53 robertrome.org udp
US 8.8.8.8:53 getrichway.org udp
US 8.8.8.8:53 kyarvtrail.org udp
US 8.8.8.8:53 whichrobot.org udp
US 8.8.8.8:53 acobio2d-mg.org udp
US 8.8.8.8:53 coffeecraze.org udp
US 8.8.8.8:53 sbccphotos.org udp
US 8.8.8.8:53 longleafumc.org udp
US 104.21.31.78:443 lava88game.org tcp
DE 212.224.112.219:443 broker-pro.org tcp
US 8.8.8.8:53 pkgbusiness.org udp
BR 45.132.157.2:443 cgecglobal.org tcp
US 154.41.231.65:443 libertnet.org tcp
FR 91.216.107.79:443 edenmedia.org tcp
US 23.185.0.2:443 rbftracker.org tcp
US 8.8.8.8:53 69.13.92.153.in-addr.arpa udp
US 8.8.8.8:53 179.92.21.104.in-addr.arpa udp
US 8.8.8.8:53 244.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 77.219.232.192.in-addr.arpa udp
US 8.8.8.8:53 110.84.251.198.in-addr.arpa udp
US 8.8.8.8:53 130.159.241.162.in-addr.arpa udp
US 8.8.8.8:53 16.227.50.147.in-addr.arpa udp
US 8.8.8.8:53 plus-studio.org udp
ES 217.76.150.56:443 fchristman.org tcp
US 8.8.8.8:53 ecuaexterior.org udp
US 8.8.8.8:53 www.floresdeamor.org udp
US 172.67.152.191:443 asian-spicy.weeblyte.com tcp
US 8.8.8.8:53 fundacioncle.org udp
US 35.229.21.161:80 robertrome.org tcp
US 104.131.57.184:443 roarhawaii.org tcp
US 104.21.59.53:443 www.tyriancoin.org tcp
US 104.21.60.7:443 realrating.org tcp
US 104.21.50.172:443 linkflow.ai tcp
US 151.101.66.159:443 kyarvtrail.org tcp
HK 103.21.220.17:443 getrichway.org tcp
GB 178.159.5.244:443 acobio2d-mg.org tcp
US 104.21.20.223:443 coffeecraze.org tcp
US 8.8.8.8:53 www.myafrolegacy.org udp
US 8.8.8.8:53 dl-consults.com udp
US 8.8.8.8:53 mydreammean.com udp
TR 89.252.186.67:80 whichrobot.org tcp
LU 198.251.84.110:443 chumatec.org tcp
US 8.8.8.8:53 58.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 191.152.67.172.in-addr.arpa udp
US 68.66.200.209:443 sbccphotos.org tcp
US 8.8.8.8:53 12.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 78.31.21.104.in-addr.arpa udp
US 8.8.8.8:53 naturedotee.com udp
US 8.8.8.8:53 offercerles.com udp
US 8.8.8.8:53 himasiaction.org udp
US 208.76.80.43:443 plus-studio.org tcp
US 131.153.147.50:443 pkgbusiness.org tcp
US 8.8.8.8:53 nickelemporium.com udp
US 8.8.8.8:53 ninfaestilista.com udp
US 8.8.8.8:53 norofohamilton.com udp
DE 35.246.171.25:80 fundacioncle.org tcp
CA 15.235.86.237:443 www.floresdeamor.org tcp
US 8.8.8.8:53 orientationatx.com udp
US 8.8.8.8:53 patisseriekiho.com udp
US 216.253.72.96:443 longleafumc.org tcp
FI 95.216.88.83:443 www.myafrolegacy.org tcp
US 198.54.116.189:443 dl-consults.com tcp
US 8.8.8.8:53 perfilmentoria.com udp
US 8.8.8.8:53 tyriancoin.org udp
US 8.8.8.8:53 219.112.224.212.in-addr.arpa udp
US 8.8.8.8:53 2.0.185.23.in-addr.arpa udp
US 8.8.8.8:53 79.107.216.91.in-addr.arpa udp
US 8.8.8.8:53 2.157.132.45.in-addr.arpa udp
US 8.8.8.8:53 56.150.76.217.in-addr.arpa udp
US 8.8.8.8:53 53.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 7.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 172.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 159.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 223.20.21.104.in-addr.arpa udp
US 8.8.8.8:53 184.57.131.104.in-addr.arpa udp
US 8.8.8.8:53 161.21.229.35.in-addr.arpa udp
US 8.8.8.8:53 67.186.252.89.in-addr.arpa udp
US 8.8.8.8:53 209.200.66.68.in-addr.arpa udp
US 162.0.209.33:443 naturedotee.com tcp
US 8.8.8.8:53 pettoyskingdom.com udp
SG 45.130.231.217:80 himasiaction.org tcp
ES 185.156.219.152:443 ecuaexterior.org tcp
US 8.8.8.8:53 openhearthands.com udp
IT 179.43.152.162:443 norofohamilton.com tcp
ES 185.209.60.236:443 ninfaestilista.com tcp
US 8.8.8.8:53 pkbmsugihmukti.com udp
US 8.8.8.8:53 www.planetsolarity.com udp
US 172.67.171.139:443 mydreammean.com tcp
US 162.241.219.11:80 nickelemporium.com tcp
US 8.8.8.8:53 plantasicartsa.com udp
US 8.8.8.8:53 pequenoscheffs.com udp
US 8.8.8.8:53 playboyblogger.com udp
US 8.8.8.8:53 pokraskadiskov.com udp
US 8.8.8.8:53 politicasdocus.com udp
US 8.8.8.8:53 www.princessetatoo.com udp
US 8.8.8.8:53 publishmycraft.com udp
US 8.8.8.8:53 www.pronktech.com udp
US 209.182.203.21:443 pettoyskingdom.com tcp
BR 82.180.153.132:443 perfilmentoria.com tcp
US 8.8.8.8:53 pulp-ecodesign.com udp
US 8.8.8.8:53 internationalcollectionagencyservices-usa-taiwan.com udp
US 8.8.8.8:53 50.147.153.131.in-addr.arpa udp
US 8.8.8.8:53 43.80.76.208.in-addr.arpa udp
US 8.8.8.8:53 244.5.159.178.in-addr.arpa udp
US 8.8.8.8:53 25.171.246.35.in-addr.arpa udp
US 8.8.8.8:53 internationalcollectionagencyservicee-usa-germany.com udp
US 8.8.8.8:53 internationalcollectionagencyservices-usa-belgium.com udp
US 8.8.8.8:53 internationalcollectionagencyservices-usa-germany.com udp
US 8.8.8.8:53 internationalcollectionagencyservices-usa-ireland.com udp
US 8.8.8.8:53 aimcarromapk.net udp
US 8.8.8.8:53 cortexideals.net udp
US 8.8.8.8:53 citytraveler.net udp
US 8.8.8.8:53 customisable.net udp
US 8.8.8.8:53 doctruyen14s.net udp
US 8.8.8.8:53 efectoventas.net udp
US 104.21.59.53:443 tyriancoin.org tcp
US 35.229.21.161:443 robertrome.org tcp
SG 83.136.216.129:443 pkbmsugihmukti.com tcp
US 212.227.236.232:443 www.planetsolarity.com tcp
UA 185.68.16.65:443 pokraskadiskov.com tcp
US 8.8.8.8:53 futbolablogs.net udp
US 8.8.8.8:53 237.86.235.15.in-addr.arpa udp
US 8.8.8.8:53 96.72.253.216.in-addr.arpa udp
US 8.8.8.8:53 83.88.216.95.in-addr.arpa udp
US 8.8.8.8:53 189.116.54.198.in-addr.arpa udp
US 8.8.8.8:53 33.209.0.162.in-addr.arpa udp
US 8.8.8.8:53 152.219.156.185.in-addr.arpa udp
US 8.8.8.8:53 162.152.43.179.in-addr.arpa udp
US 8.8.8.8:53 236.60.209.185.in-addr.arpa udp
US 8.8.8.8:53 139.171.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.231.130.45.in-addr.arpa udp
US 8.8.8.8:53 11.219.241.162.in-addr.arpa udp
US 8.8.8.8:53 harfordhouse.net udp
US 8.8.8.8:53 hobbiesstore.net udp
US 8.8.8.8:53 www.ma-pharmacie.net udp
US 8.8.8.8:53 marcoantonio.net udp
US 8.8.8.8:53 namensschild.net udp
KR 183.111.183.78:443 patisseriekiho.com tcp
US 154.49.142.141:443 pulp-ecodesign.com tcp
DE 35.246.171.25:443 fundacioncle.org tcp
US 152.199.21.175:443 www.pilzbioscience.com tcp
US 89.117.139.61:443 openhearthands.com tcp
BR 154.49.247.71:443 pequenoscheffs.com tcp
FR 51.91.236.193:443 www.princessetatoo.com tcp
IN 154.41.233.71:443 playboyblogger.com tcp
US 31.170.162.35:80 politicasdocus.com tcp
US 104.245.36.128:443 www.pronktech.com tcp
US 8.8.8.8:53 offgridwater.net udp
US 8.8.8.8:53 podersedutor.net udp
US 68.178.207.174:443 internationalcollectionagencyservices-usa-ireland.com tcp
US 8.8.8.8:53 samuelsantos.net udp
US 8.8.8.8:53 lafayetteweb.net udp
US 68.178.207.174:443 internationalcollectionagencyservices-usa-ireland.com tcp
US 68.178.207.174:443 internationalcollectionagencyservices-usa-ireland.com tcp
US 8.8.8.8:53 myhappypuppys.net udp
US 8.8.8.8:53 mubarakclinic.net udp
US 8.8.8.8:53 soultranscend.net udp
US 68.178.207.174:443 internationalcollectionagencyservices-usa-ireland.com tcp
US 31.170.166.127:443 efectoventas.net tcp
US 172.67.186.59:443 cortexideals.net tcp
US 68.178.207.174:443 internationalcollectionagencyservices-usa-ireland.com tcp
IN 3.109.84.85:443 customisable.net tcp
US 104.21.12.125:443 aimcarromapk.net tcp
US 172.67.165.145:443 doctruyen14s.net tcp
US 172.67.173.152:443 citytraveler.net tcp
US 162.144.13.43:443 futbolablogs.net tcp
FR 109.234.164.103:443 www.ma-pharmacie.net tcp
US 160.153.0.22:443 harfordhouse.net tcp
US 8.8.8.8:53 21.203.182.209.in-addr.arpa udp
BR 154.49.247.253:443 samuelsantos.net tcp
US 8.8.8.8:53 232.236.227.212.in-addr.arpa udp
US 8.8.8.8:53 132.153.180.82.in-addr.arpa udp
US 8.8.8.8:53 sproutsgarden.net udp
US 8.8.8.8:53 superpflaster.net udp
DE 45.153.58.158:443 namensschild.net tcp
US 50.6.138.180:443 marcoantonio.net tcp
GB 154.49.138.249:443 hobbiesstore.net tcp
US 8.8.8.8:53 thetimexperts.net udp
US 8.8.8.8:53 www.pokraskadiskov.com udp
US 8.8.8.8:53 vitababygotas.net udp
US 8.8.8.8:53 it-richtlinien.de udp
US 8.8.8.8:53 japanesefrench.net udp
US 8.8.8.8:53 lovethemenough.net udp
US 8.8.8.8:53 65.16.68.185.in-addr.arpa udp
US 8.8.8.8:53 129.216.136.83.in-addr.arpa udp
US 8.8.8.8:53 141.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 193.236.91.51.in-addr.arpa udp
US 8.8.8.8:53 35.162.170.31.in-addr.arpa udp
US 8.8.8.8:53 78.183.111.183.in-addr.arpa udp
US 8.8.8.8:53 61.139.117.89.in-addr.arpa udp
US 8.8.8.8:53 nhacaiuytin-vn.net udp
US 50.87.170.12:80 lafayetteweb.net tcp
LT 185.229.114.10:443 myhappypuppys.net tcp
US 74.208.236.120:80 mubarakclinic.net tcp
US 8.8.8.8:53 oyagame-kogame.net udp
US 8.8.8.8:53 spiderclothing.net udp
US 8.8.8.8:53 www.norofohamilton.com udp
GB 77.72.1.48:443 offgridwater.net tcp
DE 217.160.0.229:443 soultranscend.net tcp
US 50.6.138.176:443 podersedutor.net tcp
US 8.8.8.8:53 wildwildscience.net udp
US 8.8.8.8:53 tcentertainment.net udp
BR 154.49.247.37:443 vitababygotas.net tcp
DE 85.13.133.106:443 it-richtlinien.de tcp
UA 185.68.16.65:443 www.pokraskadiskov.com tcp
US 8.8.8.8:53 creativecapsules.net udp
CH 83.166.133.59:443 japanesefrench.net tcp
US 192.232.251.76:443 lovethemenough.net tcp
US 72.52.196.145:443 sproutsgarden.net tcp
US 8.8.8.8:53 thawacreativeideas.net udp
US 149.100.151.230:443 thetimexperts.net tcp
US 8.8.8.8:53 128.36.245.104.in-addr.arpa udp
US 8.8.8.8:53 71.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 71.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 59.186.67.172.in-addr.arpa udp
US 8.8.8.8:53 125.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 145.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 152.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 127.166.170.31.in-addr.arpa udp
US 8.8.8.8:53 85.84.109.3.in-addr.arpa udp
US 8.8.8.8:53 43.13.144.162.in-addr.arpa udp
US 8.8.8.8:53 22.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 103.164.234.109.in-addr.arpa udp
US 8.8.8.8:53 158.58.153.45.in-addr.arpa udp
US 8.8.8.8:53 249.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 253.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 180.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 48.1.72.77.in-addr.arpa udp
US 8.8.8.8:53 229.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 120.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 12.170.87.50.in-addr.arpa udp
SG 156.67.222.85:443 oyagame-kogame.net tcp
US 8.8.8.8:53 www.anlayarakhizliokuma.net udp
US 104.21.60.165:443 spiderclothing.net tcp
IT 179.43.152.162:443 www.norofohamilton.com tcp
US 172.67.153.80:80 nhacaiuytin-vn.net tcp
US 8.8.8.8:53 www.namensschild.net udp
US 8.8.8.8:53 casinobahissiteleri.net udp
US 8.8.8.8:53 healyourinnercritic.net udp
US 162.241.224.194:443 wildwildscience.net tcp
IN 89.117.27.200:443 tcentertainment.net tcp
US 8.8.8.8:53 mountainviewcompany.net udp
US 8.8.8.8:53 reinoanimalcanarias.net udp
US 8.8.8.8:53 anaximandersfragment.net udp
US 8.8.8.8:53 aktuelle-nachrichten.net udp
BR 45.152.44.133:443 thawacreativeideas.net tcp
US 8.8.8.8:53 chippewaequine.org udp
US 8.8.8.8:53 dmccareexpress.org udp
US 8.8.8.8:53 www.elleiraalecole.org udp
US 8.8.8.8:53 gardnercollege.org udp
US 8.8.8.8:53 kdm1aresources.org udp
US 8.8.8.8:53 liftdetoxblack.org udp
GB 145.14.153.243:443 healyourinnercritic.net tcp
US 8.8.8.8:53 176.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 37.247.49.154.in-addr.arpa udp
DE 45.153.58.158:443 www.namensschild.net tcp
US 8.8.8.8:53 106.133.13.85.in-addr.arpa udp
US 8.8.8.8:53 59.133.166.83.in-addr.arpa udp
US 8.8.8.8:53 76.251.232.192.in-addr.arpa udp
US 8.8.8.8:53 145.196.52.72.in-addr.arpa udp
US 8.8.8.8:53 10.114.229.185.in-addr.arpa udp
US 8.8.8.8:53 onthewaytowing.org udp
US 8.8.8.8:53 get-more-sales.org udp
US 8.8.8.8:53 miradasconalma.org udp
US 8.8.8.8:53 sigarety-optom.org udp
US 162.241.22.14:443 creativecapsules.net tcp
US 82.180.170.54:443 mountainviewcompany.net tcp
US 172.67.165.116:443 www.elleiraalecole.org tcp
US 104.21.54.63:443 dmccareexpress.org tcp
US 104.21.67.163:443 gardnercollege.org tcp
US 8.8.8.8:53 stadepadouevdm.org udp
US 160.153.0.160:443 chippewaequine.org tcp
US 162.241.63.15:443 liftdetoxblack.org tcp
US 8.8.8.8:53 stewardshipdev.org udp
US 8.8.8.8:53 successsynergy.org udp
US 160.153.0.106:443 kdm1aresources.org tcp
US 8.8.8.8:53 thenepaldigest.org udp
US 8.8.8.8:53 theologydegree.org udp
US 8.8.8.8:53 thepeoplesrico.org udp
US 8.8.8.8:53 tipslivecasino.org udp
TR 5.2.85.171:443 www.anlayarakhizliokuma.net tcp
US 8.8.8.8:53 230.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 165.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 80.153.67.172.in-addr.arpa udp
US 8.8.8.8:53 85.222.67.156.in-addr.arpa udp
US 8.8.8.8:53 200.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 133.44.152.45.in-addr.arpa udp
US 8.8.8.8:53 243.153.14.145.in-addr.arpa udp
US 8.8.8.8:53 194.224.241.162.in-addr.arpa udp
DE 85.13.150.185:443 aktuelle-nachrichten.net tcp
US 8.8.8.8:53 umarfeminismos.org udp
NL 75.102.57.42:443 reinoanimalcanarias.net tcp
US 104.21.63.6:443 casinobahissiteleri.net tcp
US 172.67.186.31:443 anaximandersfragment.net tcp
DE 85.13.164.226:443 get-more-sales.org tcp
NL 198.20.105.89:80 sigarety-optom.org tcp
US 172.67.130.83:443 miradasconalma.org tcp
US 8.8.8.8:53 wanderandabout.org udp
US 69.16.226.27:443 onthewaytowing.org tcp
US 8.8.8.8:53 adenabaecofrenz.org udp
US 8.8.8.8:53 xylosemagazine.org udp
US 172.67.209.166:443 umarfeminismos.org tcp
US 192.254.226.211:443 stadepadouevdm.org tcp
US 8.8.8.8:53 consciouslyfree.org udp
US 8.8.8.8:53 creditoliberado.org udp
US 8.8.8.8:53 www.gardnercollege.org udp
US 8.8.8.8:53 www.dmccareexpress.org udp
US 8.8.8.8:53 insulatorstoday.org udp
US 8.8.8.8:53 lawilleywindows.org udp
US 8.8.8.8:53 63.54.21.104.in-addr.arpa udp
US 8.8.8.8:53 163.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.22.241.162.in-addr.arpa udp
US 8.8.8.8:53 54.170.180.82.in-addr.arpa udp
US 8.8.8.8:53 160.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 15.63.241.162.in-addr.arpa udp
US 8.8.8.8:53 106.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 6.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 31.186.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.57.102.75.in-addr.arpa udp
US 8.8.8.8:53 185.150.13.85.in-addr.arpa udp
US 8.8.8.8:53 171.85.2.5.in-addr.arpa udp
US 8.8.8.8:53 lyriquenaveyron.org udp
US 107.180.233.144:80 stewardshipdev.org tcp
US 8.8.8.8:53 melaninorganics.org udp
US 8.8.8.8:53 megacasinoworld.org udp
US 104.21.63.6:80 casinobahissiteleri.net tcp
US 8.8.8.8:53 mpsecurityguard.org udp
US 8.8.8.8:53 myschoolgoodies.org udp
US 8.8.8.8:53 najmaldhahabihmovers.com udp
US 8.8.8.8:53 prairieproudpainters.com udp
US 8.8.8.8:53 www.berndhackl.de udp
US 8.8.8.8:53 languageofquran.org udp
US 8.8.8.8:53 www.dienmaygiangsonvandinh.com udp
US 192.254.237.107:80 tipslivecasino.org tcp
US 216.246.46.85:443 thenepaldigest.org tcp
US 162.247.75.107:443 thepeoplesrico.org tcp
US 8.8.8.8:53 www.krishnakumarassociates.com udp
US 8.8.8.8:53 magnoliasflowersevents.com udp
US 8.8.8.8:53 maryloucuellarforjudge.com udp
US 8.8.8.8:53 mckeedigitalconsulting.com udp
US 104.26.12.235:443 theologydegree.org tcp
US 50.87.220.24:443 melaninorganics.org tcp
US 8.8.8.8:53 mostazaagenciacreativa.com udp
US 8.8.8.8:53 nyumbuluxurycollection.com udp
US 104.21.9.131:443 wanderandabout.org tcp
DE 159.69.19.144:443 www.berndhackl.de tcp
US 192.64.117.120:443 prairieproudpainters.com tcp
GB 185.61.154.213:443 languageofquran.org tcp
IN 217.21.91.251:443 mpsecurityguard.org tcp
GB 145.14.153.156:443 lyriquenaveyron.org tcp
US 66.45.248.110:443 myschoolgoodies.org tcp
US 45.13.134.223:443 xylosemagazine.org tcp
US 50.87.219.164:443 lawilleywindows.org tcp
US 172.67.160.42:443 creditoliberado.org tcp
US 8.8.8.8:53 226.164.13.85.in-addr.arpa udp
US 104.21.67.163:443 www.gardnercollege.org tcp
US 172.67.136.8:443 www.dmccareexpress.org tcp
US 50.62.222.232:80 magnoliasflowersevents.com tcp
VN 103.28.36.122:443 www.dienmaygiangsonvandinh.com tcp
US 8.8.8.8:53 83.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 89.105.20.198.in-addr.arpa udp
US 8.8.8.8:53 27.226.16.69.in-addr.arpa udp
US 8.8.8.8:53 paramount-landofficial.com udp
US 8.8.8.8:53 pedigreerealtybuilders.com udp
US 173.201.252.240:443 maryloucuellarforjudge.com tcp
US 8.8.8.8:53 perfectskinnanomore230.com udp
US 172.67.130.54:443 insulatorstoday.org tcp
IN 68.178.154.108:443 www.krishnakumarassociates.com tcp
US 8.8.8.8:53 imunify-alert.com udp
US 8.8.8.8:53 www.umarfeminismos.org udp
US 8.8.8.8:53 premiumtravelbysoledad.com udp
US 50.63.179.89:443 mckeedigitalconsulting.com tcp
GB 37.61.232.138:443 nyumbuluxurycollection.com tcp
US 66.29.146.44:443 pedigreerealtybuilders.com tcp
US 8.8.8.8:53 166.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 211.226.254.192.in-addr.arpa udp
SG 206.189.35.25:443 megacasinoworld.org tcp
US 8.8.8.8:53 144.233.180.107.in-addr.arpa udp
US 35.202.21.90:443 consciouslyfree.org tcp
US 8.8.8.8:53 107.75.247.162.in-addr.arpa udp
US 8.8.8.8:53 107.237.254.192.in-addr.arpa udp
US 198.54.119.221:443 perfectskinnanomore230.com tcp
US 216.246.47.149:80 mostazaagenciacreativa.com tcp
US 8.8.8.8:53 shapesandstraightlines.com udp
DE 188.40.128.113:443 najmaldhahabihmovers.com tcp
ID 103.247.8.66:443 paramount-landofficial.com tcp
US 8.8.8.8:53 sivakasidiwalicrackers.com udp
US 8.8.8.8:53 thetalentconnectafrica.com udp
US 8.8.8.8:53 winblezglobal-services.com udp
US 8.8.8.8:53 alsafizhswitchgearinvco.com udp
US 8.8.8.8:53 theaddictioncollective.com udp
US 8.8.8.8:53 foothillsfamilycelebrations.com udp
US 8.8.8.8:53 brooklynbridgeacademyhs.com udp
US 8.8.8.8:53 235.12.26.104.in-addr.arpa udp
US 104.21.31.97:443 imunify-alert.com tcp
US 8.8.8.8:53 131.9.21.104.in-addr.arpa udp
US 8.8.8.8:53 213.154.61.185.in-addr.arpa udp
US 8.8.8.8:53 156.153.14.145.in-addr.arpa udp
US 8.8.8.8:53 144.19.69.159.in-addr.arpa udp
US 8.8.8.8:53 42.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.248.45.66.in-addr.arpa udp
US 8.8.8.8:53 24.220.87.50.in-addr.arpa udp
US 8.8.8.8:53 8.136.67.172.in-addr.arpa udp
US 8.8.8.8:53 120.117.64.192.in-addr.arpa udp
US 8.8.8.8:53 164.219.87.50.in-addr.arpa udp
US 8.8.8.8:53 54.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 122.36.28.103.in-addr.arpa udp
US 8.8.8.8:53 gravelworldchampionship2023.com udp
US 8.8.8.8:53 halibutkillaberingseacowboy.com udp
US 8.8.8.8:53 www.interiordesignhochiminhcity.com udp
US 172.67.209.166:443 www.umarfeminismos.org tcp
US 50.62.201.28:80 premiumtravelbysoledad.com tcp
US 8.8.8.8:53 www.theologydegree.org udp
US 8.8.8.8:53 introductiontofantasysports.com udp
US 8.8.8.8:53 abckitchenandcateringservice.com udp
US 8.8.8.8:53 www.stewardshipdev.org udp
US 8.8.8.8:53 accessmastergaragedoorrepair.com udp
US 8.8.8.8:53 applevalleyprosealgaragedoor.com udp
US 132.148.78.182:443 foothillsfamilycelebrations.com tcp
US 68.65.123.230:443 alsafizhswitchgearinvco.com tcp
SG 184.168.110.97:443 theaddictioncollective.com tcp
US 192.64.117.54:443 brooklynbridgeacademyhs.com tcp
US 8.8.8.8:53 assistinghandsfortlauderdale.com udp
US 8.8.8.8:53 bayareai9immigrationservices.com udp
US 8.8.8.8:53 baitfanaantechnologyservices.com udp
US 63.250.38.150:443 thetalentconnectafrica.com tcp
IN 68.178.145.199:80 sivakasidiwalicrackers.com tcp
US 199.192.16.240:443 winblezglobal-services.com tcp
BE 213.158.94.166:443 gravelworldchampionship2023.com tcp
US 76.223.67.189:443 halibutkillaberingseacowboy.com tcp
FR 92.204.217.192:80 shapesandstraightlines.com tcp
US 8.8.8.8:53 138.232.61.37.in-addr.arpa udp
US 8.8.8.8:53 44.146.29.66.in-addr.arpa udp
US 8.8.8.8:53 25.35.189.206.in-addr.arpa udp
US 8.8.8.8:53 113.128.40.188.in-addr.arpa udp
US 8.8.8.8:53 90.21.202.35.in-addr.arpa udp
US 8.8.8.8:53 149.47.246.216.in-addr.arpa udp
US 8.8.8.8:53 221.119.54.198.in-addr.arpa udp
US 8.8.8.8:53 66.8.247.103.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.cloud udp
US 8.8.8.8:53 breakonthroughtotheotherside.com udp
US 8.8.8.8:53 centrosacademicosmartincodax.es udp
US 8.8.8.8:53 centrodeaudiologiaybalancepr.com udp
US 8.8.8.8:53 chennaiquickpackersandmovers.com udp
US 8.8.8.8:53 cys-mudanzasytransportesezur.com udp
US 8.8.8.8:53 encuentrodeeducacioninfantil.com udp
US 8.8.8.8:53 fonterrafoodservicesthailand.com udp
LU 198.251.84.7:443 www.interiordesignhochiminhcity.com tcp
US 172.67.75.12:443 www.theologydegree.org tcp
GB 144.126.193.224:443 introductiontofantasysports.com tcp
IN 89.117.157.174:443 abckitchenandcateringservice.com tcp
US 8.8.8.8:53 deluxeroofingandconstruction.com udp
US 8.8.8.8:53 greencityhoustonhvacservices.com udp
US 8.8.8.8:53 insulinweightlossmedications.com udp
US 8.8.8.8:53 www.interiordesignjakartaselatan.com udp
US 8.8.8.8:53 97.31.21.104.in-addr.arpa udp
IN 89.117.27.246:443 bayareai9immigrationservices.com tcp
US 107.180.233.144:80 www.stewardshipdev.org tcp
DE 157.90.254.77:443 recaptcha.cloud tcp
US 172.67.134.82:443 assistinghandsfortlauderdale.com tcp
SG 156.67.222.42:443 baitfanaantechnologyservices.com tcp
US 8.8.8.8:53 jumelage-laturballecamarinas.com udp
US 8.8.8.8:53 www.johnswoodfloorsinannapolismd.com udp
US 8.8.8.8:53 introductiontoesportsbetting.com udp
US 172.67.151.219:443 fonterrafoodservicesthailand.com tcp
US 162.240.107.139:80 centrodeaudiologiaybalancepr.com tcp
ES 82.98.175.104:443 cys-mudanzasytransportesezur.com tcp
CA 184.107.37.239:443 encuentrodeeducacioninfantil.com tcp
US 149.100.151.107:443 insulinweightlossmedications.com tcp
US 193.160.64.151:443 deluxeroofingandconstruction.com tcp
US 8.8.8.8:53 location-photobooth-bordeaux.com udp
US 15.204.182.80:443 www.interiordesignjakartaselatan.com tcp
US 68.178.223.64:443 greencityhoustonhvacservices.com tcp
US 146.190.115.37:443 breakonthroughtotheotherside.com tcp
IN 154.41.233.100:443 chennaiquickpackersandmovers.com tcp
US 8.8.8.8:53 plantasconalmaescuelanatural.com udp
US 8.8.8.8:53 madisonarenaalquileroficinas.com udp
US 8.8.8.8:53 166.94.158.213.in-addr.arpa udp
US 8.8.8.8:53 54.117.64.192.in-addr.arpa udp
US 8.8.8.8:53 230.123.65.68.in-addr.arpa udp
US 8.8.8.8:53 150.38.250.63.in-addr.arpa udp
US 8.8.8.8:53 240.16.192.199.in-addr.arpa udp
US 8.8.8.8:53 189.67.223.76.in-addr.arpa udp
US 8.8.8.8:53 7.84.251.198.in-addr.arpa udp
US 8.8.8.8:53 12.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 174.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 reaperinteractiveproductions.com udp
FR 94.23.82.214:443 centrosacademicosmartincodax.es tcp
US 141.193.213.11:443 www.johnswoodfloorsinannapolismd.com tcp
GB 144.126.193.224:443 introductiontoesportsbetting.com tcp
US 8.8.8.8:53 reformasymantenimientosayago.com udp
CH 83.166.133.21:443 location-photobooth-bordeaux.com tcp
US 8.8.8.8:53 samutsongkhramfcfootballclub.com udp
US 8.8.8.8:53 solucioninformaticacolectiva.com udp
US 8.8.8.8:53 specialiste-education-canine.com udp
US 8.8.8.8:53 www.studiogiovannellipietrasanta.com udp
CH 83.166.133.59:443 jumelage-laturballecamarinas.com tcp
FR 37.187.222.56:443 madisonarenaalquileroficinas.com tcp
US 63.250.43.8:443 reaperinteractiveproductions.com tcp
FR 154.49.245.135:443 plantasconalmaescuelanatural.com tcp
US 8.8.8.8:53 weightedanxietystuffedanimal.com udp
US 8.8.8.8:53 transformingmindsetswithfreda.com udp
US 8.8.8.8:53 travelresortsofamericareviews.com udp
US 8.8.8.8:53 vericatimplantologiainmediata.com udp
US 8.8.8.8:53 77.254.90.157.in-addr.arpa udp
US 8.8.8.8:53 82.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 219.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.175.98.82.in-addr.arpa udp
US 8.8.8.8:53 239.37.107.184.in-addr.arpa udp
US 8.8.8.8:53 151.64.160.193.in-addr.arpa udp
US 8.8.8.8:53 80.182.204.15.in-addr.arpa udp
US 8.8.8.8:53 139.107.240.162.in-addr.arpa udp
US 8.8.8.8:53 107.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 100.233.41.154.in-addr.arpa udp
US 104.21.49.210:443 samutsongkhramfcfootballclub.com tcp
DE 62.171.188.96:443 tylerthecreatormerchofficial.com tcp
US 8.8.8.8:53 42.222.67.156.in-addr.arpa udp
US 151.106.97.210:443 specialiste-education-canine.com tcp
IT 89.46.108.71:443 www.studiogiovannellipietrasanta.com tcp
ES 2.136.221.126:443 reformasymantenimientosayago.com tcp
US 8.8.8.8:53 214.82.23.94.in-addr.arpa udp
US 23.239.27.53:443 solucioninformaticacolectiva.com tcp
US 8.8.8.8:53 11.213.193.141.in-addr.arpa udp
US 104.130.29.165:443 travelresortsofamericareviews.com tcp
US 8.8.8.8:53 americanexpresscourierservice.com udp
ES 31.14.103.74:443 vericatimplantologiainmediata.com tcp
US 8.8.8.8:53 americanindustrialservicesinc.com udp
US 131.153.147.42:443 americanexpresscourierservice.com tcp
IN 154.41.232.23:443 aadianishwarnidhilimitedbetul.com tcp
US 172.67.154.95:443 weightedanxietystuffedanimal.com tcp
US 8.8.8.8:53 bbhartispecialitydentalclinic.com udp
US 8.8.8.8:53 21.133.166.83.in-addr.arpa udp
US 8.8.8.8:53 56.222.187.37.in-addr.arpa udp
US 8.8.8.8:53 135.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 8.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 210.49.21.104.in-addr.arpa udp
US 8.8.8.8:53 96.188.171.62.in-addr.arpa udp
US 8.8.8.8:53 71.108.46.89.in-addr.arpa udp
US 8.8.8.8:53 126.221.136.2.in-addr.arpa udp
US 8.8.8.8:53 210.97.106.151.in-addr.arpa udp
US 8.8.8.8:53 53.27.239.23.in-addr.arpa udp
US 8.8.8.8:53 165.29.130.104.in-addr.arpa udp
US 8.8.8.8:53 74.103.14.31.in-addr.arpa udp
US 8.8.8.8:53 beginnersguidetoonlinecasinos.com udp
US 162.159.137.9:443 americanindustrialservicesinc.com tcp
US 8.8.8.8:53 biodiversityfuturesinitiative.com udp
US 160.153.0.81:443 transformingmindsetswithfreda.com tcp
IN 154.41.233.79:443 bbhartispecialitydentalclinic.com tcp
US 8.8.8.8:53 beverlyhillspremiergaragedoor.com udp
US 8.8.8.8:53 carpetcleaningsaintpetersburg.com udp
GB 144.126.193.224:443 beginnersguidetoonlinecasinos.com tcp
US 8.8.8.8:53 crystalbluemarketingsolutions.com udp
US 8.8.8.8:53 festivalafrobeatinternational.com udp
US 8.8.8.8:53 innovativebookkeepingsolution.com udp
US 8.8.8.8:53 mairie-neufchatel-en-saosnois.com udp
US 8.8.8.8:53 www.inversiones-johnson-y-godinez.com udp
GB 46.101.58.35:443 biodiversityfuturesinitiative.com tcp
US 89.117.8.164:443 carpetcleaningsaintpetersburg.com tcp
FR 83.229.19.78:443 festivalafrobeatinternational.com tcp
US 208.109.58.44:443 innovativebookkeepingsolution.com tcp
US 8.8.8.8:53 42.147.153.131.in-addr.arpa udp
US 8.8.8.8:53 95.154.67.172.in-addr.arpa udp
US 8.8.8.8:53 23.232.41.154.in-addr.arpa udp
US 8.8.8.8:53 9.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 81.0.153.160.in-addr.arpa udp
US 72.167.33.128:443 crystalbluemarketingsolutions.com tcp
US 8.8.8.8:53 specialengagementssweepstakes.com udp
US 8.8.8.8:53 swiftresponsegaragedoorrepair.com udp
JP 3.115.139.139:443 mairie-neufchatel-en-saosnois.com tcp
US 8.8.8.8:53 4seasonsmasonryandconstruction.com udp
US 8.8.8.8:53 americanindustrialsvcs.com udp
US 8.8.8.8:53 test-site-web-av-consultation.com udp
US 8.8.8.8:53 appletonsrottweilerpuppieshome.com udp
US 66.33.203.134:443 www.inversiones-johnson-y-godinez.com tcp
US 89.117.139.195:443 islamiccenterniagarafalls.com tcp
US 8.8.8.8:53 bananapancaketrail-backpacking.com udp
US 8.8.8.8:53 faqirchandjimarbleandtilehouse.com udp
US 8.8.8.8:53 www.biodiversityfuturesinitiative.com udp
US 8.8.8.8:53 kingpropertymanagementsolutions.com udp
US 72.167.102.111:443 quantumbusinessconsultancyllc.com tcp
US 8.8.8.8:53 leadersinstitutechildrenscentre.com udp
US 8.8.8.8:53 online-medicijn-kopen-met-ideal.com udp
US 104.21.77.164:443 specialengagementssweepstakes.com tcp
US 8.8.8.8:53 35.58.101.46.in-addr.arpa udp
US 8.8.8.8:53 246.27.117.89.in-addr.arpa udp
US 8.8.8.8:53 78.19.229.83.in-addr.arpa udp
US 8.8.8.8:53 79.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 164.8.117.89.in-addr.arpa udp
US 193.160.64.151:443 4seasonsmasonryandconstruction.com tcp
US 195.35.33.234:443 appletonsrottweilerpuppieshome.com tcp
US 149.100.151.247:443 test-site-web-av-consultation.com tcp
FR 51.210.156.152:443 faqirchandjimarbleandtilehouse.com tcp
FR 89.117.169.9:443 bananapancaketrail-backpacking.com tcp
US 162.159.137.9:443 americanindustrialsvcs.com tcp
US 89.117.139.85:443 leadersinstitutechildrenscentre.com tcp
US 8.8.8.8:53 responsiblegamblingandaddiction.com udp
NL 89.116.53.101:443 online-medicijn-kopen-met-ideal.com tcp
US 8.8.8.8:53 scottjacobsonairportadvertising.com udp
US 8.8.8.8:53 singaporeonlinecasinofreecredit.com udp
US 8.8.8.8:53 templatonianationalfootballteam.com udp
US 8.8.8.8:53 venturasinner-circlemarketplace.com udp
US 8.8.8.8:53 themooninternationaldevelopment.com udp
US 75.75.243.148:443 kingpropertymanagementsolutions.com tcp
GB 46.101.58.35:443 www.biodiversityfuturesinitiative.com tcp
GB 144.126.193.224:443 responsiblegamblingandaddiction.com tcp
US 8.8.8.8:53 134.203.33.66.in-addr.arpa udp
US 8.8.8.8:53 164.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 152.156.210.51.in-addr.arpa udp
US 8.8.8.8:53 9.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 247.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 234.33.35.195.in-addr.arpa udp
US 8.8.8.8:53 101.53.116.89.in-addr.arpa udp
US 8.8.8.8:53 85.139.117.89.in-addr.arpa udp
US 104.130.29.165:443 scottjacobsonairportadvertising.com tcp
US 8.8.8.8:53 www.fisioterapiarehabilitacionactiva.com udp
US 8.8.8.8:53 cys-procesoterapeuticopsicologia.com udp
US 8.8.8.8:53 www.physicianscollaborativesolutions.com udp
US 8.8.8.8:53 eastrutherfordwaterdamageservices.com udp
US 160.153.0.94:443 singaporeonlinecasinofreecredit.com tcp
US 8.8.8.8:53 uvicece499hfantennadesignforskyana.com udp
US 172.67.207.250:443 templatonianationalfootballteam.com tcp
US 160.153.0.85:443 www.fisioterapiarehabilitacionactiva.com tcp
ES 82.98.175.104:443 cys-procesoterapeuticopsicologia.com tcp
US 8.8.8.8:53 goldenenterprisestradingcorporation.com udp
IN 89.117.157.247:443 themooninternationaldevelopment.com tcp
US 8.8.8.8:53 introductiontovirtualrealitycasinos.com udp
US 160.153.0.102:443 uvicece499hfantennadesignforskyana.com tcp
US 8.8.8.8:53 thegaragedoorexpertsgaragedoorrepair.com udp
US 8.8.8.8:53 boschwashingmachinerepairinhyderabad.com udp
US 141.193.213.10:443 www.physicianscollaborativesolutions.com tcp
US 8.8.8.8:53 secondincomehacks.com udp
GB 144.126.193.224:443 introductiontovirtualrealitycasinos.com tcp
DE 144.76.3.17:443 goldenenterprisestradingcorporation.com tcp
US 195.35.15.132:443 boschwashingmachinerepairinhyderabad.com tcp
US 8.8.8.8:53 148.243.75.75.in-addr.arpa udp
US 8.8.8.8:53 250.207.67.172.in-addr.arpa udp
US 8.8.8.8:53 94.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 85.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 102.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 10.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 247.157.117.89.in-addr.arpa udp
GB 77.72.1.54:80 secondincomehacks.com tcp
US 8.8.8.8:53 sigarasarmakinesi.com udp
US 8.8.8.8:53 serviceautovidele.com udp
US 8.8.8.8:53 signsofprosperity.com udp
TR 94.73.151.170:80 sigarasarmakinesi.com tcp
US 8.8.8.8:53 sjpglobalservices.com udp
US 8.8.8.8:53 sourstripsgummies.com udp
US 8.8.8.8:53 nft-drops-calendar.com udp
US 8.8.8.8:53 nilsonsalinasapolo.com udp
US 8.8.8.8:53 www.ondemandstorageusa.com udp
DE 91.195.240.123:443 signsofprosperity.com tcp
RO 89.41.38.60:443 serviceautovidele.com tcp
US 8.8.8.8:53 www.productivityjuices.com udp
US 8.8.8.8:53 profitmaximizerhub.com udp
US 8.8.8.8:53 productsmontgomery.com udp
US 8.8.8.8:53 quadrolovememories.com udp
US 8.8.8.8:53 rajasthandholamaru.com udp
US 8.8.8.8:53 scholarshipguiders.com udp
US 66.29.132.229:443 sjpglobalservices.com tcp
US 8.8.8.8:53 www.sumberbarokahmotor.com udp
US 154.12.255.39:443 nilsonsalinasapolo.com tcp
US 66.29.132.176:443 sourstripsgummies.com tcp
US 8.8.8.8:53 17.3.76.144.in-addr.arpa udp
US 8.8.8.8:53 54.1.72.77.in-addr.arpa udp
US 8.8.8.8:53 170.151.73.94.in-addr.arpa udp
US 8.8.8.8:53 123.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 60.38.41.89.in-addr.arpa udp
US 208.109.66.223:443 www.ondemandstorageusa.com tcp
CH 80.74.142.130:443 nft-drops-calendar.com tcp
US 8.8.8.8:53 techtrendyboutique.com udp
US 8.8.8.8:53 trekrinjanivolcano.com udp
US 8.8.8.8:53 tucoachdeconfianza.com udp
US 8.8.8.8:53 taxibentre71xedichvu24h.com udp
IN 103.212.121.91:443 www.productivityjuices.com tcp
US 8.8.8.8:53 www.missinternationalmalaysia.com udp
US 104.21.23.133:443 rajasthandholamaru.com tcp
US 8.8.8.8:53 produtossaudaveisparavoce.com udp
US 154.56.47.23:443 profitmaximizerhub.com tcp
BR 89.117.7.121:443 quadrolovememories.com tcp
US 8.8.8.8:53 yochummanufacturing.com udp
US 8.8.8.8:53 restaurant-vecchia-napoli.com udp
US 8.8.8.8:53 nichesatshadowlandgallery.com udp
SG 5.181.216.121:443 www.sumberbarokahmotor.com tcp
US 8.8.8.8:53 specialopportunitylimited.com udp
US 8.8.8.8:53 amplifyhearing-opportunity.com udp
US 162.241.230.122:443 nichesatshadowlandgallery.com tcp
GB 185.199.220.39:443 amplifyhearing-opportunity.com tcp
DE 51.195.4.52:443 restaurant-vecchia-napoli.com tcp
US 8.8.8.8:53 229.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 130.142.74.80.in-addr.arpa udp
US 8.8.8.8:53 39.255.12.154.in-addr.arpa udp
US 8.8.8.8:53 176.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 133.23.21.104.in-addr.arpa udp
US 8.8.8.8:53 23.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 91.121.212.103.in-addr.arpa udp
US 209.182.203.21:443 techtrendyboutique.com tcp
US 8.8.8.8:53 architectureinteriorstudio.com udp
DE 5.9.68.102:443 tucoachdeconfianza.com tcp
US 208.91.197.132:443 yochummanufacturing.com tcp
US 162.241.203.125:443 specialopportunitylimited.com tcp
MY 218.208.91.145:443 www.missinternationalmalaysia.com tcp
US 192.185.214.152:443 produtossaudaveisparavoce.com tcp
VN 103.90.232.90:443 taxibentre71xedichvu24h.com tcp
US 8.8.8.8:53 doresnasarticulacoesjamais.com udp
US 8.8.8.8:53 electlynnmellisworthington.com udp
US 8.8.8.8:53 everlastingstrengthfitness.com udp
US 8.8.8.8:53 internationalbankingonline.com udp
ID 103.247.8.65:443 trekrinjanivolcano.com tcp
ZA 160.119.248.78:443 scholarshipguiders.com tcp
US 8.8.8.8:53 kansascityexteriorpainting.com udp
US 8.8.8.8:53 lavistahometransformations.com udp
US 8.8.8.8:53 mayoreoenelectronicostarmu.com udp
US 8.8.8.8:53 lawofattractionruinedmylife.com udp
US 209.182.203.21:443 everlastingstrengthfitness.com tcp
US 173.254.108.69:80 internationalbankingonline.com tcp
US 8.8.8.8:53 metabolixlabsketoacvgummies.com udp
US 50.6.138.114:443 desconto-garantido-oficial.com tcp
US 108.179.242.219:443 kansascityexteriorpainting.com tcp
US 8.8.8.8:53 121.7.117.89.in-addr.arpa udp
US 8.8.8.8:53 122.230.241.162.in-addr.arpa udp
US 8.8.8.8:53 121.216.181.5.in-addr.arpa udp
US 8.8.8.8:53 39.220.199.185.in-addr.arpa udp
US 8.8.8.8:53 52.4.195.51.in-addr.arpa udp
US 8.8.8.8:53 102.68.9.5.in-addr.arpa udp
US 8.8.8.8:53 132.197.91.208.in-addr.arpa udp
US 8.8.8.8:53 125.203.241.162.in-addr.arpa udp
US 8.8.8.8:53 152.214.185.192.in-addr.arpa udp
US 8.8.8.8:53 nexcarwestlakefinancialscam.com udp
US 50.87.146.132:443 electlynnmellisworthington.com tcp
US 170.187.144.5:443 lavistahometransformations.com tcp
US 8.8.8.8:53 sikandarmudassirenterprises.com udp
US 8.8.8.8:53 elevateaerialandphotography.com udp
US 8.8.8.8:53 waterfronthealthandwellness.com udp
IN 119.18.54.99:443 architectureinteriorstudio.com tcp
US 165.140.70.70:443 lawofattractionruinedmylife.com tcp
US 204.93.224.165:443 mayoreoenelectronicostarmu.com tcp
US 68.66.226.105:443 nexcarwestlakefinancialscam.com tcp
US 162.144.1.188:443 metabolixlabsketoacvgummies.com tcp
US 8.8.8.8:53 agnmetalsandglobaltradingllc.com udp
US 8.8.8.8:53 charitysroofanguttercleaning.com udp
US 8.8.8.8:53 peakenergyperformancetherapy.com udp
US 8.8.8.8:53 wordpresswebsitesmaintenance.com udp
US 8.8.8.8:53 a-teclab-youtubechannel-style.com udp
FR 178.32.136.86:443 waterfronthealthandwellness.com tcp
US 8.8.8.8:53 down-to-earththerapysolutions.com udp
US 8.8.8.8:53 cowboys-buckingbulls-8seconds.com udp
US 8.8.8.8:53 145.91.208.218.in-addr.arpa udp
US 8.8.8.8:53 65.8.247.103.in-addr.arpa udp
US 8.8.8.8:53 78.248.119.160.in-addr.arpa udp
US 8.8.8.8:53 90.232.90.103.in-addr.arpa udp
US 8.8.8.8:53 114.138.6.50.in-addr.arpa udp
US 8.8.8.8:53 219.242.179.108.in-addr.arpa udp
US 8.8.8.8:53 69.108.254.173.in-addr.arpa udp
US 8.8.8.8:53 5.144.187.170.in-addr.arpa udp
US 8.8.8.8:53 goldencoastgeneralcontractors.com udp
US 198.54.116.73:443 sikandarmudassirenterprises.com tcp
US 8.8.8.8:53 luxurycarrentalorlandoflorida.com udp
US 8.8.8.8:53 www.marin-sonomaleadershipacademy.com udp
US 8.8.8.8:53 www.bestecig.net udp
US 162.241.252.59:443 elevateaerialandphotography.com tcp
US 8.8.8.8:53 bet-slot.net udp
US 8.8.8.8:53 testmbti.net udp
US 8.8.8.8:53 www.rajasthandholamaru.com udp
US 162.241.2.20:443 discount-official-sale-store.com tcp
US 198.54.115.86:443 agnmetalsandglobaltradingllc.com tcp
US 173.254.30.233:443 charitysroofanguttercleaning.com tcp
US 50.87.253.38:443 cowboys-buckingbulls-8seconds.com tcp
US 162.144.12.170:443 peakenergyperformancetherapy.com tcp
US 8.8.8.8:53 monotown.net udp
US 8.8.8.8:53 malicare.net udp
NL 64.46.118.22:443 oostfamilyprotectionservices.com tcp
US 50.116.55.121:443 luxurycarrentalorlandoflorida.com tcp
US 170.187.144.5:443 goldencoastgeneralcontractors.com tcp
US 8.8.8.8:53 sila-ksa.net udp
US 8.8.8.8:53 tamerket.net udp
US 8.8.8.8:53 phibetamutheta.org udp
US 8.8.8.8:53 pierwszybiznes.org udp
US 8.8.8.8:53 165.224.93.204.in-addr.arpa udp
US 8.8.8.8:53 70.70.140.165.in-addr.arpa udp
US 8.8.8.8:53 188.1.144.162.in-addr.arpa udp
US 8.8.8.8:53 105.226.66.68.in-addr.arpa udp
US 8.8.8.8:53 86.136.32.178.in-addr.arpa udp
US 8.8.8.8:53 73.116.54.198.in-addr.arpa udp
US 8.8.8.8:53 scoutingheroes.org udp
US 8.8.8.8:53 swisdermglobal.org udp
US 172.67.208.121:443 www.bestecig.net tcp
US 184.154.2.146:443 www.marin-sonomaleadershipacademy.com tcp
US 8.8.8.8:53 www.viroquachamber.com udp
US 50.87.139.112:443 down-to-earththerapysolutions.com tcp
US 8.8.8.8:53 associationilef.org udp
US 8.8.8.8:53 www.beatsfoundation.org udp
US 8.8.8.8:53 bestelectriccar.org udp
US 8.8.8.8:53 capecodredcross.org udp
US 104.21.23.133:443 www.rajasthandholamaru.com tcp
KR 158.247.236.22:443 testmbti.net tcp
FR 188.165.164.190:443 bet-slot.net tcp
US 8.8.8.8:53 covid-19library.org udp
US 8.8.8.8:53 aquiemprendemos.org udp
US 8.8.8.8:53 autonomyhealthi.org udp
US 8.8.8.8:53 debtssettlement.org udp
NL 191.96.63.113:443 tamerket.net tcp
IN 89.117.157.134:443 sila-ksa.net tcp
US 151.101.194.159:443 www.viroquachamber.com tcp
US 161.47.40.166:443 scoutingheroes.org tcp
US 8.8.8.8:53 destinationdays.org udp
US 8.8.8.8:53 59.252.241.162.in-addr.arpa udp
US 8.8.8.8:53 20.2.241.162.in-addr.arpa udp
US 8.8.8.8:53 22.118.46.64.in-addr.arpa udp
US 8.8.8.8:53 86.115.54.198.in-addr.arpa udp
US 8.8.8.8:53 233.30.254.173.in-addr.arpa udp
US 8.8.8.8:53 121.55.116.50.in-addr.arpa udp
US 8.8.8.8:53 38.253.87.50.in-addr.arpa udp
US 8.8.8.8:53 170.12.144.162.in-addr.arpa udp
US 8.8.8.8:53 121.208.67.172.in-addr.arpa udp
US 8.8.8.8:53 preventchildhoodinfluenza.org udp
PL 94.152.152.84:443 pierwszybiznes.org tcp
US 151.101.194.159:443 www.viroquachamber.com tcp
US 104.243.32.71:443 www.beatsfoundation.org tcp
FR 146.59.231.68:443 associationilef.org tcp
US 149.100.151.128:443 monotown.net tcp
IN 62.72.28.250:443 bestelectriccar.org tcp
US 104.21.83.206:443 capecodredcross.org tcp
US 165.22.47.132:443 fivefoundations.org tcp
US 54.67.116.236:443 debtssettlement.org tcp
US 8.8.8.8:53 patriotbusinessassociation.org udp
US 8.8.8.8:53 adarshsevakendrafoundation.org udp
US 8.8.8.8:53 easypodmastermindfoundation.org udp
US 8.8.8.8:53 eswatinipolygraphassociation.org udp
US 8.8.8.8:53 srilankansocietybedfordshire.org udp
US 192.185.112.138:443 aquiemprendemos.org tcp
US 8.8.8.8:53 christianbusinessinternational.org udp
US 8.8.8.8:53 estateplanningattorneypalmbeach.org udp
US 154.56.47.15:443 destinationdays.org tcp
US 104.21.64.8:443 preventchildhoodinfluenza.org tcp
FR 5.135.117.203:80 covid-19library.org tcp
ES 185.250.202.183:443 residenciasanjuanbautista.org tcp
US 89.116.239.7:443 autonomyhealthi.org tcp
ZA 102.130.122.96:443 swisdermglobal.org tcp
US 8.8.8.8:53 146.2.154.184.in-addr.arpa udp
US 8.8.8.8:53 112.139.87.50.in-addr.arpa udp
US 8.8.8.8:53 190.164.165.188.in-addr.arpa udp
US 8.8.8.8:53 159.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.63.96.191.in-addr.arpa udp
US 8.8.8.8:53 166.40.47.161.in-addr.arpa udp
US 8.8.8.8:53 134.157.117.89.in-addr.arpa udp
US 8.8.8.8:53 22.236.247.158.in-addr.arpa udp
US 8.8.8.8:53 84.152.152.94.in-addr.arpa udp
US 8.8.8.8:53 68.231.59.146.in-addr.arpa udp
US 8.8.8.8:53 71.32.243.104.in-addr.arpa udp
US 8.8.8.8:53 cancerresearchtreatmentinstitute.org udp
LT 46.17.175.6:443 srilankansocietybedfordshire.org tcp
US 64.202.190.151:443 estateplanningattorneypalmbeach.org tcp
NL 162.0.217.168:443 christianbusinessinternational.org tcp
US 8.8.8.8:53 centrocomunitariopadremiguelangelbianchi.org udp
US 8.8.8.8:53 www.capecodredcross.org udp
US 8.8.8.8:53 caky.info udp
US 8.8.8.8:53 bnrs.info udp
US 162.240.235.199:443 adarshsevakendrafoundation.org tcp
US 184.171.244.231:443 asociacionpsicoanaliticamexicana.org tcp
ZA 41.76.208.44:80 eswatinipolygraphassociation.org tcp
US 8.8.8.8:53 w550.info udp
US 8.8.8.8:53 www.preventchildhoodinfluenza.org udp
US 8.8.8.8:53 favoredvictoriouslyinternationalministriesincorporated.org udp
US 8.8.8.8:53 2bets.info udp
US 72.52.133.203:443 easypodmastermindfoundation.org tcp
BR 154.49.247.112:443 patriotbusinessassociation.org tcp
US 8.8.8.8:53 128.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 206.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 132.47.22.165.in-addr.arpa udp
US 8.8.8.8:53 250.28.72.62.in-addr.arpa udp
US 8.8.8.8:53 138.112.185.192.in-addr.arpa udp
US 8.8.8.8:53 236.116.67.54.in-addr.arpa udp
US 8.8.8.8:53 15.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 203.117.135.5.in-addr.arpa udp
US 8.8.8.8:53 183.202.250.185.in-addr.arpa udp
US 8.8.8.8:53 7.239.116.89.in-addr.arpa udp
US 8.8.8.8:53 96.122.130.102.in-addr.arpa udp
US 160.153.0.56:443 cancerresearchtreatmentinstitute.org tcp
US 8.8.8.8:53 capac.info udp
GB 153.92.6.242:443 caky.info tcp
US 104.21.83.206:80 www.capecodredcross.org tcp
US 138.128.188.146:443 centrocomunitariopadremiguelangelbianchi.org tcp
US 8.8.8.8:53 chanh.info udp
US 8.8.8.8:53 www.x-face.xyz udp
US 8.8.8.8:53 anoboys.xyz udp
US 8.8.8.8:53 www.srilankansocietybedfordshire.org udp
US 108.179.232.157:80 bnrs.info tcp
US 172.67.173.187:443 www.preventchildhoodinfluenza.org tcp
US 3.18.168.210:443 favoredvictoriouslyinternationalministriesincorporated.org tcp
US 8.8.8.8:53 bambarn.xyz udp
SG 95.111.202.25:443 chanh.info tcp
FR 89.117.169.245:443 capac.info tcp
US 8.8.8.8:53 evalast.shop udp
US 8.8.8.8:53 importados.shop udp
US 8.8.8.8:53 jerseyposh.shop udp
US 8.8.8.8:53 indobetz77.us udp
US 8.8.8.8:53 fofogoo.xyz udp
US 8.8.8.8:53 www.kinokokids.shop udp
US 8.8.8.8:53 168.217.0.162.in-addr.arpa udp
US 8.8.8.8:53 6.175.17.46.in-addr.arpa udp
US 8.8.8.8:53 231.244.171.184.in-addr.arpa udp
US 8.8.8.8:53 199.235.240.162.in-addr.arpa udp
US 8.8.8.8:53 44.208.76.41.in-addr.arpa udp
US 8.8.8.8:53 56.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 203.133.52.72.in-addr.arpa udp
US 8.8.8.8:53 242.6.92.153.in-addr.arpa udp
US 8.8.8.8:53 112.247.49.154.in-addr.arpa udp
US 162.254.39.14:443 anoboys.xyz tcp
LT 46.17.175.6:443 www.srilankansocietybedfordshire.org tcp
FR 109.234.160.161:443 www.x-face.xyz tcp
US 162.0.209.234:443 zeloreo.shop tcp
US 8.8.8.8:53 lealinvest.shop udp
US 162.213.251.196:443 evalast.shop tcp
US 23.29.125.130:443 bambarn.xyz tcp
US 172.67.180.103:443 importados.shop tcp
US 63.250.43.134:443 jerseyposh.shop tcp
US 172.67.191.120:443 indobetz77.us tcp
US 104.21.23.55:443 www.kinokokids.shop tcp
US 8.8.8.8:53 lettersend.shop udp
US 8.8.8.8:53 loveinhair.shop udp
US 8.8.8.8:53 lyricswala.shop udp
US 8.8.8.8:53 makinbugar.shop udp
US 8.8.8.8:53 modegalore.shop udp
US 31.170.160.187:443 fofogoo.xyz tcp
US 8.8.8.8:53 www.motostares.shop udp
US 8.8.8.8:53 nndrzuoflk.shop udp
US 104.21.83.206:443 www.capecodredcross.org tcp
US 8.8.8.8:53 www.testmbti.net udp
US 8.8.8.8:53 187.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 210.168.18.3.in-addr.arpa udp
US 8.8.8.8:53 245.169.117.89.in-addr.arpa udp
US 8.8.8.8:53 14.39.254.162.in-addr.arpa udp
US 8.8.8.8:53 146.188.128.138.in-addr.arpa udp
US 8.8.8.8:53 www.partything.shop udp
US 8.8.8.8:53 pathpavers.shop udp
US 8.8.8.8:53 pdjikgq20n.shop udp
US 8.8.8.8:53 www.pushbikess.shop udp
US 172.67.218.15:443 www.pushbikess.shop tcp
BR 154.49.247.184:443 lealinvest.shop tcp
US 104.21.85.77:443 lettersend.shop tcp
US 104.21.57.244:443 www.partything.shop tcp
US 104.21.41.50:80 pathpavers.shop tcp
US 195.35.33.127:443 loveinhair.shop tcp
US 149.100.151.81:443 lyricswala.shop tcp
US 104.21.40.124:443 modegalore.shop tcp
US 104.21.69.46:443 www.motostares.shop tcp
US 8.8.8.8:53 ql8a8pgxyk.shop udp
US 8.8.8.8:53 www.savannahss.shop udp
US 8.8.8.8:53 www.shophearss.shop udp
US 8.8.8.8:53 streamplus.shop udp
KR 158.247.242.163:80 nndrzuoflk.shop tcp
KR 158.247.253.40:80 ql8a8pgxyk.shop tcp
KR 158.247.242.163:80 nndrzuoflk.shop tcp
KR 158.247.236.22:443 www.testmbti.net tcp
US 8.8.8.8:53 161.160.234.109.in-addr.arpa udp
US 8.8.8.8:53 103.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 55.23.21.104.in-addr.arpa udp
US 8.8.8.8:53 120.191.67.172.in-addr.arpa udp
US 8.8.8.8:53 130.125.29.23.in-addr.arpa udp
US 8.8.8.8:53 187.160.170.31.in-addr.arpa udp
US 8.8.8.8:53 234.209.0.162.in-addr.arpa udp
US 8.8.8.8:53 196.251.213.162.in-addr.arpa udp
US 8.8.8.8:53 15.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.racedawgrc.shop udp
US 8.8.8.8:53 multivnet.ir udp
US 8.8.8.8:53 tiendalego.shop udp
US 172.67.159.171:443 www.savannahss.shop tcp
US 104.21.27.144:443 www.racedawgrc.shop tcp
US 104.21.78.82:443 www.shophearss.shop tcp
US 8.8.8.8:53 topspecial.shop udp
LT 45.84.205.169:443 streamplus.shop tcp
US 8.8.8.8:53 trendshack.shop udp
LT 84.32.84.32:443 nailli.org tcp
US 149.100.151.202:443 tiendalego.shop tcp
US 8.8.8.8:53 www.truphaeinc.shop udp
KR 158.247.253.40:80 ql8a8pgxyk.shop tcp
US 172.67.183.52:443 multivnet.ir tcp
US 8.8.8.8:53 77.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 50.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 184.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 127.33.35.195.in-addr.arpa udp
US 8.8.8.8:53 46.69.21.104.in-addr.arpa udp
US 8.8.8.8:53 124.40.21.104.in-addr.arpa udp
US 8.8.8.8:53 81.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 171.159.67.172.in-addr.arpa udp
US 8.8.8.8:53 82.78.21.104.in-addr.arpa udp
US 8.8.8.8:53 169.205.84.45.in-addr.arpa udp
US 104.21.47.33:443 trendshack.shop tcp
BR 149.100.155.212:443 topspecial.shop tcp
US 8.8.8.8:53 zp2nqtzn4o.shop udp
US 8.8.8.8:53 y5jqfc8y4m.shop udp
US 8.8.8.8:53 ajanmay1689.shop udp
US 8.8.8.8:53 alldigitool.shop udp
US 8.8.8.8:53 weartrendy.shop udp
US 8.8.8.8:53 www.autoobsesse.shop udp
US 172.67.132.66:443 www.truphaeinc.shop tcp
US 8.8.8.8:53 www.bestfungear.shop udp
US 8.8.8.8:53 buyendopump.shop udp
US 8.8.8.8:53 drwolfstore.shop udp
US 8.8.8.8:53 www.flyingrobot.shop udp
US 8.8.8.8:53 www.goldfarbinc.shop udp
US 8.8.8.8:53 kalraoffset.shop udp
US 8.8.8.8:53 www.kantomarket.shop udp
US 8.8.8.8:53 wscpqkmpnc.shop udp
US 8.8.8.8:53 leaderbikes.shop udp
US 104.21.26.132:443 www.autoobsesse.shop tcp
US 8.8.8.8:53 www.madelinetos.shop udp
US 104.21.18.84:443 www.bestfungear.shop tcp
US 173.236.195.217:443 www.kantomarket.shop tcp
US 104.21.3.117:443 kalraoffset.shop tcp
FR 89.116.147.65:443 leaderbikes.shop tcp
KR 158.247.242.163:80 wscpqkmpnc.shop tcp
US 104.21.28.78:443 www.flyingrobot.shop tcp
KR 158.247.193.159:80 y5jqfc8y4m.shop tcp
KR 158.247.193.159:80 y5jqfc8y4m.shop tcp
US 8.8.8.8:53 52.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 202.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 144.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 mobilrental.shop udp
US 8.8.8.8:53 www.modernskate.shop udp
US 8.8.8.8:53 mp3-ogg.site udp
US 104.21.28.122:443 www.madelinetos.shop tcp
US 8.8.8.8:53 fusionz.site udp
US 8.8.8.8:53 gatross.site udp
US 8.8.8.8:53 aagencia.site udp
US 8.8.8.8:53 33.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 66.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 212.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 132.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 84.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 217.195.236.173.in-addr.arpa udp
US 172.67.207.4:443 mobilrental.shop tcp
US 172.67.144.186:443 mp3-ogg.site tcp
US 8.8.8.8:53 adreview.site udp
US 8.8.8.8:53 x-things.site udp
US 8.8.8.8:53 knowless.site udp
US 8.8.8.8:53 playpixx.site udp
CZ 194.182.78.47:443 gatross.site tcp
US 104.21.61.148:443 fusionz.site tcp
US 194.195.84.241:443 drwolfstore.shop tcp
US 8.8.8.8:53 dolhpins.site udp
US 8.8.8.8:53 dodgress.site udp
US 8.8.8.8:53 hdis2002.site udp
US 8.8.8.8:53 hidrapes.site udp
US 8.8.8.8:53 tomykyara.site udp
BR 45.152.46.209:443 aagencia.site tcp
IN 154.41.233.169:443 alldigitool.shop tcp
US 104.21.1.101:443 adreview.site tcp
US 172.67.192.127:443 buyendopump.shop tcp
LT 84.32.84.32:443 x-things.site tcp
US 8.8.8.8:53 sbellezaa.site udp
US 8.8.8.8:53 skarbnica.site udp
US 8.8.8.8:53 coachable.site udp
US 8.8.8.8:53 117.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 65.147.116.89.in-addr.arpa udp
US 8.8.8.8:53 78.28.21.104.in-addr.arpa udp
US 8.8.8.8:53 159.193.247.158.in-addr.arpa udp
US 8.8.8.8:53 122.28.21.104.in-addr.arpa udp
US 8.8.8.8:53 niagamaya.site udp
US 8.8.8.8:53 findawork.site udp
IN 154.41.233.156:443 knowless.site tcp
IN 46.28.45.8:443 weartrendy.shop tcp
TH 147.50.227.15:443 ajanmay1689.shop tcp
US 104.21.39.75:443 www.goldfarbinc.shop tcp
US 86.38.202.175:443 gethotoffer.shop tcp
US 8.8.8.8:53 vacatious.site udp
US 8.8.8.8:53 smartzone.site udp
US 8.8.8.8:53 www.videolive.gr udp
KR 49.247.4.52:443 hdis2002.site tcp
US 8.8.8.8:53 jeparainfo.site udp
US 31.170.161.104:443 sbellezaa.site tcp
BR 62.72.62.162:443 hidrapes.site tcp
CZ 194.182.78.47:443 dodgress.site tcp
US 8.8.8.8:53 mypetcare.site udp
US 8.8.8.8:53 ll.movizzlandd.cam udp
CZ 194.182.78.47:443 dodgress.site tcp
US 8.8.8.8:53 4.207.67.172.in-addr.arpa udp
US 8.8.8.8:53 186.144.67.172.in-addr.arpa udp
US 8.8.8.8:53 148.61.21.104.in-addr.arpa udp
US 8.8.8.8:53 241.84.195.194.in-addr.arpa udp
US 8.8.8.8:53 art-mebli.com udp
US 8.8.8.8:53 revinylize.site udp
US 8.8.8.8:53 vikna-lviv.site udp
US 172.67.137.187:443 niagamaya.site tcp
IN 139.84.131.82:443 smartzone.site tcp
US 8.8.8.8:53 anaesthesia.site udp
US 8.8.8.8:53 avalieganhe.site udp
FR 154.49.245.86:443 vacatious.site tcp
PL 89.64.163.149:443 skarbnica.site tcp
GB 77.68.77.214:443 findawork.site tcp
US 8.8.8.8:53 bengalanews.site udp
US 8.8.8.8:53 beritautama.site udp
US 8.8.8.8:53 bestusajobs.site udp
US 8.8.8.8:53 bigdivaloop.site udp
US 8.8.8.8:53 101.1.21.104.in-addr.arpa udp
US 8.8.8.8:53 127.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 209.46.152.45.in-addr.arpa udp
US 8.8.8.8:53 169.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 75.39.21.104.in-addr.arpa udp
US 8.8.8.8:53 156.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 8.45.28.46.in-addr.arpa udp
US 8.8.8.8:53 175.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 15.227.50.147.in-addr.arpa udp
UA 185.230.88.203:443 art-mebli.com tcp
NL 212.32.245.130:80 www.videolive.gr tcp
US 31.170.167.55:443 mypetcare.site tcp
UA 185.104.45.83:443 vikna-lviv.site tcp
US 172.67.161.3:443 ll.movizzlandd.cam tcp
SG 217.21.73.176:443 jeparainfo.site tcp
CA 192.99.207.157:443 anaesthesia.site tcp
US 162.243.186.219:443 revinylize.site tcp
DE 136.243.50.232:80 bengalanews.site tcp
BR 45.152.44.126:443 avalieganhe.site tcp
US 8.8.8.8:53 godlovesyou.site udp
US 8.8.8.8:53 gudangharta.site udp
LT 84.32.84.32:443 beritautama.site tcp
US 172.67.163.52:443 bigdivaloop.site tcp
US 8.8.8.8:53 tv-cdn.movizzlandd.cam udp
US 8.8.8.8:53 kerjadibali.site udp
US 8.8.8.8:53 187.137.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.161.170.31.in-addr.arpa udp
US 8.8.8.8:53 52.4.247.49.in-addr.arpa udp
US 8.8.8.8:53 162.62.72.62.in-addr.arpa udp
US 8.8.8.8:53 86.245.49.154.in-addr.arpa udp
US 8.8.8.8:53 82.131.84.139.in-addr.arpa udp
US 8.8.8.8:53 130.245.32.212.in-addr.arpa udp
US 8.8.8.8:53 203.88.230.185.in-addr.arpa udp
US 8.8.8.8:53 3.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 55.167.170.31.in-addr.arpa udp
BR 154.49.247.235:443 brstreaming.site tcp
US 8.8.8.8:53 oalessandro.site udp
US 8.8.8.8:53 9sport.biz udp
US 8.8.8.8:53 gerardi.biz udp
GB 185.2.168.125:443 godlovesyou.site tcp
US 8.8.8.8:53 fojiao.biz udp
US 8.8.8.8:53 phelpshomes.com udp
US 34.132.6.25:80 bestusajobs.site tcp
US 8.8.8.8:53 biggboss17.biz udp
US 8.8.8.8:53 ru.best-prava-77.biz udp
US 172.67.130.224:443 gudangharta.site tcp
NL 212.32.245.130:80 www.videolive.gr tcp
US 172.67.155.31:443 9sport.biz tcp
US 104.21.93.144:443 kerjadibali.site tcp
US 8.8.8.8:53 atlasdesarrollos.com udp
US 8.8.8.8:53 muyto.store udp
US 8.8.8.8:53 tanel.store udp
BR 149.100.155.24:443 oalessandro.site tcp
US 8.8.8.8:53 moark.store udp
US 8.8.8.8:53 219.186.243.162.in-addr.arpa udp
US 8.8.8.8:53 157.207.99.192.in-addr.arpa udp
US 8.8.8.8:53 176.73.21.217.in-addr.arpa udp
US 8.8.8.8:53 126.44.152.45.in-addr.arpa udp
FR 213.186.33.40:443 gerardi.biz tcp
US 8.8.8.8:53 www.marizialingerie.com udp
US 8.8.8.8:53 52.163.67.172.in-addr.arpa udp
US 8.8.8.8:53 232.50.243.136.in-addr.arpa udp
US 8.8.8.8:53 rinrin.store udp
DE 3.124.227.217:80 fojiao.biz tcp
US 8.8.8.8:53 balvimexico.com udp
US 8.8.8.8:53 banshanmeng.com udp
US 8.8.8.8:53 baoxeditinh.com udp
US 8.8.8.8:53 base3method.com udp
US 8.8.8.8:53 www.benditasoho.com udp
US 8.8.8.8:53 bassittsale.com udp
US 8.8.8.8:53 berlinbites.com udp
US 8.8.8.8:53 bertshop-de.com udp
US 35.197.39.205:443 atlasdesarrollos.com tcp
US 63.250.43.139:80 tanel.store tcp
US 104.21.53.108:443 ekeys.store tcp
CA 159.203.25.60:443 phelpshomes.com tcp
US 172.67.216.101:443 biggboss17.biz tcp
US 172.67.177.79:443 ru.best-prava-77.biz tcp
BE 213.158.94.167:443 moark.store tcp
US 8.8.8.8:53 235.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 125.168.2.185.in-addr.arpa udp
US 146.190.219.226:443 muyto.store tcp
US 8.8.8.8:53 224.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 31.155.67.172.in-addr.arpa udp
US 104.21.31.97:443 imunify-alert.com tcp
JP 92.202.112.82:80 rinrin.store tcp
FR 188.72.70.61:443 www.marizialingerie.com tcp
US 8.8.8.8:53 144.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 bestbedbuys.com udp
GB 154.49.138.165:443 berlinbites.com tcp
FR 51.210.111.214:443 www.benditasoho.com tcp
US 8.8.8.8:53 bestteatalk.com udp
US 8.8.8.8:53 www.bikeandback.com udp
US 8.8.8.8:53 bioseratech.com udp
US 172.67.180.162:443 bertshop-de.com tcp
US 104.21.29.118:443 barswimsuit.com tcp
CN 139.196.252.232:80 banshanmeng.com tcp
US 69.163.181.25:443 balvimexico.com tcp
VN 103.90.228.18:80 baoxeditinh.com tcp
US 151.101.130.159:443 base3method.com tcp
US 104.21.19.18:443 bassittsale.com tcp
US 8.8.8.8:53 biotronikec.com udp
US 8.8.8.8:53 24.155.100.149.in-addr.arpa udp
US 8.8.8.8:53 101.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.227.124.3.in-addr.arpa udp
US 8.8.8.8:53 79.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 108.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 60.25.203.159.in-addr.arpa udp
US 8.8.8.8:53 167.94.158.213.in-addr.arpa udp
US 8.8.8.8:53 205.39.197.35.in-addr.arpa udp
US 8.8.8.8:53 139.43.250.63.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 226.219.190.146.in-addr.arpa udp
US 8.8.8.8:53 61.70.72.188.in-addr.arpa udp
US 45.40.154.139:443 bestbedbuys.com tcp
US 8.8.8.8:53 bishalnepal.com udp
US 104.21.61.43:443 bestteatalk.com tcp
FR 185.154.136.56:443 www.bikeandback.com tcp
US 172.67.201.77:443 bioseratech.com tcp
US 8.8.8.8:53 40.33.186.213.in-addr.arpa udp
US 8.8.8.8:53 blackaraila.com udp
US 8.8.8.8:53 www.bluesushinj.com udp
GB 185.77.97.122:443 bishalnepal.com tcp
US 72.167.68.50:443 biotronikec.com tcp
US 8.8.8.8:53 bogorsolusi.com udp
US 8.8.8.8:53 boganincnyc.com udp
US 8.8.8.8:53 bollywoodia.com udp
US 8.8.8.8:53 borrowshoes.com udp
US 8.8.8.8:53 book-inline.com udp
US 54.236.120.104:443 www.bluesushinj.com tcp
US 8.8.8.8:53 brainbodyed.com udp
US 172.67.149.161:443 bogorsolusi.com tcp
US 185.212.71.222:443 bogotrading.com tcp
US 8.8.8.8:53 82.112.202.92.in-addr.arpa udp
US 8.8.8.8:53 165.138.49.154.in-addr.arpa udp
US 8.8.8.8:53 162.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 214.111.210.51.in-addr.arpa udp
US 8.8.8.8:53 118.29.21.104.in-addr.arpa udp
US 8.8.8.8:53 159.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 18.19.21.104.in-addr.arpa udp
US 8.8.8.8:53 25.181.163.69.in-addr.arpa udp
US 8.8.8.8:53 18.228.90.103.in-addr.arpa udp
US 8.8.8.8:53 56.136.154.185.in-addr.arpa udp
US 8.8.8.8:53 77.201.67.172.in-addr.arpa udp
IN 154.41.233.101:443 bollywoodia.com tcp
JP 153.127.141.167:443 blackaraila.com tcp
VN 103.57.221.31:80 blogvieclam.com tcp
FR 51.91.236.193:80 borrowshoes.com tcp
US 160.153.0.81:443 book-inline.com tcp
US 137.184.122.8:443 boganincnyc.com tcp
US 8.8.8.8:53 www.belle-ile-en-mer.net udp
US 8.8.8.8:53 bugattispot.com udp
US 8.8.8.8:53 buildwithaj.com udp
US 8.8.8.8:53 bybxdigital.com udp
US 8.8.8.8:53 cameosalons.com udp
US 8.8.8.8:53 campusbytap.com udp
US 86.38.202.116:443 brainbodyed.com tcp
US 8.8.8.8:53 buniqueshop.com udp
US 8.8.8.8:53 canvastraps.com udp
US 8.8.8.8:53 capcutedits.com udp
US 76.223.67.189:443 bugattispot.com tcp
US 8.8.8.8:53 161.149.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.120.236.54.in-addr.arpa udp
US 8.8.8.8:53 222.71.212.185.in-addr.arpa udp
US 8.8.8.8:53 101.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 8.122.184.137.in-addr.arpa udp
US 8.8.8.8:53 167.141.127.153.in-addr.arpa udp
US 8.8.8.8:53 www.bassittsale.com udp
FR 213.186.33.40:443 www.belle-ile-en-mer.net tcp
US 172.67.162.7:443 bybxdigital.com tcp
US 154.49.142.72:443 buildwithaj.com tcp
US 143.95.100.31:443 campusbytap.com tcp
US 192.169.165.47:443 cameosalons.com tcp
US 74.208.236.101:443 buniqueshop.com tcp
US 8.8.8.8:53 carederanas.com udp
US 8.8.8.8:53 carlinoauto.com udp
US 8.8.8.8:53 caroltienda.com udp
US 8.8.8.8:53 www.balvimexico.com udp
US 8.8.8.8:53 carwenworld.com udp
US 82.180.172.20:443 capcutedits.com tcp
US 8.8.8.8:53 casinosages.com udp
US 8.8.8.8:53 casinoxtime.com udp
US 8.8.8.8:53 castingabby.com udp
US 3.33.130.190:443 canvastraps.com tcp
US 8.8.8.8:53 catclean-us.com udp
US 8.8.8.8:53 116.202.38.86.in-addr.arpa udp
US 8.8.8.8:53 31.221.57.103.in-addr.arpa udp
US 8.8.8.8:53 7.162.67.172.in-addr.arpa udp
US 8.8.8.8:53 72.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 31.100.95.143.in-addr.arpa udp
US 8.8.8.8:53 101.236.208.74.in-addr.arpa udp
IN 154.41.233.77:443 candescentt.com tcp
US 8.8.8.8:53 cecileroger.com udp
US 8.8.8.8:53 celebtattle.com udp
US 8.8.8.8:53 central24x7.com udp
US 8.8.8.8:53 cellamrecan.com udp
US 104.21.19.18:443 www.bassittsale.com tcp
BR 154.49.247.183:443 caroltienda.com tcp
US 8.8.8.8:53 chasethewhy.com udp
US 69.163.181.25:443 www.balvimexico.com tcp
US 172.67.183.224:443 casinosages.com tcp
TR 178.18.193.143:80 carwenworld.com tcp
US 8.8.8.8:53 chatgptboom.com udp
BR 154.56.48.173:443 carederanas.com tcp
US 8.8.8.8:53 chatterease.com udp
US 154.56.47.16:443 cellamrecan.com tcp
IN 82.180.142.114:443 central24x7.com tcp
US 8.8.8.8:53 chavanpatil.com udp
US 172.67.154.129:443 cecileroger.com tcp
US 74.208.236.213:443 celebtattle.com tcp
US 65.60.5.206:443 castingabby.com tcp
US 149.100.151.33:443 casinoxtime.com tcp
US 65.99.252.110:80 catclean-us.com tcp
NL 185.182.56.58:80 chasethewhy.com tcp
US 8.8.8.8:53 20.172.180.82.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 77.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 224.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 chicvhairpr.com udp
US 8.8.8.8:53 chessroyals.com udp
US 8.8.8.8:53 chinaqiuzhi.com udp
US 8.8.8.8:53 chosenesiwe.com udp
US 8.8.8.8:53 cibertecpro.com udp
IN 62.72.28.35:443 chatgptboom.com tcp
US 66.55.68.205:443 chavanpatil.com tcp
US 165.140.70.70:443 chatterease.com tcp
US 172.67.198.56:443 chicvhairpr.com tcp
US 154.49.142.40:443 cibertecpro.com tcp
US 143.198.60.17:443 chessroyals.com tcp
US 82.180.138.52:443 chosenesiwe.com tcp
US 8.8.8.8:53 citytnews24.com udp
US 8.8.8.8:53 clicktechon.com udp
US 38.47.254.94:80 chinaqiuzhi.com tcp
US 8.8.8.8:53 clothingaid.com udp
IN 46.28.45.31:443 clicktechon.com tcp
US 8.8.8.8:53 coachlennox.com udp
US 8.8.8.8:53 143.193.18.178.in-addr.arpa udp
US 8.8.8.8:53 183.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 129.154.67.172.in-addr.arpa udp
US 8.8.8.8:53 58.56.182.185.in-addr.arpa udp
US 8.8.8.8:53 173.48.56.154.in-addr.arpa udp
US 8.8.8.8:53 213.236.208.74.in-addr.arpa udp
US 8.8.8.8:53 114.142.180.82.in-addr.arpa udp
US 8.8.8.8:53 206.5.60.65.in-addr.arpa udp
US 8.8.8.8:53 110.252.99.65.in-addr.arpa udp
US 8.8.8.8:53 33.151.100.149.in-addr.arpa udp
US 8.8.8.8:53 35.28.72.62.in-addr.arpa udp
US 8.8.8.8:53 40.142.49.154.in-addr.arpa udp
US 8.8.8.8:53 17.60.198.143.in-addr.arpa udp
US 8.8.8.8:53 52.138.180.82.in-addr.arpa udp
BR 154.49.247.198:443 clinicaguth.com tcp
IN 154.41.233.137:443 citytnews24.com tcp
US 207.148.23.81:443 clothingaid.com tcp
US 15.204.52.30:443 coachlennox.com tcp
US 8.8.8.8:53 codevertize.com udp
US 8.8.8.8:53 codigolemor.com udp
US 8.8.8.8:53 coeurdyport.com udp
US 8.8.8.8:53 contentifyx.com udp
US 8.8.8.8:53 commercemgt.com udp
US 8.8.8.8:53 corpolegacy.com udp
US 8.8.8.8:53 www.copt.com udp
US 8.8.8.8:53 couples-hub.com udp
US 8.8.8.8:53 crazyaimone.com udp
IN 154.41.233.199:443 codevertize.com tcp
US 104.21.37.181:443 contentifyx.com tcp
DE 217.160.0.29:443 couples-hub.com tcp
US 160.153.0.181:443 commercemgt.com tcp
US 190.8.176.49:443 codigolemor.com tcp
US 8.8.8.8:53 94.254.47.38.in-addr.arpa udp
US 8.8.8.8:53 31.45.28.46.in-addr.arpa udp
US 8.8.8.8:53 81.23.148.207.in-addr.arpa udp
US 8.8.8.8:53 137.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 198.247.49.154.in-addr.arpa udp
US 8.8.8.8:53 30.52.204.15.in-addr.arpa udp
US 8.8.8.8:53 cryptomonit.com udp
US 34.123.8.175:443 www.copt.com tcp
US 8.8.8.8:53 cryptoneedy.com udp
CA 51.222.47.8:80 corpolegacy.com tcp
US 34.120.137.41:443 crazyaimone.com tcp
US 154.56.47.50:443 creatinitty.com tcp
BE 213.158.94.176:443 coeurdyport.com tcp
US 8.8.8.8:53 cryptopalta.com udp
US 8.8.8.8:53 csinstrumed.com udp
US 63.250.43.134:443 cryptoneedy.com tcp
US 172.67.178.37:443 cryptomonit.com tcp
US 8.8.8.8:53 www.chessroyals.com udp
US 8.8.8.8:53 cuentogroup.com udp
US 185.212.71.249:443 cryptopalta.com tcp
US 8.8.8.8:53 czcosmopack.com udp
US 8.8.8.8:53 cys-urtegar.com udp
US 154.16.170.58:443 csinstrumed.com tcp
TR 185.86.13.92:443 cuentogroup.com tcp
US 143.198.60.17:443 www.chessroyals.com tcp
ES 82.98.175.104:443 cys-urtegar.com tcp
US 8.8.8.8:53 dadanmarket.com udp
US 8.8.8.8:53 daihatsutms.com udp
US 207.246.94.133:443 czcosmopack.com tcp
US 8.8.8.8:53 danialamari.com udp
US 8.8.8.8:53 199.233.41.154.in-addr.arpa udp
US 8.8.8.8:53 181.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 29.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 41.137.120.34.in-addr.arpa udp
US 8.8.8.8:53 176.94.158.213.in-addr.arpa udp
US 8.8.8.8:53 8.47.222.51.in-addr.arpa udp
US 8.8.8.8:53 49.176.8.190.in-addr.arpa udp
US 8.8.8.8:53 50.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 37.178.67.172.in-addr.arpa udp
US 8.8.8.8:53 249.71.212.185.in-addr.arpa udp
US 8.8.8.8:53 daytonhoops.com udp
US 8.8.8.8:53 decepticans.com udp
IR 88.135.68.70:443 danialamari.com tcp
US 154.56.47.21:443 dadanmarket.com tcp
DE 64.190.63.222:80 decepticans.com tcp
US 8.8.8.8:53 dedzacsacco.com udp
US 66.29.132.101:443 daytonhoops.com tcp
US 8.8.8.8:53 deirdreshop.com udp
US 8.8.8.8:53 www.cecileroger.com udp
US 8.8.8.8:53 denimsation.com udp
US 8.8.8.8:53 destinatair.com udp
US 8.8.8.8:53 dezhnevesht.com udp
US 8.8.8.8:53 diepchiland.com udp
US 8.8.8.8:53 digilandrix.com udp
US 8.8.8.8:53 www.catclean-us.com udp
SG 45.13.133.8:443 daihatsutms.com tcp
US 8.8.8.8:53 58.170.16.154.in-addr.arpa udp
US 8.8.8.8:53 92.13.86.185.in-addr.arpa udp
US 8.8.8.8:53 133.94.246.207.in-addr.arpa udp
BG 195.42.142.41:443 destinatair.com tcp
US 8.8.8.8:53 divinesetup.com udp
US 8.8.8.8:53 digitalrais.com udp
VN 103.173.227.63:443 diepchiland.com tcp
US 8.8.8.8:53 www.dj-computer.com udp
US 217.196.54.139:443 digilandrix.com tcp
US 8.8.8.8:53 diya-studio.com udp
US 65.99.252.110:80 www.catclean-us.com tcp
US 104.21.82.72:443 www.cecileroger.com tcp
US 172.67.187.88:443 deirdreshop.com tcp
RO 45.86.220.151:443 dedzacsacco.com tcp
US 8.8.8.8:53 djoyaschile.com udp
US 8.8.8.8:53 dongwugouwu.com udp
US 8.8.8.8:53 doktorbakri.com udp
US 8.8.8.8:53 dralextosta.com udp
US 8.8.8.8:53 dreamypages.com udp
US 8.8.8.8:53 drhemsworth.com udp
US 8.8.8.8:53 soluvione.com udp
US 8.8.8.8:53 sonexmall.com udp
US 8.8.8.8:53 shop-closhb.com udp
US 172.67.178.39:443 denimsation.com tcp
US 8.8.8.8:53 www.daytonhoops.com udp
GB 154.49.138.195:443 divinesetup.com tcp
IN 154.41.233.99:443 digitalrais.com tcp
US 8.8.8.8:53 sleekscalps.com udp
IR 185.215.124.175:80 dezhnevesht.com tcp
US 8.8.8.8:53 222.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 70.68.135.88.in-addr.arpa udp
US 8.8.8.8:53 21.47.56.154.in-addr.arpa udp
US 8.8.8.8:53 101.132.29.66.in-addr.arpa udp
US 8.8.8.8:53 41.142.42.195.in-addr.arpa udp
US 8.8.8.8:53 8.133.13.45.in-addr.arpa udp
FR 154.49.245.121:443 diya-studio.com tcp
US 198.54.115.235:443 sonexmall.com tcp
GB 154.49.138.253:443 djoyaschile.com tcp
US 198.54.121.245:443 shop-closhb.com tcp
US 195.35.10.42:443 drhemsworth.com tcp
IN 154.41.233.176:443 dreamypages.com tcp
TR 5.2.85.171:80 soluvione.com tcp
BR 154.49.247.242:443 dralextosta.com tcp
ID 103.180.162.166:443 www.dj-computer.com tcp
US 8.8.8.8:53 www.destinatair.com udp
US 8.8.8.8:53 smithjacket.com udp
US 8.8.8.8:53 slot-lounge.com udp

Files

memory/1560-1-0x0000000002D80000-0x0000000002E80000-memory.dmp

memory/1560-2-0x0000000004A80000-0x0000000004A8B000-memory.dmp

memory/1560-3-0x0000000000400000-0x0000000002D3F000-memory.dmp

memory/3376-4-0x0000000002250000-0x0000000002266000-memory.dmp

memory/1560-5-0x0000000000400000-0x0000000002D3F000-memory.dmp

memory/1560-8-0x0000000004A80000-0x0000000004A8B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\126A.exe

MD5 4adf13b893f198838a7150f88b46c204
SHA1 c0bc7a99cc51311cd3957059a06aa7568429541e
SHA256 f830cb6d74a22e6f522271812cd44d094334332597c1d0c98db17d988018d272
SHA512 16a670af3bffcbf1b0e44a687135484f75036876af84eacaf857af815d5dae938f7abdab1cadb279a372179a31341fd36319ad06319dadf28ab236dbc4b9cc9e

C:\Users\Admin\AppData\Local\Temp\126A.exe

MD5 ac4ee5899db51f8860de500b4990bc87
SHA1 4dc6e098f7747e0d278e6d3fa9a2e2c5abbe3295
SHA256 36dfe795243e8b5591c5caa72d42b6bf2cfb9ccfd6d4b882b1ee50e26aa94f66
SHA512 588b88c6a67aa04e5051ec3f69d3b9fcfe84b1dfdaecda24b4ffbf5a3b088146dbc87d4b348391caef7ebbf08f320eb9492f3e6cec985418a9e740d43ea2f08d

memory/1836-18-0x0000000004CB0000-0x0000000004E75000-memory.dmp

memory/1836-19-0x0000000004E80000-0x0000000005037000-memory.dmp

memory/2984-20-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\126A.exe

MD5 147f5f5bbc80b2ad753993e15f3f32c2
SHA1 16d73b4abeef12cf76414338901eb7bbef46775f
SHA256 40dc1ae099f2278650c0aa599ba00f659a87996208133d6a64b0cc5cbb5fe990
SHA512 9c43aaa68161ef04c60e3f64c3fd54426dfd387f0013f009f3da94d45f19e514cd41de7b95865c47f55e5800222fd74736659138bb96406aa37f9cdc8e5799b6

memory/2984-23-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2984-24-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1885.dll

MD5 7f341437d787033f6b2e746037413de6
SHA1 3c41114a7782cabc996183faae3c8be2fad4613b
SHA256 de3307883a72f85e2f2caaa0a5dfa0e76f08136bfa7e2daf78e4b15cce4d0860
SHA512 8ab0900bd5ed08a01fd997e8b8a106ba3d553081508d3c29f3f47965e538af4c8aee5af09cd1622ecf43da677136165b8a6b266fd574c1353de28d97f4dd5ee4

memory/2984-27-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2984-28-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1885.dll

MD5 cb0cc76e1fddd9e802cecb9e4eb24a83
SHA1 787e93294471080886488bb11bcbfcee12928f8b
SHA256 00d0f0fc1184c034b6fde25559dad22785d9d38f9862f12d05c1c59e419c2a34
SHA512 e22f086ebfd2dbf1b13a94339ad2f68bf5c0933f2c0a131ae018d8f3c3005fcb3eb476c274e8fa8156291867d74a28bb2316185ff089f004e6077ecfa6e4e008

memory/3780-30-0x0000000010000000-0x000000001020C000-memory.dmp

memory/3780-31-0x0000000000DB0000-0x0000000000DB6000-memory.dmp

memory/2984-33-0x0000000000400000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1885.dll

MD5 b66379323022a073f1f7cdefed747401
SHA1 14cfd615676b85960154df8273ca841f4a0e268b
SHA256 19a75f92a288042be52f1d38976909a22f81e92d22b69b6ab2f1f4d5856448db
SHA512 94b8dbe483f2f624723b831186bfcabc52eb74b8293f7acc4e3152ccdaef86885e2fb89453b91a78493795c99edc96e47dbbd489f92aec4cb30c21c064eb052b

memory/2984-36-0x0000000000950000-0x0000000000956000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\28D2.exe

MD5 78b81b03c4b6492b043b4af95130090b
SHA1 52ad61251d21e4e12c03eb847ff015c0f0b70db1
SHA256 32ef3de273a37f7eaef212f935ece28b345d8c7e2a0fb471b84279c7533b2e43
SHA512 a4464670007aaebe530ff15279fd30e8c0a0900d03d8446ed4ddfef0c2b4b59aab84af93526152545a00d754b2ead16eb73f977e03a21bf34c9204be3a6da03b

C:\Users\Admin\AppData\Local\Temp\28D2.exe

MD5 c5e7c791d25fe5795caf90493a00523e
SHA1 0547e7c55ddb9a0637c560dd345b8a370cfd434a
SHA256 f853a4fd24b2f8f36e789304a651e4cc8b50751db69043f758ba5cbc9d8b9910
SHA512 d3d5bdcadb7ebeba345f2d1337c7ba4831faa3c093f7869dac1aedf80b1c8d2f41d496b4874754acb6612aedd2d2961793e38070800bd28804f51e5f5217bbd0

C:\Users\Admin\AppData\Local\Temp\2C8C.exe

MD5 e6dd149f484e5dd78f545b026f4a1691
SHA1 3ea5d0fb2de5bfad3dc6dc1744708ccd31102df6
SHA256 11243641663323721ba21494a394de70ae70d4ea23c23f2e2a397fcc3cfea1a7
SHA512 0defb358d59221c56731745a25250dfea49ecbb411f11f31a92ec20fa2123646f4aaf9fd4999898c39e4674f616bc1bed7ef2368b61a29d595dc7b9340dd058b

memory/1064-48-0x00000000006A0000-0x0000000000F4F000-memory.dmp

memory/1064-47-0x00000000012D0000-0x00000000012D1000-memory.dmp

memory/4436-50-0x0000000003000000-0x0000000003100000-memory.dmp

memory/4436-51-0x0000000002F30000-0x0000000002F9B000-memory.dmp

memory/4436-53-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/4436-54-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/1064-55-0x00000000012E0000-0x00000000012E1000-memory.dmp

memory/1064-56-0x00000000012E0000-0x00000000012E1000-memory.dmp

memory/1064-57-0x00000000012E0000-0x00000000012E1000-memory.dmp

memory/1064-58-0x00000000012E0000-0x00000000012E1000-memory.dmp

memory/1064-59-0x00000000012E0000-0x00000000012E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3C5C.exe

MD5 42a0156de35b24cf8ce87d3dfcccda2c
SHA1 191392dbe10a7724b19ec620ca69456edd6c45d5
SHA256 8ee3334543d765b10a971c96d152ed465e0627b8bc61e320c836e71f253cc715
SHA512 cc2d4ef77e64c3dff7f45205ae4bab409f385b1e129bf521e6ffb202ae971f537dbdd43e0725bbc87f8c1334d79e9be9bc3e366f622b6fefeeb68fb9831a6e84

C:\Users\Admin\AppData\Local\Temp\3C5C.exe

MD5 a881652979eee07289d207b8d6aa958b
SHA1 c8b4ec0f8bcb9818542867d9832fb001279259d0
SHA256 2646e22fe4eb713a68db63fc7f49da97bb1c80cab18759f41e7e8da6eb9e21ce
SHA512 bdc22a90419ab4187c5a9c11d66271308434da774ecc485b3d454d591ba9b2f2e2b4676ecb28911a955d12960ee4767e2cb562da671967c549aa8afa6014efa6

memory/4828-66-0x0000000000080000-0x0000000000936000-memory.dmp

memory/4828-67-0x0000000073670000-0x0000000073E20000-memory.dmp

memory/3780-68-0x0000000010000000-0x000000001020C000-memory.dmp

memory/2984-71-0x0000000002EC0000-0x0000000002FFC000-memory.dmp

memory/3780-70-0x0000000002EB0000-0x0000000002FEC000-memory.dmp

memory/2984-74-0x0000000003000000-0x000000000311B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 550ee7188c527b01bfa4d015377d121c
SHA1 44c45f90daaef2f68d08512a79d0efa86a748f4b
SHA256 b236c2da74955dc9bcd4fc696ae78f49edbbc6f06aacaa80f0246da3deb3265d
SHA512 677f8a65ca34a290ce916d13966f0511875d5cfc12cc0983d7463a64047528a2407eb62ca8cae392452d06e756b9d07014af52c92d91ec61264c2005468f2a1a

memory/2984-85-0x0000000003000000-0x000000000311B000-memory.dmp

memory/3780-81-0x0000000002FF0000-0x000000000310B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 f6bf5c21a8247203eb4280e83fba6664
SHA1 e7558d48e41f127dd779c35a7eb1613c74761249
SHA256 0774c2e1349c193926417a5f1783ed1961111ab1d30d2383fca93e6525262a6f
SHA512 60da2899d4fbc8910a69eb3daad48f96bdd769178ccba6c55e640989514943897a2f9f6a355ed97cb16bacdcceb57eaa7eedacd6901242887c045ae4593f0817

memory/3780-91-0x0000000002FF0000-0x000000000310B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 f26249769d27c4988588974f0afc5ad0
SHA1 e8b18cd33637ba0baebb2e1e0140103debcc264a
SHA256 473cd36e397548c71f0dc65cfefaab1080f92dd29caf1f3ded7fe34e644aa363
SHA512 805a479d4638968920c12dd139114e6741b0eea512fb1e68003a6497a3b0deb1ee0f704169a8e5a1932cb4e8a1a50ded1fb05fcc93ae778c93a1d3db6fcd8fcd

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 5e0ff36e0a47f07ce34aa4a6077205d8
SHA1 684e8c7e575d7d88bb1d6ab0b16ae7503749fb4f
SHA256 5530c33905b04868e7521c68a52044b369d6d22c0272fa5480102147bdef305c
SHA512 5d11197f50fcd1354f14c63602a46b9484e6596dea160ef4f7e9a535004655603298cbcb64676852a64622305d258b9d6ae31eac58d269ac453a9d7e9af8d7c6

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 43706993cce342c8b85b1b175f941c96
SHA1 d10587600a64da3210a83da771bd7b64d5b81e1f
SHA256 bd7e266eea9db4686f795a0c2ae61684537ee997cdda24b9935e7c7af12d785c
SHA512 2180ff0458f547c3abb14e0089e7ab2f71d23ec4fe88d6a3596a76839d11dc180022520c0e61dff8b24c3e98dcf082df59279904b02ba3459b1e0298a10ea91d

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 aaf0bb37ae70edf36b650977fe25658f
SHA1 dec39feae72f0c5ae84775303e543ca353de6256
SHA256 bb578336ff40082f50aa894cd7b33f4078d16277942c35b20da5da995fe21d06
SHA512 d0c8bbd2d0fbc4821c2ee12245aa9cd434c138256fc10b7c3717cd4988b3298a221c7da764a2bb67d511870dc9ae52cf018304bb04744212fac2461bd4a055e4

C:\Users\Admin\AppData\Local\Temp\FourthX.exe

MD5 2fe9860d62aeebd600e504a6b6c7a9d2
SHA1 edaa583ccc78d914c79389e69d24ce7264a813ef
SHA256 1a75104e58525eed39afac6c3de839e436f7e5212390c4b50c8d308c4d0090c7
SHA512 5429b0f28ed8745eae7d6f2c517ec6c7fc53a48c04c420fb7fb46363d1a98cb239125cf356a8167f23c55a66bd4f3b2872e6e7d10274531179d91544e7cbef57

memory/4828-111-0x0000000073670000-0x0000000073E20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4ECC.exe

MD5 3893d9674f9791363d8f92edae4427a7
SHA1 93603d9de7c259c8437f320f032ba171be67e200
SHA256 ad3a5d32351e9b26a5206751e45f27bf4def2890008e573dce58c4e9791fdcce
SHA512 9918357b96ea5af2ec3f056c0d7c41a025558fba88d6ada2ade153dc5b944670acdcc0e1abc76e52d9a9186abd15345519802f605473bf4fb59c81f972a3a6d6

C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe

MD5 3cc7874e9ff2607460f01b5c05f89486
SHA1 3e220dcda21c3613b84ff36bca9e6a69a05270ee
SHA256 55d9b6391e5ebbdd95c965ceb193f7de4801ebcfce47805214c3316f29cc7692
SHA512 ef787b1b9947712f1973b06299e3d97199ae7f904d900e16e1ce84bdbc80349293c8f1cd86083536702668b368a9087fa9472406ec6578bb561576a1168eb7b7

memory/244-117-0x0000000002F20000-0x0000000003020000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

MD5 2d10422cc082b2dd3f472f025496790b
SHA1 52e7d946b7871c1d3da43669d6de722f0ed44b44
SHA256 25be766594831d993389e55705da77af63a98a6ed6962fcf95d63969808fd37b
SHA512 a49958c2bcb631fe84734e45b95af749f8f22d75deb124963ccb7e553c62a46686347cef06926936bbf2d663d3270611b54e2102e7bdf584109c38a2b07735c6

C:\Users\Admin\AppData\Local\Temp\nsa5281.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

memory/244-119-0x0000000004840000-0x000000000484B000-memory.dmp

memory/1064-125-0x00000000006A0000-0x0000000000F4F000-memory.dmp

memory/2984-133-0x0000000003000000-0x000000000311B000-memory.dmp

memory/3780-132-0x0000000002FF0000-0x000000000310B000-memory.dmp

memory/4488-131-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5852.exe

MD5 56fd240de5ac3777bf5df79c3d0219ee
SHA1 241db1c9c49076a4e0c8858d3a9db765f1e97a43
SHA256 e7a45ae5e9734a4670f1431c5e24e3c436cb6ef8bf92ab70d64cbe94b81fa49d
SHA512 0be5f9c82b12651116884bf39ba71c9b171e35c530d7c413c9cc867e22d7a5fd04d0ad0c4f3419778976a47f2a1ee8ca23435fe59e123003eb22598de36d085b

memory/244-128-0x0000000000400000-0x0000000002D3E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5C8A.exe

MD5 724ded619685ad37a52e4c5df67ed089
SHA1 e35e67dd8806a1e8683a44bbf7c2c7094361622b
SHA256 b0219ae324f2acd400a39120087753eceb6d3f2e53ec5b46240bbe95b1b7bf6d
SHA512 caa18e031e461d96c4e9abc5531a5d5157fef1bbf7c79477df421c76cdcac137be5efe2ca3ae5633eaf58c9dff2c51d867f895aa84e0de6935587914881397bc

C:\Users\Admin\AppData\Local\Temp\5C8A.exe

MD5 df2076b7ede154d455fdd1035115de54
SHA1 62df9325ff2fce5e5a2cf121e84065221a513d77
SHA256 0730675048e9e0a97e9ad20f73712d7e3ba6ed114a7cdfbf8b50075656c4395c
SHA512 5f55d313b2451f14f101d7383e03cdc3a9b36a9f6487a7c164def8018b76983e6fe74288f4457a2f4273d117f1a10a886409f713173bb1f791e86205caf80430

memory/4436-135-0x0000000000400000-0x0000000002D8C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5852.exe

MD5 5fc0ff9881728777458bbabb608f2bc8
SHA1 5e9b9bc7c957ccd71575b83c5171e4e7fd55b99d
SHA256 85a211b99ff7cb2c92a967707ab525b32aa120825163a23dc779adde46746a5a
SHA512 e79efc7e4a589f111777a8be0ac0589bd18985f515d33c005358bac3d131fa889f46f68965fbf54b0992bd32f8b97b9c5e876a4bb447ac6a4eb4252e22a60fd1

C:\Users\Admin\AppData\Local\Temp\is-PEBDU.tmp\5852.tmp

MD5 539c3889efe7287cfac6602816434284
SHA1 c9ad3c6c9b4a92c65516408bebbde2b2d863b26e
SHA256 24f67a53989646e6ca6be9342b05cab88604328d2cb799075b4d32b053a88c12
SHA512 033f1c22ebc388b18ebc95f008cd916693c1a18a13b728b7c6c252d4e8cd9da1cb1f14ba01672713c65fb03888e93fe3b2d64e3a984174f9fc21bc7b2153b56a

memory/3668-153-0x0000000002EF0000-0x0000000002FF0000-memory.dmp

memory/3996-152-0x00000000009C0000-0x00000000009C1000-memory.dmp

memory/4488-150-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3376-174-0x00000000074E0000-0x00000000074F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp

MD5 c875d231a0b8eae057b6abbe461bd952
SHA1 8654ac42920ab3de9d254332309c107e9024aeaf
SHA256 9e9731e42833c1658f4d2f43e3e324bde110c93bca38b4d0b0e88233ff6c4d51
SHA512 fdbb2085d763ef4fe1eae1d2802bac86b1c8db3f16be87ec59acf28eea74feb32f5c33d0c4cfb393ccbd1eac007799c892377ea400982a9c4c2d1a98b8897d62

C:\Users\Admin\AppData\Local\Temp\nsg608C.tmp

MD5 593c6bba2414d94e5e05d505074793dc
SHA1 1315c0ffbecf2e1eea0f5ac63adce7cc403ea9e8
SHA256 44a0af487346e24e3a06361a917a81ec151ddb8b7a1c558294cfc283a35ce4ec
SHA512 6e9d0191723db1caf54f50d1ba249079f74c0b8cdb745fefb283a248279375248c6ddc27f70b1887678c5e5e22fc9a58cec1a613e758b3a96d2c72a5b7da5257

C:\Users\Admin\AppData\Local\Temp\is-AABQJ.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Temp\is-AABQJ.tmp\_isetup\_isdecmp.dll

MD5 a813d18268affd4763dde940246dc7e5
SHA1 c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256 e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
SHA512 b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

memory/2984-215-0x0000000000400000-0x0000000000848000-memory.dmp

memory/2184-216-0x0000000002FC0000-0x00000000030C0000-memory.dmp

memory/2184-217-0x0000000004980000-0x00000000049B4000-memory.dmp

memory/244-211-0x0000000000400000-0x0000000002D3E000-memory.dmp

C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe

MD5 7581c4af00e43a4fad80deee48f0ff33
SHA1 ee65b5c114936899e8a00eaee49b8719d82939e0
SHA256 e8b4fe594bbf6ba8c98edf6b49184e3a9496140b26e1b6befb7bd61a951208e4
SHA512 913eb3974ab8eb5d22dbedde8678e4ece3280abe61a62086b0584cf3b368df8e707d54b762fab08ca7498d824eb6c667ed9b733bf44ceb6f237cb260c2c65d4a

memory/1604-224-0x0000000000400000-0x000000000076F000-memory.dmp

C:\Users\Admin\AppData\Local\DVD Slow\dvdslow.exe

MD5 c2fd2b3871f260fb181b590de8d07c81
SHA1 869269b2fb358ce1d0c276c643d289561cf3693a
SHA256 7dd4f9d2631b87895d1cc0f8499bff9dc230f7f319de12a21e0d23ae42ebaa93
SHA512 106baba651ac09a7c0cbeaf780ea9ec4f24dc958dc544e8bfc836c026832406310a76b9daec23a377088e0a721f7025a63aeaedd96d5de8269b73aebf00db200

memory/1604-227-0x0000000000400000-0x000000000076F000-memory.dmp

memory/2184-228-0x0000000000400000-0x0000000002D41000-memory.dmp

memory/3668-145-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/1268-229-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/1268-231-0x0000000002900000-0x0000000002CFA000-memory.dmp

memory/1268-232-0x0000000002E00000-0x00000000036EB000-memory.dmp

memory/2984-236-0x0000000000400000-0x0000000000848000-memory.dmp

memory/4768-241-0x0000000000400000-0x000000000076F000-memory.dmp

memory/3600-240-0x00000000020D0000-0x00000000020D1000-memory.dmp

memory/4768-243-0x0000000000400000-0x000000000076F000-memory.dmp

memory/2984-246-0x0000000000400000-0x0000000000848000-memory.dmp

memory/3996-247-0x0000000000400000-0x00000000008E2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Temp\Task.bat

MD5 11bb3db51f701d4e42d3287f71a6a43e
SHA1 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86
SHA256 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331
SHA512 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 d03cd811827942499c195254e51cc65f
SHA1 12b2b09ba4b89f0c21f81d44d1dc9d11831d2938
SHA256 df32828a12fd264bf35e9ac11c751d55bbc15f4e00ce4d9b112a163eb5acf7e5
SHA512 5eb73e3e376e58d8386a31e21ab412a64d390f8ddc0474c65ebbe70724244ae1faef4751967e080be0a212ed65c60bacdf86ef390ab74ed798c47c2980c97afa

memory/2184-250-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/4804-289-0x0000000004910000-0x0000000004946000-memory.dmp

memory/4804-290-0x0000000005070000-0x0000000005698000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nrjidxz2.3i4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 40d51ecea806d2eb4ba6692030a10bbe
SHA1 6a18cdf070707916f37b481c65e9318d4340b666
SHA256 8c26d76e0736e6ba0d982edd06f5d913c2340849349a829903e42a8af700d4d3
SHA512 ce3c9bead20863253c8f015e69cc4136fbe23a49988f57cb325714bf922a6dc040690aef233a6d5c1da6f6b1a2dc25bbd4aa6cf81d284cb41c98e8bfb8b63a44

memory/4804-314-0x00000000058A0000-0x00000000058C2000-memory.dmp

memory/4804-317-0x0000000005980000-0x00000000059E6000-memory.dmp

memory/4804-318-0x00000000059F0000-0x0000000005A56000-memory.dmp

memory/4804-323-0x0000000005A60000-0x0000000005DB4000-memory.dmp

memory/4804-330-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/4804-328-0x0000000072020000-0x00000000727D0000-memory.dmp

memory/4804-329-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/4804-345-0x0000000005F00000-0x0000000005F1E000-memory.dmp

C:\ProgramData\nss3.dll

MD5 0607cd187509fdce22e54c74956ba431
SHA1 7956ad9007dbba05873848d9ef9f05e577fac4b1
SHA256 cb1080b50baa8c439799306d9d90819ff45352ae91e0b8424b61a0b9c2935b4c
SHA512 eb60024e98f1bc839dbdba1c46a9976edaa01755adf7d3dc3908257ce03689e815f710d73019bdbe76acc5b50f529481fdcb59aba9320bc52809166425d02c4a

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/4804-353-0x0000000005F50000-0x0000000005F9C000-memory.dmp

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

memory/4804-373-0x0000000006390000-0x00000000063D4000-memory.dmp

memory/3668-379-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/1552-383-0x0000023C5FC00000-0x0000023C5FC22000-memory.dmp

memory/4804-394-0x0000000007230000-0x00000000072A6000-memory.dmp

memory/4804-400-0x0000000007930000-0x0000000007FAA000-memory.dmp

memory/4804-403-0x0000000004A30000-0x0000000004A40000-memory.dmp

memory/4436-404-0x0000000003000000-0x0000000003100000-memory.dmp

memory/4804-402-0x00000000072D0000-0x00000000072EA000-memory.dmp

memory/1552-406-0x0000023C78290000-0x0000023C782A0000-memory.dmp

memory/1552-407-0x00007FFA2C950000-0x00007FFA2D411000-memory.dmp

memory/1552-410-0x00007FFA2C950000-0x00007FFA2D411000-memory.dmp

memory/4436-414-0x0000000000400000-0x0000000002D8C000-memory.dmp

memory/4804-443-0x00000000707B0000-0x00000000707FC000-memory.dmp

memory/4804-439-0x00000000074A0000-0x00000000074D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 8c9607a8c8359d15ec05a327be0b80a8
SHA1 645ef703da82d57f169789d42c5c88625548bcc1
SHA256 924f06d5c5dfa4ac57ea02f3899d9e083a61844d3e86372fc5d71e0e184df233
SHA512 60880b8445341e3ad208977d2d328e497243dc6d5d51dc6a35923752f83cc8e621d6ca377d8638ef4415689f6e74e230bfa8a29953d639a5757bdf94a8d5dda1